White space fix only. Translators can ignore.
Sponsored by: iXsystems
This commit is contained in:
parent
3d667630bb
commit
a74c7cf5d0
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=43711
1 changed files with 108 additions and 107 deletions
|
@ -5228,39 +5228,38 @@ Starting smbd.</screen>
|
|||
<title>Clock Synchronization with NTP</title>
|
||||
|
||||
<indexterm><primary>NTP</primary>
|
||||
<secondary>ntpd</secondary>
|
||||
<secondary>ntpd</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>Over time, a computer's clock is prone to drift. This is
|
||||
problematic as many network services require the computers on a network
|
||||
to share the same accurate time. Accurate time is also needed to ensure
|
||||
that file timestamps stay
|
||||
consistent. The
|
||||
Network Time Protocol (<acronym>NTP</acronym>) is one way to provide clock
|
||||
accuracy in a network.</para>
|
||||
<para>Over time, a computer's clock is prone to drift. This is
|
||||
problematic as many network services require the computers on a
|
||||
network to share the same accurate time. Accurate time is also
|
||||
needed to ensure that file timestamps stay consistent. The
|
||||
Network Time Protocol (<acronym>NTP</acronym>) is one way to
|
||||
provide clock accuracy in a network.</para>
|
||||
|
||||
<para>&os; includes &man.ntpd.8;
|
||||
which can be configured to query other
|
||||
<acronym>NTP</acronym> servers in order to
|
||||
synchronize the clock on that machine or to provide time services to
|
||||
other computers in the network. The servers which are queried
|
||||
can be local to the network or provided by an <acronym>ISP</acronym>.
|
||||
In addition, an <link
|
||||
xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online
|
||||
list of publicly accessible <acronym>NTP</acronym> servers</link>
|
||||
is available. When choosing a public <acronym>NTP</acronym> server, select
|
||||
one that is geographically close and
|
||||
review its usage policy.</para>
|
||||
<para>&os; includes &man.ntpd.8; which can be configured to query
|
||||
other <acronym>NTP</acronym> servers in order to synchronize the
|
||||
clock on that machine or to provide time services to other
|
||||
computers in the network. The servers which are queried can be
|
||||
local to the network or provided by an <acronym>ISP</acronym>.
|
||||
In addition, an <link
|
||||
xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online
|
||||
list of publicly accessible <acronym>NTP</acronym>
|
||||
servers</link> is available. When choosing a public
|
||||
<acronym>NTP</acronym> server, select one that is geographically
|
||||
close and review its usage policy.</para>
|
||||
|
||||
<para>Choosing several <acronym>NTP</acronym> servers is recommended in
|
||||
case one of the servers becomes unreachable or
|
||||
its clock proves unreliable. As <application>ntpd</application> receives responses,
|
||||
it favors
|
||||
reliable servers over the less reliable ones.</para>
|
||||
<para>Choosing several <acronym>NTP</acronym> servers is
|
||||
recommended in case one of the servers becomes unreachable or
|
||||
its clock proves unreliable. As <application>ntpd</application>
|
||||
receives responses, it favors reliable servers over the less
|
||||
reliable ones.</para>
|
||||
|
||||
<para>This section describes how to configure <application>ntpd</application> on &os;. Further documentation can be found in
|
||||
<filename>/usr/share/doc/ntp/</filename> in HTML
|
||||
format.</para>
|
||||
<para>This section describes how to configure
|
||||
<application>ntpd</application> on &os;. Further documentation
|
||||
can be found in <filename>/usr/share/doc/ntp/</filename> in HTML
|
||||
format.</para>
|
||||
|
||||
<sect2>
|
||||
<title><acronym>NTP</acronym> Configuration</title>
|
||||
|
@ -5270,115 +5269,117 @@ Starting smbd.</screen>
|
|||
<tertiary>ntpdate</tertiary>
|
||||
</indexterm>
|
||||
|
||||
<para>To only synchronize the clock when a system boots,
|
||||
use &man.ntpdate.8;. This alone can be appropriate for
|
||||
desktops which are frequently rebooted. However,
|
||||
most systems should
|
||||
run <application>ntpdate</application> at boot time as well as configure <application>ntpd</application>.
|
||||
This is because <application>ntpd</application>
|
||||
changes the clock gradually, whereas <application>ntpdate</application>
|
||||
sets the clock, no matter how great the difference between a
|
||||
machine's current clock setting and the correct time.</para>
|
||||
<para>To only synchronize the clock when a system boots, use
|
||||
&man.ntpdate.8;. This alone can be appropriate for desktops
|
||||
which are frequently rebooted. However, most systems should
|
||||
run <application>ntpdate</application> at boot time as well as
|
||||
configure <application>ntpd</application>. This is because
|
||||
<application>ntpd</application> changes the clock gradually,
|
||||
whereas <application>ntpdate</application> sets the clock, no
|
||||
matter how great the difference between a machine's current
|
||||
clock setting and the correct time.</para>
|
||||
|
||||
<para>To enable <application>ntpdate</application> at boot time, add
|
||||
<literal>ntpdate_enable="YES"</literal> to
|
||||
<filename>/etc/rc.conf</filename>. To also enable
|
||||
<application>ntpd</application>, add the <literal>ntpd_enable="YES"</literal>
|
||||
entry to <filename>/etc/rc.conf</filename>. Additional variables can be specified
|
||||
in <filename>/etc/rc.conf</filename>. Refer to &man.rc.conf.5;,
|
||||
&man.ntpdate.8;, and &man.ntpd.8; for details.</para>
|
||||
<para>To enable <application>ntpdate</application> at boot time,
|
||||
add <literal>ntpdate_enable="YES"</literal> to
|
||||
<filename>/etc/rc.conf</filename>. To also enable
|
||||
<application>ntpd</application>, add the
|
||||
<literal>ntpd_enable="YES"</literal> entry to
|
||||
<filename>/etc/rc.conf</filename>. Additional variables can
|
||||
be specified in <filename>/etc/rc.conf</filename>. Refer to
|
||||
&man.rc.conf.5;, &man.ntpdate.8;, and &man.ntpd.8; for
|
||||
details.</para>
|
||||
|
||||
<para>Both applications
|
||||
read <filename>/etc/ntp.conf</filename> to determine
|
||||
which servers to query. Here is a simple example of an
|
||||
<filename>/etc/ntp.conf</filename>:</para>
|
||||
<para>Both applications read <filename>/etc/ntp.conf</filename>
|
||||
to determine which servers to query. Here is a simple example
|
||||
of an <filename>/etc/ntp.conf</filename>:</para>
|
||||
|
||||
<example>
|
||||
<title> Sample <filename>/etc/ntp.conf</filename></title>
|
||||
<example>
|
||||
<title> Sample <filename>/etc/ntp.conf</filename></title>
|
||||
|
||||
<programlisting>server ntplocal.example.com prefer
|
||||
server timeserver.example.org
|
||||
server ntp2a.example.net
|
||||
|
||||
driftfile /var/db/ntp.drift</programlisting>
|
||||
</example>
|
||||
</example>
|
||||
|
||||
<para>The format of this file is
|
||||
described in &man.ntp.conf.5;. The <literal>server</literal> option specifies which
|
||||
servers to query, with one server listed on each line.
|
||||
If a server entry includes <literal>prefer</literal>,
|
||||
that server is preferred over other servers. A response
|
||||
from a preferred server will be discarded if it differs
|
||||
significantly from responses; otherwise it
|
||||
will be used.
|
||||
The <literal>prefer</literal> argument should only be used for
|
||||
<acronym>NTP</acronym> servers that are known to be highly accurate, such as
|
||||
those with special time monitoring hardware.</para>
|
||||
<para>The format of this file is described in &man.ntp.conf.5;.
|
||||
The <literal>server</literal> option specifies which servers
|
||||
to query, with one server listed on each line. If a server
|
||||
entry includes <literal>prefer</literal>, that server is
|
||||
preferred over other servers. A response from a preferred
|
||||
server will be discarded if it differs significantly from
|
||||
responses; otherwise it will be used. The
|
||||
<literal>prefer</literal> argument should only be used for
|
||||
<acronym>NTP</acronym> servers that are known to be highly
|
||||
accurate, such as those with special time monitoring
|
||||
hardware.</para>
|
||||
|
||||
<para>The <literal>driftfile</literal> entry specifies which
|
||||
file is used to store the system clock's frequency offset.
|
||||
<application>ntpd</application> uses this to automatically
|
||||
compensate for the clock's natural drift, allowing it to
|
||||
maintain a reasonably correct setting even if it is cut off
|
||||
from all external time sources for a period of time. This
|
||||
file also stores information about previous responses
|
||||
from <acronym>NTP</acronym> servers. Since this file contains
|
||||
internal information for <acronym>NTP</acronym>, it should not be modified.</para>
|
||||
<para>The <literal>driftfile</literal> entry specifies which
|
||||
file is used to store the system clock's frequency offset.
|
||||
<application>ntpd</application> uses this to automatically
|
||||
compensate for the clock's natural drift, allowing it to
|
||||
maintain a reasonably correct setting even if it is cut off
|
||||
from all external time sources for a period of time. This
|
||||
file also stores information about previous responses
|
||||
from <acronym>NTP</acronym> servers. Since this file contains
|
||||
internal information for <acronym>NTP</acronym>, it should not
|
||||
be modified.</para>
|
||||
|
||||
<para>By default, an <acronym>NTP</acronym> server is accessible to any
|
||||
network host. The <literal>restrict</literal>
|
||||
option in <filename>/etc/ntp.conf</filename> can be used to
|
||||
control which systems can access the server. For example,
|
||||
to deny all machines from accessing the <acronym>NTP</acronym>
|
||||
server, add the following line to
|
||||
<filename>/etc/ntp.conf</filename>:</para>
|
||||
<para>By default, an <acronym>NTP</acronym> server is accessible
|
||||
to any network host. The <literal>restrict</literal> option
|
||||
in <filename>/etc/ntp.conf</filename> can be used to control
|
||||
which systems can access the server. For example, to deny all
|
||||
machines from accessing the <acronym>NTP</acronym> server, add
|
||||
the following line to
|
||||
<filename>/etc/ntp.conf</filename>:</para>
|
||||
|
||||
<programlisting>restrict default ignore</programlisting>
|
||||
<programlisting>restrict default ignore</programlisting>
|
||||
|
||||
<note>
|
||||
<para>This will also prevent access from other <acronym>NTP</acronym> servers.
|
||||
If there is a
|
||||
need to synchronize with an external <acronym>NTP</acronym>
|
||||
<para>This will also prevent access from other
|
||||
<acronym>NTP</acronym> servers. If there is a need to
|
||||
synchronize with an external <acronym>NTP</acronym>
|
||||
server, allow only that specific server. Refer to
|
||||
&man.ntp.conf.5; for more information.</para>
|
||||
</note>
|
||||
|
||||
<para>To allow machines within the network to synchronize
|
||||
their clocks with the server, but ensure they are not
|
||||
allowed to configure the server or be used as peers to
|
||||
synchronize against, instead use:</para>
|
||||
<para>To allow machines within the network to synchronize their
|
||||
clocks with the server, but ensure they are not allowed to
|
||||
configure the server or be used as peers to synchronize
|
||||
against, instead use:</para>
|
||||
|
||||
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
|
||||
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
|
||||
|
||||
<para>where
|
||||
<systemitem class="ipaddress">192.168.1.0</systemitem> is the
|
||||
local network address and
|
||||
<systemitem class="netmask">255.255.255.0</systemitem> is
|
||||
the network's subnet mask.</para>
|
||||
<para>where <systemitem
|
||||
class="ipaddress">192.168.1.0</systemitem> is the local
|
||||
network address and <systemitem
|
||||
class="netmask">255.255.255.0</systemitem> is the network's
|
||||
subnet mask.</para>
|
||||
|
||||
<para>Multiple <literal>restrict</literal> entries are supported.
|
||||
For more
|
||||
details, refer to the <literal>Access Control Support</literal>
|
||||
subsection of &man.ntp.conf.5;.</para>
|
||||
<para>Multiple <literal>restrict</literal> entries are
|
||||
supported. For more details, refer to the <literal>Access
|
||||
Control Support</literal> subsection of
|
||||
&man.ntp.conf.5;.</para>
|
||||
|
||||
<para>Once
|
||||
<literal>ntpd_enable="YES"</literal> has been added to
|
||||
<filename>/etc/rc.conf</filename>, <application>ntpd</application>
|
||||
can be started now without rebooting the system by typing:</para>
|
||||
<para>Once <literal>ntpd_enable="YES"</literal> has been added
|
||||
to <filename>/etc/rc.conf</filename>,
|
||||
<application>ntpd</application> can be started now without
|
||||
rebooting the system by typing:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>service ntpd start</userinput></screen>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Using <acronym>NTP</acronym> with a <acronym>PPP</acronym>
|
||||
Connection</title>
|
||||
<title>Using <acronym>NTP</acronym> with a
|
||||
<acronym>PPP</acronym> Connection</title>
|
||||
|
||||
<para><application>ntpd</application> does not need a permanent
|
||||
connection to the Internet to function properly. However, if
|
||||
a <acronym>PPP</acronym> connection is configured to dial out
|
||||
on demand, <acronym>NTP</acronym> traffic should be prevented from
|
||||
triggering a dial out or keeping the connection alive. This can be configured
|
||||
with <literal>filter</literal>
|
||||
on demand, <acronym>NTP</acronym> traffic should be prevented
|
||||
from triggering a dial out or keeping the connection alive.
|
||||
This can be configured with <literal>filter</literal>
|
||||
directives in <filename>/etc/ppp/ppp.conf</filename>. For
|
||||
example:</para>
|
||||
|
||||
|
@ -5398,8 +5399,8 @@ driftfile /var/db/ntp.drift</programlisting>
|
|||
|
||||
<note>
|
||||
<para>Some Internet access providers block low-numbered ports,
|
||||
preventing NTP from functioning since replies never
|
||||
reach the machine.</para>
|
||||
preventing NTP from functioning since replies never reach
|
||||
the machine.</para>
|
||||
</note>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
|
Loading…
Reference in a new issue