12486 Views 5 Replies Latest reply: Apr 16, 2008 11:25 AM by Versant
"Check the 'NTP' checkbox in Server Admin -> (server) -> Settings."
And you will get...nothing.
Why? Because the NTP server is broken on OS X Server 10.4.x.
In order for you to configure your OS X server to be an NTP server you
must first UNcheck the 'Set date and time automatically:' checkbox in
the 'Date and Time' System Prefpane on the server. If you leave this
checked and enable the NTP server in Server Admin, the NTP server will fail
to start because the address and port will already be in use. (You also
cannot use the 'Date and Time' System Prefpane to add ntp servers to sync
with as the ntp.conf file that it creates will more often than not violate
time server access restrictions.) Next UNcheck the NTP Server checkbox in
Server Admin and save the settings.
Then you must create or edit '/etc/ntp.conf' -using either vi or pico- to
include at least three stratum 2 public time servers. Here's an example:
server first.ntpserver.com prefer iburst minpoll 12 maxpoll 15
server second.ntpserver.com iburst minpoll 12 maxpoll 15
server third.ntpserver.com iburst minpoll 12 maxpoll 15
These settings will tell ntpd to check against the servers in the list, with the
first one as the preferred server and checking the others in turn if it doesn't
respond, a minimum of once every hour and a maximum of once every nine (9) hours.
The 'iburst' parameter sends a burst of eight packets on server startup to the
time server. These parameters are more than adequate to keep an NTP server sync'ed
to any stratum 2 public time servers.
You can select your stratum 2 public time servers from the lists at support.ntp.org.
Make sure that you pick an open access server and notify the operator, if it is
required, prior to adding their server to your ntp.conf file. You should follow the
restrictions on access for these servers, also.
After editing and saving your ntp.conf file, edit '/etc/hostconfig' by adding or
changing these lines:
so they are like the above and then save the file.
Next, open -again using either vi or pico-
'/System/Library/StartupItems/NetworkTime/NetworkTime' and, without the quotes,
comment out the line:
' ntpdate -bvs'
by adding the octothorpe at the start of the line
'# ntpdate -bvs'
then change the line below it:
ntpd -f /var/run/ntp.drift -p /var/run/ntp.pid
ntpd -f /var/run/ntp.drift -p /var/run/ntp.pid -c /etc/ntp.conf
then save the file. (You do not have to edit the startupitem on the client workstations
or on any servers that will sync against your NTP server.)
Next, open Terminal.app and enter the following command:
sudo chflags uchg /etc/ntp.conf
hit the return key and enter your password if prompted.
This will lock the /etc/ntp.conf file from changes.
Finally, reboot the server.
After the server comes up, you can check to see if the ntpd daemon is running in
'Terminal.app' by entering:
ps -ax | grep ntpd
you should see something like this:
110 Ss ?? 00:00.57 ntpd -f /var/run/ntp.drift -p /var/run/ntp.pid -c /etc/ntp.conf
in the output. If you check the system.log it will show the time being set by ntpd.
Once you have done this on your server you should not try to set the time using the
'Date and Time' System Prefpane or disable or enable the NTP server using Server Admin.
If you don't lock the '/etc/ntp.conf' file against changes and you accidentally open the
'Date and Time' System Prefpane or twiddle the checkbox in Server Admin, you'll be back
to square one with no time server.
On the client workstations you should make sure that the 'Date and Time' System Prefpane
has the 'Set date and time automatically:' checkbox checked AND that you leave the
'Date and Time' System Prefpane on the first tab, 'Date and Time'. If you don't, the client
will never check its' time against the server. Ever. Also, don't bother to add your NTP
server's FQDN or IP here at this time. Open 'Terminal.app' and -again using either vi or pico-
edit or create '/etc/ntp.conf' to look like this:
server your.ntpserver.com prefer iburst minpoll 12 maxpoll 15
save the file and then enter these commands in Terminal.app:
sudo chflags uchg /etc/ntp.conf
hit the return key and enter your password if prompted. This will lock the '/etc/ntp.conf'
file from changes.
You should add this client config to all the servers and clients on your local LAN. If you
are using OD and WGM to manage your Mac workstations it is a very good idea to set your OD
master as the NTP server and have everything sync to that. It will eliminate some very
vexing problems with Kerberos when all clients are in time-sync with the OD master.