Skip to main content

NTP

Introduction

This page is intended to give you the resources to set up NTP(or suitable equivalent) on the main distrobutions that we support. NTP is important for two main reasons with Passbolt. The first is in regards to GPG authentication. The other area where this becomes important is if you have MFA enabled as if the server and user device time get out of sync the codes will not work.

Ubuntu

Official Ubuntu Documentation

Ubuntu uses chrony for time synchronization. This package is not installed by default so you’ll need to install it.

You can check that your server doesn’t have this enabled by running the following:

timedatectl status

The output should look something like the following:

               Local time: Tue 2022-12-06 09:26:53 UTC
Universal time: Tue 2022-12-06 09:26:53 UTC
RTC time: Tue 2022-12-06 09:26:52
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no

The two most important lines here being:

System clock synchronized: no
NTP service: inactive

To install chrony you’ll need to run this command:

sudo apt install chrony

You can configure which time servers you want to use by editing /etc/chrony/chrony.conf

After you are done editing this file run the following to restart chrony

sudo systemctl restart chrony.service

To ensure this is running correctly you can once again run:

timedatectl status

Your output should now be something like:

               Local time: Tue 2022-12-06 09:30:40 UTC
Universal time: Tue 2022-12-06 09:30:40 UTC
RTC time: Tue 2022-12-06 09:30:40
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

The important lines are:

System clock synchronized: yes
NTP service: active

If only one of these has changed try running timedatectl status after another minute or two to give it time to be fully correct. Once those are both correct, congratulations you’ve gotten NTP correctly set up!

Debian

Official Debian Documentation

A fresh Debian installation should already be properly configured for this. You can confirm this by running:

timedatectl status

The output should be something like this:

               Local time: Tue 2022-12-06 14:30:52 UTC
Universal time: Tue 2022-12-06 14:30:52 UTC
RTC time: Tue 2022-12-06 14:30:53
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

The important lines are:

System clock synchronized: yes
NTP service: active

RedHat

Official RedHat Documentation

On Red Hat Entreprise Linux, you have two choices in terms of NTP installation chrony which is installed by default on some version of Red Hat Entreprise Linux 7 or ntpd.

Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.

The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.

Install chrony on RedHat

As mentionned previously, chrony suite is installed by default on some versions of Red Hat Entreprise Linux 7, to ensure that it is, run the following command as root:

yum install chrony
```bash

The default location for the chrony daemon is `/usr/sbin/chronyd`. The command line utility will be installed to `/usr/bin/chronyc`.

To check the status of chrony, issue the following command:

```bash
systemctl status chronyd

The output should be something like this:

chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago

If that is not the case, in order to start chrony, issue the following command as root:

systemctl start chronyd

To ensure chrony starts automatically at system start, issue the following command as root:

systemctl enable chronyd

To check if chrony is synchronized, make use of the tracking command:

chronyc tracking

The output should be something like this:

Reference ID  : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Jan 27 09:49:17 2017
System time : 0.000006523 seconds slow of NTP time
Last offset : -0.000006747 seconds
RMS offset : 0.000035822 seconds
Frequency : 3.225 ppm slow
Residual freq : 0.000 ppm
Skew : 0.129 ppm
Root delay : 0.013639022 seconds
Root dispersion : 0.001100737 seconds
Update interval : 64.2 seconds
Leap status : Normal

Install ntpd on RedHat

In order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:

systemctl stop chronyd

To prevent it restarting at system start, issue the following command as root:

systemctl disable chronyd

To check the status of chronyd, issue the following command:

systemctl status chronyd

To check if ntpd is installed and install it if not, enter the following command as root:

yum install ntp

To enable ntpd at system start, enter the following command as root:

systemctl enable ntpd

To check if ntpd is running and configured to run at system start, issue the following command:

systemctl status ntpd

To obtain a brief status report from ntpd, issue the following command:

ntpstat

The output should be something like this:

synchronised to NTP server (10.5.26.10) at stratum 2
time correct to within 52 ms
polling server every 1024 s

OpenSUSE

Official OpenSUSE Documentation

To configure NTP on OpenSUSE we will need YaST. YaST is featured in the OpenSUSE Linux distribution.

To run yast you will need to run this command:

sux yast2

Once it is running, specify when to start the network time protocol service:

  • Only manually

Start the Network Time Protocol service manually

  • Synchronize without Daemon

Set the system time periodically without a permanently running Network Time Protocol service. You can set the Interval of the Synchronization in Minutes.

  • Now and on boot

Start the Network Time Protocol service automatically when the system is booting. This setting is recommended.

After this step, you will need to specify the type of configuration source. In the Configuration Source drop-down box, select either Dynamic or Static. Set Static if your server uses only a fixed set of (public) NTP servers. If your internal network offers NTP servers via DHCP, pick Dynamic.

You need to configure time servers. Time servers for the client to query are listed in the lower part of the NTP Configuration window. Modify this list as needed by clicking Add, Edit, and Delete.

After you clicked Add to add a new time server in the address field, type the URL of the time server or pool of time servers with which you want to synchronize the machine time (for example, europe.pool.ntp.org).

After URL is complete, click on Test to verify that it points to a valid time source.

You can active Quick initial Sync to speed up the time synchronization by sending more request at the Network Time Protocol service start or you can active Start Offline to speed up the boot time on systems that start the Network Time Protocol service automatically and may not have an internet connection at boot time.

Now that we have configured Network Time Protocol with YaST we need to restart and enable chrony with:

sudo systemctl restart chronyd.service
sudo systemctl enable chronyd.service

Oracle Linux

Official Oracle Documentation

To configure Network Time Protocol On Oracle you need to install the NTP package:

yum install ntp

Once NTP is installed, you will need to start the service and set it to launch automatically upon boot:

service ntpd start
chkconfig ntpd on

You can check upstream synchronization with the ntpq command:

ntpq -p

The output should be something like this:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
lists2.luv.asn. 203.161.12.165 16 u 25 64 3 3.495 -3043.1 0.678
ns2.novatelbg.n 130.95.179.80 16 u 27 64 3 26.633 -3016.1 0.797
sp1.mycdn.fr 130.234.255.83 16 u 24 64 3 4.314 -3036.3 1.039

Fedora

Official Fedora Documentation

The chrony suite is installed by default on some versions of Fedora, but you have two choices the other one being ntpd.

Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.

The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.

Install chrony on Fedora

As mentionned previously, chrony suite is installed by default on some versions of Fedora, to ensure that it is, run the following command as root:

dnf install chrony

The default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.

To check the status of chrony, issue the following command:

systemctl status chronyd

The output should be something like this:

chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago

If that is not the case, in order to start chrony, issue the following command as root:

systemctl start chronyd

To ensure chrony starts automatically at system start, issue the following command as root:

systemctl enable chronyd

To check if chrony is synchronized, make use of the tracking command:

chronyc tracking

The output should be something like this:

Reference ID  : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Jan 27 09:49:17 2017
System time : 0.000006523 seconds slow of NTP time
Last offset : -0.000006747 seconds
RMS offset : 0.000035822 seconds
Frequency : 3.225 ppm slow
Residual freq : 0.000 ppm
Skew : 0.129 ppm
Root delay : 0.013639022 seconds
Root dispersion : 0.001100737 seconds
Update interval : 64.2 seconds
Leap status : Normal

Install ntpd on Fedora

In order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:

systemctl stop chronyd

To prevent it restarting at system start, issue the following command as root:

systemctl disable chronyd

To check the status of chronyd, issue the following command:

systemctl status chronyd

To check if ntpd is istnalled, enter the following command as root:

dnf install ntp

To enable ntpd at system start, enter the following command as root:

systemctl enable ntpd

To check if ntpd is running and configured to run at system start, issue the following command:

systemctl status ntpd

To obtain a brief status report from ntpd, issue the following command:

ntpstat

The output should be something like this:

synchronised to NTP server (10.5.26.10) at stratum 2
time correct to within 52 ms
polling server every 1024 s

Docker

Docker's time is set via the host's time. You will need to follow the relevant instructions to configure NTP for the server hosting your Docker container.