svn commit: r43710 - head/en_US.ISO8859-1/books/handbook/network-servers
Dru Lavigne
dru at FreeBSD.org
Fri Jan 31 21:35:12 UTC 2014
Author: dru
Date: Fri Jan 31 21:35:11 2014
New Revision: 43710
URL: http://svnweb.freebsd.org/changeset/doc/43710
Log:
Editorial pass through the NTP chapter.
Headings and content shuffled about to improve flow.
Text clarified and logic should be much clearer now.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 20:55:48 2014 (r43709)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 21:35:11 2014 (r43710)
@@ -5227,208 +5227,158 @@ Starting smbd.</screen>
-->
<title>Clock Synchronization with NTP</title>
- <indexterm><primary>NTP</primary></indexterm>
-
- <para>Over time, a computer's clock is prone to drift. The
- Network Time Protocol (NTP) is one way to ensure the clock
- stays accurate.</para>
-
- <para>Many Internet services rely on, or greatly benefit from,
- computers' clocks being accurate. For example, a web server
- may receive requests to send a file if it has been modified
- since a certain time. In a local area network environment, it
- is essential that computers sharing files from the same file
- server have synchronized clocks so that file timestamps stay
- consistent. Services such as &man.cron.8; also rely on an
- accurate system clock to run commands at the specified
- times.</para>
-
<indexterm><primary>NTP</primary>
- <secondary>ntpd</secondary>
+ <secondary>ntpd</secondary>
</indexterm>
- <para>&os; ships with the &man.ntpd.8;
- <acronym role="Network Time Protocol">NTP</acronym> server
- which can be used to query other
- <acronym role="Network Time Protocol">NTP</acronym> servers to
- set the clock on the machine or provide time services to
- others.</para>
-
- <sect2>
- <title>Choosing Appropriate NTP Servers</title>
-
- <indexterm>
- <primary>NTP</primary>
- <secondary>choosing servers</secondary>
- </indexterm>
-
- <para>In order to synchronize the clock, one or more
- <acronym role="Network Time Protocol">NTP</acronym> servers
- must be defined. The network administrator or ISP may have
- set up an NTP server for this purpose—check their
- documentation to see if this is the case. There is an <link
+ <para>Over time, a computer's clock is prone to drift. This is
+ problematic as many network services require the computers on a network
+ to share the same accurate time. Accurate time is also needed to ensure
+ that file timestamps stay
+ consistent. The
+ Network Time Protocol (<acronym>NTP</acronym>) is one way to provide clock
+ accuracy in a network.</para>
+
+ <para>&os; includes &man.ntpd.8;
+ which can be configured to query other
+ <acronym>NTP</acronym> servers in order to
+ synchronize the clock on that machine or to provide time services to
+ other computers in the network. The servers which are queried
+ can be local to the network or provided by an <acronym>ISP</acronym>.
+ In addition, an <link
xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online
- list of publicly accessible NTP servers</link> which may be
- referenced to find an NTP server nearest to the system. Take
- care to review the policy for any chosen servers, and ask for
- permission if required.</para>
-
- <para>Choosing several unconnected NTP servers is a good idea in
- case one of the servers being used becomes unreachable or
- its clock is unreliable. &man.ntpd.8; uses the responses it
- receives from other servers intelligently—it will favor
- unreliable servers less than reliable ones.</para>
- </sect2>
+ list of publicly accessible <acronym>NTP</acronym> servers</link>
+ is available. When choosing a public <acronym>NTP</acronym> server, select
+ one that is geographically close and
+ review its usage policy.</para>
+
+ <para>Choosing several <acronym>NTP</acronym> servers is recommended in
+ case one of the servers becomes unreachable or
+ its clock proves unreliable. As <application>ntpd</application> receives responses,
+ it favors
+ reliable servers over the less reliable ones.</para>
+
+ <para>This section describes how to configure <application>ntpd</application> on &os;. Further documentation can be found in
+ <filename>/usr/share/doc/ntp/</filename> in HTML
+ format.</para>
<sect2>
- <title>Configuring The Machine</title>
+ <title><acronym>NTP</acronym> Configuration</title>
- <indexterm>
- <primary>NTP</primary>
- <secondary>configuration</secondary>
+ <indexterm><primary>NTP</primary>
+ <secondary>ntp.conf</secondary>
+ <tertiary>ntpdate</tertiary>
</indexterm>
- <sect3>
- <title>Basic Configuration</title>
-
- <indexterm><primary>ntpdate</primary></indexterm>
-
- <para>To synchronize the clock only when the machine boots up,
- use &man.ntpdate.8;. This may be appropriate for some
- desktop machines which are frequently rebooted and only
- require infrequent synchronization, but most machines should
- run &man.ntpd.8;.</para>
-
- <para>Using &man.ntpdate.8; at boot time is also a good idea
- for machines that run &man.ntpd.8;. The &man.ntpd.8;
- program changes the clock gradually, whereas &man.ntpdate.8;
+ <para>To only synchronize the clock when a system boots,
+ use &man.ntpdate.8;. This alone can be appropriate for
+ desktops which are frequently rebooted. However,
+ most systems should
+ run <application>ntpdate</application> at boot time as well as configure <application>ntpd</application>.
+ This is because <application>ntpd</application>
+ changes the clock gradually, whereas <application>ntpdate</application>
sets the clock, no matter how great the difference between a
machine's current clock setting and the correct time.</para>
- <para>To enable &man.ntpdate.8; at boot time, add
+ <para>To enable <application>ntpdate</application> at boot time, add
<literal>ntpdate_enable="YES"</literal> to
- <filename>/etc/rc.conf</filename>. Also specify all
- synchronization servers and any flags to be passed to
- &man.ntpdate.8; in <varname>ntpdate_flags</varname>.</para>
- </sect3>
-
- <sect3>
- <title>General Configuration</title>
+ <filename>/etc/rc.conf</filename>. To also enable
+ <application>ntpd</application>, add the <literal>ntpd_enable="YES"</literal>
+ entry to <filename>/etc/rc.conf</filename>. Additional variables can be specified
+ in <filename>/etc/rc.conf</filename>. Refer to &man.rc.conf.5;,
+ &man.ntpdate.8;, and &man.ntpd.8; for details.</para>
+
+ <para>Both applications
+ read <filename>/etc/ntp.conf</filename> to determine
+ which servers to query. Here is a simple example of an
+ <filename>/etc/ntp.conf</filename>:</para>
- <indexterm>
- <primary>NTP</primary>
- <secondary>ntp.conf</secondary>
- </indexterm>
-
- <para>NTP is configured by the
- <filename>/etc/ntp.conf</filename> file in the format
- described in &man.ntp.conf.5;. Here is a simple
- example:</para>
+ <example>
+ <title> Sample <filename>/etc/ntp.conf</filename></title>
<programlisting>server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net
driftfile /var/db/ntp.drift</programlisting>
+ </example>
- <para>The <literal>server</literal> option specifies which
- servers are to be used, with one server listed on each line.
- If a server is specified with the <literal>prefer</literal>
- argument, as with
- <systemitem
- class="fqdomainname">ntplocal.example.com</systemitem>,
+ <para>The format of this file is
+ described in &man.ntp.conf.5;. The <literal>server</literal> option specifies which
+ servers to query, with one server listed on each line.
+ If a server entry includes <literal>prefer</literal>,
that server is preferred over other servers. A response
from a preferred server will be discarded if it differs
- significantly from other servers' responses, otherwise it
- will be used without any consideration to other responses.
- The <literal>prefer</literal> argument is normally used for
- NTP servers that are known to be highly accurate, such as
+ significantly from responses; otherwise it
+ will be used.
+ The <literal>prefer</literal> argument should only be used for
+ <acronym>NTP</acronym> servers that are known to be highly accurate, such as
those with special time monitoring hardware.</para>
- <para>The <literal>driftfile</literal> option specifies which
+ <para>The <literal>driftfile</literal> entry specifies which
file is used to store the system clock's frequency offset.
- The &man.ntpd.8; program uses this to automatically
+ <application>ntpd</application> uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
- from all external time sources for a period of time.</para>
-
- <para>The <literal>driftfile</literal> option specifies which
- file is used to store information about previous responses
- from the NTP servers being used. This file contains
- internal information for NTP. It should not be modified by
- any other process.</para>
- </sect3>
-
- <sect3>
- <title>Controlling Access to Your Server</title>
-
- <para>By default, the NTP server will be accessible to all
- hosts on the Internet. The <literal>restrict</literal>
- option in <filename>/etc/ntp.conf</filename>
- controls which machines can access the server.</para>
-
- <para>To deny all machines from accessing the NTP
+ from all external time sources for a period of time. This
+ file also stores information about previous responses
+ from <acronym>NTP</acronym> servers. Since this file contains
+ internal information for <acronym>NTP</acronym>, it should not be modified.</para>
+
+ <para>By default, an <acronym>NTP</acronym> server is accessible to any
+ network host. The <literal>restrict</literal>
+ option in <filename>/etc/ntp.conf</filename> can be used to
+ control which systems can access the server. For example,
+ to deny all machines from accessing the <acronym>NTP</acronym>
server, add the following line to
<filename>/etc/ntp.conf</filename>:</para>
<programlisting>restrict default ignore</programlisting>
<note>
- <para>This will also prevent access from the server to any
- servers listed in the local configuration. If there is a
- need to synchronise the NTP server with an external NTP
+ <para>This will also prevent access from other <acronym>NTP</acronym> servers.
+ If there is a
+ need to synchronize with an external <acronym>NTP</acronym>
server, allow only that specific server. Refer to
&man.ntp.conf.5; for more information.</para>
</note>
<para>To allow machines within the network to synchronize
their clocks with the server, but ensure they are not
- allowed to configure the server or used as peers to
- synchronize against, add</para>
+ allowed to configure the server or be used as peers to
+ synchronize against, instead use:</para>
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
- <para>instead, where
- <systemitem class="ipaddress">192.168.1.0</systemitem> is an
- <acronym>IP</acronym> address on the network and
+ <para>where
+ <systemitem class="ipaddress">192.168.1.0</systemitem> is the
+ local network address and
<systemitem class="netmask">255.255.255.0</systemitem> is
- the network's netmask.</para>
+ the network's subnet mask.</para>
- <para>The <filename>/etc/ntp.conf</filename> file can contain
- multiple <literal>restrict</literal> options. For more
- details, see the <literal>Access Control Support</literal>
+ <para>Multiple <literal>restrict</literal> entries are supported.
+ For more
+ details, refer to the <literal>Access Control Support</literal>
subsection of &man.ntp.conf.5;.</para>
- </sect3>
- </sect2>
- <sect2>
- <title>Running the NTP Server</title>
-
- <para>To ensure the NTP server is started at boot time, add the
- line <literal>ntpd_enable="YES"</literal> to
- <filename>/etc/rc.conf</filename>. To pass
- additional flags to &man.ntpd.8;, edit the
- <varname>ntpd_flags</varname> parameter in
- <filename>/etc/rc.conf</filename>.</para>
-
- <para>To start the server without rebooting the machine, run
- <command>ntpd</command> being sure to specify any additional
- parameters from <varname>ntpd_flags</varname> in
- <filename>/etc/rc.conf</filename>. For example:</para>
+ <para>Once
+ <literal>ntpd_enable="YES"</literal> has been added to
+ <filename>/etc/rc.conf</filename>, <application>ntpd</application>
+ can be started now without rebooting the system by typing:</para>
- <screen>&prompt.root; <userinput>ntpd -p /var/run/ntpd.pid</userinput></screen>
+ <screen>&prompt.root; <userinput>service ntpd start</userinput></screen>
</sect2>
<sect2>
- <title>Using <application>ntpd</application> with a Temporary
- Internet Connection</title>
+ <title>Using <acronym>NTP</acronym> with a <acronym>PPP</acronym>
+ Connection</title>
- <para>The &man.ntpd.8; program does not need a permanent
+ <para><application>ntpd</application> does not need a permanent
connection to the Internet to function properly. However, if
- there is a temporary connection that is configured to dial out
- on demand, it is a good idea to prevent NTP traffic from
- triggering a dial out or keeping the connection alive. PPP
- users can use the <literal>filter</literal>
+ a <acronym>PPP</acronym> connection is configured to dial out
+ on demand, <acronym>NTP</acronym> traffic should be prevented from
+ triggering a dial out or keeping the connection alive. This can be configured
+ with <literal>filter</literal>
directives in <filename>/etc/ppp/ppp.conf</filename>. For
example:</para>
@@ -5441,7 +5391,7 @@ driftfile /var/db/ntp.drift</programlist
# Prevent outgoing NTP traffic from keeping the connection open
set filter alive 2 permit 0/0 0/0</programlisting>
- <para>For more details see the
+ <para>For more details, refer to the
<literal>PACKET FILTERING</literal> section in &man.ppp.8; and
the examples in
<filename>/usr/share/examples/ppp/</filename>.</para>
@@ -5452,14 +5402,6 @@ driftfile /var/db/ntp.drift</programlist
reach the machine.</para>
</note>
</sect2>
-
- <sect2>
- <title>Further Information</title>
-
- <para>Documentation for the NTP server can be found in
- <filename>/usr/share/doc/ntp/</filename> in HTML
- format.</para>
- </sect2>
</sect1>
<sect1 xml:id="network-syslogd">
More information about the svn-doc-all
mailing list