From owner-svn-doc-head@FreeBSD.ORG Fri Jan 31 21:35:12 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A181A899; Fri, 31 Jan 2014 21:35:12 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 71D441B6A; Fri, 31 Jan 2014 21:35:12 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0VLZCg4014163; Fri, 31 Jan 2014 21:35:12 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0VLZCfJ014161; Fri, 31 Jan 2014 21:35:12 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201401312135.s0VLZCfJ014161@svn.freebsd.org> From: Dru Lavigne Date: Fri, 31 Jan 2014 21:35:12 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43710 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jan 2014 21:35:12 -0000 Author: dru Date: Fri Jan 31 21:35:11 2014 New Revision: 43710 URL: http://svnweb.freebsd.org/changeset/doc/43710 Log: Editorial pass through the NTP chapter. Headings and content shuffled about to improve flow. Text clarified and logic should be much clearer now. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 20:55:48 2014 (r43709) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 21:35:11 2014 (r43710) @@ -5227,208 +5227,158 @@ Starting smbd. --> Clock Synchronization with NTP - NTP - - Over time, a computer's clock is prone to drift. The - Network Time Protocol (NTP) is one way to ensure the clock - stays accurate. - - Many Internet services rely on, or greatly benefit from, - computers' clocks being accurate. For example, a web server - may receive requests to send a file if it has been modified - since a certain time. In a local area network environment, it - is essential that computers sharing files from the same file - server have synchronized clocks so that file timestamps stay - consistent. Services such as &man.cron.8; also rely on an - accurate system clock to run commands at the specified - times. - NTP - ntpd + ntpd - &os; ships with the &man.ntpd.8; - NTP server - which can be used to query other - NTP servers to - set the clock on the machine or provide time services to - others. - - - Choosing Appropriate NTP Servers - - - NTP - choosing servers - - - In order to synchronize the clock, one or more - NTP servers - must be defined. The network administrator or ISP may have - set up an NTP server for this purpose—check their - documentation to see if this is the case. There is an Over time, a computer's clock is prone to drift. This is + problematic as many network services require the computers on a network + to share the same accurate time. Accurate time is also needed to ensure + that file timestamps stay + consistent. The + Network Time Protocol (NTP) is one way to provide clock + accuracy in a network. + + &os; includes &man.ntpd.8; + which can be configured to query other + NTP servers in order to + synchronize the clock on that machine or to provide time services to + other computers in the network. The servers which are queried + can be local to the network or provided by an ISP. + In addition, an online - list of publicly accessible NTP servers which may be - referenced to find an NTP server nearest to the system. Take - care to review the policy for any chosen servers, and ask for - permission if required. - - Choosing several unconnected NTP servers is a good idea in - case one of the servers being used becomes unreachable or - its clock is unreliable. &man.ntpd.8; uses the responses it - receives from other servers intelligently—it will favor - unreliable servers less than reliable ones. - + list of publicly accessible NTP servers + is available. When choosing a public NTP server, select + one that is geographically close and + review its usage policy. + + Choosing several NTP servers is recommended in + case one of the servers becomes unreachable or + its clock proves unreliable. As ntpd receives responses, + it favors + reliable servers over the less reliable ones. + + This section describes how to configure ntpd on &os;. Further documentation can be found in + /usr/share/doc/ntp/ in HTML + format. - Configuring The Machine + <acronym>NTP</acronym> Configuration - - NTP - configuration + NTP + ntp.conf + ntpdate - - Basic Configuration - - ntpdate - - To synchronize the clock only when the machine boots up, - use &man.ntpdate.8;. This may be appropriate for some - desktop machines which are frequently rebooted and only - require infrequent synchronization, but most machines should - run &man.ntpd.8;. - - Using &man.ntpdate.8; at boot time is also a good idea - for machines that run &man.ntpd.8;. The &man.ntpd.8; - program changes the clock gradually, whereas &man.ntpdate.8; + To only synchronize the clock when a system boots, + use &man.ntpdate.8;. This alone can be appropriate for + desktops which are frequently rebooted. However, + most systems should + run ntpdate at boot time as well as configure ntpd. + This is because ntpd + changes the clock gradually, whereas ntpdate sets the clock, no matter how great the difference between a machine's current clock setting and the correct time. - To enable &man.ntpdate.8; at boot time, add + To enable ntpdate at boot time, add ntpdate_enable="YES" to - /etc/rc.conf. Also specify all - synchronization servers and any flags to be passed to - &man.ntpdate.8; in ntpdate_flags. - - - - General Configuration + /etc/rc.conf. To also enable + ntpd, add the ntpd_enable="YES" + entry to /etc/rc.conf. Additional variables can be specified + in /etc/rc.conf. Refer to &man.rc.conf.5;, + &man.ntpdate.8;, and &man.ntpd.8; for details. + + Both applications + read /etc/ntp.conf to determine + which servers to query. Here is a simple example of an + /etc/ntp.conf: - - NTP - ntp.conf - - - NTP is configured by the - /etc/ntp.conf file in the format - described in &man.ntp.conf.5;. Here is a simple - example: + + Sample <filename>/etc/ntp.conf</filename> server ntplocal.example.com prefer server timeserver.example.org server ntp2a.example.net driftfile /var/db/ntp.drift + - The server option specifies which - servers are to be used, with one server listed on each line. - If a server is specified with the prefer - argument, as with - ntplocal.example.com, + The format of this file is + described in &man.ntp.conf.5;. The server option specifies which + servers to query, with one server listed on each line. + If a server entry includes prefer, that server is preferred over other servers. A response from a preferred server will be discarded if it differs - significantly from other servers' responses, otherwise it - will be used without any consideration to other responses. - The prefer argument is normally used for - NTP servers that are known to be highly accurate, such as + significantly from responses; otherwise it + will be used. + The prefer argument should only be used for + NTP servers that are known to be highly accurate, such as those with special time monitoring hardware. - The driftfile option specifies which + The driftfile entry specifies which file is used to store the system clock's frequency offset. - The &man.ntpd.8; program uses this to automatically + ntpd uses this to automatically compensate for the clock's natural drift, allowing it to maintain a reasonably correct setting even if it is cut off - from all external time sources for a period of time. - - The driftfile option specifies which - file is used to store information about previous responses - from the NTP servers being used. This file contains - internal information for NTP. It should not be modified by - any other process. - - - - Controlling Access to Your Server - - By default, the NTP server will be accessible to all - hosts on the Internet. The restrict - option in /etc/ntp.conf - controls which machines can access the server. - - To deny all machines from accessing the NTP + from all external time sources for a period of time. This + file also stores information about previous responses + from NTP servers. Since this file contains + internal information for NTP, it should not be modified. + + By default, an NTP server is accessible to any + network host. The restrict + option in /etc/ntp.conf can be used to + control which systems can access the server. For example, + to deny all machines from accessing the NTP server, add the following line to /etc/ntp.conf: restrict default ignore - This will also prevent access from the server to any - servers listed in the local configuration. If there is a - need to synchronise the NTP server with an external NTP + This will also prevent access from other NTP servers. + If there is a + need to synchronize with an external NTP server, allow only that specific server. Refer to &man.ntp.conf.5; for more information. To allow machines within the network to synchronize their clocks with the server, but ensure they are not - allowed to configure the server or used as peers to - synchronize against, add + allowed to configure the server or be used as peers to + synchronize against, instead use: restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap - instead, where - 192.168.1.0 is an - IP address on the network and + where + 192.168.1.0 is the + local network address and 255.255.255.0 is - the network's netmask. + the network's subnet mask. - The /etc/ntp.conf file can contain - multiple restrict options. For more - details, see the Access Control Support + Multiple restrict entries are supported. + For more + details, refer to the Access Control Support subsection of &man.ntp.conf.5;. - - - - Running the NTP Server - - To ensure the NTP server is started at boot time, add the - line ntpd_enable="YES" to - /etc/rc.conf. To pass - additional flags to &man.ntpd.8;, edit the - ntpd_flags parameter in - /etc/rc.conf. - - To start the server without rebooting the machine, run - ntpd being sure to specify any additional - parameters from ntpd_flags in - /etc/rc.conf. For example: + Once + ntpd_enable="YES" has been added to + /etc/rc.conf, ntpd + can be started now without rebooting the system by typing: - &prompt.root; ntpd -p /var/run/ntpd.pid + &prompt.root; service ntpd start - Using <application>ntpd</application> with a Temporary - Internet Connection + Using <acronym>NTP</acronym> with a <acronym>PPP</acronym> + Connection - The &man.ntpd.8; program does not need a permanent + ntpd does not need a permanent connection to the Internet to function properly. However, if - there is a temporary connection that is configured to dial out - on demand, it is a good idea to prevent NTP traffic from - triggering a dial out or keeping the connection alive. PPP - users can use the filter + a PPP connection is configured to dial out + on demand, NTP traffic should be prevented from + triggering a dial out or keeping the connection alive. This can be configured + with filter directives in /etc/ppp/ppp.conf. For example: @@ -5441,7 +5391,7 @@ driftfile /var/db/ntp.drift - For more details see the + For more details, refer to the PACKET FILTERING section in &man.ppp.8; and the examples in /usr/share/examples/ppp/. @@ -5452,14 +5402,6 @@ driftfile /var/db/ntp.drift - - - Further Information - - Documentation for the NTP server can be found in - /usr/share/doc/ntp/ in HTML - format. -