Page 1 of 3 123 LastLast
Results 1 to 10 of 30
  1. #1
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Thumbs up NTP (Time) Server

    Most of you probably know this already, but for those who don't, and maybe some Noobs, there's a very useful and powerful NTP client/server built into Linux on your Untangle boxes. At first install, it's configured well enough to work for Untangle's purposes, but it's not optimal if you want to use it to, say, serve quality time to other boxes on your network. A little time spent with it will yield a very good Stratum 2 or 3 server for you, for free.

    I'm not going to give a comprehensive rundown on the care and feeding of NTPD, but here are the essential steps. You can Google for the level of detail you want.

    Browse over to ntp.org and check out their list of "Open Access" Stratum 1 or 2 servers. Either 1 or 2 will be fine for your purposes -- you may find that the Stratum 2 servers work better because they tend to have lighter loads so they respond faster with lower jitter. Find some geographically close (depending on your ISP's peering, of course) to you and run traceroutes to them. Choose the best (fastest ping, fewest hops) two or three. The NTP program evaluates them and chooses the best. Hint: don't bother with the .gov or .mil servers. They're overloaded and the performance is poor.

    Edit /etc/ntp.conf
    1) You'll see a section in there for servers. Comment out the pool servers and add in yours. "server [address]" is sufficient.
    2) Find the section "Clients from this (example!).... Edit the following line to include your subnet and mask, and change "notrust" to "nomodify notrap"

    Read the other sections and make whatever changes apply to you, such as broadcasting. Save this file.

    Restart NTPD to make your new configuration effective:
    /etc/init.d/ntp restart

    Check the operation with
    ntpq -pn
    ntpdc -c loopinfo
    over the next few hours to watch the performance of your NTP server optimize itself. Mine has settled into an offset of under 2msec. Nice!!

    Finally, you may have to set a packet filter in Untangle to permit incoming UDP connections on the LAN side Port 123.

    You are now done with the server.

    Go to anything on your LAN that needs a time reference and set it to query the address of your Untangle box. If you enabled broadcast, set the clients to listen for it.

    If anyone's interested, I can post optimizations for W32Time. MS says that W32Time can't be expected to hold better than a couple of minutes accuracy, but testing indicates that they're just covering their butts. I'm still refining and confirming the settings, but it looks like Windows 7, and probably Vista too, can hold time to better than 20msec from the local server.
    Bollar and Frazior like this.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    very cool. thanks for posting!
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja Solignis's Avatar
    Join Date
    Jul 2008
    Location
    Hudson, Ohio, USA
    Posts
    1,704

    Default

    Yeah ntp is really neat, I run an ntp server for my network on NS01, my primary bind9 server. Its so nice when all of the computers tick to the same tock.

    Is it possible to have the feature integrated into Untangle? That would be neat.
    “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    Umm... that's what these instructions do. Also, any network with a Windows DC on it... yeah those are NTP servers too.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    The problem with W32Time is that it's configured badly out of the box in Vista and W7. I suspect that this is true of Windows Server too, but do not have a way to confirm that right now.

    I'm still testing the settings for getting it to work up to its potential and will post them when the dust settles.

    I can tell you two things now: 1) There are bugs in using Group Policy to set clock parameters, and 2) There is one important parameter that's set to an improper default value out of the box that will cause clock discipline to fail if you elect to use adaptive sampling.

    #2 isn't a problem only because the clock is set using SpecialPollInterval by default (and behind the scenes), which is why clock accuracy is so awful, especially on workstations where the reference is queried only 1/week. On the DC it's a little better, but still queried only 1/hour. Neither is good enough.

  6. #6
    Untangler
    Join Date
    Feb 2008
    Posts
    85

    Default sort of on topic - NTP

    Many thanks for the tip on NTP.

    I like many others run Windows Server 2008 R2. Windows 7 etc.

    Could you indicate how to point servers and win 7 desktops to point to the NTP server in the tip, such that time is synchronised across the network with the Untangle server acting as the NTP netowrk server.


    I like the idea that the UT box is the distribution server for NTP.

  7. #7
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    I'm working on that. The simple answer is to go to the taskbar; click on the clock; change date and time settings; Internet Time Tab; Change settings; check the box; enter your local NTP server address (either numerical or logical), and then okay your way out. If you want to improve the accuracy, open regedit and search from the root for "SpecialPollInterval". You will find three instances of it, typically. Change the value to 708h for a half-hour adjustment period.

    The slightly less simple answer is: Group Policy/Computer Configuration/Admin Templates/System/Windows Time Service/Time Providers/Configure Windows NTP Client and enter it there. There's an issue though, having to do with the address suffix. 0x1, 0x4, 0x8, 0x9... These have an important effect on how the local clock discipline works. The default is usually 0x9 which works, but leaves a lot to be desired.

    Unfortunately, very little (useful) documentation on this subject exists. I'm testing various combination of settings in hopes that there's a combination that optimizes clock behavior. The work is progressing slowly because it takes time for automatic adjustments to occur.

    The bottom line is that, for the moment, you won't go too far off the beaten path by simply entering the address in the dialog box per the "simple answer". I can tell you that it won't be as accurate as it can be, but it's not going to be off by more than a few seconds or so, typically. Ultimately, the error you experience is going to be a function of the specific hardware on which you're working. The goal of trying to get to the optimal solution for control is to minimize the effect of a given set of hardware.
    Last edited by GeneralEclectic; 04-20-2011 at 12:14 PM. Reason: Forgot to mention SPI

  8. #8
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    One more thing: I can say with absolute certainty that the clock performance that you can achieve with NTP on Linux is FAR better than what Microsoft's clock control can achieve. I've done enough testing so far to convince myself that clock control on any MS platform is going to be, at best, a compromise that makes the best of an inferior situation.

    There may be other reasons why you might want to use your DC as time reference, even though it's not going to be as accurate as your UT box. That's entirely your decision, of course.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    I was just pointing out that it's there and automagic. Configuring your DCs to hit Untangle as an NTP server has value. Of course, passing Untangle out via a DHCP option as the local time server would also have value.

    Then again I haven't seen the issues you're describing as an inaccurate clock on my windows servers either. I do reset them, because time.windows.com just doesn't work as well as pool.ntp.org.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    You are going to have a much better reference in your UT box, configured with some nearby, low-jitter, Stratum-2 servers than you'll ever achieve with anything from the pool, or, heaven help you, time.windows.com.

    My modest little Atom-330 UT box is now holding well under a 2msec offset. That's mostly because it has a nearly direct route (six nearly line-of-sight hops) to a lightly loaded Stratum-1 server that answers queries in 6 msec typically with jitter under 1msec.

    As far as MS platforms go, it looks like you can adjust them to meet the 20msec goal I mentioned above. There's a lot of hardware dependency though, it seems, so there may be some systems that can't do that well. I just don't know.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2