1. NTP服務器搭建

安裝ntp yum install -y ntp

2. 外網使用阿里云ntp服務器作為基準

阿里云ntp服務器列表：
time1.aliyun.com
time2.aliyun.com
time3.aliyun.com
time4.aliyun.com
time5.aliyun.com
time6.aliyun.com
time7.aliyun.com

先ntpdate檢查能否和以上ntp服務器通信。ntpdate -q time1.aliyun.com

有以下輸出表示正常

server 115.28.122.198, stratum 2, offset 53.490757, delay 0.0670913 Sep 15:27:48 ntpdate[16092]: step time server 115.28.122.198 offset 53.490757 sec

3. 修改配置文件

vim /etc/ntp.conf 做出以下修改

# For more information about this file, see the man pages# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1 # 允許1-4網段的服務器來校時，不允許客戶端來修改，登錄ntp服務器 restrict 192.168.1.0 mask 255.255.255.0 nomodify notraprestrict 192.168.2.0 mask 255.255.255.0 nomodify notraprestrict 192.168.3.0 mask 255.255.255.0 nomodify notraprestrict 192.168.4.0 mask 255.255.255.0 nomodify notrap # Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst server time1.aliyun.comserver time2.aliyun.comserver time3.aliyun.comserver time4.aliyun.comserver time5.aliyun.comserver time6.aliyun.comserver time7.aliyun.com #broadcast 192.168.1.255 autokey # broadcast server#broadcastclient # broadcast client#broadcast 224.0.1.1 autokey # multicast server#multicastclient 224.0.1.1 # multicast client#manycastserver 239.255.254.254 # manycast server#manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography.#crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating# with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted.#trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility.#requestkey 8 # Specify the key identifier to use with the ntpq utility.#controlkey 8 # Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor # Enable Logfilelogfile /var/log/ntp.log

4. 使硬件時間和系統時間一致

修改配置文件 vim /etc/sysconfig/ntpd 添加

SYNC_HWCLOCK=yes

5. 啟動ntpd服務并查看狀態

systemctl start ntpd設置自動啟動chkconfig ntpd on

等待10-15分鐘后執行 ntpstat 查看同步狀態

synchronised to NTP server (182.92.12.11) at stratum 3 time correct to within 470 ms polling server every 64 s發現已經同步。

執行ntpq -p 查看與阿里云ntp服務器連接狀態

remote refid st t when poll reach delay offset jitter==============================================================================+time6.aliyun.co 10.137.38.86 2 u 10 64 77 41.139 8.490 1.523-time4.aliyun.co 10.137.38.86 2 u 5 64 77 3.479 15.026 1.354*time5.aliyun.co 10.137.38.86 2 u 10 64 77 37.243 10.643 1.554+120.25.115.19 10.137.38.86 2 u 5 64 77 3.574 5.228 2.803

*表示目前正在使用的上層NTP，+表示已連線,可提供時間更新的候補服務器

執行一下 hwclock --systohc 使系統時間和硬件時間一致。

6. 打開防火墻

由于ntp服務使用 123端口udp協議 所以需要打開防火墻。
執行firewall-cmd --zone=public --add-port=123/udp --permanent之后，再執行firewall-cmd --reload。

7. Linux 客戶端使用ntpd服務同步時間

先安裝ntp服務執行yum install -y ntp

修改配置文件 vim /etc/ntp.conf 修改server，添加日志

# 允許ntpserver主動修改客戶端時間restrict 192.168.1.85 nomodify notrap noqueryrestrict 192.168.1.50 nomodify notrap noquery server 192.168.1.85server 182.168.1.50 logfile /var/log/ntp.log

其他保持默認。

啟動 ntpd服務systemctl start ntpd

打開本地放火墻 123 UDP端口

執行 ntpq -p 查看與服務器連接狀態。

remote refid st t when poll reach delay offset jitter==============================================================================+192.168.1.50 182.92.12.11 3 u 31 64 77 0.189 -30.963 42.392*192.168.1.85 182.92.12.11 3 u 43 64 77 0.190 -1.903 18.890 LOCAL(0) .LOCL. 10 l 60 64 77 0.000 0.000 0.000

執行 ntpstat 查看同步狀態

synchronised to NTP server (192.168.1.85) at stratum 4
time correct to within 131 ms
polling server every 64 s

8 Windows 使用客戶端同步

8.1 組策略配置

win+r 運行gpedit.msc 啟用全局配置

?

20170914-031152.png

啟用ntp客戶端

?

20170914-031233.png

win+r 執行 gpupdate /force

8.2. 使用自動配置工具

下載自動配置工具MicrosoftEasyFix50395.msi
下載地址在這個頁面中 https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

運行自動配置工具，做以下配置，多個服務器用空格隔開。

?

20170914-031246.png

之后在系統時間日期內執行同步查看結果。

?

20170914-031302.png

參考資料
CentOS搭建NTP服務器http://msiyuetian.blog.51cto.com/8637744/1712561
Windows客戶端同步NTP服務http://4921679.blog.51cto.com/4911679/914473
如何在 Windows Server 中配置權威時間服務器 https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

作者：若有所思11
鏈接：http://www.jianshu.com/p/199505ceebb1
來源：簡書
著作權歸作者所有。商業轉載請聯系作者獲得授權，非商業轉載請注明出處。

總結

以上是生活随笔為你收集整理的ntp服务器搭建及客户端配置-使用阿里云的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。