On the client
The client will probably be using the ntpd or chronyd daemon, but not both. The service or systemctl command can be used to determine if the client is using chrony or ntpd.
The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.
If your system is using systemd, use the systemctl command to start and enable chrony.
systemctl enable chrony
systemctl start chrony
systemctl status chrony
systemctl enable ntp
systemctl start ntp
systemctl status ntp
If your system is using init, use the chkconfig and service commands to start and enable chrony.
chkconfig chrony on
service chrony start
service chrony status
chkconfig ntp on
service ntp start
service ntp status
If using the ntpd deamon, the ntpstat command can be used to determine if the client is synchronized to the ntpd server.
ntpstat
. . .
synchronised to NTP server (10.0.0.9) at stratum 3
time correct to within 17 ms
polling server every 1024 s
If using chrony, the chronyc tracking command can be used to determine if the Leap status is normal or not synchronised.
chronyc tracking
. . .
Leap status : Not synchronised
Ensure the client has the correct entry in the /etc/ntp.conf or /etc/chrony.conf file. There should be an entry such as server ntp.example.com iburst, where ntp.example.com is the NTP server being used for time synchronization, and the 4 pool servers should be commented out.
cat /etc/chrony.conf | grep server
. . .
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.example.com iburst
The allow directive should also be commented out on the client, where x.x.x.x/xx is an IP address and prefix.
#allow x.x.x.x/xx
Ensure the ntpd or chronyd daemon is active and running on the client.
systemctl status chronyd
systemctl status ntpd
If iptables is being used on the client, ensure iptables has both the INPUT and OUTPUT listings on port 123.
cat /etc/sysconfig/iptables | grep 123
. . .
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT
If firewalld is being used on the client, ensure firewalld is configured to allow port 123.
firewall-cmd --list-all
. . .
ports: 123/tcp
On the server
The server will probably be using ntpd or chronyd. Ensure the # character does not precede the word "server" in the /etc/ntp.conf or /etc/chrony.conf file. In another words, you want to ensure the "server" section is not commented out.
cat /etc/chrony.conf | grep server
. . .
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
The allow directive should also not be commented out, where x.x.x.x/xx is an IP address and prefix.
allow x.x.x.x/xx
If iptables is being used on the server, ensure iptables has both the INPUT and OUTPUT listings on port 123.
cat /etc/sysconfig/iptables | grep 123
. . .
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT
If firewalld is being used on the server, ensure firewalld is configured to allow port 123.
firewall-cmd --list-all
. . .
ports: 123/tcp
If the server is using chrony, use the chronyc activity command to ensure all 4 sources are online.
chronyc activity
. . .
200 OK
4 sources online
0 sources offline
If the server is using chrony, use the chronyc sources command to ensure chrony is able to talk to source clock NTP servers.
chronyc sources
. . .
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
================================================================================
^* time.tritn.com 2 10 377 106 +4651us[+4599us] +/- 68ms
^+ ns2.uplogon.com 2 10 377 265 -2746us[-2435us] +/- 73ms
^+ time-b.nist.gov 2 10 377 836 -5634us[-5744us] +/- 106ms
^+ mail.coldnorthadmin.com 2 10 377 963 -6522us[-6123us] +/- 143ms
Did you find this article helpful?
If so, consider buying me a coffee over at