Configuring NTP on AIX 5L

Prepared By: Edward Allwyn . M

WIPRO INFOTECH

Enterprise Services Edward Allwyn.M

Wipro Infotech
Chennai 1
 Contents:-

S.No Contents Page No

1 NTP Overview 3

2 Configuring NTP on AIX 5L 4

3 Configuring NTP on Server 4

4 Configuring NTP on client 5

Enterprise Services Edward Allwyn.M

Wipro Infotech
Chennai 2
 NTP (Network Time protocol)
Time is inherently important to the function of servers and devices in networks. It provides the only
frame of reference between all devices on the network. This makes synchronized time extremely important.
Without synchronized time, accurately correlating information between devices becomes difficult, if not
impossible. When it comes to security, if you cannot successfully compare logs between each of your routers
and all your network servers, you will find it very hard to develop a reliable picture of an incident. Finally,
even if you are able to put the pieces together, unsynchronized times, especially between log files, may give
an attacker with a good attorney enough wiggle room to escape prosecution.

NTP Overview
The Network Time Protocol (NTP) was first described in RFC 958 and has developed into the standard
Internet time synchronization protocol. It is extremely efficient and needs no more than about one packet a
minute to synchronize systems on a LAN to within 1 millisecond, and systems across WANs to within about
10 milliseconds.

Without proper time synchronization between your routers, you may not only have trouble with correlating
log files, but inaccurate time may also affect your ability to perform accounting, fault analysis, network
management, and even time-based AAA authentication and authorization. So good time management is a
necessary part of keeping your network healthy and secure.

NTP can operate in four different modes--client, server, peer, and broadcast. These modes provide
NTP with a great amount of flexibility in how you configure synchronization on your network.

NTP modes differ based on how NTP allows communication between systems. NTP communication
consists of time requests and control queries. Time requests provide the standard client/server relationship in
which a client requests time synchronization from an NTP server. Control queries provide ways for remote
systems to get configuration information and reconfigure NTP servers. Here is a short explanation of the NTP
modes:

Client:
An NTP client is configured to let its clock be set and synchronized by an external NTP
timeserver. NTP clients can be configured to use multiple servers to set their local time and are
able to give preference to the most accurate time sources. They will not, however, provide
synchronization services to any other devices.

Server:
An NTP server is configured to synchronize NTP clients. Servers can be configured to
synchronize any client or only specific clients. NTP servers, however, will accept no
synchronization information from their clients and therefore will not let clients update or affect
the server's time settings.

Enterprise Services Edward Allwyn.M

Wipro Infotech
Chennai 3
Peer
With NTP peers, one NTP-enabled device does not have authority over the other. With the
peering model, each device shares its time information with the other, and each device can also
provide time synchronization to the other.

Broadcast/multicast

Broadcast/multicast mode is a special server mode with which the NTP server broadcasts its
synchronization information to all clients. Broadcast mode requires that clients be on the same
subnet as the server, and multicast mode requires that clients and servers have multicast access
available and configured.

Configuring NTP on AIX 5L

The following information outlines the steps necessary to configure a basic NTP setup between an NTP client
and server on AIX 5L.

On server:-
1. Verify that you have a suitable NTP server. Enter:

# lssrc -ls xntpd

NOTE: Sys peer should show a valid server or 127.127.1.0. If the server is "insane", you will need to correct
it by adding a server line to /etc/ntp.conf and restarting xntpd. This can be done by following these steps:

# vi /etc/ntp.conf

Add:
server 127.127.1.0

Double check that "broadcast client" is commented out.

# stopsrc -s xntpd
# startsrc -s xntpd

NOTE: If the server runs databases, use the -x flag to prevent the clock from changing in a negative direction.
Enter the following:

# startsrc -s xntpd -a "-x"

2. Repeat Step 1 to verify that the server is synched. This process can take up to 12 minutes.

Enterprise Services Edward Allwyn.M

Wipro Infotech
Chennai 4
On client:-
1. Verify that you have a server suitable for synchronization. Enter:

# ntpdate -d <ip.address.of.server>

The offset must be less than 1000 seconds for xntpd to synch. If the offset is greater than 1000
seconds, change the time manually on the client and run the
ntpdate -d again.

If you get the message, "no server suitable for synchronization found", verify xntpd is running on the
server (see above) and that no firewalls are blocking port 123.

2. Specify your xntp server in /etc/ntp.conf, enter:

# vi /etc/ntp.conf

(Comment out the "broadcastclient" line and add server ip.address.of.server prefer)

Leave the driftfile and tracefile at their defaults.

3. Start the xntpd daemon:

# startsrc -s xntpd

(Use the -x flag if it is appropriate for your environment.)

4. Uncomment xntpd from /etc/rc.tcpip so it will start on a reboot.

# vi /etc/rc.tcpip

Uncomment the following line:

start /usr/sbin/xntpd "$src_running"

If using the -x flag, add "-x" to the end of the line. You must include the quotes around the -x.

5. Verify that the client is synched.

# lssrc -ls xntpd

NOTE: Sys peer should display the IP address or name of your xntp server. This process may take up to 12
minutes.

Enterprise Services Edward Allwyn.M

Wipro Infotech
Chennai 5
 Thank you

Enterprise Services Edward Allwyn.M

Wipro Infotech
Chennai 6