Linux Server 6d ago 8 views 4 min read

How to configure a Linux server as an NTP client

Learn how to install and configure the Chrony or NTP package to synchronize your system clock with public or internal time servers on Ubuntu, AlmaLinux, or CentOS.

Roy S

Updated 12h ago

Cloud VPS — scale in minutes

Instantly deploy SSD cloud VPS with guaranteed resources, snapshots and per-hour billing. Pay only for what you use.

This guide shows you how to install and configure a Linux server to act as an NTP client, ensuring your system clock stays accurate. The steps apply to Ubuntu 24.04, AlmaLinux 9, Rocky Linux 9, and CentOS Stream 9 using Chrony or the legacy NTP package.

Prerequisites

Root access or sudo privileges on the target server.
Internet connectivity to reach public NTP servers (e.g., pool.ntp.org).
For internal synchronization: an existing NTP server IP address or hostname.
Package manager installed (apt for Ubuntu, dnf/yum for RHEL-based systems).

Step 1: Install the NTP package

Modern Linux distributions recommend Chrony over the legacy ntpd package because it handles variable network latency better and works well with virtualization. Run the following command to install Chrony on your system.

sudo apt update && sudo apt install chrony -y

On RHEL-based systems like AlmaLinux 9, Rocky Linux 9, or CentOS Stream 9, use the dnf package manager. The default repository includes Chrony, but you may need to enable the CodeReady Builder repository for older versions.

sudo dnf install chrony -y

Legacy ntpd packages are available but generally discouraged for new deployments. If you must use ntpd, install it with:

sudo apt install ntp -y

After installation, the service should start automatically. Check the status to confirm it is running.

sudo systemctl status chrony

You will see output indicating the service is active (running) and enabled. If the service is not running, start it manually.

sudo systemctl start chrony

Step 2: Configure NTP servers

Edit the main configuration file to define your time sources. Open the file with a text editor like nano or vi.

sudo nano /etc/chrony/chrony.conf

Replace the default public servers with your preferred pool. For public internet time servers, uncomment the line starting with server and add more if needed:

server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

The iburst flag reduces initial synchronization delay by bursting packets. For internal networks, replace the pool addresses with your internal NTP server IP or hostname:

server 192.168.1.10 iburst

Ensure the allow directive permits your network. By default, Chrony listens on all interfaces but restricts access. If you need remote management, add:

allow 192.168.1.0/24

Save the file and exit the editor. Restart the Chrony service to apply changes.

sudo systemctl restart chrony

Step 3: Configure firewall rules

Ensure your firewall allows UDP port 123, which NTP uses for time synchronization. On Ubuntu with UFW, allow the NTP port:

sudo ufw allow 123/udp

On AlmaLinux or CentOS with firewalld, add the rule and reload the zone:

sudo firewall-cmd --permanent --add-port=123/udp
sudo firewall-cmd --reload

For OpenLiteSpeed or Apache/Nginx servers, these rules are not required for client-only setups but are essential if you host NTP services. If your server acts as a client only, no web server ports need opening for NTP traffic.

Verify the installation

Check that the system time has synchronized correctly. Use the chronyc tracking command to view the offset and root delay.

chronyc tracking

You will see output showing system clock, reference time, offset, and root delay. The offset should be under 100 milliseconds for good accuracy. To verify the system time matches the NTP server, run:

timedatectl status

The NTPsynchronized field should show yes. If it shows no, wait a few minutes or check your server configuration for errors.

Troubleshooting

If synchronization fails, check the following common issues.

Error: "no valid sources were found"

This error means Chrony cannot reach any NTP server. Verify your internet connection and firewall rules. Ensure UDP port 123 is open. Test connectivity with:

nc -zv ntp.ubuntu.com 123

If the connection fails, check your DNS resolution and network routing. For internal servers, confirm the NTP server IP is reachable and responsive.

Error: "chrony: command not found"

This indicates the Chrony package is not installed or not in your PATH. Reinstall with sudo apt install chrony or sudo dnf install chrony. Ensure you are using the correct package name for your distribution.

High offset values

If the offset is consistently high (over 500ms), your network may be unstable. Switch to a closer NTP server or use a server within your data center. Add the rtcsync option if you need to force synchronization every minute:

server ntp-server.example.com iburst rtcsync

Legacy ntpd issues

If you are using the legacy ntpd package, note that it requires manual configuration of the /etc/ntp/ntp.conf file. The syntax differs from Chrony. Ensure the restrict lines allow your network and the server lines point to valid sources. Restart the service with sudo systemctl restart ntp.

For persistent issues, review the logs located at /var/log/chrony/chrony.log or /var/log/ntp/ntp.log depending on your package. Look for errors related to network unreachable or authentication failures. Correct the configuration and restart the service.

Powerful Dedicated Servers — Linux & Windows

Bare-metal performance with SSD storage, DDoS protection and 24/7 expert support. Ideal for production workloads, databases and high-traffic sites.

Tags: securityLinuxSystem AdminNetworkTools

Was this helpful?