In this post we’ll configure Network Time Protocol services in our local network. NTP provides time synchronisation which is important for authentication services and single-signon which we’ll set up in a later post.
This post assumes you’ve already got an Enterprise Linux server setup. I’ll be using AlmaLinux that I installed in this post, although any RHEL variant should be similar. You’ll also need a second client machine that can communicate remotely with the NTP server. I’ve configured my primary EL machine with the hostname rhauth.davidroddick.com on a host-only network, and created a clone vm called rhclient.davidroddick.com. Both virtual machines should be able to communicate with each other.<
I’m going to use the chronyd package for network time, which should be installed and running already, but let’s check first.
$ sudo dnf install chrony
$ sudo systemctl status chronyd.service
Configure chronyd on rhauth to accept NTP requests from the local network. First, confirm your rhauth server IP address and then change the allow line in /etc/chrony.conf to our network range. My IP address for rhauth is 10.0.2.15 so the network address is 10.0.2.0/24.
# Allow NTP client access from the local network
allow 10.0.2.0/24
Open the firewall to allow NTP traffic.
$ sudo firewall-cmd --permanent --add-service=ntp
$ sudo firewall-cmd --reload
$ sudo systemctl restart chronyd
Next we can configure the rhclient server to use our time server.
On rhclient open the /etc/chrony.conf file and comment the existing pool servers at the top of the file and then add a line with the rhauth server IP.
# pool 2.cloudlinux.pool.ntp.org iburst
server 10.0.2.15 iburst
Restart chronyd.
$ sudo systemctl restart chronyd.service
Make sure rhclient is using NTP and synchronising with rhauth.
$ sudo timedatectl set-ntp true
$ sudo chronyc sources -v
You should see the following output with your time server hostname at the bottom:
Now NTP should be configured using chronyd on rhauth and synchronised to rhclient. This is an essential step in setting up authentication services which will be covered next.