Configuring NTP on Enterprise Linux

In this post we’ll configure Network Time Protocol services in our local network. NTP provides time synchronisation which is important for authentication services and single-signon which we’ll set up in a later post.

This post assumes you’ve already got an Enterprise Linux server setup. I’ll be using AlmaLinux that I installed in this post, although any RHEL variant should be similar. You’ll also need a second client machine that can communicate remotely with the NTP server. I’ve configured my primary EL machine with the hostname rhauth.davidroddick.com on a host-only network, and created a clone vm called rhclient.davidroddick.com. Both virtual machines should be able to communicate with each other.

I’m going to use the chronyd package for network time, which should be installed and running already, but let’s check first.

$ sudo dnf install chrony
$ sudo systemctl status chronyd.service

Configure chronyd on rhauth to accept NTP requests from the local network. First, confirm your rhauth server IP address and then change the allow line in /etc/chrony.conf to our network range. My IP address for rhauth is 10.0.2.15 so the network address is 10.0.2.0/24.

# Allow NTP client access from the local network
allow 10.0.2.0/24

Open the firewall to allow NTP traffic.

$ sudo firewall-cmd --permanent --add-service=ntp
$ sudo firewall-cmd --reload
$ sudo systemctl restart chronyd

Next we can configure the rhclient server to use our time server.

On rhclient open the /etc/chrony.conf file and comment the existing pool servers at the top of the file and then add a line with the rhauth server IP.

# pool 2.cloudlinux.pool.ntp.org iburst
server 10.0.2.15 iburst

Restart chronyd.

$ sudo systemctl restart chronyd.service

Make sure rhclient is using NTP and synchronising with rhauth.

$ sudo timedatectl set-ntp true
$ sudo chronyc sources -v

You should see the following output with your time server hostname at the bottom:

Now NTP should be configured using chronyd on rhauth and synchronised to rhclient. This is an essential step in setting up authentication services which will be covered next.