wiki

User Tools

Site Tools

Trace: wpar_deploy empty_device alt_disk_migration time_server
aix:time_server

Table of Contents

Time server act as server

add the following lines to /etc/ntp.conf and restart or start xntpd demon (at restart, uncomment the line xntpd into /etc/rc.tcpip) 

#broadcastclient
server 127.127.1.0
fudge 127.127.1.0 stratum 10
server 10.1.1.150
server 10.1.1.151
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace

Time server client

I started the xntpd daemon from smitty xntpd and now its running. add the following lines to /etc/ntp.conf and restart or start xntpd demon (at restart, uncomment the line xntpd into /etc/rc.tcpip) 

#broadcastclient
server 10.1.1.150 prefer
server 10.1.1.151
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace

Test connexion between host and time server (test UDP connection on a port using nc instead of telnet which is used for TCP), on AIX you can download it as rpm package: 

root@timeclient:~# nc -vzu timesrv01 123
timesrv01.mydomain.org [192.168.0.45] 123 (ntp) open

Logging of NTP

There are two basic approaches to how to obtain logs from ntp:

In configuration file of ntp specify logfile: 

logconfig =syncevents +peerevents +sysevents +allclock
logfile /var/log/ntp.log

Directly to the syslog according to facility: Add this line to the /etc/ntp.conf 

logconfig =all

Add this line to the /etc/syslog.conf file: 

daemon.debug   /var/log/syslog.log

make sure that file /var/log/syslog.log exists start/restart syslog via commands 

stopsrc -s syslogd 
startsrc -s syslogd

Slew parameter

Slew mode is used to avoid any unwanted time jumps - especially for a Cluster or DB environment. If you only care about preventing time from stepping backward, then use the “-x” flag. This is the most common scenario. If you want to always slew the clock, then use “slewalways yes” in ntp.conf. 

chssys -s xntpd -a "-x"

and add the following line into the /etc/ntp.conf: 

slewalways yes

Disable NTP mode 6 and 7 queries

Access restrictions

  • For version 3 only. NTP mode 6 and 7 queries can be used in denial of service attacks. This document has instructions for disabling support for these queries in the xntpd daemon.
  • Add the following lines to the /etc/ntp.conf file. This disables mode 6 and 7 queries, as well as other vulnerabilities, for all IP addresses, but allows them on the local loopback interface.
restrict default notrust nomodify nopeer noquery notrap
restrict 127.0.0.1
  • Add restrict and server entries for each trusted NTP server on the network. This overrides the default setting for the specified servers.
server 10.11.12.13
restrict 10.11.12.13 nomodify notrap noquery

Restart xntpd daemon

aix/time_server.txt · Last modified: 2025/04/22 10:26 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki