24.1.1 Quick NTP Client Configuration

The quick NTP client configuration (Network Services > NTP Configuration) consists of two dialogs. Set the start mode of xntpd and the server to query in the first dialog. To start xntpd automatically when the system is booted, click Now and On Boot. Then specify the NTP Server Configuration. Either of 0.opensuse.pool.ntp.org, 1.opensuse.pool.ntp.org, 2.opensuse.pool.ntp.org, or 3.opensuse.pool.ntp.org is pre-selected. Click Use Random Servers from pool.ntp.org if you do not want to use the pre-selected time server. Alternatively ,click Select to access a second dialog in which to select a suitable time server for your network.

Figure 24-1 YaST: NTP Configuration

In the pull-down Select list, determine whether to implement time synchronization using a time server from your local network (Local NTP Server) or an Internet-based time server that takes care of your time zone (Public NTP Server). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK. For a public time server, select your country (time zone) and a suitable server from the list under Public NTP Server then exit the dialog with OK. In the main dialog, test the availability of the selected server with Test and quit the dialog with Finish.

24.1.2 Advanced NTP Client Configuration

The advanced configuration of an NTP client can be accessed under Advanced Configuration from the main dialog of the NTP Configuration module, shown in Figure 24-1, after selecting the start-up mode as described in the quick configuration.

Figure 24-2 Advanced NTP Configuration: General Settings

You can either configure the NTP client manually or automatically to get a list of the NTP servers available in your network via DHCP. If you choose Configure NTP Daemon via DHCP, the manual options explained below are not available.

The servers and other time sources for the client to query are listed in the lower part of the General Settings tab. Modify this list as needed with Add, Edit, and Delete. Display Log provides the possibility to view the log files of your client.

Click Add to add a new source of time information. In the following dialog, select the type of source with which the time synchronization should be made. The following options are available:

Server

Another dialog enables you to select an NTP server (as described in Section 24.1.1, Quick NTP Client Configuration). Activate Use for Initial Synchronization to trigger the synchronization of the time information between the server and the client when the system is booted. Options allows you to specify additional options for xntpd.

Using Access Control Options, you can restrict the actions that the remote computer can perform with the daemon running on your computer. This field is enabled only after checking Restrict NTP Service to Configured Servers Only on the Security Settings tab. The options correspond to the restrict clauses in /etc/ntp.conf. For example, nomodify notrap noquery disallows the server to modify NTP settings of your computer and to use the trap facility (a remote event logging feature) of your NTP daemon. Using these restrictions is recommended for servers out of your control (for example, on the Internet).

Refer to /usr/share/doc/packages/xntp-doc (part of the xntp-doc package) for detailed information.

Peer

A peer is a machine to which a symmetric relationship is established: it acts both as a time server and as a client. To use a peer in the same network instead of a server, enter the address of the system. The rest of the dialog is identical to the Server dialog.

Radio Clock

To use a radio clock in your system for the time synchronization, enter the clock type, unit number, device name, and other options in this dialog. Click Driver Calibration to fine-tune the driver. Detailed information about the operation of a local radio clock is available in /usr/share/doc/packages/xntp-doc/refclock.html.

Outgoing Broadcast

Time information and queries can also be transmitted by broadcast in the network. In this dialog, enter the address to which such broadcasts should be sent. Do not activate broadcasting unless you have a reliable time source like a radio controlled clock.

Incoming Broadcast

If you want your client to receive its information via broadcast, enter the address from which the respective packets should be accepted in this fields.

Figure 24-3 Advanced NTP Configuration: Security Settings

In the Security Settings tab, determine whether xntpd should be started in a chroot jail. By default, Run NTP Daemon in Chroot Jail is activated. This increases the security in the event of an attack over xntpd, because it prevents the attacker from compromising the entire system.

Restrict NTP Service to Configured Servers Only increases the security of your system by disallowing remote computers to view and modify NTP settings of your computer and to use the trap facility for remote event logging. Once enabled, these restrictions apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed.

Enable Open Port in Firewall if SuSEfirewall2 is active, which it is by default. If you leave the port closed, it is not possible to establish a connection to the time server.