By default, GreenRADIUS uses the hardware clock to provide the system time.
The date command allows you to access and edit the system time relative to the current timezone:
~$ date Mon Jun 10 22:10:31 UTC 2019
The timezone can be changed using the timedatectl command:
sudo timedatectl set-timezone <timezone>
A complete list of timezone specifiers can be obtained by running:
sudo timedatectl list-timezones | less
Once the timezone has been correctly set, use these commands to edit the system date and time.
sudo timedatectl set-time YYYY-MM-DD
sudo timedatectl set-time HH:MM:SS
(Time synchronization may be enabled, which may prevent manually updating the date and time. This can be disabled with this command:
sudo timedatectl set-ntp 0. To re-enable time synchronization:
sudo timedatectl set-ntp 1.)
If the system clock is already set when the timezone is changed, setting the timezone adjusts the system clock to remain temporally consistent. For example, the UTC tiemzone is 7 hours ahead of PDT. Therefore if the system clock registers ‘08:15 UTC’ and then timezone is changed to PDT, the system will now display ‘01:15 PDT’, which is the equivalent time.
Setting the clock back in time often has disastrous consequences for long-running programs which depend on the clock always moving forward. This should be avoided whenever possible.
NTP (Network Time Protocol) is a TCP/IP protocol which allows you to synchronize the clocks of multiple servers to a single canonical source. NTP is designed to correct for network latency and ensure that all server clocks are synchronized and monotonic (they never move backwards while adjusting to synchronize with each other.) This document explains how to configure both the NTP server and client on your GreenRADIUS instances, providing greater consistency in timestamps and logging data.
In most configurations, one NTP server will be set up, with the rest of the servers synchronizing to its canonical clock. However, this document explains how to configure any topology of servers that is desired.
The package of choice for performing time synchronization with NTP is
sudo apt update sudo apt install chrony
The chrony package includes two binaries:
is the daemon which performs the actual work of computing and serving the
time. Chronyc allows you to configure the operation of chronyd from the
command-line which it is running. The following command will display
the sources from which chrony is receiving the current time:
~$ chronyc sources 210 Number of sources = 8 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- pugot.canonical.com 2 6 377 37 +30ms[ +30ms] +/- 155ms ^- alphyn.canonical.com 2 6 377 40 -488us[+1166us] +/- 129ms ^- golem.canonical.com 2 6 377 39 +21ms[ +21ms] +/- 131ms ^- chilipepper.canonical.com 2 6 377 39 +9329us[+9329us] +/- 121ms ^+ ntp1.wiktel.com 1 6 377 39 +4455us[+4455us] +/- 41ms ^+ lithium.constant.com 2 6 377 40 +990us[+2642us] +/- 89ms ^* 2604:880:398:371::1 2 6 377 40 +676us[+2332us] +/- 36ms ^- 2600:1f16:7a3:8a22:a922:> 2 6 77 43 +28ms[ +30ms] +/- 140ms
You can edit these sources in the
/etc/chrony/chrony.conf file. Each
line beginning with the pool directive indicates a pool of NTP servers:
pool ntp.ubuntu.com iburst maxsources 4 pool 0.ubuntu.pool.ntp.org iburst maxsources 1 pool 1.ubuntu.pool.ntp.org iburst maxsources 1 pool 2.ubuntu.pool.ntp.org iburst maxsources 2
You can add additional servers by adding a line to the file:
server 192.168.1.232 iburst
After any changes to the
chrony.conf file you will need to restart
the chronyd service:
sudo systemctl restart chronyd
So far we have set chrony up as a client, receiving the time from other NTP servers. In the next stage we will configure chrony to serve the time to other NTP clients. This will allow you to set up your own network of NTP servers, allowing you to closely synchronize the times of the systems on your network.
Configuring chrony as an NTP server is extremely simple. Append the following line to the configuration file:
This will allow any NTP client to reach the server and request a time from it. The parameter to allow is a standard IP address mask and can be configured to only allow requests from certain servers. For example, if the server is on a standard LAN and it is desired to only serve the time to machines on that LAN:
After making the desired changes to the configuration file, the service must be restarted:
sudo systemctl restart chronyd
You can now point NTP clients to the IP address of the server, and they will synchronize their time to its.
More information about chrony can be found on its homepage: https://chrony.tuxfamily.org/
© 2020 Green Rocket Security Inc. All rights reserved.