By default, GreenRADIUS uses the hardware clock to provide the system time.
The date command allows you to access and edit the system time relative to the current timezone:
~$ date Mon Jun 10 22:10:31 UTC 2019
The timezone can be changed using the timedatectl command:
sudo timedatectl set-timezone <timezone>
A complete list of timezone specifiers can be obtained by running:
sudo timedatectl list-timezones | less
Once the timezone has been correctly set, use these commands to edit the system date and time.
sudo timedatectl set-time YYYY-MM-DD
sudo timedatectl set-time HH:MM:SS
(Time synchronization may be enabled, which may prevent manually updating the date and time. This can be disabled with this command:
sudo timedatectl set-ntp 0. To re-enable time synchronization:
sudo timedatectl set-ntp 1.)
If the system clock is already set when the timezone is changed, setting the timezone adjusts the system clock to remain temporally consistent. For example, the UTC tiemzone is 7 hours ahead of PDT. Therefore if the system clock registers ‘08:15 UTC’ and then timezone is changed to PDT, the system will now display ‘01:15 PDT’, which is the equivalent time.
Setting the clock back in time often has disastrous consequences for long-running programs which depend on the clock always moving forward. This should be avoided whenever possible.
NTP (Network Time Protocol) is a TCP/IP protocol which allows you to synchronize the clocks of multiple servers to a single canonical source. NTP is designed to correct for network latency and ensure that all server clocks are synchronized and monotonic (they never move backwards while adjusting to synchronize with each other.) This document explains how to configure both the NTP server and client on your GreenRADIUS instances, providing greater consistency in timestamps and logging data.
In most configurations, one NTP server will be set up, with the rest of the servers synchronizing to its canonical clock. However, this document explains how to configure any topology of servers that is desired.
GreenRADIUS comes installed with NTP client software by default in GreenRADIUS version 22.214.171.124 or later. The command
ntpq -p will display the list of sources which the GreenRADIUS instance is synchronizing its time to. You can edit these sources in the
/etc/ntp.conf file. Each
line beginning with the pool directive indicates a pool of NTP servers:
pool ntp.ubuntu.com iburst maxsources 4 pool 0.ubuntu.pool.ntp.org iburst maxsources 1 pool 1.ubuntu.pool.ntp.org iburst maxsources 1 pool 2.ubuntu.pool.ntp.org iburst maxsources 2
You can add additional servers by adding a line to the file:
server mytimeserver.s iburst
Note that the NTP client daemon only allows accesses to domain-name-defined servers, not IP addresses. To work around this problem for NTP servers that do not have an assigned domain name, simply add the IP address followed by the desired domain name to your /etc/hosts file:
Changing /etc/hosts takes effect immediately when the file is saved; however, after any changes to /etc/ntp.conf you will need to restart the NTP service:
sudo systemctl restart ntp
© 2022 Green Rocket Security Inc. All rights reserved.