Date and Time Configuration

Basic Configuration

By default, GreenRADIUS uses the hardware clock to provide the system time.

The date command allows you to access and edit the system time relative to the current timezone:

~$ date
Mon Jun 10 22:10:31 UTC 2019

The timezone can be changed using the timedatectl command:

sudo timedatectl set-timezone <timezone>

A complete list of timezone specifiers can be obtained by running:

sudo timedatectl list-timezones | less

Once the timezone has been correctly set, use these commands to edit the system date and time.

sudo timedatectl set-time YYYY-MM-DD

and

sudo timedatectl set-time HH:MM:SS

(Time synchronization may be enabled, which may prevent manually updating the date and time. This can be disabled with this command: sudo timedatectl set-ntp 0. To re-enable time synchronization: sudo timedatectl set-ntp 1.)

If the system clock is already set when the timezone is changed, setting the timezone adjusts the system clock to remain temporally consistent. For example, the UTC tiemzone is 7 hours ahead of PDT. Therefore if the system clock registers ‘08:15 UTC’ and then timezone is changed to PDT, the system will now display ‘01:15 PDT’, which is the equivalent time.

Setting the clock back in time often has disastrous consequences for long-running programs which depend on the clock always moving forward. This should be avoided whenever possible.

Network Time Protocol

NTP (Network Time Protocol) is a TCP/IP protocol which allows you to synchronize the clocks of multiple servers to a single canonical source. NTP is designed to correct for network latency and ensure that all server clocks are synchronized and monotonic (they never move backwards while adjusting to synchronize with each other.) This document explains how to configure both the NTP server and client on your GreenRADIUS instances, providing greater consistency in timestamps and logging data.

In most configurations, one NTP server will be set up, with the rest of the servers synchronizing to its canonical clock. However, this document explains how to configure any topology of servers that is desired.

The package of choice for performing time synchronization with NTP is chrony. Use apt to install it:

sudo apt update
sudo apt install chrony

The chrony package includes two binaries: chronyd and chronyc. Chronyd is the daemon which performs the actual work of computing and serving the time. Chronyc allows you to configure the operation of chronyd from the command-line which it is running. The following command will display the sources from which chrony is receiving the current time:

~$ chronyc sources
210 Number of sources = 8
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- pugot.canonical.com 2 6 377 37 +30ms[ +30ms] +/- 155ms
^- alphyn.canonical.com 2 6 377 40 -488us[+1166us] +/- 129ms
^- golem.canonical.com 2 6 377 39 +21ms[ +21ms] +/- 131ms
^- chilipepper.canonical.com 2 6 377 39 +9329us[+9329us] +/- 121ms
^+ ntp1.wiktel.com 1 6 377 39 +4455us[+4455us] +/- 41ms
^+ lithium.constant.com 2 6 377 40 +990us[+2642us] +/- 89ms
^* 2604:880:398:371::1 2 6 377 40 +676us[+2332us] +/- 36ms
^- 2600:1f16:7a3:8a22:a922:> 2 6 77 43 +28ms[ +30ms] +/- 140ms

You can edit these sources in the /etc/chrony/chrony.conf file. Each line beginning with the pool directive indicates a pool of NTP servers:

pool ntp.ubuntu.com iburst maxsources 4
pool 0.ubuntu.pool.ntp.org iburst maxsources 1
pool 1.ubuntu.pool.ntp.org iburst maxsources 1
pool 2.ubuntu.pool.ntp.org iburst maxsources 2

You can add additional servers by adding a line to the file:

server 192.168.1.232 iburst

After any changes to the chrony.conf file you will need to restart the chronyd service:

sudo systemctl restart chronyd

So far we have set chrony up as a client, receiving the time from other NTP servers. In the next stage we will configure chrony to serve the time to other NTP clients. This will allow you to set up your own network of NTP servers, allowing you to closely synchronize the times of the systems on your network.

Configuring chrony as an NTP server is extremely simple. Append the following line to the configuration file:

allow 0.0.0.0/0

This will allow any NTP client to reach the server and request a time from it. The parameter to allow is a standard IP address mask and can be configured to only allow requests from certain servers. For example, if the server is on a standard LAN and it is desired to only serve the time to machines on that LAN:

allow 192.168.1.0/24

After making the desired changes to the configuration file, the service must be restarted:

sudo systemctl restart chronyd

You can now point NTP clients to the IP address of the server, and they will synchronize their time to its.

More information about chrony can be found on its homepage: https://chrony.tuxfamily.org/

Web Analytics Made Easy -
StatCounter

Updated 2020-09-12
© 2020 Green Rocket Security Inc. All rights reserved.