How To Install NTP Server and Client on openSUSE

Accurate time synchronization is crucial for any Linux system, especially in server environments where precise timestamps affect everything from log file analysis to security authentication. Network Time Protocol (NTP) has been the gold standard for keeping computer clocks synchronized across networks for decades. Whether you’re managing a single server or an entire data center, understanding how to properly configure NTP ensures your openSUSE systems maintain accurate time, which is essential for distributed applications, database transactions, and security protocols.

This comprehensive guide walks through installing and configuring both NTP server and client on openSUSE distributions, including Leap 15.4, 15.5, 15.6, and Tumbleweed. While modern openSUSE versions default to chrony, many administrators still rely on traditional NTP for specific use cases, legacy system compatibility, and established infrastructure. By the end of this tutorial, you’ll have a fully functional NTP setup that keeps your systems synchronized with atomic clock precision.

Prerequisites and Requirements

Before diving into the installation process, ensure you have the following requirements in place:

• Two openSUSE systems (one designated as server, one as client) or a minimum of one system for client-only configuration
• Root or sudo privileges on both machines to execute administrative commands
• Active internet connection for downloading packages and accessing upstream NTP servers
• Basic familiarity with Linux command-line interface and text editors like nano or vi
• Network connectivity between your NTP server and client machines if configuring both roles
• Firewall access permissions to modify rules and open necessary ports

Having these prerequisites satisfied ensures a smooth installation process without unexpected interruptions.

Understanding NTP vs Chrony on openSUSE

Before proceeding with NTP installation, it’s important to understand that openSUSE, like many modern Linux distributions, has transitioned to using chrony as the default time synchronization daemon. This shift reflects chrony’s technical advantages in several key areas.

Chrony offers significantly faster convergence to accurate time, making it ideal for systems that don’t run continuously or have intermittent network connections. Virtual machines particularly benefit from chrony’s design, as it handles the time inconsistencies that occur during VM snapshots and migrations more gracefully than traditional NTP. Additionally, chrony performs better on systems with unreliable network connections, adapting quickly to changing network conditions.

Traditional NTP (ntpd), however, maintains advantages in specific scenarios. It offers broader platform support and has been battle-tested across decades of deployment. Many enterprise environments with established NTP infrastructure prefer maintaining consistency with ntpd. Legacy applications may also have specific ntpd dependencies or integration requirements.

This guide focuses on traditional NTP installation for several reasons: supporting legacy systems, meeting specific organizational requirements, and providing educational value for administrators who need to understand both implementations. The knowledge gained here translates well to understanding time synchronization concepts regardless of which daemon you ultimately deploy.

Installing NTP Server on openSUSE

Checking Current Time Synchronization Status

Before installing NTP, verify what time synchronization services are currently running on your system. This prevents conflicts between competing time synchronization daemons.

Execute the following command to check your system’s time synchronization status:

timedatectl status

This command displays comprehensive information about your system’s current time configuration, including timezone, whether NTP is enabled, and which service provides time synchronization. Look for lines indicating “systemd-timesyncd” or “chronyd” as these services conflict with ntpd.

If systemd-timesyncd or chronyd is active, disable it before proceeding:

sudo systemctl stop systemd-timesyncd
sudo systemctl disable systemd-timesyncd

Or for chrony:

sudo systemctl stop chronyd
sudo systemctl disable chronyd

These commands stop the running service immediately and prevent it from starting automatically at boot.

Installing the NTP Package

OpenSUSE uses zypper as its primary package manager, making NTP installation straightforward. Open your terminal and execute:

sudo zypper install ntp

Zypper will resolve dependencies and prompt for confirmation. Press ‘y’ to proceed with the installation. The process downloads the NTP package along with any required dependencies and installs them on your system.

After installation completes, verify the NTP package was installed successfully:

rpm -q ntp

This command queries the RPM database and displays the installed NTP version. You should see output similar to “ntp-4.2.8p15-1.1.x86_64” indicating successful installation.

For specific use cases, you can alternatively install NTP via Snap packages. First, ensure snapd is installed:

sudo zypper install snapd
sudo systemctl enable --now snapd
sudo systemctl enable --now snapd.socket

Then install the NTP server snap:

sudo snap install ntpserver

However, the traditional zypper installation method is recommended for most openSUSE deployments due to better system integration.

Configuring NTP Server

Understanding the NTP Configuration File

The NTP daemon reads its configuration from /etc/ntp.conf, a text file that controls all aspects of NTP behavior. Before making changes, create a backup of the original configuration:

sudo cp /etc/ntp.conf /etc/ntp.conf.backup

This backup allows you to restore the original configuration if problems arise. The ntp.conf file uses a straightforward syntax with directive-based configuration. Comments begin with the hash symbol (#), and each directive appears on its own line.

Selecting NTP Pool Servers

The NTP Pool Project provides a large virtual cluster of time servers that volunteer their time synchronization services. Rather than hardcoding specific servers, using pool servers provides redundancy and load distribution.

For optimal performance, use geographically close NTP pool servers. Since the user is in Yogyakarta, Indonesia, the Indonesian NTP pool is ideal:

• 0.id.pool.ntp.org
• 1.id.pool.ntp.org
• 2.id.pool.ntp.org
• 3.id.pool.ntp.org

Alternatively, use regional Asian pool servers or global pool servers. OpenSUSE’s default configuration typically includes pool.ntp.org entries.

Editing the Configuration File

Open the NTP configuration file with your preferred text editor:

sudo nano /etc/ntp.conf

Or if you prefer vi:

sudo vi /etc/ntp.conf

Locate the server or pool directives in the file. Comment out or remove existing entries and add your chosen NTP pool servers:

# Use Indonesian NTP Pool servers
server 0.id.pool.ntp.org iburst
server 1.id.pool.ntp.org iburst
server 2.id.pool.ntp.org iburst
server 3.id.pool.ntp.org iburst

The iburst option tells NTP to send a burst of eight packets instead of one when the server is unreachable, speeding up initial synchronization.

Configure access control restrictions to protect your NTP server. Add these lines:

# Restrict default access
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Allow localhost full access
restrict 127.0.0.1
restrict ::1

# Allow clients from your local network (adjust subnet as needed)
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

These restrictions prevent unauthorized systems from modifying your server’s time while allowing time queries from your local network.

Ensure the drift file location is specified:

driftfile /var/lib/ntp/drift

The drift file stores the frequency offset between your system clock and the true time, helping NTP maintain accuracy.

Optionally, add a local clock as fallback:

# Local clock fallback (stratum 10)
server 127.127.1.0
fudge 127.127.1.0 stratum 10

This configuration allows your server to continue providing time services even if all upstream servers become unavailable, though at reduced accuracy.

Save the file and exit your editor (in nano: Ctrl+X, then Y, then Enter).

Managing NTP Server Service

Starting and Enabling NTP Service

With configuration complete, start the NTP daemon using systemctl:

sudo systemctl start ntpd.service

This command launches the NTP daemon immediately. To ensure NTP starts automatically after system reboots, enable the service:

sudo systemctl enable ntpd.service

Verify the service is running correctly:

sudo systemctl status ntpd.service

Look for “active (running)” in green text, indicating the daemon is operating properly. The status output also displays recent log entries showing NTP’s synchronization activities.

Restarting After Configuration Changes

Whenever you modify /etc/ntp.conf, restart the NTP service to apply changes:

sudo systemctl restart ntpd.service

This command stops and restarts the daemon, loading the new configuration. Alternatively, some configurations can be reloaded without full restart, though restart is more reliable for ensuring all changes take effect.

Configuring Firewall for NTP Server

NTP servers communicate using UDP port 123. For clients to synchronize with your server, this port must be open in your firewall configuration.

First, check if firewalld is running:

firewall-cmd --state

If firewalld is active, add the NTP service to your firewall configuration:

sudo firewall-cmd --add-service=ntp --permanent

The --permanent flag ensures the rule persists across reboots. Alternatively, you can specify the port directly:

sudo firewall-cmd --add-port=123/udp --permanent

After adding the rule, reload the firewall to activate the changes:

sudo firewall-cmd --reload

Verify the NTP service appears in your active firewall rules:

firewall-cmd --list-all

Look for “ntp” in the services list or “123/udp” in the ports list. Your NTP server is now accessible to clients on your network.

Installing NTP Client on openSUSE

The installation process on the client machine mirrors the server installation. Begin by checking for conflicting time synchronization services as described earlier.

Install the NTP package on your client system:

sudo zypper install ntp

Additionally, install the ntpdate utility, which is useful for manual time synchronization and testing:

sudo zypper install ntpdate

The ntpdate utility performs one-time clock synchronization, whereas ntpd continuously maintains time accuracy. Both tools serve different purposes in time management.

Verify successful installation:

rpm -q ntp ntpdate

This command confirms both packages are installed and displays their versions.

Configuring NTP Client

Editing Client Configuration File

Open the NTP configuration file on your client machine:

sudo nano /etc/ntp.conf

Comment out the default pool server entries by adding a hash symbol at the beginning of each line. Then add your NTP server’s IP address or hostname:

# Use local NTP server
server 192.168.1.10 iburst prefer

Replace 192.168.1.10 with your NTP server’s actual IP address. The prefer keyword tells NTP to favor this server when multiple sources are available.

If using hostname instead of IP address, ensure the hostname resolves correctly. Add an entry to /etc/hosts if necessary:

sudo nano /etc/hosts

Add a line like:

192.168.1.10    ntp-server.local

Then reference the hostname in ntp.conf:

server ntp-server.local iburst prefer

This approach provides more maintainable configurations, especially in environments where IP addresses might change.

Starting Client NTP Service

Start the NTP daemon on your client:

sudo systemctl start ntpd.service

Enable it to start at boot:

sudo systemctl enable ntpd.service

Verify the service is running:

sudo systemctl status ntpd.service

Test manual synchronization using ntpdate to confirm connectivity to your server:

sudo ntpdate -q 192.168.1.10

The -q flag queries the server without actually adjusting your system time, showing you what offset would be corrected. If this command succeeds, your client can communicate with the server.

Client Firewall Configuration

NTP clients typically don’t require inbound firewall rules since they only initiate outbound connections to NTP servers. The client sends queries to UDP port 123 on the server, and the server’s responses return through the established connection.

However, ensure outbound connections on UDP port 123 aren’t blocked by restrictive firewall policies. Most default firewall configurations allow outbound NTP traffic without modification.

Verifying NTP Synchronization

Using ntpq Command

The ntpq command provides detailed information about NTP peer status and synchronization quality. Execute:

ntpq -p

This displays a table showing all configured time sources. The output includes several important columns:

• remote: The NTP server hostname or IP address
• refid: The reference ID (upstream time source the server uses)
• st: Stratum level (distance from reference clock)
• when: Seconds since last response
• poll: Polling interval in seconds
• reach: Octal representation of last eight query results
• delay: Round-trip time in milliseconds
• offset: Time difference in milliseconds
• jitter: Dispersion (variance) in milliseconds

Look for an asterisk (*) symbol in front of a server entry, indicating this is your currently synchronized time source. A plus (+) indicates acceptable servers, while other symbols show various states of synchronization.

Stratum levels represent distance from authoritative time sources, with stratum 1 servers directly connected to atomic clocks or GPS receivers. Your system’s stratum level will be one higher than your synchronization source.

Using ntpstat Command

For a simple synchronization status check, use ntpstat:

ntpstat

When properly synchronized, this command outputs a message like “synchronised to NTP server (192.168.1.10) at stratum 3” along with time accuracy and polling interval information.

If synchronization hasn’t completed, ntpstat indicates “unsynchronised” status. Initial synchronization can take several minutes after starting the NTP daemon.

Using timedatectl Command

The systemd-integrated timedatectl command provides overall system time synchronization status:

timedatectl status

Look for the line “NTP synchronized: yes” confirming successful time synchronization. This command shows how systemd interacts with NTP services, providing a unified view of system time configuration.

Monitoring Sync Progress

Initial NTP synchronization typically takes 5-15 minutes, depending on network conditions and initial time offset. Monitor synchronization progress continuously using the watch command:

watch -n 10 ntpq -p

This refreshes the peer list every 10 seconds, allowing you to observe changes in reach values and offset measurements. Press Ctrl+C to exit the watch command.

After system restarts, NTP resumes synchronization automatically if properly enabled. The drift file helps NTP converge to accurate time faster on subsequent starts.

Troubleshooting Common Issues

Service Conflicts

The most common issue when installing NTP on openSUSE is conflict with systemd-timesyncd or chronyd. These services cannot run simultaneously with ntpd.

If ntpd fails to start, check for conflicting services:

systemctl status systemd-timesyncd
systemctl status chronyd

If either service is active, disable it:

sudo systemctl stop systemd-timesyncd chronyd
sudo systemctl disable systemd-timesyncd chronyd

Then restart ntpd:

sudo systemctl restart ntpd.service

Firewall Blocking

If clients cannot synchronize with your server, verify port 123 is accessible. Test connectivity from the client:

nc -u -v 192.168.1.10 123

This netcat command attempts a UDP connection to port 123. If it times out, firewall rules are likely blocking access.

Check firewall logs for dropped packets:

sudo journalctl -u firewalld -f

Or examine system logs:

sudo tail -f /var/log/firewalld

Add the appropriate firewall rules as described in the firewall configuration section.

Time Offset Too Large

NTP refuses to adjust time if the offset exceeds approximately 1000 seconds (about 17 minutes) by default. This “panic threshold” prevents catastrophic clock changes that might break applications.

If your system time is significantly wrong, manually adjust it before starting NTP:

sudo ntpdate -b 0.id.pool.ntp.org

The -b flag forces clock stepping instead of gradual adjustment. After manual synchronization, start ntpd normally.

Alternatively, configure ntpd to allow large corrections by adding the -g flag. Edit the systemd service file:

sudo systemctl edit ntpd.service

Add:

[Service]
ExecStart=
ExecStart=/usr/sbin/ntpd -g -u ntp:ntp

This override allows ntpd to step the clock once at startup regardless of offset.

No Synchronization Occurring

If ntpq shows peers but synchronization never occurs, investigate several potential causes:

Network connectivity issues: Verify you can reach upstream servers:

ping 0.id.pool.ntp.org

Server accessibility problems: Test NTP specifically:

sudo ntpdate -q 0.id.pool.ntp.org

Log file examination: Check NTP logs for error messages:

sudo journalctl -u ntpd -n 50

Or examine system logs:

sudo tail -50 /var/log/messages | grep ntp

These logs often reveal configuration errors, network problems, or other issues preventing synchronization.

Best Practices and Security Considerations

Implementing NTP securely requires attention to access control and monitoring. Configure restrict directives carefully to limit who can query or modify your NTP server. Never allow unrestricted access from the internet, as NTP servers can be exploited in amplification attacks.

Limit client access to specific networks in your ntp.conf:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

This allows time queries from your local network while preventing configuration modifications.

For sensitive environments, implement NTP authentication using symmetric keys. This prevents malicious actors from impersonating legitimate time sources. Generate key files and configure both server and clients to require authentication.

Configure multiple upstream time sources—ideally 3-4 different servers—to ensure redundancy and prevent single points of failure. Diverse sources also help NTP’s algorithms detect and reject “false tickers” providing incorrect time.

Regularly monitor NTP synchronization status using the commands discussed earlier. Set up automated monitoring alerts if synchronization fails or offset grows too large.

Keep NTP software updated with security patches. Subscribe to openSUSE security announcements and apply updates promptly:

sudo zypper update ntp

For production environments on modern systems, consider migrating to chrony instead of traditional NTP. Chrony offers better performance, particularly for virtualized environments, while maintaining compatibility with NTP protocols.

Document your NTP configuration thoroughly. Maintain records of which systems synchronize from which servers, firewall rules in place, and any customizations made to default configurations. This documentation proves invaluable during troubleshooting and infrastructure changes.

Congratulations! You have successfully installed NTP. Thanks for using this tutorial to set up NTP on openSUSE Linux. For additional help or useful information, we recommend you check the official NTP website.