Setup OSX Server as a Time Server


Most of the Macs I support are mobile & it seems that around the with the  release of the “Unibody MacBook Pro” Apple stopped shipping Macs with a battery that would keep the Macs time even when the Macs main battery had died.

This means that if a Macs battery dies during travelling to another office, they’d not be able to login once there as the time would be more than 5 minutes out. Also, we heavily use SSL to secure things like our Wireless & many websites (JSS distribution points included).

So the solution was for me to setup my own NTP, that would both sync with my domains NTP & be externally accessible for those mobile users on the road.

I’ve posted How To: Set a Macs Time ServerHow To: Sync Time With NTP via Script & How To: Check Your Active Directory Domains Time. They all came about when 1st looking at this issue, this last post in the series with use all those posts.

  1. Before we start, we need UDP port 123 open from clients to server.
  2. Now we need to figure out our domains primary NTP by using: How To: Check Your Active Directory Domains Time. (We’re using the domains primary NTP as we’ll be sharing it with clients & whilst we could use the same external source as our domains primary NTP, we could have an issue if we drift due to some communication issues).
  3. So with the domains primary NTP discovered, set this as the NTP on the OSX Server you’ll be using as an NTP server via How To: Set a Macs Time Server or just manually type it into the time server field in the Date & Time preference pane in System Preferences.
  4. Once set, unload the ntp plist;
    sudo launchctl unload /System/Library/LaunchDaemons/org.ntp.ntpd.plist 
  5. Now we need to edit the file /etc/ntp-restrict.conf.. I normally use nano for this sort of thing:
     sudo nano /etc/ntp-restrict.conf
ntp-restrict noquery

The file should look like the below:
We’re looking at removing the “noquery” from the 1st two restrict lines as shown below:
This will allow clients to query the NTP server. But, there is much much more you can do with this file. For me I just wanted my Macs from anywhere to be able to use my Mac server as an NTP.

  • Now restart ntp:
    sudo launchctl load /System/Library/LaunchDaemons/org.ntp.ntpd.plist
  • Now, patience.. give it time (pun intended). The service can take a few minutes to start serving time. To verify use the method outlined in: How To: Sync Time With NTP via Script.
    sudo ntpdate -u $NTPServer
    If you try the above to early, you get a response like:
15 Dec 22:35:10 ntpdate[1156]: no server suitable for synchronization found

But after 3-4 minutes you should get a response like the below, this is the client updating it’s time with the NTP & showing the offset:

15 Dec 22:35:42 ntpdate[1158]: adjust time server offset -0.000133 sec

3 thoughts on “Setup OSX Server as a Time Server

  1. Bob Gendler

    This confirms my thoughts – we have lots of students who have trouble from time to time connecting to our wireless (it’s WPA2 w/radius) and time is the exact reason. This confirms what I was thinking.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.