Stupid Tricks with Network Time

I normally point my machines to sync time with a server inside our company firewall. For desktop machines, this works fine. For laptops, it’s an issue because when the machine is off the company network, it can’t see the time server. Most of the time this is no big deal because the time is right (or almost right). But two things I’ve seen can cause the time to get set to the wrong value: 1) the battery goes dead and the system loses the time, and 2) a MacBook Pro gets booted into Windows and has its time updated while in Windows. (This, of course, is caused by the fact that OS X and Windows read the system clock in two different ways.) I’m sure there are other scenarios.

This is a problem because (once back in Mac OS X) the user cannot fix the time without an admin password. And even with the admin password, they have to either turn off network time sync, or point the network time sync to a server reachable on the network they are on. Once they return to the corporate network, either they now can’t reach the external time server because of firewall issues, or they have to remember to undo their changes, or some managment system in place (like radmind) undoes their changes for them, but then they have to redo them when they leave the office again!

I thought computers were supposed to make our life easier!

It would be so much easier if you could just specify multiple time servers – one inside the company network, and one outside. That way the time sync could happen no matter where you were.

Fortunately, you can do exactly that. There’s an undocumented feature of the Date & Time preferences pane: in the “Set date & time automatically” field, you can enter multiple servers seperated by a space. In the following image, you can see I’ve entered both “time” and “time.apple.com”:

date-time.png

This setting gets written to /private/etc/ntpd.conf, so you can also just manage this file:


rhapsody:~ gneagle$ cat /private/etc/ntp.conf
server time minpoll 12 maxpoll 17
server time.apple.com minpoll 12 maxpoll 17

You can add more than two servers if you want.

Explore posts in the same categories: OS X, Windows

13 Comments on “Stupid Tricks with Network Time”


  1. Thanks Greg! That’s something I’ve been looking into for a long time :)
    Never realized the answer was that easy!

    Greetz M

  2. Cyrus Vahhaji Says:

    Just stumbled across this. What an awesome solution. But I’m having an interesting result. After adding/appending time.apple.com to my existing time server, date & time changes to 10/15/2006 & 02:18:xx! Currently date & time is 09/08/2006 around 16:23:xx. To sync back to correct time I need to remove time.apple.com leaving our internal sync server info, uncheck “Set date & time…” and recheck it.

    Why do you suppose this is not working for me?

    Appreciate any input you may have.

    Thanx,
    Cyrus

  3. GregN Says:

    I’m not seeing anything similar.

    It should use the first time server that responds – so assuming your internal server is reponding, it shouldn’t be consulting time.apple.com.

    What happens if you point to another public time server?
    What are the contents of /etc/ntp.conf when you add time.apple.com ?

  4. Jeff Says:

    “It should use the first time server that responds – so assuming your internal server is reponding, it shouldn’t be consulting time.apple.com.”

    The entries in the System Preferences pane get written to /etc/ntpd.conf (with /etc being a link to /private/etc) with a minpoll of 12 and a maxpoll of 17. ntpd will use *all* listed servers as candidates for synchronization. As a result, it will try to contact all the listed servers.

    Unfortunately, I haven’t found a good way to keep use of the Time & Date panel from changing manually-entered values for minpoll and maxpoll.

    $ man ntpd

    and http://www.ntp.org/ are good references for ntp itself.

  5. GregN Says:

    You’re right, Jeff. Still, using both servers works for me and my users, because when they are on our internal network, they can’t contact time.apple.com, and when they are on the internet, they can’t contact our internal server. Quoting man ntpd:
    In addition, should a
    server become unreachable for some time, the poll interval is increased
    in steps to 1024s in order to reduce network overhead.

    So an unreachable server is a condition that ntpd knows how to handle.

    Cyrus above is getting strange results – apparently his machines can see both servers. I don’t understand why that would cause the time to be set to the wrong value, though.

  6. Brian Says:

    Thanks Guys! I’m setting up a couple of laptops now :-)

  7. Brian Says:

    Oh – on a related note – see http://docs.info.apple.com/article.html?artnum=303731 re the ‘iburst’ option for ntp

  8. Danny Says:

    I did exactly what is on the iburst article. My time still doesn’t sync.


  9. Whoa awesome tricks;) you just made my to do list for today

    Thanks!

  10. Steve W Says:

    I synchronize my G4 time clock with time.apple.com, but I suspect good old Apple has not kept up with the political vagaries of daylight savings time changes. This morning (Monday 10/27/2008) I noticed my time clock was an hour earlier than usual, and it occurred to me that yesterday was the formerly traditional date for the switchover back to standard time. This year that date is is November 2.

    Hey, Apple, wake up!

    Since I live in NY I revised my clock setting to Alantic time, and I expect to switch back to Eastern this comning Sunday 11/2. Is there a better way?

  11. GregN Says:

    You don’t say what OS you’re running on your G4, but it sound like you aren’t current on OS updates, or you’re running a really old version of OS X (or 8 or 9) that wasn’t updated for the new DST rules.

  12. Swiftos Says:

    Dudes.

    I just installed LittleSnitch. Just to see what it does.

    Noticed that time is checked really often, say several times per minute. Is there any reason to check so often.

    Can the frequency be set to something more like 5 minutes. By an average user, not a Unix guru.

    Thanks, Paul


  13. [...] file (which stores the network time server addresses) and then push that file out to your machines. Greg Neagle has a good write-up on how this works. You can also set the server settings with a script. One way to do this is the following: #!/bin/sh [...]


Comments are closed.


Follow

Get every new post delivered to your Inbox.

Join 191 other followers

%d bloggers like this: