Posted on 03-18-2013 09:35 AM
Hello,
I've come across a couple of ways to set a single (ex. time.apple.com) NTP server, however I need to set two servers- one for the internal network (a Domain Controller) and a secondary for when users are off of the network (time.apple.com).
I've tried modifying the /etc/ntp.conf file to include a second and third line, and it shows up in the Date & Time Preference Pane (same line, comma separated), but it doesn't work; when I'm on the network, time is synced, but off of the network, time.apple.com isn't used. Any suggestion? Thanks.
Solved! Go to Solution.
Posted on 03-19-2013 04:21 PM
all,
thanks for all of the replies! i am using the script below, and it seems to be working for us. thanks again!
vincent
#!/bin/sh
#Primary Time server for Company Macs
TimeServer1=DC1.company.com
#Secondary Time server for Company Macs
TimeServer2=DC2.company.com
#Tertiary Time Server for Company Macs, used outside of Company network
TimeServer3=time.apple.com
# Set the primary network server with systemsetup -setnetworktimeserver
# Using this command will clear /etc/ntp.conf of existing entries and
# add the primary time server as the first line.
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1
# Add the secondary time server as the second line in /etc/ntp.conf
echo "server $TimeServer2" >> /etc/ntp.conf
# Add the tertiary time server as the third line in /etc/ntp.conf
echo "server $TimeServer3" >> /etc/ntp.conf
Posted on 03-18-2013 01:00 PM
What happens if you manually put in the two NTP severs in System Settings?
That said, here is the script I used when I had to do this. I just tested and verified (on one Mac) this still works under 10.8.3. It synced time internally to my Domain controller and externally to time.apple.com.
I used this script in the build process with the priority set to "At Reboot".
#!/bin/bash
#
# The purpose of this script is to set the NTP time servers if you require more than one.
# For instance you may want to use an internal domain controller as the first time server,
# and time.apple.com as the second time server.
# The command "systemsetup -setnetworktimeserver" only allows you to specify one time server.
# So I add a second time sever to /private/etc/ntp.conf with the echo command.
# 220, 221 whatever it takes.
#
# Feel free to edit this script as needed.
## Variables
TimeServer1="yourNTP.compay.com"
TimeServer2="time.apple.com"
############# Pause for network services #############
/bin/sleep 20
######################################################
# Ensure we are running this script as root
if [ "`whoami`" != "root" ] ; then
/bin/echo "script must be run as root"
exit
fi
#
/usr/sbin/systemsetup -setnetworktimeserver "${TimeServer1}"
/bin/echo server "${TimeServer2}" >> /private/etc/ntp.conf
/usr/sbin/systemsetup -setusingnetworktime off
/bin/sleep 2
/usr/sbin/systemsetup -setusingnetworktime on
/bin/cat /private/etc/ntp.conf
exit 0
Posted on 03-19-2013 09:23 AM
Systemsetup has been around for ages. Use the -setnetworktimeserver option with a comma between each server
systemsetup -setnetworktimeserver company.timeserver.com,time.apple.com,time.microsoft.com
Dan
Posted on 03-19-2013 10:48 AM
Thank you both for your replies- I will test them today.
Vincent
Posted on 03-19-2013 12:01 PM
Yeah, forget my complicated script. Use systemsetup to add the servers.
I think I tried adding two servers with systemsetup way back in 10.5 or 10.4 and it did not work. So I had to edit the ntp.conf. Happy to see it works now.
:-)
Eric
Posted on 03-19-2013 12:06 PM
I tried using systemsetup to set multiple time servers and it didn't work right for me. Here's a post showing what I'm currently doing:
Posted on 03-19-2013 02:21 PM
Rich,
Which option (of the three you mention in your post) do you use?
If you use the script option, are the time servers separated by spaces, commas, or both?
When I use the script option, the time servers are separated by a space and a comma (not a single space). From Greg’s example and my research with Apple, I am led to believe that the time servers need to be separated by a space in order for it all to work.
Posted on 03-19-2013 04:21 PM
all,
thanks for all of the replies! i am using the script below, and it seems to be working for us. thanks again!
vincent
#!/bin/sh
#Primary Time server for Company Macs
TimeServer1=DC1.company.com
#Secondary Time server for Company Macs
TimeServer2=DC2.company.com
#Tertiary Time Server for Company Macs, used outside of Company network
TimeServer3=time.apple.com
# Set the primary network server with systemsetup -setnetworktimeserver
# Using this command will clear /etc/ntp.conf of existing entries and
# add the primary time server as the first line.
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1
# Add the secondary time server as the second line in /etc/ntp.conf
echo "server $TimeServer2" >> /etc/ntp.conf
# Add the tertiary time server as the third line in /etc/ntp.conf
echo "server $TimeServer3" >> /etc/ntp.conf
Posted on 03-20-2013 05:49 AM
Sean,
I'm using this option:
#!/bin/sh
#Primary Time server for Company Macs
TimeServer1=ns0.time.server
#Secondary Time server for Company Macs
TimeServer2=ns1.time.server
#Tertiary Time Server for Company Macs, used outside of Company network
TimeServer3=time.apple.com
# Set the primary network server with systemsetup -setnetworktimeserver
# Using this command will clear /etc/ntp.conf of existing entries and
# add the primary time server as the first line.
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1
# Add the secondary time server as the second line in /etc/ntp.conf
echo "server $TimeServer2" >> /etc/ntp.conf
# Add the tertiary time server as the third line in /etc/ntp.conf
echo "server $TimeServer3" >> /etc/ntp.conf
Posted on 03-20-2013 09:00 AM
For what it's worth. While working on a time drift issue with an Apple SE, he informed me my script need a . at the end of any FQN in NTP.conf. Here's his message.
Chuck, "Just one more thing…" And it's important. => FQDNs in ntp.conf "server" declarations need to be terminated with a period, just like in DNS zone. Not IP addresses, just FQDNs. <= So your file should really look like this: server 123.345.6.7 server time.apple.com. I believe the example I sent you earlier did not have that period, but I did another test, and the GUI does -not- add it in for you when you save. I discovered this: if you enter an FQDN into the GUI interface by hand), it does not add the period for you, but it does add a period if you choose one of the apple.com selections from the popup, even though the GUI choice does not display with a period. That is, if you're using the GUI and entering an FQDN by hand, you've gotta know to put that period in there. It would be a nice implicit warning to people if the popup selections in the GUI terminated their FQDNs in a period, ie: Apple Americas (time.apple.com.) instead of: Apple Americas (time.apple.com) I've passed that thought along. Thanks and regards Ben W Thomas Senior Support Engineer Apple Enterprise Technical Support Austin, TX"
So my script looks like this
#!/bin/sh
#Primary Time server for Company Macs
TimeServer1=123.345.6.7
#Secondary Time server for Company Macs
TimeServer2=time.apple.com.
# Set the primary network server with systemsetup -setnetworktimeserver
# Using this command will clear /etc/ntp.conf of existing entries and
# add the primary time server as the first line.
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1
# Add the secondary time server as the second line in /etc/ntp.conf
echo "server $TimeServer2" >> /etc/ntp.conf
Posted on 03-20-2013 09:12 AM
Not to doubt the wisdom of Apple Enterprise Support, but a terminating period has not been needed in my experience. All of my NTP servers are listed with FQDNs, including time.apple.com and my clients are checking in without issues to our network time servers.
Posted on 01-21-2014 07:43 AM
The copy of ntp.conf provided as standard by Apple does have the FQDNs terminated by a full-stop, however as rtrouton indicates this is not necessary and can be proven by the fact that when you use the GUI in System Preferences -> Date & Time to set an NTP server it does not put a full-stop at the end.
The command systemsetup -setnetworktimeserver only allows specifying a single NTP server, no mixture of commas or spaces or quotes gets round this. Hence the scripts that append an entire line to the file rather than using the systemsetup command for both entries. I have posted a feature request with Apple to 'fix' this.
A consequence of systemsetup not allowing directly setting multiple NTP servers is that the workflow step in DeployStudio is also limited to defining a single NTP server since behind the scenes it is using the systemsetup command. To get round it you would like discussed here have to use a script or copy over a pre-built ntp.conf file.
By the way, the GUI in System Preferences -> Date & Time does let you specify multiple NTP servers and it correctly parses this and write it in correct format i.e. multiple lines to ntp.conf
Posted on 03-31-2017 03:39 PM
Hey guys. I know this is an OLD post but how can i run this script if ONLY those time servers are not found? I dont want to run it if both time servers are present. Thanks!
#!/bin/sh
#Primary Time server for Company Macs
TimeServer1=DC1.company.com
#Secondary Time server for Company Macs
TimeServer2=DC2.company.com
#Tertiary Time Server for Company Macs, used outside of Company network
TimeServer3=time.apple.com
# Set the primary network server with systemsetup -setnetworktimeserver
# Using this command will clear /etc/ntp.conf of existing entries and
# add the primary time server as the first line.
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1
# Add the secondary time server as the second line in /etc/ntp.conf
echo "server $TimeServer2" >> /etc/ntp.conf
# Add the tertiary time server as the third line in /etc/ntp.conf
echo "server $TimeServer3" >> /etc/ntp.conf
Posted on 03-31-2017 06:26 PM
@yurypanasyuk As an alternative consider having your internal DNS servers redirect time.apple.com to DC1.company.com. This is the approach we settled on in my organization when the network management folks insisted that port 123 would be blocked. An additional advantage to this is it restores time sync on iOS devices, which don't support specifying an NTP server.
Posted on 10-18-2017 02:23 PM
@sdagley - That was simply genius. Good god! Thanks a million!