NTP Server Assistance

doreyme
New Contributor III

Hey JAMF Nation,

I was wondering if someone can point me in the right direction with establishing NTP servers on my machines in JAMF.

I've seen a few posts with scripts and I'm wondering if there was a specific payload available instead.

Any help is much appreciated!!

14 REPLIES 14

sdagley
Esteemed Contributor II

@doreyme The scripts in the posts are your best bet. Just make sure to look for the most recent ones as things have changed over the years. I can't recommend any specific script as I've gone back to having my org's DNS alias time.apple.com to an internal NTP server so we don't change the default configuration any more.

dwenger
Release Candidate Programs Tester

If you take /usr/sbin/systemsetup -setnetworktimeserver "time.apple.com" and replace time.apple.com with your desired NTP, you should be good. Just be sure to test before deploying to the masses.

doreyme
New Contributor III

Thanks everyone!

@sdagley do you have an updated script by chance?

sdagley
Esteemed Contributor II

@doreyme What @dwenger posted above is basically what I last used, but I never tried it with Mojave or Catalina. It should still work.

doreyme
New Contributor III

@sdagley so im assuming thats in the file and process payload?

sdagley
Esteemed Contributor II

@doreyme The Files and Processes payload will work, or you can create a new script under Settings->Computer Management->Scripts (don't forget the #!/bin/sh as the first line of the script in that case).

doreyme
New Contributor III

@sdagley so im looking to go the files and processes route. Would it look something like this:

/usr/sbin/systemsetup -setnetworktimeserver "time.gov"

if i wanted to use time.gov

m_entholzner
Contributor III
Contributor III

if you want to nail the time server, I'd recommend using a configuration profile instead. The keys and preference domains are stated in the config profile reference:

https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf

Check out the "time server" payload.

The Time Server payload is designated by specifying com.apple.MCX as the PayloadType value.
This payload allows devices to connect to custom time servers.
In addition to the settings common to all payload types, the Time Server payload defines the following keys:

timeServer
timeZone

The ntp server to connect to.
Availability: Available in macOS 10.12.4 and later.
Time zone path location string in /usr/share/zoneinfo/. For example, ”America/Denver” or ”Zulu”.
Availability: Available in macOS 10.12.4 and later.

doreyme
New Contributor III

@m.entholzner thanks for the reply.

Not entirely sure how to use a configuration profile for this instead. but i was planning on using a policy with the Files and Processes payload using this

sudo systemsetup -setusingnetworktime on -setnetworktimeserver time-a.nist.gov

dwenger
Release Candidate Programs Tester

+1 on @m.entholzner's advice. In most instances, if you can use a profile to accomplish your desired task, it's the way to go. Profile Creator https://github.com/ProfileCreator/ProfileCreator appears to have the provisions in place for building a profile with time server info, but I haven't personally used the payload myself.

doreyme
New Contributor III

Thanks Everyone!

Utilizator
Contributor

Hi all, just come across this as we have a PCI requirement that any Macs involved in PCI work need to point to a specific NTP server.

The 3rd Party App (ProfileCreator) mentioned can create a Config Profile with Time Server settings but importing it into our Jamf environment doesn't work (it imports the General Payload but the Time Server Payload is missing).

I'm going to write a script to run daily on the required Macs to point to the required NTP server:

#!/bin/sh
/usr/sbin/systemsetup -setusingnetworktime on -setnetworktimeserver (our PCI NTP Server)

That should cover it, right?

Tribruin
Valued Contributor II

That should work, but you should be able to make the Configuration Profile work. Did you sign the profile before you uploaded it? Sometimes that helps. (Also, did you apply the profile to a test machine after you uploaded it? Sometimes the Jamf GUI won't show profile settings that are not standard.

Also, if you have already created your Profile in profile creator, you could just export the Time Server payload as a PLIST (click and hold the export button and choose Export PLIST). You can then create a new profile in Jamf and upload that PLIST in the custom settings. Make sure the Preference Domains is com.apple.MCX

sdagley
Esteemed Contributor II

@jay-kay To expand on what @RBlount said...

An Application & Custom Settings payload as he describes is the easiest solution.

As to why... Jamf Pro doesn't have a built-in editor for the Time Server settings, so if you upload a profile containing that payload you're not going to see it displayed in the GUI. That profile may still work, but to be sure you'd need to have ProfileCreator sign the profile when it's created so that when uploaded to Jamf Pro no modifications will be made to the payload(s).