Configuring the NTP Service in Linux

Prerequisites

• The maintenance terminal has been connected to the server through a management network port.
• GNU Compiler Collection (GCC) has been installed on the server running Linux.

Context

This section uses PuTTY as an example. You can download PuTTY from the chiark website.

Procedure

1. Run PuTTY.

   The PuTTY Configuration dialog box is displayed, as shown in Figure 5-20.

   Figure 5-20 PuTTY Configuration
   

2. Select Session. In Host Name (or IP address) of the Specify the destination you want to connect to area, enter the IP address of the Linux server's management network port that connects to the maintenance terminal and set Connection type to SSH.
3. Click Open. The CLI login page is displayed, as shown in the following:

   login as:

4. Enter the user name and password as prompted. The following shows the result of a successful login.

   Last login: Mon Apr 10 10:38:06 2017 from XXX.XXX.XXX.XXX 
   [storage ~]# 

5. Create the directory for saving the certificate and private key files.
   1. Run the cd /etc command to go to the etc directory.
   2. Run the mkdir ntp_config command to create the ntp_config folder.

      The execution result is as follows:

      Storage:~ # cd /etc/ 
      Storage:/etc # mkdir ntp_config     

6. Generate the NTP certificate and private key file.
   1. Run the cd ntp_config to open the ntp_config folder.
   2. Run the ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 command to generate the private key file.

      server_password is the private key encryption password when the NTP certificate is generated. 3650 indicates the validity period and is variable.

      The execution result is as follows:

      Storage:/etc # cd ntp_config 
      Storage:/etc/ntp_config # ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 
      Using OpenSSL version OpenSSL 0.9.8j-fips 07 Jan 2009 
      Using host Storage group Storage 
      Generating RSA keys (2048 bits)... 
      RSA 0 100 191 1 2 6          3 1 2 
      Generating new host file and link 
      ntpkey_host_Storage->ntpkey_RSAhost_Storage.3707466522 
      Using host key as sign key 
      Generating new certificate Storage RSA-SHA256 
      X509v3 Basic Constraints: critical,CA:TRUE 
      X509v3 Key Usage: digitalSignature,keyCertSign 
      X509v3 Extended Key Usage: trustRoot 
      Generating new cert file and link 
      ntpkey_cert_Storage->ntpkey_RSA-SHA256cert_Storage.3707466522 
      Storage:/etc/ntp_config # 
           

   If a message shows that the parameter -l is not supported, upgrade the NTP on the server to a version later than 4.2.8.

7. Run the ls command to check the generated file.

   The execution result is as follows:

   Storage:/etc/ntp_config # ls 
   ntpkey_RSA-SHA256cert_Storage.3707466522 
   ntpkey_RSAhost_Storage.3707466522 
   ntpkey_cert_Storage 
   ntpkey_host_Storage     

8. Run the hostname command to obtain the host name.

   This section uses host name Storage as an example.

9. Run the vi /etc/ntp.conf command to modify the NTP configuration file.

   Add the following information at the beginning of the ntp.conf file:

   crypto pw server_password host Storage ident Storage

   keysdir /etc/ntp_config

   server_password is the private key encryption password used in generating the certificate (which can be specified by the user), Storage is the host name, and /etc/ntp_config is the directory where the certificate and private key files are saved.

10. Restart the NTP service.
    • For the SUSE operating system, run the /etc/init.d/ntp restart command.
    • For the Red Hat operating system, run systemctl restart ntpd.service command.

    If multiple NTP servers need to be configured, you can copy the ntpkey_cert_Storage and ntpkey_host_Storage files generated in Step 6 to the corresponding directory of other NTP servers and change the file permission to be the same as that on the original server. Configure the ntp.conf file under this server and restart the NTP service.

11. Configure the samba user.
    1. Input the cd /etc/init.d command and press Enter to enter the etc/init.d directory.
    2. Input the ./smb start command and press Enter to enable the SMB service.
    3. Add the samba user (for example, root) and set a password. Run the smbpasswd -a root command to add user root.
    4. Run the vi /etc/samba/smb.conf command and press Enter. In the opened file, add the following codes to change the user samba permission.

       [ntp_config] 

       public=no 

       path=/etc/ntp_config 

       write list=@root root      

       writable=yes     

    In write list=@root root, the two root fields are the account and password of the samba user that were just added. Set the codes as required.

Prerequisites

• The IP address of the NTP server has been obtained.
• You have obtained the samba user name and password for logging in to the NTP server.
• You have configured the maintenance terminal in a Linux operating system.
• The maintenance terminal is communicating with the storage system properly.
• If the storage system has been added to a domain, the NTP server communicates with the domain server properly, and NTP synchronization has been completed.

Procedure

1. Obtain the certificate from the NTP server and copy it to the maintenance terminal.
   1. On the maintenance terminal, press Win+R.

      The Run dialog box is displayed.

   2. Enter \\NTP server IP address and click OK.

      The maintenance terminal attempts to remotely access the NTP server.

   3. Enter the samba user name and password for logging to the NTP server and click OK to enter the shared directory.
   4. Enter the ntp_config folder and select the NTP certificate that contains the ntpkey_cert field and press Ctrl+C to copy the certificate.
   5. Go back to the maintenance terminal desktop and press Ctrl+V to copy the NTP certificate to the maintenance terminal.
   6. Right-click the NTP certificate file and then select Rename from the shortcut menu. Add the .crt extension to the file name, and click Enter.

2. Log in to DeviceManager through the maintenance terminal.
3. Import the NTP certificate.
   1. Choose Settings > Storage Settings > Value-added Service Settings > Credential Management.
   2. Click Import and Activate.

      The Import Certificate dialog box is displayed.

   3. In Certificate Type, select NTP certificate.
   4. Click Select next to CA Certificate File.

      In the dialog box that is displayed, find the NTP file directory, select the NTP certificate, and click Open.

   5. Click OK.

      The security alert dialog box is displayed.

   6. Select I have read and understand the consequences associated with performing this operation, and click OK.

      The Success dialog box is displayed.

   7. Click OK.

      The certificate list shows imported certificates.

4. Configure the NTP parameters.
   1. Choose Settings > Basic Information > Device Time.
   2. Select Set NTP automatic synchronization.
   3. Type the IPv4 address, IPv6 address, or domain name of the NTP server in NTP Server Address.
      • A maximum of two NTP servers can be added. If the time of one NTP server cannot be automatically synchronized to the device, the system synchronizes the time from another NTP server.
      • Ensure that the time of two NTP servers is consistent.
   4. In NTP Authentication, select Enable.

   Some device models do not support this function. Only when NTPv4 or later is used, NTP authentication can be enabled to complete identity authentication for the NTP server and automatically synchronize the system time to the storage device.

5. Confirm the NTP configuration.
   1. Click Save.

      The Warning dialog box is displayed.

   2. Select I have read and understand the consequences associated with performing this operation, and click OK.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

   3. Click Close.