We have some servers (Centos 5.3) that are behind a firewall without access to the Internet. We'd like all the logs to be synchronized, but NTP appears to want the authoritative server to be synchronized to a public NTP server. We've tried the -g option for ntpd, but this returns an error like "no appropriate server found". Does anyone have a working configuration?
SnapOverflow
GPS satellites broadcast accurate time signals, you can buy boxes that pick those up and act as NTP sources. (I know nothing about that site except that it's a top hit in google and has the sort of products I expected to find.) Some of the boxes are expensive, you can do some of it with a cheap GPS hooked up to a serial port and the right software.
You can setup one of the servers to be a NTP server and have all the other servers sync its time with the local NTP server. The time on all those servers will be accurate enough depending on how often it gets its time update from the local NTP server. But the time on the NTP server might not be accurate as the NTP server is not able to reach the internet for accurate time updates.
If you need to sync more than one machine in a network, it's considered good practice -- not to mention polite -- to setup your own central NTP server, letting it sync directly to the nearest public servers and letting the other machines on the LAN in turn sync to it.
This reduces the load on the public NTP servers enormously!
Additional bonus: if you lose your internet connection, all your servers still keep in sync with each other.
You could use your firewall to take over this roll, or better yet put the service into your DMZ—you have a DMZ, right?