The ntp gangs' all here - put ntpd files in the same directory (FreeBSD 12.x) and set owner/group to ntpd

In FreeBSD 12.x, ntpd is a new user and runs the ntpd process (daemon) instead of root.

NOT WORKING:

Look at log file and see some file permission issues.

2020-01-22T12:32:52.633975-06:00 server3 ntpd[790] frequency file /var/db/ntpd.drift.TEMP: Permission denied

HOW TO FIX:

See if ntpd user exists

` id ntpd `

If you need to manually add this user and group:

` pw groupadd ntpd -g 123
` pw useradd ntpd -u 123 -g ntpd -h - -d /var/db/ntp -s /usr/sbin/nologin -c "NTP Daemon"   `

After adding the user ntdp, it is suggested to update the password database:
` pwd_mkdb /etc/master.passwd `

And freebsd 12.0 lets you add the ntpd user and runs as that user when you add this /etc/rc.conf
ntpd_user=ntpd

Suggested settings to place ntp files in /var/db/ntp by adding this to /etc/rc.conf

ntpd_flags="${ntpd_flags} -g -f /var/db/ntp/ntpd.drift -s /var/db/ntp"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
#freebsd 12 only, uses unpriv user called ntpd and group ntpd (UID & GID of 123)
ntpd_user=ntpd

Suggested settings for /boot/loader.conf (this symbolic links is linked to either /bootpool/boot/loader.conf or sometimes /bootdir/boot/loader/conf)

add this to /boot/loader.conf so FreeBSD 12.0 can add this kernel loadable module that ntpd use, starting on next reboot. https://www.freebsd.org/cgi/man.cgi?query=mac_ntpd&sektion=4&manpath=freebsd-release-ports

#added for ntpd to run as user ntpd in FreeBSD 12.0

mac_ntpd_load=”YES”

Check if it is loaded already ` kldload mac_ntpd `

Make sure ntpd files are owned by ntpd user

1. ls -laR /var/db/ntp*
2. chown -R ntpd:ntpd /var/db/ntp*
3. Stop, update the time once and restart the service when configured:
   1. ` /etc/rc.d/ntpd stop `
   2. ` /etc/rc.d/ntpdate onestart `
   3. ` /etc/rc.d/ntpd start `
4. To update leap file, run ` ntpd fetch `
5. Commands to check ntpd
   1. ` echo;hostname;date;ntpq -c rv | grep leap_none ` . #if leap_none exists it is synchronized correctly!!!!
   2. ` ntpq -p ` #shows servers that it is using
   3. ` ps -U ntpd ` #to show processing running as ntpd user only, should see it if it is correct.
   4. ` tail -100 /var/log/messages | grep ntp `

WORKING:

To check to see if it is running,

[me@server1 ~]$ service ntpd status
ntpd is running as pid 90506.
[me@server1 ~]$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.freebsd.pool. .POOL.          16 p    -   64    0    0.000    0.000   0.000
-willprox.b3orio 206.108.0.131    2 u  609 1024  377   57.935   -3.449   4.246
-clock.trit.net  43.77.130.254    2 u  922 1024  377   52.091  -10.104   0.699
*growup.su       164.67.62.194    2 u  914 1024  377   47.022   -3.294   1.912
+204.93.207.12 ( 206.55.64.78     3 u  208 1024  377    2.028   -7.900   6.618
+50-205-244-107- 50.205.244.27    2 u  503 1024  377   19.213   -4.495   2.423

Check to see if "leap_none" exists, it is synced correctly.

[me@server1 ~]$ /usr/bin/ntpq -c rv | head -1
associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync,