Running an NTP Time Server on your Mac

When implementing a CCTV system (e.g. one based around our macOS CCTV software SecuritySpy) it is important for all cameras to maintain the correct time for the purposes of drawing accurate timestamps onto their video streams. Not only will this help you review recorded footage, but if there is an incident that needs to be reported to the police, it will help them with their investigation. You may even be asked to verify or demonstrate to the police that your cameras are set to the correct time.

For this purpose, you should always give your cameras a valid NTP server address (NTP stands for Network Time Protocol). The cameras will contact the NTP server at regular intervals to set their clocks (you should also set your cameras with accurate daylight savings time settings, so that any such adjustments are applied automatically during the summer months).

For this purpose, we recommend using one of the time servers that Apple provides for free, which are time.apple.com, time.euro.apple.com and time.asia.apple.com.

However, you may want to set up your cameras without access to the Internet for various reasons. Perhaps you want to put your cameras on a separate LAN to segregate their traffic, or perhaps you want to implement a firewall to block outgoing connections for security purposes.

In this case, you cannot use Internet-based time servers, so the solution is to install one on your Mac.

Older versions of macOS had a built-in time server function, but has been removed as of macOS 10.14. Therefore, if you are running macOS 10.14 or later, you will need to install your own time server. We have put together the following instructions and installation script to make this process as easy as possible. Our script will download the OpenNTPD source code, compile it on your machine, install the resulting NTP Daemon, and set it to launch automatically upon Mac startup (“daemon” is just a term for a piece of software that runs invisibly in the background).

The following instruction require you to use the Terminal, which you will find in your /Application/Utilities folder. Terminal allows you to interact with your Mac via a text-based command line. To run the commands below, copy each one in turn, paste it into Terminal, and press the Return key on your keyboard.

Step 1: Install the Apple Developer Tools

If you have Xcode installed on your Mac, these should already be installed, but if not, you can install them via the following Terminal command:

xcode-select –install

You should see the following window – press the “Install” button and go through the installation process:

Step 2: Download and run our NTPD installation script

Click here to download our NTP installation script for macOS.

This will put a file called “ntpd-install.sh” into your Download folder. Execute the following Terminal commands one at a time:

chmod +x ~/Downloads/ntpd-install.sh

sudo ~/Downloads/ntpd-install.sh

After you enter your Mac’s administrator password, the script will go through the process of downloading and installing the software.

Step 3: Test your NTP server

After installation, wait for 10 minutes or so before testing. This allows the NTP server to synchronise and obtain the correct time. Then, execute this Terminal command on the same machine that is running the NTP server:

sntp 127.0.0.1

This should return an accurate timestamp, for example:

2020-05-11 14:19:44.703859 (-0100) +0.00003 +/- 0.002156 127.0.0.1 s2 no-leap

Instead, if you get the message “not in sync”, this just means that your NTP server hasn’t yet been able to obtain the correct time, so you should wait longer before trying again (it may take up to 20 minutes for the NTP to synchronise). If you get the message “no response”, then something went wrong with the installation and your NTP server is not running. Check the output of the installation script for errors.

Step 4: Provide your NTP server address to your cameras

You will first need to set your Mac to a static (manual) IP address on your local network, or give it a reserved address in your router’s DHCP reservation table. Instructions for this are beyond the scope of this document, but can easily be found elsewhere. Once you have set a static IP address for your Mac, provide this IP address to your cameras as their NTP server address.

18 thoughts on “Running an NTP Time Server on your Mac

  1. paul2020

    If anyone has Docker running on their network, I found the following container works well as an NTP server too:

    https://hub.docker.com/r/cturra/ntp/

    Docker-compose config:
    ntp:
    build: .
    image: cturra/ntp:latest
    container_name: ntp
    restart: always
    ports:
    – 123:123/udp
    cap_add:
    – SYS_NICE
    – SYS_RESOURCE
    – SYS_TIME
    environment:
    – NTP_SERVERS=time.cloudflare.com

    Reply
    1. paul2020

      To add to my comment above, I forgot to remove the “build: .” line as this isn’t needed. Please also add correct indents as this comment system stripped them from my code.

      You can test if the NTP server is working by running the following commands:

      Test from windows:
      w32tm /stripchart /computer: /dataonly /samples:5

      Test from Linux:
      ntpdate -q

      Reply
    1. Ben Software Post author

      Sorry you had problems with this. We did test this successfully on High Sierra, so I’m not immediately sure what could be going wrong for you. Can you tell us exactly what didn’t work and with what error message, so that we can fix any problems with our script? Thanks.

      Reply
  2. Cliff

    I installed your NTP solution on a Mac Mini running a Filemaker server. I seems to be running and “sntp 127.0.0.1” returns a time.

    FMDEV:~ admin$ sntp 127.0.0.1
    sntp 4.2.8p10@1.3728-o Tue Mar 21 14:36:42 UTC 2017 (136.200.1~4588)
    2020-09-14 14:48:01.171279 (-0200) +0.00003 +/- 0.038213 127.0.0.1 s2 no-leap

    But, my Raspberry Pi terminals on the same network wont sync with it. They can see it and ntpq shows it knows that the new ntp port on the server is what it should query:

    pi@fmrelay:~ $ ntpq -pn
    remote refid st t when poll reach delay offset jitter
    ==============================================================================
    192.168.6.3 .INIT. 16 u – 1024 0 0.000 0.000 0.000

    Do you have any suggestions about what I should look at on the server or the client?

    Thanks

    Reply
      1. Ben Software Post author

        Hi Cliff, it looks like you have the NTPD server running OK, since you get the correct response from the link-local address 127.0.0.1. Do you have a firewall enabled on this Mac perhaps? This would explain why there is no response from another device on the network.

        Reply
    1. Mike

      I too am experiencing this issue.
      Symptoms:
      1). On fresh boot I get a good reply from “sntp 127.0.0.1” command on the Time Server Computer.
      2). Network devices will not get a reply. – The port is open, ntpd shows its running in Activity Monitor, Just no reply (was previously working so I know there is no network device setting that is wrong).
      Testing:
      It appears that all I need to do to get it working is to shut it down and start it again (ntpd), quitting ntpd then restarting it. I use “sudo launchctl start ntpd”, once I do that the Time Server is back to running normally. I am as of yet not sure why loading it at boot doesn’t allow external access to the time server.
      I would love to know a solution, its not really practical to have to restart the daemon after every boot.

      Reply
      1. Mike

        After tinkering around with the setup I was finally able to get my local NTP Server to work properly after initial boot. I am unsure of what exactly I should be checking for to insure the service will work properly (Outside requested timestamps don’t get ignored), and I know the system I am using to run Security Spy is loaded down probably overloaded actually as it Also runs my Openhab Smart house/node-red/mysql database etc… that I’ve customized heavily. Now I know this isn’t the “Correct” Method and would appreciate it if a “Correct” fix for this issue was devised by someone with a little bit more knowledge of that part of the system then myself. But I simply Delayed the startup of the ntpd daemon by adding the line “sleep 60” to the top of the file located at /Library/StartupItems/ntpd.sh .
        So now the entire ntpd.sh file consists of :
        —Start of File–
        sleep 60
        sudo /usr/local/sbin/ntpd
        –End of File–
        Essentially telling the script to wait for a 60 seconds before starting the ntpdaemon. This appears to allow for enough time (at-least on my system) for whatever needs to complete before ntpd starts to allow external requests to work properly.

        Reply
  3. BO

    Does this require that a user be logged in at all times, or is there a way to make the ntpd service run when logged out as long as the computer is on?

    Reply
    1. Ben Software Post author

      Using the above script, the NTPD server is installed as a LaunchDaemon, which runs as a root process whether a user is logged in or not.

      Reply
  4. Terry

    Thanks so much for this post. I’ve never had any luck getting external NTP time servers to work with my cameras, but this option works perfectly.
    What a beautiful thing to see four cameras in perfect sync … for over ten days and still going stong!

    Reply
    1. Ben Software Post author

      The instructions here are for running an NTP server daemon on your Mac. To check if it’s working, see step 3 above.

      Reply
  5. Rahul

    Do we need to stop Apple’s time service before installing and running Open NTPD? Can we have two separate time services with single NIC?

    Reply
    1. Ben Software Post author

      macOS hasn’t had a built-in time server since 10.14. If you are running 10.13 or earlier, then you should use the one built into macOS; if you are running 10.14 or later then you will need to install one.

      It’s possible for two NTP servers to run on the same machine, but they would have to run on different ports, and there would be no advantage of running two side by side.

      Reply
  6. Rrahul

    Hi _Ben,
    Thanks for answers to previous queries.

    My apple machine is already connected to time.euro.apple time server and supposedly getting time from it. I installed NTPD based on your instructions (Mojave 10.14.6). Please see the output below:
    C:~ r1$ /usr/local/sbin/ntpctl -s all
    4/4 peers valid, clock synced, stratum 3

    peer
    wt tl st next poll offset delay jitter
    91.209.0.19 0.se.pool.ntp.org
    1 10 2 25s 32s 2.786ms 20.369ms 15.430ms
    81.170.175.117 1.se.pool.ntp.org
    1 10 2 8s 34s 10.249ms 35.251ms 33.962ms
    147.78.229.141 2.se.pool.ntp.org
    * 1 10 2 30s 32s 2.357ms 10.612ms 2.956ms
    193.182.111.14 3.se.pool.ntp.org
    1 10 2 15s 31s 0.419ms 11.334ms 8.164ms

    C:~ r1$ sntp 127.0.0.1
    sntp 4.2.8p10@1.3728-o Tue Mar 21 14:36:42 UTC 2017 (136.200.1~4588)
    2020-11-16 10:07:22.435507 (-0100) +0.00002 +/- 0.001026 127.0.0.1 s2 no-leap

    Looking at sntp output, it seems, it is not taking time from servers that I mentioned in net.conf file but seems to be getting time from some other server (may be Apple time).

    Reply
    1. Ben Software Post author

      I’m not sure why it’s listing those servers as peers, although there could be a reason for this that I’m not aware of. It does seem though that your installation was successful, and your NTP daemon is actually working.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *