[ntp:questions] ntp authentication problems
Bernhard Dobbels
bdobbels at isabel.be
Mon Aug 4 11:20:47 UTC 2003
I have two stratum 1 servers and 10 stratum 2 servers. There should
exist authentication between the peers and also between the stratum 2
and 1 servers.
I'll start with using MD5, but in the end would like to use Autokey
protocol.
I always get the error 'Transmit: no encryption key found', while
updates with ntpdate and encryption do work.
Some details of the setup:
Config server:
# *** LAN TIME ***
# NTP.CONF for GPS167 with UNI ERLANGEN(do not modify)
pps /dev/refclock-0 assert hardpps # PPS device
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 11 # local stratum
server 127.127.8.0 mode 135 prefer # Meinberg GPS OCXO UNI Erlangen PPS
server 127.127.22.0 # ATOM (PPS)
fudge 127.127.22.0 flag3 1 # enable PPS API
enable stats
statsdir /var/log/
statistics loopstats
driftfile /etc/ntp.drift
authenticate yes
keys /etc/ntp/keys
trustedkey 1
logfile /var/log/ntpd.log
Config client:
server 192.168.151.16 key 1 prefer # stratum 1 server cik
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 12
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate yes
keys /etc/ntp/keys
logfile /var/log/ntp/ntp.log
statsdir /var/log/ntp/
statistics loopstats
statistics peerstats
statistics rawstats
Keys file /etc/ntp/keys (mode 600) on both server and client:
1 M ~rfi%=?/PN2pgu&z # MD5 key
3 M ;f4Bz02]s%v{TQxt # MD5 key
Ntpdate:
/usr/sbin/ntpdate -dddd -s -a 1 -k /etc/ntp/keys -b -p 1 -u 192.168.151.16 >ntpdate.log
receive: rpkt keyid=1 sys_authkey=1 decrypt=1
receive: authentication passed
offset: 0.003616, delay 0.00069
transmit(192.168.151.16)
server 192.168.151.16, port 123
stratum 1, precision -18, leap 00, trust 000
refid [PPS], delay 0.02631, dispersion 0.00000
transmitted 1, in filter 1
reference time: c2d8be1a.bb3892ee Mon, Aug 4 2003 13:12:26.731
originate timestamp: c2d8be2a.c8694034 Mon, Aug 4 2003 13:12:42.782
transmit timestamp: c2d8be2a.c750f40e Mon, Aug 4 2003 13:12:42.778
filter delay: 0.02631 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.003616 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.02631, dispersion 0.00000
offset 0.003616
Logfile on Client:
4 Aug 12:54:25 ntpd[887]: running as uid(38)/gid(38) euid(38)/egid(38).
4 Aug 12:54:38 ntpd[887]: transmit: no encryption key found
4 Aug 12:57:39 ntpd[887]: kernel time discipline status change 41
I do not understand why authentication for ntpdate works and not for
ntpd. Any suggestions are welcome.
If someone could explain to me how to use autokey (generate keys), I would be gratefull. (and yes, I've read most of the docs about it.)
Bernhard Dobbels
Network engineer.
More information about the questions
mailing list