[ntp:questions] ntp-keygen IFF
David Mills
mills at udel.edu
Mon Jun 15 17:55:55 UTC 2009
Grzegorz,
You didn't say whether that message came from the client or the server.
I assume you are running in client/server mode and that NTP works when
not authenticated or even as a sanity check whether it works with
symmetric key cryptography. We have been running it here in several
machines with no trouble at all.
You will need to look in the protostats file for both client and server
when not authenticated to see what the steps are in mobilizing and
starting up. The same steps should occur with IFF. Then look in the
cryptostats file for the events leading up to the error report. That
will tell you the state the client is in at the error. When it gets to
the error, use ntpq to show the billboards for the client and verify the
certificate trail, status word and cookie are present. Finally, you may
need to turn on the debug trace and see what happens during the initial
start.
Sorry I can't be more specific; you may need to do a little more digging.
Dave
Grzegorz Daniluk wrote:
>Hi again,
>I have one more question. In which situations I can get the
>protocol_error in cryptostats file ? I read in the documentation that
>this means 'The protocol state machine has wedged due to unexpected
>restart.' However, what does it mean ? In which situations could this
>happen ?
>I'm trying to force ntp-dev-4.2.5p179 to work with IFF crypto scheme.
>Key generation with ntp-keygen looks OK, both keys and certificates are
>loaded by ntp but the communication does not work.
>
>Thank you very much for your help,
>Best Regards,
>Grzegorz Daniluk
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>
>
More information about the questions
mailing list