[ntp:questions] Possible error with autokey documentation

Adam Chou adam.chou at gmail.com
Mon Aug 4 15:10:43 UTC 2014


On Sunday, August 3, 2014 8:54:43 PM UTC-6, Harlan Stenn wrote:
> Adam Chou writes:
> 
> > First off, I'm not entirely certain if it's a problem with the documentation 
> 
> > or just the way I'm implementing IFF autokey.
> 
> > 
> 
> > I'm running RHEL 6.3 x86_64 with ntpd 4.2.4p8
> 
> 
> 
> That is Really Old Software.  Many changes and improvements have been
> 
> made to how things work since then.

Oh, I intend to upgrade to a newer version ASAP. Unfortunately, my current contract requires me to complete with the current version of ntpd. Once this contract is up, I'm intend to upgrade it.
> 
> 
> 
> > The issue I'm having is in this section: https://support.ntp.org/bin/view/Sup
> 
> > port/ConfiguringAutokeyFourTwoFour#Section_6.8.3.4.1.
> 
> > 
> 
> > Specifically, the section that says:
> 
> > 
> 
> > "You must create an ntpkey_iff_client sym-link to activate IFF. You
> 
> > may set this sym-link to point to any file in the keysdir. Such as:
> 
> > 
> 
> > ln -s ntpkey_host_client ntpkey_iff_client"
> 
> > 
> 
> > I can't find any mention about needing to do that in the man page for
> 
> > ntp-keygen. Furthermore, when I create the symlink, my cryptostats
> 
> > shows:
> 
> > 
> 
> > "error 10e opcode 82070000"
> 
> > 
> 
> > running ntpd -D4 displays:
> 
> > "peer x.x.x.x event 'bad_or_missing_group_key' (0x10e) status 'unreach, conf,
> 
> >  auth, 1 event, event_14' (0xe01e)"
> 
> > 
> 
> > Needless to say, my client isn't able to get time from the
> 
> > server. However, when I remove that symlink, time syncs correctly.
> 
> > Since the wiki page seems pretty assertive on needing that symlink,
> 
> > I'm not sure if I did something wrong or if it is actually an issue
> 
> > with that symlink. But even if I did do something wrong, the
> 
> > documentation doesn't mention a use case where that symlink will break
> 
> > ntp.
> 
> > 
> 
> > btw, sorry I didn't post more info. This system is on a network not
> 
> > connected to the Internet. I have to type out everything.
> 
> 
> 
> You might get more information if you crank up the debugging level a bit.
> 
> 
> 
> Can you get support from RH for your problem?

Sorry, I probably wasn't very clear with what I was asking for. I've got it working now so I don't really need help with that. I was more curious to see if someone might be able to confirm my experience and/or explain why the documentation isn't entirely correct. If anything, I think what should be updated is the documentation on the support site.

> 
> -- 
> 
> Harlan Stenn <stenn at ntp.org>
> 
> http://networktimefoundation.org - be a member!



More information about the questions mailing list