[ntp:questions] Re: symmetric-active mode (peer) and autokey

Peter Pramberger peter.pramberger at 1012surf.net
Wed Feb 8 08:16:45 UTC 2006


Steve Kostecke schrieb:
> I've run into a bit of difficulty after restarting both peered ntpds:
> peer1 is reporting some sort of autokey problem and peer2 just doesn't
> accept peer1 at all.
> 
> steve at peer1:~$ ntpq -c"rv 38948 flash,flags"      
> assID=38948 status=f054 reach, conf, auth, 5 events, event_reach,
> flash=200 bad_autokey, flags=0x82721
> 
> steve at peer1:~$ ntpq -c"rv 25060 flash,flags" peer2
> assID=25060 status=e043 unreach, conf, auth, 4 events, event_unreach,
> flash=600 bad_autokey, not_proventic, flags=0x80021
> 
> FWIW: I've made several attempts at regenerating fresh keys on both
> peers (i.e. wiped the keysdir, used 'ntp-keygen -T -I -p password',
> exported the IFFkeys, etc.) to no avail.

Same here: The leapseconds file is loaded, the exchange starts, but as soon as
the "leap" line appears in the cryptostats, ntpd writes the "fatal error" to
syslog and the state of the peer changes to .CRYP., the other keeps staying in
.INIT.

--------------------------------------------------------------------------
53774 28220.189 ntpkey_RSAkey_ntp-test01.3348226237 mod 512
53774 28220.192 ntpkey_IFFpar_ntp-test01.3348226237 mod 384
53774 28220.193 ntpkey_RSA-MD5cert_ntp-test01.3348226237 0x2 len 372
53774 28220.193 ntpkey_leap link 23 fs 3331497600 offset 33
53774 28221.160 refresh ts 0
53774 28230.335 172.20.79.25 flags 0x80023 host ntp-test02 signature
md5WithRSAEncryption
53774 28235.178 update ts 3348373835
53774 28301.407 update ts 3348373901
53774 28301.407 172.20.79.25 cert ntp-test02 0x3 md5WithRSAEncryption (8) fs
3348226289
53774 28302.235 ntpkey_IFFpar_ntp-test01.3348226237 mod 384
53774 28302.398 172.20.79.25 iff fs 3348226237
53774 28302.398 172.20.79.25 cook b8db0c7b ts 3348373902 fs 3348226289
53774 28303.398 update ts 3348373903
53774 28303.399 172.20.79.25 sign ntp-test02 0x3 md5WithRSAEncryption (8) fs
3348226237
53774 28303.399 172.20.79.25 auto seq 98 key 9af3297d ts 3348373903 fs 3348373902
53774 28368.480 172.20.79.25 leap 96 ts 3348373902 fs 3331497600
53774 28625.727 172.20.79.25 flags 0x80023 host ntp-test02 signature
md5WithRSAEncryption
53774 28626.728 update ts 3348374226
53774 28626.729 172.20.79.25 cert ntp-test02 0x3 md5WithRSAEncryption (8) fs
3348226289
53774 28627.539 ntpkey_IFFpar_ntp-test01.3348226237 mod 384
53774 28627.730 172.20.79.25 iff fs 3348226237
53774 28628.729 update ts 3348374228
53774 28628.729 172.20.79.25 sign ntp-test02 0x3 md5WithRSAEncryption (8) fs
3348226237
53774 28628.729 172.20.79.25 cook 40d15394 ts 3348374228 fs 3348226289
53774 28694.762 172.20.79.25 auto seq 98 key dec04072 ts 3348374294 fs 3348374228
--------------------------------------------------------------------------

--------------------------------------------------------------------------
53774 28226.397 ntpkey_RSAkey_ntp-test02.3348226289 mod 512
53774 28226.397 ntpkey_IFFpar_ntp-test01.3348226237 mod 384
53774 28226.398 ntpkey_RSA-MD5cert_ntp-test02.3348226289 0x2 len 372
53774 28226.398 ntpkey_leap link 23 fs 3331497600 offset 33
53774 28227.382 refresh ts 0
53774 28231.220 172.20.79.24 flags 0x80023 host ntp-test01 signature
md5WithRSAEncryption
53774 28236.217 172.20.79.24 cert ntp-test01 0x3 md5WithRSAEncryption (8) fs
3348226237
53774 28236.391 ntpkey_IFFpar_ntp-test01.3348226237 mod 384
53774 28237.219 172.20.79.24 iff fs 3348226237
53774 28238.267 172.20.79.24 auto seq 98 key b15c8796 ts 3348373836 fs 3348373835
53774 28241.400 update ts 3348373841
53774 28302.276 update ts 3348373902
53774 28302.276 172.20.79.24 sign ntp-test01 0x3 md5WithRSAEncryption (8) fs
3348226289
53774 28303.282 172.20.79.24 cook b8db0c7b ts 3348373903 fs 3348373901
53774 28368.304 172.20.79.24 auto seq 98 key 8b3047ba ts 3348373903 fs 3348373901
53774 28625.509 172.20.79.24 flags 0x80023 host ntp-test01 signature
md5WithRSAEncryption
53774 28626.513 update ts 3348374226
53774 28626.513 172.20.79.24 cert ntp-test01 0x3 md5WithRSAEncryption (8) fs
3348226237
53774 28626.699 ntpkey_IFFpar_ntp-test01.3348226237 mod 384
53774 28627.514 172.20.79.24 iff fs 3348226237
53774 28628.518 update ts 3348374228
53774 28628.518 172.20.79.24 sign ntp-test01 0x3 md5WithRSAEncryption (8) fs
3348226289
53774 28629.520 172.20.79.24 cook 40d15394 ts 3348374229 fs 3348374228
53774 28629.520 172.20.79.24 auto seq 98 key 3e782fec ts 3348374229 fs 3348374228
53774 28695.605 172.20.79.24 leap 96 ts 3348374228 fs 3331497600
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Feb  8 08:53:53 ntp-test01 ntpd[1956]: receive: fatal error 608 for 172.20.79.25
--------------------------------------------------------------------------

According to ntpd/ntp_proto.c the fatal error is caused by flag TEST4 set.

Without the leapseonds file (on both peers), ntpd is running as expected. This
also happens with the last stable version of ntp (stable-4.2.0a-20060127).

Any errors in your syslog?


Regards,
Peter




More information about the questions mailing list