[ntp:questions] Re: Audit program for scanning hosts for local time accuracy.

Richard B. Gilbert rgilbert88 at comcast.net
Wed Jan 25 16:18:53 UTC 2006

themeanies wrote:

> Richard B. Gilbert wrote:
>> I don't see how authentication enters into it!  Authentication 
>> requires configuring each host with keys that enable it to verify its 
>> own identity to others or verify the identity of others.  Any system 
>> running ntpd should reply, when properly queried, with the current 
>> time.   If you are going to use this time to set your own clock, you 
>> may wish to use authentication to verify the identity of the server 
>> you queried.  If you simply want to know what time a system has, then 
>> a simple query should return the time.
> I guess I didn't ask properly, maybe this is the wrong place.
> Maybe what I asked in my original posting was too broad to accomplish 
> in one fell swoop.  Let's break it down a little further.  Lets say I 
> have 500 Windows XP/2000 workstations.  200 are in a domain to which I 
> am an admin, the other 300 are not domain joined but I have access to 
> credentials.  If I have proper *windows* authentication there should 
> be a way to query the time on all these machines.  Maybe not via 
> (S)NTP but some windows mechanism.  I'm specifically looking to find 
> machines which are not syncing properly to my Time server or are not 
> set at all.
>> RFC compliant SNTP clients are NOT supposed to act as servers.  
>> Microsoft's implementation is broken in this regard so that any 
>> Windows 2000 or XP system running W32TIME will tell you what it 
>> thinks the time is.  I don't believe that earlier versions of Windows 
>> than W2K support this.
> My workstations should be configured to query an SNTP server via 
> w32time but I can't find any daemon running that would tell me what 
> it's local time is.  This is daytime TCPport13 we're describing right?
> Thanks for your help,
> tM

No, this is SNTP, port 123.   Can you run ntpdate on your server?  My 
server is a Sun Ultra 10 running Solaris 8.   Here's what I get when I 
query this PC.

sunblok_$ ntpdate -ud
25 Jan 11:10:00 ntpdate[5139]: ntpdate 4.2.0 at 1.1161-r Mon Jan  2 
21:53:02 EST 2006 (10)
Looking for host and service ntp
host found :
transmit( Server dropped: strata too high
server, port 123
stratum 16, precision -6, leap 11, trust 000
refid [], delay 0.04169, dispersion 0.00089
transmitted 4, in filter 4
reference time:    c7820cef.10000000  Wed, Jan 25 2006  9:42:55.062
originate timestamp: c7822158.a8000000  Wed, Jan 25 2006 11:10:00.656
transmit timestamp:  c7822158.8947e2b1  Wed, Jan 25 2006 11:10:00.536
filter delay:  0.04271  0.04172  0.04170  0.04169
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.122294 0.120959 0.120356 0.119775
         0.000000 0.000000 0.000000 0.000000
delay 0.04169, dispersion 0.00089
offset 0.119775

25 Jan 11:10:00 ntpdate[5139]: no server suitable for synchronization found

This PC is not joined to a domain; it's a standalone in my home.  It's 
running Windoze XP SP 1 and W32TIME.

ntpdate tells us the offset and that it's stratum is higher than that of 
the server.  I don't know if that delay figure is in seconds or 
milliseconds.   Either way it's satisfactory.

More information about the questions mailing list