[ntp:questions] Re: Secure W32Time

Danny Mayer mayer at ntp.isc.org
Tue Mar 21 14:45:53 UTC 2006


Patrice Renard wrote:
> Dear Richard,
> 
> I received yesterday a mail with a possible solution to configure Autokey with the NTP version 4.2.0b (see http://ntp.isc.org/Support/ConfiguringAutokey).
> 
> But I have some troubles to configure Autokey on my Windows machine.
> 
> When I use the nt-keygen on my test server, it creates 2 files:  - C:\WINDOWS\system32\drivers\etc\ntpkey_cert_wdmcswxp001
>                                                                                            - C:\WINDOWS\system32\drivers\etc\ntpkey_host_wdmcswxp001
> Use the ntpd service this 2 files to transmit a secure NTP package to the public time servers? 
> I generate a crypto file from the website https://ntp.isc.org/crypto.php. The file size is 0KB and it contains nothing. Is that correct?
> 
> NTP.log file:
> 20 Mar 23:39:11 ntpd.exe[4412]: logging to file C:\Program Files\NTP\etc\ntp.log 
> 20 Mar 23:39:11 ntpd.exe[4412]: precision = 0.798 usec 
> 20 Mar 23:39:11 ntpd.exe[4412]: Listening on interface wildcard, 0.0.0.0#123 Disabled 
> 20 Mar 23:39:11 ntpd.exe[4412]: Listening on interface IP Interface 1, 192.168.1.135#123 Enabled 
> 20 Mar 23:39:11 ntpd.exe[4412]: Listening on interface Loopback Interface 2, 127.0.0.1#123 Enabled 
> 20 Mar 23:39:11 ntpd.exe[4412]: frequency initialized 10.211 PPM from C:\Program Files\NTP\etc\ntp.drift 
> 20 Mar 23:39:11 ntpd.exe[4412]: frequency initialized 10.211 PPM from C:\Program Files\NTP\etc\ntp.drift 
> 20 Mar 23:39:11 ntpd.exe[4412]: crypto_key error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
> 20 Mar 23:39:11 ntpd.exe[4412]: crypto_setup: host key file ntpkey_host_wdmcswxp001 not found or corrupt 20 Mar 23:39:11 ntpd.exe[4412]: The Network Time Protocol Service has stopped.
> 
> NTP.conf file:
> # NTP Network Time Protocol
> # Configuration File created by Windows Binary Distribution Installer Rev.: 1.16  mbg # please check http://www.ntp.org for additional documentation and background information crypto pw Cindy33Patrice keysdir "C:\Windows\System32\Drivers\etc"
> 
> 
> # Use drift file 
> driftfile "C:\Program Files\NTP\etc\ntp.drift"
> 
> # your local system clock, should be used as a backup
> # (this is only useful if you need to distribute time no matter how good or bad it is)
> #server 127.127.1.0
> # but it operates at a high stratum level to let the clients know and force them to
> # use any other timesource they may have.
> #fudge 127.127.1.0 stratum 12
> 
> # Use a NTP server from the ntp pool project (see http://www.pool.ntp.org)
> # Please note that you need at least four different servers to be at least protected against
> # one falseticker. If you only rely on internet time, it is highly recommended to add
> # additional servers here. 
> # The 'iburst' keyword speeds up initial synchronization, please check the documentation for more details!
>  server be.pool.ntp.org autokey
>  server nl.pool.ntp.org autokey
>  server fr.pool.ntp.org autokey
> 
> 
> # End of generated ntp.conf --- Please edit this to suite your needs
> 
> What's wrong with my configuration; Can you help me?
> 
> Greetz,
> 
> Patrice
>  

You are in an area that I haven't had a chance to get into due to lack
of time and other priorities. I don't know of anyone else doing this on
Windows yet.

Danny



More information about the questions mailing list