[ntp:questions] NTP with Authkey working only when ntpd started as root??

Mike Toler mike.toler at prodeasystems.com
Thu Aug 23 17:28:20 UTC 2007


I have several blades in a server that need to timesync off of another
server.

I've setup the authkey information correctly and if I start the ntpd on
the client blade WITHOUT using the authkey code, it starts up and syncs
with the time server no matter how I start the daemon (i.e. start as
root from command line, or start as ntp:ntp from redhat init.d).

When I add the "authkey" tag for the server in the ntp.conf file, and
start as root, everything works fine.  The client authenticates with the
server,  "ntpq -c lpeer" shows low jitter and eventually, the "ntpq -c
as" shows the status of "sys.peer".

But if I let the redhat daemon controller start he process (or if I
start it by hand with "-u ntp:ntp"), it never syncs up.  I see the
following when I add in the "-d" command line options (IPs changed to
mask the guilty :-)

Using Wireshark, the IFF Ack message from the Server arrives back to the
client machine (i.e. I see it on the interface) but it never gets back
to the process itself.

-------Failing logs:
transmit: at 5 198.31.0.75->198.25.2.152 mode 3 keyid 786fa071 len 96
mac 20 index 96
crypto_key: ntpkey_IFFkey_netcool2.lab.ps.net.3396785815 mod 384
crypto_xmit: ext offset 48 len 48 code 207 assocID 0
transmit: at 7 198.31.0.75->198.25.2.152 mode 3 keyid 7be93dd3 len 96
mac 20 index 95
crypto_key: ntpkey_IFFkey_netcool2.lab.ps.net.3396785815 mod 384
crypto_xmit: ext offset 48 len 48 code 207 assocID 0
transmit: at 9 198.31.0.75->198.25.2.152 mode 3 keyid 025ef1ee len 96
mac 20 index 94

-------Passing logs:
When I start as root, I see a response to the transmit and sycning
occurs.
transmit: at 5 198.31.0.75->198.25.2.152 mode 3 keyid 062b23a1 len 96
mac 20 index 96
receive: at 5 198.31.0.75<-198.25.2.152 mode 4 code 1 keyid 062b23a1 len
184 mac 20 auth 1
crypto_recv: flags 0x80121 ext offset 48 len 136 code 8207 assocID 0
crypto_recv: iff fs 3396785815
peer 198.25.2.152 event 'event_reach' (0x84) status 'unreach, conf,
auth, 1 event, event_reach' (0xe014)
clock_filter: popcorn 0.024733 0.000075
crypto_xmit: ext offset 48 len 96 code 203 assocID 0

I'm not sure if this is a configuration problem with NTP (such as having
run the ntp-keygen command as root?) or if it's something on my system.

Any help would be greatly appreciated.


Michael Toler
System Test Engineer
Prodea Systems, Inc.
214-278-1834 (office)
972-816-7790 (mobile)




This message is confidential to Prodea Systems, Inc unless otherwise indicated 
or apparent from its nature. This message is directed to the intended recipient 
only, who may be readily determined by the sender of this message and its 
contents. If the reader of this message is not the intended recipient, or an 
employee or agent responsible for delivering this message to the intended 
recipient:(a)any dissemination or copying of this message is strictly 
prohibited; and(b)immediately notify the sender by return message and destroy 
any copies of this message in any form(electronic, paper or otherwise) that you 
have.The delivery of this message and its information is neither intended to be 
nor constitutes a disclosure or waiver of any trade secrets, intellectual 
property, attorney work product, or attorney-client communications. The 
authority of the individual sending this message to legally bind Prodea Systems  
is neither apparent nor implied,and must be independently verified.


More information about the questions mailing list