[ntp:questions] problems setting up IFF autokey

mills at udel.edu mills at udel.edu
Thu May 3 14:15:03 UTC 2007


Vince,

Did you notice the initial offset was over 200 s? After a few minutes 
NTP steps the time ans starts over. Maybe you didn't wait long enough.

Dave

Vince wrote:

> Hi all,
> 	I'm trying to get autokey broadcast working using IFF. I've gone
> through the guide at
> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey but as yet havent
>  had any joy. This being the case i thought I would go back to unicast
> to test IFF autokey.
> My current configs are:
> server:
> ---------------cut------------------------
> restrict default nomodify notrap noquery
> restrict 127.0.0.1
> 
> 
> server 0.pool.ntp.org
> server 1.pool.ntp.org
> server 2.pool.ntp.org
> 
> 
> driftfile /var/lib/ntp/drift
> broadcastdelay  0.008
> 
> crypto pw SECUREPASS
> keysdir         /etc/ntp
> restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap
> ---------------cut------------------------
> 
> Client:
> ---------------cut------------------------
> keysdir /etc/ntp
> crypto pw GROUPPASS
> driftfile /var/db/ntpd.drift
> 
> server 192.168.10.222 autokey
> 
> statsdir /etc/ntp/stats/
> statistics cryptostats
> ---------------cut------------------------
> 
> I have the hostkeys and IFF keys created as per the instructions.
> 
> After about 5 minute i get
> [/etc/ntp](16:19:44)
> {root at prawn}#ntpq -p
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  paste.lon.names 193.225.218.44   3 u   53   64    3    0.354  205748.
>  0.003
> 
> however after about a minute this changes to
> [/etc/ntp](16:20:24)
> {root at prawn}#ntpq -c pe
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  paste.lon.names .AUTH.          16 u   57   64    0    0.000    0.000
> 4000.00
> [/etc/ntp](16:21:03)
> {root at prawn}#ntpq -c as
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 60228  f054   yes   yes   ok     reject   reachable  5
> 
> 
> and it continues like this never giving me a condition of sys.peer,
> sometimes with auth ok sometimes with auth bad.
> 
> Any suggestions how i can take this further?
> If its of any help, the OS of the server is Centos 4.4 while the client
> is FreeBSD 7-CURRENT, the ntpd versions are 4.2.0a at 1.1190-r (server) and
> 4.2.0-a (client)
> 
> Thanks,
> Vince
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> 




More information about the questions mailing list