[ntp:questions] problems setting up IFF autokey

Steve Kostecke kostecke at ntp.isc.org
Fri May 4 21:56:29 UTC 2007


On 2007-05-02, Vince <jhary at unsane.co.uk> wrote:

> I'm trying to get autokey broadcast working
> using IFF. I've gone through the guide at
> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey but as yet
> havent had any joy.

Are you positive you performed all of the correct steps? Was any of it
confusing?

If you want to refer the the Distribution documentation take a look at:

http://www.eecis.udel.edu/~mills/ntp/html/authopt.html

> I have the hostkeys and IFF keys created as per the instructions.

What is in /etc/ntp on the "server" and the "client"?

>  paste.lon.names .AUTH. 16 u   57   64    0    0.000    0.000 4000.00

.AUTH. == "Server authentication failed. Please wait while the
association is restarted."

(see http://www.ee.udel.edu/~mills/ntp/html/debug.html)

> {root at prawn}#ntpq -c as
>===========================================================
>   1 60228  f054   yes   yes   ok     reject   reachable  5

The association status billboard is not the most informative tool that
you can use.

I'd take a look in cryptostats for any messages that indicate some sort
of error.

ntpq -crv will show you information such as what certs are loaded.

On the client:

1. Use ntpq -cas to find the AssnID for the server
2. Use ntpq -c"rv AssnID" and look at the flash and flags values. You'll
find the flag definitions in ./include/ntp_crypto.h in the NTP source

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list