[ntp:questions] problems setting up IFF autokey
Steve Kostecke
kostecke at ntp.isc.org
Fri May 4 21:56:29 UTC 2007
On 2007-05-02, Vince <jhary at unsane.co.uk> wrote:
> I'm trying to get autokey broadcast working
> using IFF. I've gone through the guide at
> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey but as yet
> havent had any joy.
Are you positive you performed all of the correct steps? Was any of it
confusing?
If you want to refer the the Distribution documentation take a look at:
http://www.eecis.udel.edu/~mills/ntp/html/authopt.html
> I have the hostkeys and IFF keys created as per the instructions.
What is in /etc/ntp on the "server" and the "client"?
> paste.lon.names .AUTH. 16 u 57 64 0 0.000 0.000 4000.00
.AUTH. == "Server authentication failed. Please wait while the
association is restarted."
(see http://www.ee.udel.edu/~mills/ntp/html/debug.html)
> {root at prawn}#ntpq -c as
>===========================================================
> 1 60228 f054 yes yes ok reject reachable 5
The association status billboard is not the most informative tool that
you can use.
I'd take a look in cryptostats for any messages that indicate some sort
of error.
ntpq -crv will show you information such as what certs are loaded.
On the client:
1. Use ntpq -cas to find the AssnID for the server
2. Use ntpq -c"rv AssnID" and look at the flash and flags values. You'll
find the flag definitions in ./include/ntp_crypto.h in the NTP source
--
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
More information about the questions
mailing list