[ntp:questions] [Fwd: Re: problems setting up IFF autokey]

Vince jhary at unsane.co.uk
Fri May 4 22:16:45 UTC 2007


For anyone interested i updated to the latest ntpd version in the 
freebsd ports tree (4.2.3p51) and unicast iff now seems to work with no 
config change so sorry for the noise. If i have any more problems once i 
switch to broadcast i'll probably be back though ;)

regards,
Vince

Vince wrote:
> Hi Dave,
> 	To be fair i hadnt noticed that, however today after setting the client
> clock with ntpdate I'm seeing
>
> [/usr/local/var/nfsen/profiles/live/upstream1](17:11:47)
> {root at prawn}#ntpq -c pe
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  paste.lon.names .AUTH.          16 u  569   64    0    0.000    0.000
> 4000.00
> [/usr/local/var/nfsen/profiles/live/upstream1](17:11:49)
> {root at prawn}#ntpq -c as
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 57580  e024   yes   yes   ok     reject   reachable  2
> [/usr/local/var/nfsen/profiles/live/upstream1](17:11:51)
> {root at prawn}#ntpq -c pe
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  paste.lon.names 193.39.78.2      3 u    1   64    1    0.307   -0.989
>  0.002
> [/usr/local/var/nfsen/profiles/live/upstream1](17:11:56)
> {root at prawn}#ntpq -c as
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 57580  c034   yes   yes   bad    reject   reachable  3
> [/usr/local/var/nfsen/profiles/live/upstream1](17:12:03)
> {root at prawn}#ntpq -c pe
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  paste.lon.names .AUTH.          16 u  693   64    0    0.000    0.000
> 4000.00
>
>
> and so on, jumping from auth ok to auth bad and back.
>
> I dont suppose their is an OReilly type book on ntp I could dig through?
> (couldnt find one when i looked)
>
>
> Thanks,
> Vince
>
> -------- Original Message --------
> Subject: Re: [ntp:questions] problems setting up IFF autokey
> Date: Thu, 03 May 2007 14:15:03 +0000
> From: mills at udel.edu
> Organization: University of Delaware
> To: questions at lists.ntp.isc.org
> Newsgroups: comp.protocols.time.ntp
> References: <4638B0BF.6090009 at unsane.co.uk>
>
> Vince,
>
> Did you notice the initial offset was over 200 s? After a few minutes
> NTP steps the time ans starts over. Maybe you didn't wait long enough.
>
> Dave
>
> Vince wrote:
>
>   
>> Hi all,
>> 	I'm trying to get autokey broadcast working using IFF. I've gone
>> through the guide at
>> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey but as yet havent
>>  had any joy. This being the case i thought I would go back to unicast
>> to test IFF autokey.
>> My current configs are:
>> server:
>> ---------------cut------------------------
>> restrict default nomodify notrap noquery
>> restrict 127.0.0.1
>>
>>
>> server 0.pool.ntp.org
>> server 1.pool.ntp.org
>> server 2.pool.ntp.org
>>
>>
>> driftfile /var/lib/ntp/drift
>> broadcastdelay  0.008
>>
>> crypto pw SECUREPASS
>> keysdir         /etc/ntp
>> restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap
>> ---------------cut------------------------
>>
>> Client:
>> ---------------cut------------------------
>> keysdir /etc/ntp
>> crypto pw GROUPPASS
>> driftfile /var/db/ntpd.drift
>>
>> server 192.168.10.222 autokey
>>
>> statsdir /etc/ntp/stats/
>> statistics cryptostats
>> ---------------cut------------------------
>>
>> I have the hostkeys and IFF keys created as per the instructions.
>>
>> After about 5 minute i get
>> [/etc/ntp](16:19:44)
>> {root at prawn}#ntpq -p
>>      remote           refid      st t when poll reach   delay   offset
>> jitter
>> ==============================================================================
>>  paste.lon.names 193.225.218.44   3 u   53   64    3    0.354  205748.
>>  0.003
>>
>> however after about a minute this changes to
>> [/etc/ntp](16:20:24)
>> {root at prawn}#ntpq -c pe
>>      remote           refid      st t when poll reach   delay   offset
>> jitter
>> ==============================================================================
>>  paste.lon.names .AUTH.          16 u   57   64    0    0.000    0.000
>> 4000.00
>> [/etc/ntp](16:21:03)
>> {root at prawn}#ntpq -c as
>> ind assID status  conf reach auth condition  last_event cnt
>> ===========================================================
>>   1 60228  f054   yes   yes   ok     reject   reachable  5
>>
>>
>> and it continues like this never giving me a condition of sys.peer,
>> sometimes with auth ok sometimes with auth bad.
>>
>> Any suggestions how i can take this further?
>> If its of any help, the OS of the server is Centos 4.4 while the client
>> is FreeBSD 7-CURRENT, the ntpd versions are 4.2.0a at 1.1190-r (server) and
>> 4.2.0-a (client)
>>
>> Thanks,
>> Vince
>> _______________________________________________
>> questions mailing list
>> questions at lists.ntp.isc.org
>> https://lists.ntp.isc.org/mailman/listinfo/questions
>>
>>     
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
>   




More information about the questions mailing list