[ntp:questions] Windows Time with NTPv4
martin.burnicki at meinberg.de
Thu Mar 13 08:56:45 UTC 2008
Evandro Menezes wrote:
> But doesn't symmetric association require authorization or is it only
> true when there's a keys file?
AFAIK peer associations do require authentication configured correctly.
> I ask because after following this thread, I noticed that NTP running
> on our NAS had three Windows XP systems as peers.
Do the Windows system run ntpd or w32time? If they run ntpd then
authentication could be configured correctly. I don't know how any version
of w32time could be configured to support NTP's symmetric keys or even
> Luckily, their
> jitter sucked and being themselves synchronized to the NAS they were
> never selected as references. Anyways, I removed the line disabling
> authorization and NTP didn't accept those systems as peers anymore,
> even though they still connect to the NAS using mode 1.
This seems to indicate that ntpd is running on the XP machines and has been
configured correctly with authentication.
Setting up peers requires that the admins of the involved machines are
willing to do so, since peers can ask the other peers to change their time.
Of course the admin of a NTP server does not want his NTP server's time be
changed just because some dumb client sends some packet asking to do so.
This is what happens with w32time which under certain conditions sends
"peer" requests instead of "client" requests. Since those w32time clients
have neither been configured nor authenticated as peers, the question is
how they should be handled by ntpd.
The default was that ntpd just dropped those requests, i.e. didn't send a
response at all, in which case the w32time clients were unable to
synchronize to the NTP server, unless they were reconfigured correctly to
send "client" requests.
The workaround in ntpd was to send normal "server" responses as it would do
for normal "client" requests, so those w32time clients are happy.
More information about the questions