[ntp:questions] ntp-keygen IFF

David Mills mills at udel.edu
Mon Jun 15 17:55:55 UTC 2009


You didn't say whether that message came from the client or the server. 
I assume you are running in client/server mode and that NTP works when 
not authenticated or even as a sanity check whether it works with 
symmetric key cryptography. We have been running it here in several 
machines with no trouble at all.

You will need to look in the protostats file for both client and server 
when not authenticated to see what the steps are in mobilizing and 
starting up. The same steps should occur with IFF. Then look in the 
cryptostats file for the events leading up to the error report. That 
will tell you the state the client is in at the error. When it gets to 
the error, use ntpq to show the billboards for the client and verify the 
certificate trail, status word and cookie are present. Finally, you may 
need to turn on the debug trace and see what happens during the initial 

Sorry I can't be more specific; you may need to do a little more digging.


Grzegorz Daniluk wrote:

>Hi again,
>I have one more question. In which situations I can get the 
>protocol_error in cryptostats file ? I read in the documentation that 
>this means 'The protocol state machine has wedged due to unexpected 
>restart.' However, what does it mean ? In which situations could this 
>happen ?
>I'm trying to force ntp-dev-4.2.5p179 to work with IFF crypto scheme. 
>Key generation with ntp-keygen looks OK, both keys and certificates are 
>loaded by ntp but the communication does not work.
>Thank you very much for your help,
>Best Regards,
>Grzegorz Daniluk
>questions mailing list
>questions at lists.ntp.org

More information about the questions mailing list