[ntp:questions] how to use restrict to refuse the clients which have no shared-keys

Jun Hu duanshuidao at hotmail.com
Thu Jul 25 04:02:29 UTC 2013




Hi Guys:

ip addr
ntp server  192.168.100.239
client A: 192.168.100.167
client B:192.168.100.195

ntp server's conf
---------------------------------------------------------------------------
ntp.conf    :

server 127.127.1.0        # local clock (LCL)
driftfile /var/lib/ntp/drift/ntp.drift # path for drift file
logfile   /var/log/ntp        # alternate log file

restrict  192.168.100.195 
keys /etc/ntp.keys        # path for keys file
trustedkey 4 15                 # define trusted keys
requestkey 15              # key (7) for accessing server variables
controlkey 15             # key (6) for accessing server variables


ntp.keys :
 
4   m    Changeme_123
15  M    Changeme_234
--------------------------------------------------------------------------


client A:
--------------------------------------------------------------------------
ntp.conf:

server 192.168.100.239 prefer  key 15
driftfile /var/lib/ntp/drift/ntp.drift # path for drift file
logfile   /var/log/ntp        # alternate log file
keys /etc/ntp.keys        # path for keys file
trustedkey 4 15            # define trusted keys
requestkey 15            # key (7) for accessing server variables


ntp.keys
 
4   m    Changeme_123
15  M    Changeme_234
--------------------------------------------------------------------------

client B:
--------------------------------------------------------------------------
ntp.conf:

server 192.168.100.239  
driftfile /var/lib/ntp/drift/ntp.drift # path for drift file
logfile   /var/log/ntp        # alternate log file
 
no ntp.keys file
 
--------------------------------------------------------------------------


after each host run ntpd , I found  the client B  still can normally  sync time with ntp server ,same with client A.  why ? 

my ntp version is  4.2.4 ,  how to use restrict to refuse the clients which have no shared-keys ? what I will do ? 





 
 		 	   		  


More information about the questions mailing list