[ntp:questions] Configuring ntpd to use multiple NTP servers with authentication
Subhendu Malakar
deathholes at outlook.com
Fri Jun 5 13:16:41 UTC 2020
Hi all,
I’m trying to setup a system which connects to multiple NTP server with symmetric key authentication.
For testing, I’m creating my own NTP servers and client taking help from this link. https://access.redhat.com/solutions/393663
I’m using SHA1 as the type of authentication.
While I was able to connect to each NTP server, but when tried adding all of them in the ntp.conf file, it is connecting to only one of them, rest of them it is not at all connecting.
Looking at the “ntpq -c as” output, it shows auth as “bad” for the server which it is not able to connect. But I was able to connect to the same server in a single server setting.
ind assid status conf reach auth condition last_event cnt
===========================================================
1 49718 f65a yes yes ok sys.peer sys_peer 5
2 49719 c01c yes no bad reject 1
3 49720 c01c yes no bad reject 1
4 49721 903a yes yes none reject sys_peer 3
Also, looking at the “ntpq -p” output, I see that the refid is stuck at .INIT.
remote refid st t when poll reach delay offset jitter
==============================================================================
server1 216.239.35.4 2 u 55 64 377 0.560 78.660 1.358
*server2 .INIT. 16 u - 512 0 0.000 0.000 0.000
server3 .INIT. 16 u - 512 0 0.000 0.000 0.000
127.127.1.0 .LOCL. 11 l 57 64 377 0.000 0.000 0.000
ntpstat output:
synchronised to NTP server (server1) at stratum 3
time correct to within 123 ms
polling server every 64 s
content of ntp.conf:
#----------------------------------------------------
# DO NOT EDIT THIS FILE - it is machine generated
#----------------------------------------------------
# /etc/ntp.conf, configuration for ntpd
# Interface IP addresses to listen
interface listen xx.xx.xx.xx
# Drift file
driftfile /var/lib/ntp/drift
# Enable authentication
enable auth
# Restrictions
disable monitor
restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
restrict 127.0.0.1 # trust ourself
restrict ::1 # trust ourself
# Authenticated Server(s)
keys /etc/ntp/keys
server server1 iburst minpoll 3 key 1
server server2 iburst minpoll 3 key 2
server server3 iburst minpoll 3 key 3
# Specify the key identifiers which are trusted.
trustedkey 1 2 3
# Specify the key identifier to use with the ntpq utility.
controlkey 1
# Specify the key identifier to use with the ntpdc utility.
requestkey 1
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 11
So, my question here is how to configure ntpd to use multiple ntp servers with authentication (SHA-1 only).
Thanks,
Subhendu.
More information about the questions
mailing list