[ntp:questions] Re: symmetric-active mode (peer) and autokey

Steve Kostecke kostecke at ntp.isc.org
Wed Feb 8 14:42:10 UTC 2006


On 2006-02-08, Peter Pramberger <peter.pramberger at 1012surf.net> wrote:

> Steve Kostecke schrieb:
>
>> I've run into a bit of difficulty after restarting both peered ntpds:
>> peer1 is reporting some sort of autokey problem and peer2 just
>> doesn't accept peer1 at all.

I've sorted out the peer autokey problem mentioned above. Both peers are
reporting "flash=00 ok, flags=0x83f21" for their end of the association.

The problem was that peer1 had been added to another trust group before
the restart which "broke" things. Removing peer1 from the second trust
group solved the problem.

I guess this would be a good time to test with the latest ntp-dev
snap-shot.

> Same here: The leapseconds file is loaded, the exchange starts, but as
> soon as the "leap" line appears in the cryptostats, ntpd writes the
> "fatal error" to syslog and the state of the peer changes to .CRYP.,
> the other keeps staying in .INIT.

I have both peers running with the the leap seconds file loaded.

After the initial negotiation all indicators were OK for a few minutes.
They both reported "flash=00 ok, flags=0x87f23" for their peer
association and 'ntpq -p' looked OK. Then both peers started showing
various errors in (e.g. .CRYP. / .AUTO. / .DROP. and so on in 'ntpq -p')

> Any errors in your syslog?

Nothing in the syslog since my ntpd are not compiled with debug support.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list