[ntp:questions] problems setting up IFF autokey

Vince jhary at unsane.co.uk
Wed May 2 15:39:43 UTC 2007


Hi all,
	I'm trying to get autokey broadcast working using IFF. I've gone
through the guide at
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey but as yet havent
 had any joy. This being the case i thought I would go back to unicast
to test IFF autokey.
My current configs are:
server:
---------------cut------------------------
restrict default nomodify notrap noquery
restrict 127.0.0.1


server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org


driftfile /var/lib/ntp/drift
broadcastdelay  0.008

crypto pw SECUREPASS
keysdir         /etc/ntp
restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap
---------------cut------------------------

Client:
---------------cut------------------------
keysdir /etc/ntp
crypto pw GROUPPASS
driftfile /var/db/ntpd.drift

server 192.168.10.222 autokey

statsdir /etc/ntp/stats/
statistics cryptostats
---------------cut------------------------

I have the hostkeys and IFF keys created as per the instructions.

After about 5 minute i get
[/etc/ntp](16:19:44)
{root at prawn}#ntpq -p
     remote           refid      st t when poll reach   delay   offset
jitter
==============================================================================
 paste.lon.names 193.225.218.44   3 u   53   64    3    0.354  205748.
 0.003

however after about a minute this changes to
[/etc/ntp](16:20:24)
{root at prawn}#ntpq -c pe
     remote           refid      st t when poll reach   delay   offset
jitter
==============================================================================
 paste.lon.names .AUTH.          16 u   57   64    0    0.000    0.000
4000.00
[/etc/ntp](16:21:03)
{root at prawn}#ntpq -c as
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 60228  f054   yes   yes   ok     reject   reachable  5


and it continues like this never giving me a condition of sys.peer,
sometimes with auth ok sometimes with auth bad.

Any suggestions how i can take this further?
If its of any help, the OS of the server is Centos 4.4 while the client
is FreeBSD 7-CURRENT, the ntpd versions are 4.2.0a at 1.1190-r (server) and
4.2.0-a (client)

Thanks,
Vince



More information about the questions mailing list