[ntp:questions] NTP not syncing

Steve Kostecke kostecke at ntp.org
Mon Nov 25 18:20:34 UTC 2013


On 2013-11-25, Antonio Marcheselli <puppa at me.la> wrote:

>> 'restrict 192.168.1.10' sets a null restriction set for that address.
>> IOW it removes all restrictions.
>
> I had a look at the 'restrict' parameters; the line I have is
>
> restrict 130.1.1.1 mask 255.255.255.0 nomodify
>
> which I understand prevents 130.1.1.1 from modifying the NTP 
> configuration, is that correct?

'nomodify' blocks the use of ntpq / ntpdc remote configuration commands.
'nomodify' does not prevent someone sending the time to your ntpd. 

'restrict 130.1.1.1 nomodify' replaces the default restriction with
'nomodify' for 130.1.1.1

FWIW ... NTP remote configuration is not possible unless one of the
following conditions are met:

1. ntpd is started with the command-line option which disabled
authentication

or

2. ntp.conf contains the configuration directive to disable authenticate

or

3. the non-trivial symmetric key configuration is correctly completed
_and_ the remote user possesses the correct authentication credentials

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/



More information about the questions mailing list