Hi,
Checked out the indicated page. I've included both my server and client
configs below, for it is still not working. On both sides the key generation
goes without error, i used GQ keys, not sure why they just looked right for
my situation. To recap i've got a local ntp server that services my lan
which is a mixture of unix and windows clients, the ntp server polls the
internet and the lan syncs up to it. Right now i'm using only unix, i want
to get this going before i add windows in to this. On the client, a freebsd6
box i add the key with:
ntp-keygen -H -p clientpassword
Should i make the clientpassword the same as serverpassword?
In my client log i see:
Nov 21 20:17:07 zeus ntpd[92140]: ntpd 4.2.0-a Thu Nov 10 21:05:26 EST 2005
(1)
Nov 21 20:17:07 zeus ntpd[92140]: bind() fd 11, family 2, port 123, addr
192.168.0.3, in_classd=0 flags=8 fails: Address already in use
This is after a stop and start of ntpd. Checking with /etc/rc.d/ntpd i see
that ntpd is indeed running with a new pid. An ntpq shows:
remote refid st t when poll reach delay offset
jitter
==============================================================================
guardian.daveme .INIT. 16 u - 512 0 0.000 0.000
4000.00
Serverside everything seems fine, when i stop and start ntpd it doesn't have
any trouble syncing up to the net, do i have an issue with clientside ntpd
or is this a fluke error? Also, should i be doing keys or multicast/unicast
autokeys? I'm not sure what those are.
Thanks.
Dave.
server ntp.conf:
#
# authentication key setup
crypto pw serverpassword
keysdir /etc/ntp
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
server time.cair.du.edu prefer
server time.nist.gov
server timekeeper.isi.edu
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/ntp.drift
# first ignore all ntp packets from everywhere
restrict default ignore
# now prevent the public servers from querying me
restrict 130.253.1.169 mask 255.255.255.0 noquery # du
restrict 192.43.244.18 mask 255.255.255.0 noquery # time.nist.gov
restrict 128.9.176.30 mask 255.255.255.0 noquery # timekeeper.isi.edu
# Only our subnet can use us s a server.
# no peer associations between machines are made,
# notrust tells ntpd to serve time to machines that have a known key
restrict 192.168.0.0 mask 255.255.255.0 nopeer notrust nomodify
# Allow unrestricted access to the localhost
restrict 127.0.0.1
client ntp.conf:
#
# authentication key setup
crypto pw serverpassword
keysdir /etc/ntp
server guardian.xxx iburst
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/ntp.drift
# ignore all packets from everywhere
restrict default ignore
# any ntp packets must be authenticated
restrict 192.168.0.254 notrust
# localhost ntp packets are accepted unconditionally
restrict 127.0.0.1
"Danny Mayer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Dave wrote:
>> Hello,
>> I'm having an issue with authentication setup and would appreciate it
>> if
>> anyone had a tutorial on this issue. I thought i had it when i updated,
>> but
>> i just did an ntp install on windows xp, started the service without
>> thinking and it updated the clock. This box did not have any keys set up.
>> Obviously i'm doing something wrong. I'm also wondering the status of
>> ntpdate is it still recommended to use it? When my boxes start they sync
>> up
>> with the local time server on my network, i'm wondering if using ntpdate
>> or
>> the iburst option on the server line in ntp.conf which is the prefered
>> approach?
>> Thanks.
>> Dave.
>>
> ntpdate makes no sense on a Windows box. You should use the -g during
> startup and iburst on the server lines. Authentication needs to be set
> up and is never automatic. You need to generate the keys on the server
> and copy them over to the Windows client. Did you look at:
> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey
> to see how to set up authentication?
>
> Danny
> _______________________________________________
> questions mailing list
> [email protected]
> https://lists.ntp.isc.org/mailman/listinfo/questions
>
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
