Hi, I am currently trying to run the ntp autokey protocol with the Trusted Certificate identity scheme.
I use 3 systems (serverT1, server2,server3) all running ntp-4.2.4p6 on windows 2003. ##### 1)The stratum 1 system , serverT1 is trusted. ##### ntp.conf of serverT1: driftfile "d:\appli\NTP\ntp.drift" keysdir "D:\appli\ntp\etc" crypto server 127.127.1.0 fudge 127.127.1.0 stratum 1 #end of ntp.conf ServerT1 is trusted. I run on serverT1 the following ntp-keygen command: ntp-keygen -T ntpq returns the following informations: ntpq> rv assID=0 status=0544 leap_none, sync_local_proto, 4 events, event_peer/strat_chg, version="ntpd 4.2....@vegas-v2-o Jan 12 15:27:46 (UTC+01:00) 2009 (4)", processor="unknown", system="WINDOWS/NT", leap=00, stratum=2, precision=-20, rootdelay=0.000, rootdispersion=11.370, peer=60933, refid=LOCAL(0), reftime=cd34294d.ecd4a22c Wed, Feb 4 2009 14:48:45.925, poll=10, clock=cd34296b.49445fe5 Wed, Feb 4 2009 14:49:15.286, state=4, offset=0.000, frequency=0.000, jitter=0.001, noise=0.001, stability=0.000, hostname="serverT1", signature="md5WithRSAEncryption", flags=0x80001, update=200902041304, tai=0, cert="serverT1 serverT1 0x1", expire=201001281615 ntpq> rv 60933 assID=60933 status=9614 reach, conf, sel_sys.peer, 1 event, event_reach, srcadr=LOCAL(0), srcport=123, dstadr=127.0.0.1, dstport=123, leap=00, stratum=1, precision=-20, rootdelay=0.000, rootdispersion=10.000, refid=LOCL, reach=377, unreach=0, hmode=3, pmode=4, hpoll=6, ppoll=10, flash=00 ok, keyid=0, ttl=0, offset=0.000, delay=0.000, dispersion=0.942, jitter=0.001, reftime=cd3432f2.ecd4e67b Wed, Feb 4 2009 15:29:54.925, org=cd3432f2.ecd4e67b Wed, Feb 4 2009 15:29:54.925, rec=cd3432f2.ecd50a41 Wed, Feb 4 2009 15:29:54.925, xmt=cd3432f2.ecd4c6eb Wed, Feb 4 2009 15:29:54.925, filtdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00, filtoffset= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00, filtdisp= 0.00 0.98 1.97 2.91 3.90 4.88 5.84 6.83 ##### 2) serveur server2 is not trusted , synchronization is successful with serverT1 ###### ntp.conf of server2: keysdir "D:\appli\ntp\etc" crypto server serverT1 autokey iburst #end of ntp.conf Server2 is not trusted. I run on server2 the following ntp-keygen command: ntp-keygen The synchronization with serverT1 is OK. I get the following ntpq informations: ntpq> rv 25408 assID=25408 status=f614 reach, conf, auth, sel_sys.peer, 1 event, event_reach, srcadr=serverT1, srcport=123, dstadr=192.168.1.20, dstport=123, leap=00, stratum=2, precision=-20, rootdelay=0.000, rootdispersion=11.780, refid=LOCAL(0), reach=377, unreach=0, hmode=3, pmode=4, hpoll=8, ppoll=8, flash=00 ok, keyid=2530961316, ttl=0, offset=-5.406, delay=0.538, dispersion=7.295, jitter=7.284, reftime=cd342132.ec945c28 Wed, Feb 4 2009 14:14:10.924, org=cd34216b.6a7954cf Wed, Feb 4 2009 14:15:07.415, rec=cd34216b.6bed4439 Wed, Feb 4 2009 14:15:07.421, xmt=cd34216b.6bc631af Wed, Feb 4 2009 14:15:07.420, filtdelay= 0.54 0.73 0.62 24.35 0.54 0.57 0.50 0.51, filtoffset= -5.41 -3.59 2.06 5.67 1.19 0.93 3.51 4.64, filtdisp= 0.00 3.86 7.68 11.51 15.35 19.17 23.01 24.96, hostname="serverT1", signature="md5WithRSAEncryption", flags=0x83f01, trust="serverT1" ntpq> rv assID=0 status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg, version="ntpd 4.2....@vegas-v2-o Jan 12 15:27:46 (UTC+01:00) 2009 (4)", processor="unknown", system="WINDOWS/NT", leap=00, stratum=3, precision=-18, rootdelay=0.373, rootdispersion=36.531, peer=25408, refid=192.168.1.1, reftime=cd342770.7be454cf Wed, Feb 4 2009 14:40:48.483, poll=9, clock=cd3428e6.49fff906 Wed, Feb 4 2009 14:47:02.289, state=4, offset=-10.760, frequency=20.908, jitter=4.156, noise=10.913, stability=0.048, hostname="server2", signature="md5WithRSAEncryption", flags=0x80001, update=200902041308, tai=0, cert="serverT1 serverT1 0x7", expire=201001281615, cert="server2 server2 0x2", expire=201002041023 ###### 3) server3 is not trusted and should synchronize with server2 ###### ntp.conf of server3 keysdir "D:\appli\ntp\etc" crypto server server2 autokey iburst prefer #end of ntp.conf Server3 is not trusted. I run on server3 the following ntp-keygen command: ntp-keygen server3 does not synchronize with server2 ntpq gives the following informations: ntpq> rv 50257 assID=50257 status=e000 unreach, conf, auth, no events, srcadr=server2, srcport=123, dstadr=192.168.2.11, dstport=123, leap=00, stratum=3, precision=-18, rootdelay=0.519, rootdispersion=32.700, refid=192.168.1.1, reach=000, unreach=27, hmode=3, pmode=4, hpoll=10, ppoll=9, flash=80 pkt_autokey, keyid=1380897353, ttl=0, offset=0.000, delay=0.000, dispersion=15937.500, jitter=0.000, reftime=cd3417e7.59d3f4e0 Wed, Feb 4 2009 13:34:31.350, org=cd34186d.a8e79f46 Wed, Feb 4 2009 13:36:45.659, rec=cd34186d.95b2f617 Wed, Feb 4 2009 13:36:45.584, xmt=cd34186d.954f37dd Wed, Feb 4 2009 13:36:45.583, filtdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00, filtoffset= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00, filtdisp= 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0, hostname="server2", signature="md5WithRSAEncryption", flags=0x80001, trust="server2" ntpq> rv assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart, version="ntpd 4.2....@vegas-v2-o Jan 12 15:27:46 (UTC+01:00) 2009 (4)", processor="unknown", system="WINDOWS/NT", leap=11, stratum=16, precision=-18, rootdelay=0.000, rootdispersion=64.065, peer=0, refid=INIT, reftime=00000000.00000000 Thu, Feb 7 2036 6:28:16.000, poll=6, clock=cd342253.1a895515 Wed, Feb 4 2009 14:18:59.103, state=1, offset=0.000, frequency=16.562, jitter=0.004, noise=0.004, stability=0.000, hostname="server3", signature="md5WithRSAEncryption", flags=0x80001, update=203602070628, tai=0, cert="server2 server2 0x2", expire=201002041023, cert="server3 server3 0x2", expire=201002041058 Could you tell me if my use of autokey with trusted certificate identity scheme is correct? Do you see something wrong? Thanks for your help. Alain BARTHOLOMÉ _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
