Martin, Yes, this scenario is included in the online documentation.
Dave Martin Burnicki wrote: >Steve Kostecke wrote: > > >>On 2009-02-10, Danny Mayer <ma...@ntp.isc.org> wrote: >> >> >>>Steve Kostecke wrote: >>>[---=| Quote block shrinked by t-prot: 24 lines snipped |=---] >>> >>> >>> >>>>>server3 does not synchronize with server2 >>>>> >>>>> >>>>The problem here is that you want to operate _two_ trust groups: >>>> >>>>server2 trusts serverT1 >>>>server3 trusts server2 >>>> >>>>Server3 needs to be able to trust server2. Try regenerating the >>>>paramters on server2 using '-T'. >>>> >>>> >>>My understanding from what Dave has said is that the newer versions of >>>the development branch supports multiple trust groups. >>> >>> >>You missed the point. The OP has set up a _chain_ of two trust groups. >>This is not a problem with one ntpd serving multiple trust groups. >> >>The server for the second trust group needs to have a trusted cert so >>that it will be trused by its client. >> >> > >This is an interesting setup, but should not be very uncommon. > >Has anyone *tried* to configure autokey so that a machine is a client which >uses one certificate for his upstream server, and additionally acts as a >server who provides its own certificate to its clients? > >This setup should also be mentioned in >http://support.ntp.org/Support/ConfiguringAutokey > >Martin > > _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
