Hi all, I has wroted a documentation for Autokey+IFF, but in French...sorry
http://archi.laurent.perso.neuf.fr/Autokey-IFF.xhtml And i known it's not easy, but i has never a problem similar at you. And the mode "debug" is really better in the beginning, for memory : --> /usr/sbin/ntpd -c /etc/ntp/ntp.conf -D2 (or -D <=10) --> look too, the many flags for autokey, it's important too (for me), or just this, there are many example here : http://archi.laurent.perso.neuf.fr/Autokey-IFF.xhtml#d4e336 an example : *ntpq> pstatus 20454* associd=20454 status=f43a conf, authenb, auth, reach, sel_candidate, 3 events, sys_peer, srcadr=portable.archi.amt, srcport=123, dstadr=192.168.1.11, dstport=123, leap=00, stratum=3, precision=-20, rootdelay=67.993, rootdisp=48.798, refid=81.19.16.225, reftime=ceb89d87.c51dbd30 Thu, Nov 26 2009 7:24:07.769, rec=ceb89e4e.50c6730f Thu, Nov 26 2009 7:27:26.315, reach=377, unreach=0, hmode=3, pmode=4, hpoll=7, ppoll=7, headway=138, flash=00 ok, keyid=3927447286, offset=1.931, delay=1.526, dispersion=5.404, jitter=0.898, xleave=0.044, filtdelay= 5.55 1.79 1.53 1.55 3.36 1.53 1.53 1.54, filtoffset= -0.07 1.73 1.78 1.68 2.62 1.93 2.30 2.88, filtdisp= 0.00 2.03 3.05 4.08 5.07 6.09 7.11 8.15, host="GR1", flags=0x87f21, signature="md5WithRSAEncryption" Best regards 2010/10/18 Dave Hart <[email protected]> > On Sun, Oct 17, 2010 at 03:43 UTC, Joe Smithian <[email protected]> > wrote: > > I've compiled ntp-4.2.6p2 from the source code with crypto, openssl and > > autokey enabled on CentOS 5.4 platform. I've configured my CentOS 5.4 > client > > to use Autokey but it doesn't sync as you can see below. > > What I see looks normal, given your configuration. Linux > distributions in particular seem to include the local clock driver > 127.127.1.0 ill-advisedly, and you are the latest victim. You have > instructed both your client and autokey server to freewheel using the > PC's clock while claiming to be synchronized. Unless some other > software is disciplining that clock outside of ntpd, you probably > don't want that. > > > Authentication is OK but it rejects the trusted server. > > Right, so if you remove 127.127.1.0 from the client's configuration, > it should sync to its single remaining source. > > > I've done the same configuration using > > ntp-4.2.4p5 on an old RedHat 7.2 machine and it syncs to the same trusted > > server. So I guess the problem might be in the new version of NTP. > > There was a three-year-long development process between 4.2.4 and > 4.2.6 stable releases. During that time, autokey was substantially > updated. Configurations that worked with 4.2.4 may not work with > 4.2.6 without change. > > Good luck, > Dave Hart > _______________________________________________ > questions mailing list > [email protected] > http://lists.ntp.org/listinfo/questions > -- ----~o00o-----//{ ´°`(_)´°` }\\-----o00o~------ Laurent Archambault Under Linux _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
