On Mon, Jul 18, 2011 at 10:39, Danny Thomas <[email protected]> wrote: > We've got a RedLion industrial controller which uses SNTP but > doesn't seem to receive a response from either an AD domain > controller or from ntpd 4.2.7p136 on linux. > > tcpdump shows the packets arriving but no response is sent. > > I'm not sure of the best way to debug this so tried > root@kolanut# /opt/ntp/bin/ntpd -g -D 100 2>&1 | grep 10.24.33.98 > read_network_packet: fd=23 length 52 from 10.24.33.98 > receive: at 1 130.102.2.123<-10.24.33.98 flags 19 restrict 190 > receive: at 1 130.102.2.123<-10.24.33.98 mode 3 keyid 00000000 len 52 auth 3 > > Nearly all the fields are ignored, so what's causing ntpd > not to respond ? Key ID ?, stratum of 0 as KOD ?
After reviewing the ntp_proto.c spots that can generate the output ending in "keyid 00000000 len 52 auth 3", it appears the problem is the request is authenticated with a 4-byte MAC (len 52 rather than the typical 48) which ntpd can't authenticate (meaning the key ID is unrecognized, or recognized but doesn't generate the same MAC value as given in the request). I would look at disabling authenticated NTP in the RedLion configuration, or configuring it correctly in RedLion and ntpd so the MAC authenticates correctly. Cheers, Dave Hart _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
