Kevin Golder wrote:
I have configured a server and client using autokey w/ the IFF identity
scheme. I'm trying to prohibit my server from responding to any client
that is not using autokey and part of my trusted group. I have the
following two "restrict" lines in my ntp.conf file of the server to try
and do so.
restrict default ignore
restrict 10.10.0.0 mask 255.255.0.0 autokey
my server IP is 10.10.128.2
my client IP is 10.10.11.100
I thought adding the autokey option to the above restrict line should do
the trick but the server won't respond to any clients now whether
they're in the trusted group or not. Am I going about not responding to
non-autokey clients correctly?
Thanks,
Kevin
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
Authentication is intended to authenticate the server to the client;
that is the server proves its identity by "signing" the packets it sends
using the agreed upon encryption key.
If you only want to serve certain clients, you need to discriminate by
IP address. Like this:
restrict default noquery # block all queries
restrict 192.168.1.0 mask 255.255.255.0 #allow queries from the local
network.
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
