On Monday, December 5, 2005 at 14:25:37 +0000, Steve Kostecke wrote: > The correct sym-link for client members of an NTP Trust Group is > ln -s ntpkey_IFFkey_server.XXXXXXXXXX ntpkey_iff_server
Without an ntpkey_iff_Client on Client to activate IFF scheme negociation, I get succesfull TC authentication. > This has worked on every NTP Trust Group client member that I've ever > set up. What is the best way to know for sure which scheme is in use? Could you please check: | $ ntpq -p Client | remote refid st t when poll reach delay offset jitter | ============================================================================== | *Server .DCF. 1 u 990 1024 377 2.291 1.078 0.056 | | $ ntpq -c rv Client | assID=0 status=4654 leap_add_sec, sync_ntp, 5 events, event_peer/strat_chg, | version="ntpd [EMAIL PROTECTED] Oct 19 14:18:48 (UTC+02:00) 2005 (3)", | processor="unknown", system="WINDOWS/NT", leap=01, stratum=2, | precision=-17, rootdelay=2.291, rootdispersion=47.807, peer=25165, | refid=192.168.7.10, | reftime=c73ff06c.dba53b7d Tue, Dec 6 2005 12:11:40.857, poll=10, | clock=c73ff84b.98778541 Tue, Dec 6 2005 12:45:15.595, state=4, | offset=1.078, frequency=-20.771, jitter=0.083, noise=0.350, | stability=0.013, hostname="Client", signature="md5WithRSAEncryption", | flags=0x80003, update=200511060130, leapsec=200506280000, tai=32, | cert="Client Server 0x6", expire=200611060128, cert="Server Server 0x7", | expire=200610111252, cert="Client Client 0x6", expire=200611052220 | | $ ntpq -c as Client | ind assID status conf reach auth condition last_event cnt | =========================================================== | 1 25165 f624 yes yes ok sys.peer reachable 2 | | $ ntpq -c "rv 25165" Client | assID=25165 status=f624 reach, conf, auth, sel_sys.peer, 2 events, event_reach, | srcadr=Server, srcport=123, dstadr=192.168.7.12, dstport=123, leap=01, | stratum=1, precision=-18, rootdelay=0.000, rootdispersion=1.617, | refid=DCF, reach=377, unreach=0, hmode=3, pmode=4, hpoll=10, ppoll=10, | flash=00 ok, keyid=561218861, ttl=0, offset=1.078, delay=2.291, | dispersion=18.661, jitter=0.056, | reftime=c73ff45f.a0d20969 Tue, Dec 6 2005 12:28:31.628, | org=c73ff46d.4f4e0543 Tue, Dec 6 2005 12:28:45.309, | rec=c73ff46d.4f5659c3 Tue, Dec 6 2005 12:28:45.309, | xmt=c73ff46d.4ea5dbe4 Tue, Dec 6 2005 12:28:45.307, | filtdelay= 2.30 2.29 2.30 1.59 1.58 1.58 2.29 2.25, | filtoffset= 1.02 1.08 1.00 0.68 0.75 0.75 1.09 1.02, | filtdisp= 0.01 15.36 30.70 46.09 61.45 76.83 92.22 107.56, | hostname="Server", signature="md5WithRSAEncryption", flags=0x87f03, | trust="Server" | | $ cat //Client/ntpstats/cryptostats.20051205 | 53709 80480.680 192.168.7.10 newpeer 25165 | 53709 80482.495 ntpkey_RSAkey_Client.3342810008 mod 512 | 53709 80482.504 ntpkey_RSA-MD5cert_Client.3342810008 0x0 len 309 | 53709 80482.539 update ts 3342810082 | 53709 80482.540 refresh ts 3342810082 | 53709 80484.398 192.168.7.10 flags 0x80003 host Server signature md5WithRSAEncryption | 53709 80486.418 update ts 3342810086 | 53709 80486.420 192.168.7.10 cert Server 0x7 md5WithRSAEncryption (8) fs 3340702253 | 53709 80488.410 192.168.7.10 cook 37fe7690 ts 3342810088 fs 3342755357 | 53709 80490.573 update ts 3342810090 | 53709 80490.573 192.168.7.10 sign Server 0x6 md5WithRSAEncryption (8) fs 3342810008 | 53709 80492.444 update ts 3342810092 | 53709 80492.445 192.168.7.10 leap 96 ts 3342755357 fs 3331497600 | 53709 80529.449 update ts 3342810129 | | $ ls -l //Client/c\$/Program\ Files/NTP/etc/ntp.keysdir/ | total 3 | -rw-r--r-- 1 Administ None 538 Dec 5 23:20 ntpkey_cert_Client | -rw-r--r-- 1 Administ None 616 Dec 5 23:20 ntpkey_host_Client | -rw-r--r-- 1 Administ None 507 Dec 5 23:15 ntpkey_iff_Server To me, this clearly looks like TC scheme. Serge. -- Serge point Bets arobase laposte point net _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
