"Dennis Hilberg Jr" <[EMAIL PROTECTED]> wrote:
> On one instance I noticed that in the output of 'ntpq -p' one of my server's
> clients was flagged with the '+'. notrust under version 4.2 and later now
> means "Ignore all NTP packets that are not cryptographically authenticated"
> instead of the 4.1 and earlier versions where it meant "Don't trust this
> host/subnet for time." How do I specify with version 4.2 and later that I
> only want the five server entries in the ntp.conf to be trusted for
> synchronization? Or is this automatic, and that particular 'ntpq -p' output
> a fluke?
'nopeer' should prevent a client establishing a symmetric-passive
association on your server, so the ntp.conf you show in your later
message should be working. Post the output of 'ntpq -p' showing
your client listed (with or without '+') and 'ntpq -classoc',
and 'ntpq "-crv nnn"' where nnn is the number of the association
(assID) for your client in the lassoc output.
Hmm, "ntpdc -ncreslist" will show the active restrictions, so check
that matches your ntp.conf.
--
Ronan Flood <[EMAIL PROTECTED]>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
