Maybe I'm misunderstanding the output of 'ntpq -p'. When I use this command, a large list is printed to the screen (sometimes 60 or more entries in length), of which, the first five of the entries are the servers I have listed in my ntp.conf and the rest I'm assuming are clients, or systems using my server's clock as a synchronization source. Am I correct on that? Most of the time those five servers are the ones that have +, -, or * next to them. Of those five, there's always a * and usually two +. On occasion though, some of the systems in the 'ntpq -p' output OTHER than my five servers have a + next to them. Is this normal, based on my ntp.conf? My concern is that my server might be using systems other than the five I have listed in my ntp.conf as a synchronization source. Perhaps I should have worded my initial post this way, as some replies indicate that I might have failed to explain my situation properly.
Here is my ntp.conf again: # Default restriction. restrict default kod nomodify notrap nopeer noquery # Allow free access to localhost. restrict 127.0.0.1 # Allow the local network access with the following modified restrictions. restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer # Synchronization servers. Include at least three, but no more than five. server bigben.cac.washington.edu iburst server montpelier.ilan.caltech.edu iburst server tick.ucla.edu iburst server clock.xmission.com iburst server clepsydra.dec.com iburst # Drift file location driftfile /etc/ntp/drift # Location of the log file logfile /var/log/ntp/ntp.log # NTP monitoring parameters statsdir /var/log/ntp/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # Authentication parameters #keys /etc/ntp/keys #trustedkey 2 3 4 #controlkey 3 # To access the ntpq utility #requestkey 2 # To access the ntpdc utility Thanks for all the help. Dennis. "Ronan Flood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] | "Dennis Hilberg Jr" <[EMAIL PROTECTED]> wrote: | | > On one instance I noticed that in the output of 'ntpq -p' one of my server's | > clients was flagged with the '+'. notrust under version 4.2 and later now | > means "Ignore all NTP packets that are not cryptographically authenticated" | > instead of the 4.1 and earlier versions where it meant "Don't trust this | > host/subnet for time." How do I specify with version 4.2 and later that I | > only want the five server entries in the ntp.conf to be trusted for | > synchronization? Or is this automatic, and that particular 'ntpq -p' output | > a fluke? | | 'nopeer' should prevent a client establishing a symmetric-passive | association on your server, so the ntp.conf you show in your later | message should be working. Post the output of 'ntpq -p' showing | your client listed (with or without '+') and 'ntpq -classoc', | and 'ntpq "-crv nnn"' where nnn is the number of the association | (assID) for your client in the lassoc output. | | Hmm, "ntpdc -ncreslist" will show the active restrictions, so check | that matches your ntp.conf. | | -- | Ronan Flood <[EMAIL PROTECTED]> | working for but not speaking for | Network Services, University of London Computer Centre | (which means: don't bother ULCC if I've said something you don't like) _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
