I downloaded the development version of NTP (4.2.5p158), I installed it on all the systems, I kept the certificates and the same configuration (except the logconfig line of ntp.conf) especially one trusted system. It works. The synchronization of server3 occurred quite quickly. I am quite worried about the release version... Thanks for your help. Alain BARTHOLOMÉ
-----Message d'origine----- De : [email protected] [mailto:[email protected]] De la part de Martin Burnicki Envoyé : mardi 10 février 2009 10:17 À : [email protected] Objet : Re: [ntp:questions] Problem using ntp autokey with the trusted certificate identity scheme Steve Kostecke wrote: > On 2009-02-10, Danny Mayer <[email protected]> wrote: >> Steve Kostecke wrote: >> [---=| Quote block shrinked by t-prot: 24 lines snipped |=---] >> >>>> server3 does not synchronize with server2 >>> >>> The problem here is that you want to operate _two_ trust groups: >>> >>> server2 trusts serverT1 >>> server3 trusts server2 >>> >>> Server3 needs to be able to trust server2. Try regenerating the >>> paramters on server2 using '-T'. >> >> My understanding from what Dave has said is that the newer versions of >> the development branch supports multiple trust groups. > > You missed the point. The OP has set up a _chain_ of two trust groups. > This is not a problem with one ntpd serving multiple trust groups. > > The server for the second trust group needs to have a trusted cert so > that it will be trused by its client. This is an interesting setup, but should not be very uncommon. Has anyone *tried* to configure autokey so that a machine is a client which uses one certificate for his upstream server, and additionally acts as a server who provides its own certificate to its clients? This setup should also be mentioned in http://support.ntp.org/Support/ConfiguringAutokey Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
