On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
> catherine.wei1...@gmail.com wrote:
> > On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com
> > wrote:
> >> On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
> >>> catherine.wei1...@gmail.com wrote:
> >>>> I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
> >>>> commands which depend on ntpdc to ntpq since ntpdc has been depreciated
> >>>> in 4.8.1 version. And I met a problem.
> >>>>
> >>>> When I first set the keyid to 0, it said "Invalid key identifier", so I
> >>>> set it to 1, but it requires a MD5 Password. I don't quite understand
> >>>> how to get the keyid and password.
> >>>>
> >>>> Can you give me some advice? Appreciate your help very much.
> >>>>
> >>>>
> >>>> ~ # ntpq
> >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> >>>> Keyid: 0
> >>>> Invalid key identifier
> >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> >>>> Keyid: 1
> >>>> MD5 Password:
> >>>> ***Server disallowed request (authentication?)
> >>>> ntpq>
> >>>>
> >>>
> >>> Please see my reply to your other posting. Why do you post basically the
> >>> same question three times?
> >>>
> >>> Martin
> >>> --
> >>> Martin Burnicki
> >>>
> >>> Meinberg Funkuhren
> >>> Bad Pyrmont
> >>> Germany
> >>
> >> Hi,appreciate for your kind response. I've generate a file
> >> 1 MD5 P[G\;5Ob@[\[Ni4PJx3& # MD5 key
> >> 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
> >> 3 MD5 %(4%pM<~(8p[cn,,S/0N # MD5 key
> >> 4 MD5 TT_QA;=x*G$4p1-d"1;C # MD5 key
> >> 5 MD5 ml~KoJ*<`vM&7fxTeR.@ # MD5 key
> >> 6 MD5 +wc93d8[~tBRyzd<GL{L # MD5 key
> >> 7 MD5 _WMzU`YQpwN&?5TYJ^5i # MD5 key
> >> 8 MD5 ~1zzyA.9-fM[|>Zv|mpv # MD5 key
> >> 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
> >> 10 MD5 <>u;LcQ*cJ8{%yKo`z1? # MD5 key
> >> 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
> >> 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
> >> 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
> >> 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
> >> 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
> >> 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
> >> 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
> >> 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
> >> 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
> >> 20 SHA1 80515077771a9e6d5bb70d6985b236008d962f34 # SHA1 key
> >>
> >> I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file
> >> is like this:
> >>
> >> driftfile /etc/ntp.drift
> >> keys /etc/ntp.keys
> >> trustedkey 1 5
> >> controlkey 5
> >> restrict default ignore
> >> restrict 127.0.0.1
> >> broadcastdelay 0.008
> >> #6000000000s because we start at 1970
> >> tinker panic 6000000000
> >> restrict 3.cn.pool.ntp.org nomodify notrap
> >> server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
> >>
> >> However, when I run ntpq :
> >> ~ # ntpq
> >> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> >> Keyid: 5
> >> MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
> >> ***Server disallowed request (authentication?)
> >>
> >> I don't know why this happens? Do I need some other configurations? Thank
> >> you so much.
>
> Hm, that should work.
> Can you try it with a simple password first? E.g.:
>
> 1 MD5 passwd1
> 5 MD5 passwd5
>
> > By the way, how can I define the controlkey for ntpq. In my case, I just
> > define the controlkey to 5 randomly, is there any rule?
>
> AFAIK there is no rule. The keys file is just a list of passwords. If
> you have more than one machines running ntpd then every other machine
> may have a single, individual trusted key, each with index 1.
>
> If your local ntpd should talk to all the others then of course you
> can't add several keys with inde 1 in your local file, so you need to
> have a keys fle containing all the keys of the other servers, for time
> sync, plus the control key for your local ntpd. The number is just
> associated to the entry number of the keys file you are supplying to
> your local ntpd.
>
> This is very flexible, but you need to take care to get the keys and
> index/ID numbers right.
>
> The third column in /etc/ntp.keys is the password of MD5, right?
>
> Yes.
>
>
> Martin
> --
> Martin Burnicki
>
> Meinberg Funkuhren
> Bad Pyrmont
> Germany
Hi, thank you for your answer, I typed the wrong password. When I changed the
complicated password to a simple one say "mypassword" and I tested it again,
then authenticate passed, but it's strange why can I change the password ? As
it is generated by ntp md5 algorithm, if I change the password, then
authenticate should fail and the ntp server can't parse the new password in my
understanding.
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
