On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote: > catherine.wei1...@gmail.com wrote: > > On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com > > wrote: > >> On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: > >>> catherine.wei1...@gmail.com wrote: > >>>> I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some > >>>> commands which depend on ntpdc to ntpq since ntpdc has been depreciated > >>>> in 4.8.1 version. And I met a problem. > >>>> > >>>> When I first set the keyid to 0, it said "Invalid key identifier", so I > >>>> set it to 1, but it requires a MD5 Password. I don't quite understand > >>>> how to get the keyid and password. > >>>> > >>>> Can you give me some advice? Appreciate your help very much. > >>>> > >>>> > >>>> ~ # ntpq > >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst > >>>> Keyid: 0 > >>>> Invalid key identifier > >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst > >>>> Keyid: 1 > >>>> MD5 Password: > >>>> ***Server disallowed request (authentication?) > >>>> ntpq> > >>>> > >>> > >>> Please see my reply to your other posting. Why do you post basically the > >>> same question three times? > >>> > >>> Martin > >>> -- > >>> Martin Burnicki > >>> > >>> Meinberg Funkuhren > >>> Bad Pyrmont > >>> Germany > >> > >> Hi,appreciate for your kind response. I've generate a file > >> 1 MD5 P[G\;5Ob@[\[Ni4PJx3& # MD5 key > >> 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key > >> 3 MD5 %(4%pM<~(8p[cn,,S/0N # MD5 key > >> 4 MD5 TT_QA;=x*G$4p1-d"1;C # MD5 key > >> 5 MD5 ml~KoJ*<`vM&7fxTeR.@ # MD5 key > >> 6 MD5 +wc93d8[~tBRyzd<GL{L # MD5 key > >> 7 MD5 _WMzU`YQpwN&?5TYJ^5i # MD5 key > >> 8 MD5 ~1zzyA.9-fM[|>Zv|mpv # MD5 key > >> 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key > >> 10 MD5 <>u;LcQ*cJ8{%yKo`z1? # MD5 key > >> 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key > >> 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key > >> 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key > >> 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key > >> 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key > >> 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key > >> 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key > >> 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key > >> 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key > >> 20 SHA1 80515077771a9e6d5bb70d6985b236008d962f34 # SHA1 key > >> > >> I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file > >> is like this: > >> > >> driftfile /etc/ntp.drift > >> keys /etc/ntp.keys > >> trustedkey 1 5 > >> controlkey 5 > >> restrict default ignore > >> restrict 127.0.0.1 > >> broadcastdelay 0.008 > >> #6000000000s because we start at 1970 > >> tinker panic 6000000000 > >> restrict 3.cn.pool.ntp.org nomodify notrap > >> server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 > >> > >> However, when I run ntpq : > >> ~ # ntpq > >> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst > >> Keyid: 5 > >> MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) > >> ***Server disallowed request (authentication?) > >> > >> I don't know why this happens? Do I need some other configurations? Thank > >> you so much. > > Hm, that should work. > Can you try it with a simple password first? E.g.: > > 1 MD5 passwd1 > 5 MD5 passwd5 > > > By the way, how can I define the controlkey for ntpq. In my case, I just > > define the controlkey to 5 randomly, is there any rule? > > AFAIK there is no rule. The keys file is just a list of passwords. If > you have more than one machines running ntpd then every other machine > may have a single, individual trusted key, each with index 1. > > If your local ntpd should talk to all the others then of course you > can't add several keys with inde 1 in your local file, so you need to > have a keys fle containing all the keys of the other servers, for time > sync, plus the control key for your local ntpd. The number is just > associated to the entry number of the keys file you are supplying to > your local ntpd. > > This is very flexible, but you need to take care to get the keys and > index/ID numbers right. > > The third column in /etc/ntp.keys is the password of MD5, right? > > Yes. > > > Martin > -- > Martin Burnicki > > Meinberg Funkuhren > Bad Pyrmont > Germany
Hi, thank you for your answer, I typed the wrong password. When I changed the complicated password to a simple one say "mypassword" and I tested it again, then authenticate passed, but it's strange why can I change the password ? As it is generated by ntp md5 algorithm, if I change the password, then authenticate should fail and the ntp server can't parse the new password in my understanding. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions