On Monday, March 2, 2015 at 1:03:47 PM UTC+8, catherin...@gmail.com wrote:
> On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
> > catherine.wei1...@gmail.com wrote:
> > > On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com
> > > wrote:
> > >> On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
> > >>> catherine.wei1...@gmail.com wrote:
> > >>>> I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
> > >>>> commands which depend on ntpdc to ntpq since ntpdc has been
> > >>>> depreciated in 4.8.1 version. And I met a problem.
> > >>>>
> > >>>> When I first set the keyid to 0, it said "Invalid key identifier", so
> > >>>> I set it to 1, but it requires a MD5 Password. I don't quite
> > >>>> understand how to get the keyid and password.
> > >>>>
> > >>>> Can you give me some advice? Appreciate your help very much.
> > >>>>
> > >>>>
> > >>>> ~ # ntpq
> > >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> > >>>> Keyid: 0
> > >>>> Invalid key identifier
> > >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> > >>>> Keyid: 1
> > >>>> MD5 Password:
> > >>>> ***Server disallowed request (authentication?)
> > >>>> ntpq>
> > >>>>
> > >>>
> > >>> Please see my reply to your other posting. Why do you post basically the
> > >>> same question three times?
> > >>>
> > >>> Martin
> > >>> --
> > >>> Martin Burnicki
> > >>>
> > >>> Meinberg Funkuhren
> > >>> Bad Pyrmont
> > >>> Germany
> > >>
> > >> Hi,appreciate for your kind response. I've generate a file
> > >> 1 MD5 P[G\;5Ob@[\[Ni4PJx3& # MD5 key
> > >> 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
> > >> 3 MD5 %(4%pM<~(8p[cn,,S/0N # MD5 key
> > >> 4 MD5 TT_QA;=x*G$4p1-d"1;C # MD5 key
> > >> 5 MD5 ml~KoJ*<`vM&7fxTeR.@ # MD5 key
> > >> 6 MD5 +wc93d8[~tBRyzd<GL{L # MD5 key
> > >> 7 MD5 _WMzU`YQpwN&?5TYJ^5i # MD5 key
> > >> 8 MD5 ~1zzyA.9-fM[|>Zv|mpv # MD5 key
> > >> 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
> > >> 10 MD5 <>u;LcQ*cJ8{%yKo`z1? # MD5 key
> > >> 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
> > >> 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
> > >> 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
> > >> 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
> > >> 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
> > >> 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
> > >> 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
> > >> 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
> > >> 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
> > >> 20 SHA1 80515077771a9e6d5bb70d6985b236008d962f34 # SHA1 key
> > >>
> > >> I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf
> > >> file is like this:
> > >>
> > >> driftfile /etc/ntp.drift
> > >> keys /etc/ntp.keys
> > >> trustedkey 1 5
> > >> controlkey 5
> > >> restrict default ignore
> > >> restrict 127.0.0.1
> > >> broadcastdelay 0.008
> > >> #6000000000s because we start at 1970
> > >> tinker panic 6000000000
> > >> restrict 3.cn.pool.ntp.org nomodify notrap
> > >> server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
> > >>
> > >> However, when I run ntpq :
> > >> ~ # ntpq
> > >> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> > >> Keyid: 5
> > >> MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
> > >> ***Server disallowed request (authentication?)
> > >>
> > >> I don't know why this happens? Do I need some other configurations?
> > >> Thank you so much.
> >
> > Hm, that should work.
> > Can you try it with a simple password first? E.g.:
> >
> > 1 MD5 passwd1
> > 5 MD5 passwd5
> >
> > > By the way, how can I define the controlkey for ntpq. In my case, I just
> > > define the controlkey to 5 randomly, is there any rule?
> >
> > AFAIK there is no rule. The keys file is just a list of passwords. If
> > you have more than one machines running ntpd then every other machine
> > may have a single, individual trusted key, each with index 1.
> >
> > If your local ntpd should talk to all the others then of course you
> > can't add several keys with inde 1 in your local file, so you need to
> > have a keys fle containing all the keys of the other servers, for time
> > sync, plus the control key for your local ntpd. The number is just
> > associated to the entry number of the keys file you are supplying to
> > your local ntpd.
> >
> > This is very flexible, but you need to take care to get the keys and
> > index/ID numbers right.
> >
> > The third column in /etc/ntp.keys is the password of MD5, right?
> >
> > Yes.
> >
> >
> > Martin
> > --
> > Martin Burnicki
> >
> > Meinberg Funkuhren
> > Bad Pyrmont
> > Germany
>
> Hi, thank you for your answer, I typed the wrong password. When I changed the
> complicated password to a simple one say "mypassword" and I tested it again,
> then authenticate passed, but it's strange why can I change the password ? As
> it is generated by ntp md5 algorithm, if I change the password, then
> authenticate should fail and the ntp server can't parse the new password in
> my understanding.
It seems that the authenticate just happens between ntpq and ntpd of localhost
and it's not related to remote ntp server, right ?
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
