On Monday, March 2, 2015 at 1:03:47 PM UTC+8, catherin...@gmail.com wrote: > On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote: > > catherine.wei1...@gmail.com wrote: > > > On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com > > > wrote: > > >> On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: > > >>> catherine.wei1...@gmail.com wrote: > > >>>> I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some > > >>>> commands which depend on ntpdc to ntpq since ntpdc has been > > >>>> depreciated in 4.8.1 version. And I met a problem. > > >>>> > > >>>> When I first set the keyid to 0, it said "Invalid key identifier", so > > >>>> I set it to 1, but it requires a MD5 Password. I don't quite > > >>>> understand how to get the keyid and password. > > >>>> > > >>>> Can you give me some advice? Appreciate your help very much. > > >>>> > > >>>> > > >>>> ~ # ntpq > > >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst > > >>>> Keyid: 0 > > >>>> Invalid key identifier > > >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst > > >>>> Keyid: 1 > > >>>> MD5 Password: > > >>>> ***Server disallowed request (authentication?) > > >>>> ntpq> > > >>>> > > >>> > > >>> Please see my reply to your other posting. Why do you post basically the > > >>> same question three times? > > >>> > > >>> Martin > > >>> -- > > >>> Martin Burnicki > > >>> > > >>> Meinberg Funkuhren > > >>> Bad Pyrmont > > >>> Germany > > >> > > >> Hi,appreciate for your kind response. I've generate a file > > >> 1 MD5 P[G\;5Ob@[\[Ni4PJx3& # MD5 key > > >> 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key > > >> 3 MD5 %(4%pM<~(8p[cn,,S/0N # MD5 key > > >> 4 MD5 TT_QA;=x*G$4p1-d"1;C # MD5 key > > >> 5 MD5 ml~KoJ*<`vM&7fxTeR.@ # MD5 key > > >> 6 MD5 +wc93d8[~tBRyzd<GL{L # MD5 key > > >> 7 MD5 _WMzU`YQpwN&?5TYJ^5i # MD5 key > > >> 8 MD5 ~1zzyA.9-fM[|>Zv|mpv # MD5 key > > >> 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key > > >> 10 MD5 <>u;LcQ*cJ8{%yKo`z1? # MD5 key > > >> 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key > > >> 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key > > >> 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key > > >> 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key > > >> 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key > > >> 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key > > >> 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key > > >> 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key > > >> 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key > > >> 20 SHA1 80515077771a9e6d5bb70d6985b236008d962f34 # SHA1 key > > >> > > >> I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf > > >> file is like this: > > >> > > >> driftfile /etc/ntp.drift > > >> keys /etc/ntp.keys > > >> trustedkey 1 5 > > >> controlkey 5 > > >> restrict default ignore > > >> restrict 127.0.0.1 > > >> broadcastdelay 0.008 > > >> #6000000000s because we start at 1970 > > >> tinker panic 6000000000 > > >> restrict 3.cn.pool.ntp.org nomodify notrap > > >> server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 > > >> > > >> However, when I run ntpq : > > >> ~ # ntpq > > >> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst > > >> Keyid: 5 > > >> MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) > > >> ***Server disallowed request (authentication?) > > >> > > >> I don't know why this happens? Do I need some other configurations? > > >> Thank you so much. > > > > Hm, that should work. > > Can you try it with a simple password first? E.g.: > > > > 1 MD5 passwd1 > > 5 MD5 passwd5 > > > > > By the way, how can I define the controlkey for ntpq. In my case, I just > > > define the controlkey to 5 randomly, is there any rule? > > > > AFAIK there is no rule. The keys file is just a list of passwords. If > > you have more than one machines running ntpd then every other machine > > may have a single, individual trusted key, each with index 1. > > > > If your local ntpd should talk to all the others then of course you > > can't add several keys with inde 1 in your local file, so you need to > > have a keys fle containing all the keys of the other servers, for time > > sync, plus the control key for your local ntpd. The number is just > > associated to the entry number of the keys file you are supplying to > > your local ntpd. > > > > This is very flexible, but you need to take care to get the keys and > > index/ID numbers right. > > > > The third column in /etc/ntp.keys is the password of MD5, right? > > > > Yes. > > > > > > Martin > > -- > > Martin Burnicki > > > > Meinberg Funkuhren > > Bad Pyrmont > > Germany > > Hi, thank you for your answer, I typed the wrong password. When I changed the > complicated password to a simple one say "mypassword" and I tested it again, > then authenticate passed, but it's strange why can I change the password ? As > it is generated by ntp md5 algorithm, if I change the password, then > authenticate should fail and the ntp server can't parse the new password in > my understanding.
It seems that the authenticate just happens between ntpq and ntpd of localhost and it's not related to remote ntp server, right ? _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions