Re: [ntp:questions] different parameters for sntp between sles12 and sels11?
On 2015-11-23 02:47, Keshav B wrote: On SLES 12, I ran a '/usr/sbin/sntp -P no -r xx.xx.xx.xx' command to sync my system clock with the ntp server, it returned '/usr/sbin/sntp: illegal option -- P'. The version of sntp is Ver. 4.2.8p4 While the same command work well on SLES11(version of sntp is Ver. 4.2.6). Could anybody having any knowledge how to resolve this in SLES 12? Please provide me the alternate way to use this -P option in SLES 12?? No such option in the new program - you were disabling prompting anyway. New equivalent of old -r is -S - you can now also use -s and -M # to slew and/or step. The old program was Nick McLaren's stand alone sntp, the new one uses NTP code. Compare old http://doc.ntp.org/4.2.6p5/sntp.html and new https://www.eecis.udel.edu/~mills/ntp/html/sntp.html docs. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] different parameters for sntp between sles12 and sels11?
Hi Team, On SLES 12, I ran a '/usr/sbin/sntp -P no -r xx.xx.xx.xx' command to sync my system clock with the ntp server, it returned '/usr/sbin/sntp: illegal option -- P'. The version of sntp is Ver. 4.2.8p4 While the same command work well on SLES11(version of sntp is Ver. 4.2.6). Could anybody having any knowledge how to resolve this in SLES 12? Please provide me the alternate way to use this -P option in SLES 12?? Regards, Keshav ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] kod and limited
On 24/11/15 10:44, Miroslav Lichvar wrote: >> > What option would you recommend? > I think the recommendation is to not use the limited option at all. > Some people reported that it may actually increase the amount of > traffic, apparently there are broken clients that send a new request > soon after missing a reply. > > Also, there is a security issue that an attacker can prevent a client > from getting replies by sending spoofed packets to the server. See the > archive of the ntp-hackers list for more information. Thanks Miroslav, very informative as always! I'll kill "kod" altogether. Ciao -- bronto ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] kod and limited
On Fri, Nov 20, 2015 at 04:40:24PM +0100, Marco Marongiu wrote: > Now I have two options: > 1. remove "kod" altogether > 2. add "limited" > > The defaults for discard seem sensible[3] and adding "limited" shouldn't > result in problems. On the other hand, I am worried that (for example) > local clients using burst/iburst or running ntpdate -q repeatedly for > debugging purposes may be denied the service. Am I just worrying too much? > > What option would you recommend? I think the recommendation is to not use the limited option at all. Some people reported that it may actually increase the amount of traffic, apparently there are broken clients that send a new request soon after missing a reply. Also, there is a security issue that an attacker can prevent a client from getting replies by sending spoofed packets to the server. See the archive of the ntp-hackers list for more information. -- Miroslav Lichvar ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
