Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:35:40 AM UTC+8, William Unruh wrote: On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) Hi,William, How can I configure if I just want ntpd refuses ntpq requests from other clients, and ntpd just responses to local ntpq request? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
On Monday, March 2, 2015 at 6:43:03 PM UTC+8, David Taylor wrote: On 02/03/2015 09:30, catherine.wei1...@gmail.com wrote: Hi,David, In our system, we need to unconfig and restrict in some operations through ntpq utility which originally was realized by ntpdc. However, ntpdc doesn't work now. In other words, we need to find an equivalent of ntpdc to unconfig, restrict . I found that the ntpq commands are not complete in related documents. Best Regards. Catherine, Yes, I appreciate what you are trying to do, I was asking why since it seems a rather unusual requirement. -- Cheers, David Web: http://www.satsignal.eu Hi,Dayvid, just like you said, we're offering ntpq to our customers to test the ntp function, for example, they have sevral ntp servers and need to choose which servers are good, they need to switch between these servers. Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Could some one help in pointing out the error here
On Monday, March 2, 2015 at 10:25:02 PM UTC+8, Paul wrote: On Mon, Mar 2, 2015 at 4:37 AM, catherine.wei1...@gmail.com wrote: I need to use the following commands in my system: :config server :config restrict ... :config unconfig ... Refer to http://www.eecis.udel.edu/~mills/ntp/html/confopt.html It's :config unpeer not :config unconfig. Also note that peer has more than one meaning. Hi, Paul, thank you for your response. I've tested the unpeer and unconfig command. Both of them can remove an ntp server. Their functions seem to be the same. unconfig command is what I used in ntpdc before I move from ntpdc to ntpq, and now it also takes effect in ntpq. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Could some one help in pointing out the error here
On Saturday, April 21, 2007 at 9:50:48 PM UTC+8, Steve Kostecke wrote: On 2007-04-21, Remo madhu_me...@yahoo.co.uk wrote: I was not able to set a remote server's leap. It looks like the NTP packets from the query is not generated at all. Though the sendpkt procedure is being called sendrequest, I am not able to see the packet reaching the other side. I guess that I am missing something as there is a error reported with authentication. I believe that the real issue is that you can't use writevar to set the leap. ntpq asso ind assID status conf reach auth condition last_event cnt === 1 17284 f614 yes yes ok sys.peer reachable 1 2 17285 c000 yes yes badreject ntpq writevar 17284 leap=1 Keyid: 64 MD5 Password: ***Server disallowed request (authentication?) I have flock of systems that are set up to allow remote modification and have a working symmetric key set. When I tried to set the leap on another ntpd I see the same message: steve@stasis:~$ ntpq ntpq as ... 2 20879 7014no yes ok reject reachable 1 ... ntpq writevar 20879 leap=1 Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) I've also tried setting the local ntpd leap and that fails, too: ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 ntpq writevar 0 leap=1 ***Server returned an unspecified error ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 trustedkey 1234 requestkey 61 controlkey 64 All of the keys must be listed on the 'trustedkey' line. This tells ntpd to trust those keys; the default is to trust these keys to authenticate time service. Subsets of the trusted keys may also be specified on the 'trustedkey' and 'requestkey' lines if you wish to allow the use of certain keys by ntpdc and ntpq. This is discussed in the distribution documentation at http://www.cis.udel.edu/~mills/ntp/html/authopt.html#symm (the emphasis is mine): When ntpd is first started, it reads the key file specified in the keys configuration command and installs the keys in the key cache. HOWEVER, INDIVIDUAL KEYS MUST BE ACTIVATED WITH THE TRUSTEDKEY COMMAND BEFORE USE. This allows, for instance, the installation of possibly several batches of keys and then activating or deactivating each batch remotely using ntpdc. This also provides a revocation capability that can be used if a key becomes compromised. THE REQUESTKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPDC UTILITY, WHILE THE CONTROLKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPQ UTILITY. This is also documented in section 6.1.3.3 at http://www.eecis.udel.edu/~ntp/ntpfaq/NTP-s-config.htm Is this possible to work without authentication. Please help. You could disable authentication when ntpd is started, but this will leave your ntpd open to being remotely modified by anyone who can connect to it. -- Steve Kostecke koste...@ntp.isc.org NTP Public Services Project - http://ntp.isc.org/ Hi Steve, When I start the ntpd process and disabled ntpd authentication using command: ntpd -a -g -n -c /etc/ntp.conf -l /tmp/ntp.log and then execute the command (eg): ntpq -c :config server 10.172.161.16 minpoll 3 maxpoll 4 burst it still asks for keyid and md5 password. By the way, my ntp version is 4.2.8p1. Is the ntpd authentication a must in the new ntp version ? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Could some one help in pointing out the error here
On Monday, March 2, 2015 at 5:27:12 PM UTC+8, Rob wrote: Harlan Stenn st...@ntp.org wrote: catherine.wei1...@gmail.com writes: When I start the ntpd process and disabled ntpd authentication using command: ntpd -a -g -n -c /etc/ntp.conf -l /tmp/ntp.log and then execute the command (eg): ntpq -c :config server 10.172.161.16 minpoll 3 maxpoll 4 burst it still asks for keyid and md5 password. Do you have a need to use that command? I have never used that. You can put the server in /etc/ntp.conf and use it. Hi Rob, I need to use the following commands in my system: :config server :config restrict ... :config unconfig ... Actually, the users of our system may use these through our platform, so we wrap these commands in the code. Thank you. Best Regards. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
On Saturday, February 28, 2015 at 4:24:14 PM UTC+8, David Taylor wrote: On 28/02/2015 01:17, catherine.wei1...@gmail.com wrote: [] Hi, Harlan In my system, ntpdc was used to add an ntp server and the command is like this: ntpdc -c keyid 0 -c addserver 10.172.161.16 minpoll 3 maxpoll 4 burst since keyid is 0, we don't need authentication. But now, I use ntpq to replace ntpdc, if I add :config before addserver, I need to authenticate. Is there any way to avoid authenticate in ntpq utility? Thank you. I don't know how to addserver in ntpq. There's little knowledge about this on the Internet. Thank you so much. Catherine, Could you remind me again why you need to add and remove servers rather than letting NTP get on with the job? The pool directive allows NTP to add an discard servers as it needs, with NTP monitoring each server's performance. Could that be an alternative approach? If you are in a test environment, what's wrong with simply editing ntp.conf and restarting? -- Cheers, David Web: http://www.satsignal.eu Hi,David, In our system, we need to unconfig and restrict in some operations through ntpq utility which originally was realized by ntpdc. However, ntpdc doesn't work now. In other words, we need to find an equivalent of ntpdc to unconfig, restrict . I found that the ntpq commands are not complete in related documents. Best Regards. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:03:47 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com
wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been
depreciated in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so
I set it to 1, but it requires a MD5 Password. I don't quite
understand how to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf
file is like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations?
Thank you so much.
Hm, that should work.
Can you try it with a simple password first? E.g.:
1 MD5 passwd1
5 MD5 passwd5
By the way, how can I define the controlkey for ntpq. In my case, I just
define the controlkey to 5 randomly, is there any rule?
AFAIK there is no rule. The keys file is just a list of passwords. If
you have more than one machines running ntpd then every other machine
may have a single, individual trusted key, each with index 1.
If your local ntpd should talk to all the others then of course you
can't add several keys with inde 1 in your local file, so you need to
have a keys fle containing all the keys of the other servers, for time
sync, plus the control key for your local ntpd. The number is just
associated to the entry number of the keys file you are supplying to
your local ntpd.
This is very flexible, but you need to take care to get the keys and
index/ID numbers right.
The third column in /etc/ntp.keys is the password of MD5, right?
Yes.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi, thank you for your answer, I typed the wrong password. When I changed the
complicated password to a simple one say mypassword and I tested it again,
then authenticate passed, but it's strange why can I change the password ? As
it is generated by ntp md5 algorithm, if I change the password, then
authenticate should fail and the ntp server can't parse the new password in
my understanding.
It seems that the authenticate just happens between ntpq and ntpd of localhost
and it's not related to remote ntp server, right ?
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:35:40 AM UTC+8, William Unruh wrote: On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) Hi,William I now understand your points, you're right. The ntpq authentication has nothing to do with remote ntp server, it talks to ntpd directly. Thank you so much. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com
wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated
in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I
set it to 1, but it requires a MD5 Password. I don't quite understand
how to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file
is like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank
you so much.
Hm, that should work.
Can you try it with a simple password first? E.g.:
1 MD5 passwd1
5 MD5 passwd5
By the way, how can I define the controlkey for ntpq. In my case, I just
define the controlkey to 5 randomly, is there any rule?
AFAIK there is no rule. The keys file is just a list of passwords. If
you have more than one machines running ntpd then every other machine
may have a single, individual trusted key, each with index 1.
If your local ntpd should talk to all the others then of course you
can't add several keys with inde 1 in your local file, so you need to
have a keys fle containing all the keys of the other servers, for time
sync, plus the control key for your local ntpd. The number is just
associated to the entry number of the keys file you are supplying to
your local ntpd.
This is very flexible, but you need to take care to get the keys and
index/ID numbers right.
The third column in /etc/ntp.keys is the password of MD5, right?
Yes.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi, thank you for your answer, I typed the wrong password. When I changed the
complicated password to a simple one say mypassword and I tested it again,
then authenticate passed, but it's strange why can I change the password ? As
it is generated by ntp md5 algorithm, if I change the password, then
authenticate should fail and the ntp server can't parse the new password in my
understanding.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:55:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 03:47, catherine.wei1...@gmail.com wrote: Is there anything wrong in my operation? Thank you. Only thing I can think of is that the keys file might not be owned by root. Is it? I found out the reason, I set disable authentication when ntpd started in my program. when I enable authentication, the authenticate passes. Thank you for your help. I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:25:02 AM UTC+8, Jan Ceuleers wrote:
On 27/02/15 10:54, catherine.wei1...@gmail.com wrote:
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank
you so much.
I found that the permissions on the ntp.keys file matter. They should be
600.
(I wrote all this in my email to you and the list on the 11th of Feb;
both points (that you need a controlkey and that you need to set the
permissions on the keys file) were included).
Final point: when you're done and you got it working, throw away your
keys file and generate a new-one, because now everybody in the world
knows your keys.
HTH, Jan
Hi Jan, thank you.
I'm using my own PC as an ntp server, and my embedded box(linux system) as ntp
client. I generate key files through ntp-keygen on my PC and copied it both to
/etc/ntp.keys on ntp client(the box) and my PC, then log on to the box. the
ntp.conf on ntp client is:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 8 600
controlkey 8
restrict default ignore
restrict 127.0.0.1
#enable mode7
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 192.168.1.101 nomodify notrap
server 192.168.1.101 minpoll 3 maxpoll 4
key file is
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
600 MD5 mypassword # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I just changed the 10th one manually. After I logged, and execute: ntpq :config
unconfig 10.172.161.16 . The results still like this:
~ # ntpq
ntpq :config unconfig 10.172.161.16
Keyid: 600
MD5 Password: (mypassword)
***Server disallowed request (authentication?)
ntpq
Is there anything wrong in my operation? Thank you.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Could some one help in pointing out the error here
On Saturday, April 21, 2007 at 9:50:48 PM UTC+8, Steve Kostecke wrote: On 2007-04-21, Remo madhu_me...@yahoo.co.uk wrote: I was not able to set a remote server's leap. It looks like the NTP packets from the query is not generated at all. Though the sendpkt procedure is being called sendrequest, I am not able to see the packet reaching the other side. I guess that I am missing something as there is a error reported with authentication. I believe that the real issue is that you can't use writevar to set the leap. ntpq asso ind assID status conf reach auth condition last_event cnt === 1 17284 f614 yes yes ok sys.peer reachable 1 2 17285 c000 yes yes badreject ntpq writevar 17284 leap=1 Keyid: 64 MD5 Password: ***Server disallowed request (authentication?) I have flock of systems that are set up to allow remote modification and have a working symmetric key set. When I tried to set the leap on another ntpd I see the same message: steve@stasis:~$ ntpq ntpq as ... 2 20879 7014no yes ok reject reachable 1 ... ntpq writevar 20879 leap=1 Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) I've also tried setting the local ntpd leap and that fails, too: ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 ntpq writevar 0 leap=1 ***Server returned an unspecified error ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 trustedkey 1234 requestkey 61 controlkey 64 All of the keys must be listed on the 'trustedkey' line. This tells ntpd to trust those keys; the default is to trust these keys to authenticate time service. Subsets of the trusted keys may also be specified on the 'trustedkey' and 'requestkey' lines if you wish to allow the use of certain keys by ntpdc and ntpq. This is discussed in the distribution documentation at http://www.cis.udel.edu/~mills/ntp/html/authopt.html#symm (the emphasis is mine): When ntpd is first started, it reads the key file specified in the keys configuration command and installs the keys in the key cache. HOWEVER, INDIVIDUAL KEYS MUST BE ACTIVATED WITH THE TRUSTEDKEY COMMAND BEFORE USE. This allows, for instance, the installation of possibly several batches of keys and then activating or deactivating each batch remotely using ntpdc. This also provides a revocation capability that can be used if a key becomes compromised. THE REQUESTKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPDC UTILITY, WHILE THE CONTROLKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPQ UTILITY. This is also documented in section 6.1.3.3 at http://www.eecis.udel.edu/~ntp/ntpfaq/NTP-s-config.htm Is this possible to work without authentication. Please help. You could disable authentication when ntpd is started, but this will leave your ntpd open to being remotely modified by anyone who can connect to it. -- Steve Kostecke koste...@ntp.isc.org NTP Public Services Project - http://ntp.isc.org/ Hi, does that mean I need to know the controlkey and corresponding password on the ntp server, if I want to use ntpq :config on ntp client? If so, how could I get the key and password in remote ntp server? Appreciate for you quick response. Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq controlling xntpd ?
On Tuesday, July 30, 1991 at 1:26:40 AM UTC+9, Nick Sayer wrote: Since I run a CHU clock, it is sometimes the case that the clock will be doing a bunch of cron jobs at night, so the clock will run slightly slow, xntpd will adjust for that, then it will lose propagation from CHU, and be stuck thinking the clock is running slow when all the heavy cron jobs finish. So by the time CHU comes back in the morning, the clock is off by a bunch in the other direction. When I try to fix the frequency with ntpq, here's what happens: quack% ntpq ntpq authen yes ntpq addvar freq=-0.01 ntpq key 2 ntpq passw Password: [not shown] ntpq writelist ***Server disallowed request (authentication?) ntpq quack% key 2 is properly listed as the requestkey in /etc/ntp.conf. The error message listed is NOT the same message you get if you use the wrong key or wrong password. What's the deal? -- Nick Sayer | Think of me as a recombinant| RIP: Mel Blanc mrap...@quack.sac.ca.us | Simpson: Homer's looks, Lisa's | 1908-1989 N6QQQ | brains, Bart's manners, and | May he never 209-952-5347 (Telebit) | Maggie's appetite for TV. --Me | be silenced. If you use ntpq, key 2 should be listed as the controlkey in /etc/ntp.conf. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany OK, thank you. Very sorry for my repeat post here, my network is not stable and quite slow, I thought I had failed to posted it so I posted again. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
On Friday, February 27, 2015 at 5:10:02 PM UTC+8, Harlan Stenn wrote: catherine.wei1...@gmail.com writes: Hi, if I add :config in front of addpeer, it seems that an authentication is required. When I specify the keyid to 0, it said invalid key identifier. If you are going to use :config you will need to specify a 'controlkey' entry in your ntp.conf file (see the ntp.conf man page) and create a corresponding key in your ntp.keys file -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member! Hi, Harlan In my system, ntpdc was used to add an ntp server and the command is like this: ntpdc -c keyid 0 -c addserver 10.172.161.16 minpoll 3 maxpoll 4 burst since keyid is 0, we don't need authentication. But now, I use ntpq to replace ntpdc, if I add :config before addserver, I need to authenticate. Is there any way to avoid authenticate in ntpq utility? Thank you. I don't know how to addserver in ntpq. There's little knowledge about this on the Internet. Thank you so much. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated in
4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I set
it to 1, but it requires a MD5 Password. I don't quite understand how to
get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated
in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I
set it to 1, but it requires a MD5 Password. I don't quite understand how
to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
By the way, how can I define the controlkey for ntpq. In my case, I just define
the controlkey to 5 randomly, is there any rule? The third column in
/etc/ntp.keys is the password of MD5, right?
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
On Saturday, February 7, 2015 at 11:25:02 AM UTC+8, Harlan Stenn wrote: Pretty much the same thing, except with :config addpeer ... and :config unconfig I think... Please feel free to add examples to: http://support.ntp.org/Support/MonitoringAndControllingNTP http://support.ntp.org/Dev/DeprecatingNtpdate H Richard writes: What is ntpq's equivelant of -c addpeer ntp host and -c unconfig ntp host ? I just upgraded from ntp 4.2.6 to 4.2.8 and ntpdc isn't connecting to my local ntpd. According to the ntpdc man page: ntpdc is deprecated. Please use ntpq(1) instead - it can do everything ntpdc used to do, In ntpq how do I do the equivalent of ntpdc's -c addpeer or -c unconfig commands? Here is part of what previously did with ntpdc: /usr/sbin/ntpc -4 -c keyid 5 -c passwd mypassword \ -c addpeer ntp server localhost ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions Hi, if I add :config in front of addpeer, it seems that an authentication is required. When I specify the keyid to 0, it said invalid key identifier. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Authentication problem
On Wednesday, February 27, 2008 at 3:29:58 AM UTC+8, Dennis Hilberg, Jr. wrote: I've had this issue with authentication for a while, but decided to finally ask as it's bugging me. I use ntpdc to add/remove servers on the fly so I don't have to restart the server. It works fine using addserver and unconfig as long as I don't quit ntpdc. saturn:$ ntpdc ntpdc addserver 63.240.161.99 Keyid: 1 MD5 Password: done! ntpdc unconfig 63.240.161.99 done! However, if I quit ntpdc, start ntpdc, issue the unconfig command and put in the proper password when prompted, it won't be accepted. addserver works fine though. ntpdc quit saturn:$ ntpdc ntpdc addserver 63.240.161.99 Keyid: 1 MD5 Password: done! ntpdc quit saturn:$ ntpdc ntpdc unconfig 63.240.161.99 MD5 Password: ***Permission denied ntpdc quit saturn:$ ntpdc ntpdc unconfig 63.240.161.99 MD5 Password: ***Permission denied ntpdc readkeys ***Permission denied The only way I've found to get it to work is to quit again and issue the readkeys command. The readkeys command won't be accepted until I quit and restart ntpdc again. ntpdc quit saturn:$ ntpdc ntpdc readkeys Keyid: 1 MD5 Password: done! ntpdc unconfig 63.240.161.99 done! Am I doing something wrong, is there a bug, or is that the correct behavior of ntpdc? I have the following in my ntp.conf: # Authentication keys /etc/ntp/keys trustedkey 1 requestkey 1 controlkey 1 And my keys file looks like this: 1 M somepassword Thanks, Dennis -- Dennis Hilberg, Jr. \ timekeeper(at)dennishilberg(dot)com NTP Server Information: \ http://saturn.dennishilberg.com/ntp.php Hi, I'm lately upgrading the ntp from 4.6.5 to 4.8.1p, when I use ntpq to add server, it prompted for a keyid and MD5 password. I don't know how to get this keyid and password. Before the upgrade, the keyid is 0, so it doesn't need authentification. Can you tell me how to get the keyid and password? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] ntpq authentication problem
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP offset doesn't change.
On Wednesday, February 11, 2015 at 12:55:02 AM UTC+8, Jochen Bern wrote: On 02/10/2015 06:15 AM, catherine.wei1...@gmail.com wrote: However, when I wait for several minutes, the time can be adjusted to the right time. I couldn't see the gradual changes of offset. Is that normal? Assuming that you're using a minimalistic configuration: Yes. ntpd would take almost three months to *gradually* eliminate (slew) one hour of offset, so as soon as the offset-from-hell-that-struck-us-out-of-the-blue-sky was confirmed, it gave up all hope for the universe and just set the clock hard (step). Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/ Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel Yes,I just tested it and found that the synchronization of NTP is really slow. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
On Saturday, February 7, 2015 at 11:25:02 AM UTC+8, Harlan Stenn wrote: Pretty much the same thing, except with :config addpeer ... and :config unconfig I think... Please feel free to add examples to: http://support.ntp.org/Support/MonitoringAndControllingNTP http://support.ntp.org/Dev/DeprecatingNtpdate H Richard writes: What is ntpq's equivelant of -c addpeer ntp host and -c unconfig ntp host ? I just upgraded from ntp 4.2.6 to 4.2.8 and ntpdc isn't connecting to my local ntpd. According to the ntpdc man page: ntpdc is deprecated. Please use ntpq(1) instead - it can do everything ntpdc used to do, In ntpq how do I do the equivalent of ntpdc's -c addpeer or -c unconfig commands? Here is part of what previously did with ntpdc: /usr/sbin/ntpc -4 -c keyid 5 -c passwd mypassword \ -c addpeer ntp server localhost ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions Hi, is there any introduction of all ntpq commands equivalent of ntpdc's ? I used many commands of ntpdc in my program. Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpdc and collectd queries timeout
On Friday, January 24, 2014 at 9:40:56 PM UTC+8, Steve Kostecke wrote: On 2014-01-24, David Lord sn...@lordynet.org wrote: On NetBSD-6 i386 ntp-dev-4.2.7p410 $ ntpdc -c kern localhost: timed out, nothing received ***Request timed out Perhaps that is intended behavior for 2014 given recent DDOS attacks? According to http://archive.ntp.org/ntp4/ChangeLog-dev mode 7 requests were disabled more than 2 years ago: (4.2.7p230) 2011/11/01 Released by Harlan Stenn st...@ntp.org * Disable mode 7 (ntpdc) query processing in ntpd by default. ntpq is believed to provide all functionality ntpdc did, and uses a less- fragile protocol that's safer and easier to maintain. If you do find some management via ntpdc is needed, you can use enable mode7 in the ntpd configuration. -- Steve Kostecke koste...@ntp.org NTP Public Services Project - http://support.ntp.org/ Hi,can I just add the enable mode7 in the ntpd configuration to enable ntpdc in the new version of ntp ? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] when change ntp servers, log print localhost: timed out, nothing received
On Wednesday, February 11, 2015 at 3:40:02 PM UTC+8, Harlan Stenn wrote: catherine.wei1...@gmail.com writes: When I change ntp servers by toish setobject cfg.ntp.servers 192.168.1.101 in linux, ntp server print logs localhost: timed out, nothing received, the ntp server change fails. Why is that ? Appreciate so much for your help. What sort of 'restrict' lines do you have in your ntp.conf file? I have no idea what toish ... does. H Hi, the restrict line is:driftfile /etc/ntp.drift restrict default ignore restrict 127.0.0.1 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 192.168.1.101 nomodify notrap server 192.168.1.101 minpoll 3 maxpoll 4 The toish is a tool made by our system, the purpose of toish setobject cfg.ntp.servers 192.168.1.101 is to change the ntp server. I've searched and find that the time out error may be related to ntpdc's deprecation. Since when I change the server, ntpdc should remove the old server from the remote serverlist and add the new server to it, during which, a time out error occurs. So now the problem is how can I still use ntpdc, it will be really huge task if I use ntpq to replace it in our system so I don't want to give it up at present. Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] when change ntp servers, log print localhost: timed out, nothing received
When I change ntp servers by toish setobject cfg.ntp.servers 192.168.1.101 in linux, ntp server print logs localhost: timed out, nothing received, the ntp server change fails. Why is that ? Appreciate so much for your help. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Does ntpq have an equivalent to ntpdc's fudge command?
On Wednesday, February 11, 2015 at 2:57:28 PM UTC+8, catherin...@gmail.com wrote: On Monday, October 6, 2014 at 4:39:35 AM UTC+8, Rich Wales wrote: Does the ntpq program have an equivalent to ntpdc's fudge command? I know ntpdc is deprecated, and I understand ntpq is supposed to be able to do everything that ntpdc can do, but I simply can't find any way to set a reference clock's flags in ntpq. I want to be able to set flag1 in an ACTS refclock (in order to schedule an immediate dialup attempt). I know how to do this with ntpdc, but I haven't been able to find the corresponding command in ntpq. Rich Wales ri...@richw.org Hi, I also have a similar problem. In the newest ntp version 4.2.8p1, the ntpdc is deprecated, what can I do if I still want to use it? Since in our system, many ntpdc commands have been used. Can I resolve it by adding some configuration? Thank you. By the way, I'm using the 4.2.8p1, and when I use the command ntpdc -l. It prints out localhost time out, nothing received. Is this due to the depreciating of ntpdc? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Does ntpq have an equivalent to ntpdc's fudge command?
On Monday, October 6, 2014 at 4:39:35 AM UTC+8, Rich Wales wrote: Does the ntpq program have an equivalent to ntpdc's fudge command? I know ntpdc is deprecated, and I understand ntpq is supposed to be able to do everything that ntpdc can do, but I simply can't find any way to set a reference clock's flags in ntpq. I want to be able to set flag1 in an ACTS refclock (in order to schedule an immediate dialup attempt). I know how to do this with ntpdc, but I haven't been able to find the corresponding command in ntpq. Rich Wales ri...@richw.org Hi, I also have a similar problem. In the newest ntp version 4.2.8p1, the ntpdc is deprecated, what can I do if I still want to use it? Since in our system, many ntpdc commands have been used. Can I resolve it by adding some configuration? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP offset doesn't change.
By the way, the ntp version I'm using is 4.2.8p1. Catherine. On Tuesday, February 10, 2015 at 1:15:21 PM UTC+8, catherin...@gmail.com wrote: Hi, I'm using the ntpd to sync time. When I change the current date for exampe to 0210020215 (2015-02-10 02:02), the actually current time is 2015-02-10 03:02, then I run ntpq -p for several times, the offset doesn't change at all. ~ # ntpq -p remote refid st t when poll reach delay offset jitter == *zse18adnss1.ea. 10.6.151.123 2 u58 377 280.663 2520785 16.037 ~ # ntpq -p remote refid st t when poll reach delay offset jitter == *ns3.swelin.arri 10.6.151.123 2 u38 377 280.774 2520785 16.089 However, when I wait for several minutes, the time can be adjusted to the right time. I couldn't see the gradual changes of offset. Is that normal? Appreciate your help, thank you. Catherine. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntp-4.2.8 problem
On Saturday, February 7, 2015 at 9:10:01 AM UTC+8, Harlan Stenn wrote: This problem was fixed right after 4.2.8 was released. And now, folks should be running 4.2.8p1. H -- William Unruh writes: On 2015-02-04, Wei, Catherine catherine@arris.com wrote: Hi, I met a problem when I was building ntp-4-2.8 on Linux. The log is on below. I really appreciate if you could you give me some advice? It was used OK with ntp-4.2.6 before I upgraded. CCLD ntp-keygen ../libntp/libntp.a(ntp_crypto_rnd.o): In function `ntp_crypto_random_buf': /home/catherine/work/KREATV-27230/platform/3pp/ntp/bcm45/ntp-4.2.8/libntp/n tp_crypto_rnd.c:93: undefined reference to `arc4random_buf' collect2: ld returned 1 exit status make[6]: *** [ntp-keygen] Error 1 make[5]: *** [all] Error 2 make[4]: *** [all-recursive] Error 1 make[3]: *** [all] Error 2 make[2]: *** [bcm45/ntp-4.2.8/.done] Error 2 make[1]: *** [.target_bcm45_] Error 2 You do not seem to have arc4. Perhaps somehow you are compiling witht he HAVE_ARC4RANDOM flag set when you do not have it? Look in the make files whether that flag is being defined somewhere. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions Yes, you're right. I'm now using the latest version 4.8.1p1. The problem resolved. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] NTP offset doesn't change.
Hi, I'm using the ntpd to sync time. When I change the current date for exampe to 0210020215 (2015-02-10 02:02), the actually current time is 2015-02-10 03:02, then I run ntpq -p for several times, the offset doesn't change at all. ~ # ntpq -p remote refid st t when poll reach delay offset jitter == *zse18adnss1.ea. 10.6.151.123 2 u58 377 280.663 2520785 16.037 ~ # ntpq -p remote refid st t when poll reach delay offset jitter == *ns3.swelin.arri 10.6.151.123 2 u38 377 280.774 2520785 16.089 However, when I wait for several minutes, the time can be adjusted to the right time. I couldn't see the gradual changes of offset. Is that normal? Appreciate your help, thank you. Catherine. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] questions] Cross-compiling NTP for the Raspberry Pi
On Friday, February 6, 2015 at 3:10:01 PM UTC+8, Harlan Stenn wrote: This is a test from libevent, because it needs to know if the select() function will yield in threads. I say that as if I know what I'm talking about, but it's close enough. We can run a test and figure out whether or not select() will yield, but we cannot run a test in a cross-compile environment, so in that case we expect the person running the build to know how the target behaves. Personally, I think that specific autoconf macro, sntp/libevent/m4/openldap-thread-check.m4 is not well-written and it seems to have some problems. But it's also 683 lines of autoconf macro, and it's not indented using a style I find easy to read, so I haven't been able to clean it up yet. H OK, thank you so much. Best wishes. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Cross-compiling NTP for the Raspberry Pi
On Wednesday, February 19, 2014 at 3:46:14 AM UTC+8, Charles Swiger wrote:
Hi--
On Feb 18, 2014, at 1:25 AM, David Taylor
david-tay...@blueyonder.co.uk.invalid wrote:
On 17/02/2014 21:03, Harlan Stenn wrote:
[]
Sincerely appreciated. And please consider just making notes and
incremental changes on our wiki. If you'd like to see a %COMMENT{}% box
in there to make this easier for notes just add it (or I can). We can
easily clean it up later, or as we go, and that way we're not diverting
eyeballs.
H
Yes, if you add that it might be helpful. In the meanwhile, executing:
../configure --host=armv6l-unknown-linux-gnueabihf
--build=x86_64-unknown-linux-gnu
I end up with this message:
checking if pthread_create() works... yes
checking if select yields when using pthreads... cross
configure: error: crossing compiling: use
--with-yielding_select=yes|no|manual
and I'm stuck at that point. Do I need something extra on the ../configure
command line?
Yes, you need to add --with-yielding_select=yes.
(Or no, depending on what select() does on the target platform.)
./configure normally runs a set of tests to figure all of this stuff out, but
those tests
need to run on the target and not on the build platform when cross-compiling.
If you
don't already know the right answers, run ./configure on the target platform
and use
those results when cross-compiling from a faster platform.
Regards,
--
-Chuck
Hi,Chuck,
I forgot to paste my build errors When I build the ntp without the
--with-yield-select=yes:
checking if pthread_create() works... yes
checking if select yields when using pthreads... cross
configure: error: crossing compiling: use --with-yielding-select=yes|no|manual.
Sincerely appreciated for your answers.
Best Regards.
Catherine
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] questions] Cross-compiling NTP for the Raspberry Pi
On Wednesday, February 19, 2014 at 4:34:59 AM UTC+8, David J Taylor wrote: From: Charles Swiger Yes, you need to add --with-yielding_select=yes. (Or no, depending on what select() does on the target platform.) ./configure normally runs a set of tests to figure all of this stuff out, but those tests need to run on the target and not on the build platform when cross-compiling. If you don't already know the right answers, run ./configure on the target platform and use those results when cross-compiling from a faster platform. Regards, -Chuck Just what I needed to know, Chuck. Running .\configure on the Raspberry Pi, and saving the output shows three separate lines saying: checking if select yields when using pthreads... yes so I guess I need yes. Quite why configure needs to check this three times, on an already very slow RPi PC, is a mystery! [sorry for non-standard quoting] Cheers, David -- SatSignal Software - Quality software written to your requirements Web: http://www.satsignal.eu Email: david-tay...@blueyonder.co.uk Hi Chuck, I met this problem too. When I add the --with-yielding_select=yes, the build succeeds, but I don't quite understand what the --with-yielding_select=yes is used for. Also, when I add --with-yielding_select=no or --with-yielding_select=manual, the build still passes. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
