Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:35:40 AM UTC+8, William Unruh wrote: On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) Hi,William, How can I configure if I just want ntpd refuses ntpq requests from other clients, and ntpd just responses to local ntpq request? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:03:47 PM UTC+8, catherin...@gmail.com wrote: On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote: On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi,appreciate for your kind response. I've generate a file 1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key 3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key 4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key 5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key 6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key 7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key 8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key 10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key 20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is like this: driftfile /etc/ntp.drift keys /etc/ntp.keys trustedkey 1 5 controlkey 5 restrict default ignore restrict 127.0.0.1 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 3.cn.pool.ntp.org nomodify notrap server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. Hm, that should work. Can you try it with a simple password first? E.g.: 1 MD5 passwd1 5 MD5 passwd5 By the way, how can I define the controlkey for ntpq. In my case, I just define the controlkey to 5 randomly, is there any rule? AFAIK there is no rule. The keys file is just a list of passwords. If you have more than one machines running ntpd then every other machine may have a single, individual trusted key, each with index 1. If your local ntpd should talk to all the others then of course you can't add several keys with inde 1 in your local file, so you need to have a keys fle containing all the keys of the other servers, for time sync, plus the control key for your local ntpd. The number is just associated to the entry number of the keys file you are supplying to your local ntpd. This is very flexible, but you need to take care to get the keys and index/ID numbers right. The third column in /etc/ntp.keys is the password of MD5, right? Yes. Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi, thank you for your answer, I typed the wrong password. When I changed the complicated password to a simple one say mypassword and I tested it again, then authenticate passed, but it's strange why can I change the password ? As it is generated by ntp md5 algorithm, if I change the password, then authenticate should fail and the ntp server can't parse the new password in my understanding. It seems that the authenticate just happens between ntpq and ntpd of localhost and it's not related to remote ntp server, right ? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:35:40 AM UTC+8, William Unruh wrote: On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) Hi,William I now understand your points, you're right. The ntpq authentication has nothing to do with remote ntp server, it talks to ntpd directly. Thank you so much. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote: On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi,appreciate for your kind response. I've generate a file 1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key 3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key 4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key 5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key 6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key 7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key 8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key 10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key 20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is like this: driftfile /etc/ntp.drift keys /etc/ntp.keys trustedkey 1 5 controlkey 5 restrict default ignore restrict 127.0.0.1 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 3.cn.pool.ntp.org nomodify notrap server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. Hm, that should work. Can you try it with a simple password first? E.g.: 1 MD5 passwd1 5 MD5 passwd5 By the way, how can I define the controlkey for ntpq. In my case, I just define the controlkey to 5 randomly, is there any rule? AFAIK there is no rule. The keys file is just a list of passwords. If you have more than one machines running ntpd then every other machine may have a single, individual trusted key, each with index 1. If your local ntpd should talk to all the others then of course you can't add several keys with inde 1 in your local file, so you need to have a keys fle containing all the keys of the other servers, for time sync, plus the control key for your local ntpd. The number is just associated to the entry number of the keys file you are supplying to your local ntpd. This is very flexible, but you need to take care to get the keys and index/ID numbers right. The third column in /etc/ntp.keys is the password of MD5, right? Yes. Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi, thank you for your answer, I typed the wrong password. When I changed the complicated password to a simple one say mypassword and I tested it again, then authenticate passed, but it's strange why can I change the password ? As it is generated by ntp md5 algorithm, if I change the password, then authenticate should fail and the ntp server can't parse the new password in my understanding. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:55:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 03:47, catherine.wei1...@gmail.com wrote: Is there anything wrong in my operation? Thank you. Only thing I can think of is that the keys file might not be owned by root. Is it? I found out the reason, I set disable authentication when ntpd started in my program. when I enable authentication, the authenticate passes. Thank you for your help. I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:25:02 AM UTC+8, Jan Ceuleers wrote: On 27/02/15 10:54, catherine.wei1...@gmail.com wrote: However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. I found that the permissions on the ntp.keys file matter. They should be 600. (I wrote all this in my email to you and the list on the 11th of Feb; both points (that you need a controlkey and that you need to set the permissions on the keys file) were included). Final point: when you're done and you got it working, throw away your keys file and generate a new-one, because now everybody in the world knows your keys. HTH, Jan Hi Jan, thank you. I'm using my own PC as an ntp server, and my embedded box(linux system) as ntp client. I generate key files through ntp-keygen on my PC and copied it both to /etc/ntp.keys on ntp client(the box) and my PC, then log on to the box. the ntp.conf on ntp client is: driftfile /etc/ntp.drift keys /etc/ntp.keys trustedkey 8 600 controlkey 8 restrict default ignore restrict 127.0.0.1 #enable mode7 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 192.168.1.101 nomodify notrap server 192.168.1.101 minpoll 3 maxpoll 4 key file is 1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key 3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key 4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key 5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key 6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key 7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key 8 MD5 ~mpv # MD5 key 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key 600 MD5 mypassword # MD5 key 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key 20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key I just changed the 10th one manually. After I logged, and execute: ntpq :config unconfig 10.172.161.16 . The results still like this: ~ # ntpq ntpq :config unconfig 10.172.161.16 Keyid: 600 MD5 Password: (mypassword) ***Server disallowed request (authentication?) ntpq Is there anything wrong in my operation? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 28/02/15 03:47, catherine.wei1...@gmail.com wrote: Is there anything wrong in my operation? Thank you. Only thing I can think of is that the keys file might not be owned by root. Is it? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
Ggg ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 27/02/15 10:54, catherine.wei1...@gmail.com wrote: However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. I found that the permissions on the ntp.keys file matter. They should be 600. (I wrote all this in my email to you and the list on the 11th of Feb; both points (that you need a controlkey and that you need to set the permissions on the keys file) were included). Final point: when you're done and you got it working, throw away your keys file and generate a new-one, because now everybody in the world knows your keys. HTH, Jan ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany OK, thank you. Very sorry for my repeat post here, my network is not stable and quite slow, I thought I had failed to posted it so I posted again. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi,appreciate for your kind response. I've generate a file 1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key 3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key 4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key 5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key 6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key 7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key 8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key 10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key 20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is like this: driftfile /etc/ntp.drift keys /etc/ntp.keys trustedkey 1 5 controlkey 5 restrict default ignore restrict 127.0.0.1 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 3.cn.pool.ntp.org nomodify notrap server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote: On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi,appreciate for your kind response. I've generate a file 1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key 3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key 4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key 5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key 6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key 7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key 8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key 10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key 20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is like this: driftfile /etc/ntp.drift keys /etc/ntp.keys trustedkey 1 5 controlkey 5 restrict default ignore restrict 127.0.0.1 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 3.cn.pool.ntp.org nomodify notrap server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. By the way, how can I define the controlkey for ntpq. In my case, I just define the controlkey to 5 randomly, is there any rule? The third column in /etc/ntp.keys is the password of MD5, right? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
catherine.wei1...@gmail.com wrote: On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote: On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany Hi,appreciate for your kind response. I've generate a file 1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key 2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key 3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key 4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key 5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key 6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key 7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key 8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key 9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key 10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key 20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is like this: driftfile /etc/ntp.drift keys /etc/ntp.keys trustedkey 1 5 controlkey 5 restrict default ignore restrict 127.0.0.1 broadcastdelay 0.008 #60s because we start at 1970 tinker panic 60 restrict 3.cn.pool.ntp.org nomodify notrap server 3.cn.pool.ntp.org minpoll 3 maxpoll 4 However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. Hm, that should work. Can you try it with a simple password first? E.g.: 1 MD5 passwd1 5 MD5 passwd5 By the way, how can I define the controlkey for ntpq. In my case, I just define the controlkey to 5 randomly, is there any rule? AFAIK there is no rule. The keys file is just a list of passwords. If you have more than one machines running ntpd then every other machine may have a single, individual trusted key, each with index 1. If your local ntpd should talk to all the others then of course you can't add several keys with inde 1 in your local file, so you need to have a keys fle containing all the keys of the other servers, for time sync, plus the control key for your local ntpd. The number is just associated to the entry number of the keys file you are supplying to your local ntpd. This is very flexible, but you need to take care to get the keys and index/ID numbers right. The third column in /etc/ntp.keys is the password of MD5, right? Yes. Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions