Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:35:40 AM UTC+8, William Unruh wrote: On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) Hi,William, How can I configure if I just want ntpd refuses ntpq requests from other clients, and ntpd just responses to local ntpq request? Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:03:47 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com
wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been
depreciated in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so
I set it to 1, but it requires a MD5 Password. I don't quite
understand how to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf
file is like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations?
Thank you so much.
Hm, that should work.
Can you try it with a simple password first? E.g.:
1 MD5 passwd1
5 MD5 passwd5
By the way, how can I define the controlkey for ntpq. In my case, I just
define the controlkey to 5 randomly, is there any rule?
AFAIK there is no rule. The keys file is just a list of passwords. If
you have more than one machines running ntpd then every other machine
may have a single, individual trusted key, each with index 1.
If your local ntpd should talk to all the others then of course you
can't add several keys with inde 1 in your local file, so you need to
have a keys fle containing all the keys of the other servers, for time
sync, plus the control key for your local ntpd. The number is just
associated to the entry number of the keys file you are supplying to
your local ntpd.
This is very flexible, but you need to take care to get the keys and
index/ID numbers right.
The third column in /etc/ntp.keys is the password of MD5, right?
Yes.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi, thank you for your answer, I typed the wrong password. When I changed the
complicated password to a simple one say mypassword and I tested it again,
then authenticate passed, but it's strange why can I change the password ? As
it is generated by ntp md5 algorithm, if I change the password, then
authenticate should fail and the ntp server can't parse the new password in
my understanding.
It seems that the authenticate just happens between ntpq and ntpd of localhost
and it's not related to remote ntp server, right ?
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Monday, March 2, 2015 at 1:35:40 AM UTC+8, William Unruh wrote: On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) Hi,William I now understand your points, you're right. The ntpq authentication has nothing to do with remote ntp server, it talks to ntpd directly. Thank you so much. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com
wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated
in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I
set it to 1, but it requires a MD5 Password. I don't quite understand
how to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file
is like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank
you so much.
Hm, that should work.
Can you try it with a simple password first? E.g.:
1 MD5 passwd1
5 MD5 passwd5
By the way, how can I define the controlkey for ntpq. In my case, I just
define the controlkey to 5 randomly, is there any rule?
AFAIK there is no rule. The keys file is just a list of passwords. If
you have more than one machines running ntpd then every other machine
may have a single, individual trusted key, each with index 1.
If your local ntpd should talk to all the others then of course you
can't add several keys with inde 1 in your local file, so you need to
have a keys fle containing all the keys of the other servers, for time
sync, plus the control key for your local ntpd. The number is just
associated to the entry number of the keys file you are supplying to
your local ntpd.
This is very flexible, but you need to take care to get the keys and
index/ID numbers right.
The third column in /etc/ntp.keys is the password of MD5, right?
Yes.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi, thank you for your answer, I typed the wrong password. When I changed the
complicated password to a simple one say mypassword and I tested it again,
then authenticate passed, but it's strange why can I change the password ? As
it is generated by ntp md5 algorithm, if I change the password, then
authenticate should fail and the ntp server can't parse the new password in my
understanding.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 2015-03-01, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, February 28, 2015 at 4:25:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. Hi, Jan I specified the ntp server 3.cn.pool.ntp.org in the /etc/ntp.conf file. In this case, I run ntpq :config ... , does it still talk to ntpd on localhost ? and time sources is still 3.cn.pool.ntp.org ? 3.cn.pool.npt.org is not an ntp time source. It is a dummy name, which is filled in by pool.ntp.org. For example every time you ping that a different address comes up ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.10.36) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.112.31.197) 56(84) bytes of data. ping -c 1 3.cn.pool.ntp.org PING 3.cn.pool.ntp.org (202.118.1.81) 56(84) bytes of data. Thus there is no time source 3.cn.pool.ntp.org ( or to be exact, there are many) ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 28/02/15 08:48, catherine.wei1...@gmail.com wrote: I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ntpq talks directly to the ntpd process over the network. If you run ntpq without specifying where the server is located it talks to ntpd on localhost. Which time sources ntpd uses is immaterial. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:55:02 PM UTC+8, Jan Ceuleers wrote: On 28/02/15 03:47, catherine.wei1...@gmail.com wrote: Is there anything wrong in my operation? Thank you. Only thing I can think of is that the keys file might not be owned by root. Is it? I found out the reason, I set disable authentication when ntpd started in my program. when I enable authentication, the authenticate passes. Thank you for your help. I still have a doubt: the key file is generated on my PC (as the first ntp server) , when I copied it to the box(client), and I changed the box's ntp server to a second server 3.cn.pool.ntp.org or some other ntp servers. The authentication still passes. Why is that? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:25:02 AM UTC+8, Jan Ceuleers wrote:
On 27/02/15 10:54, catherine.wei1...@gmail.com wrote:
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank
you so much.
I found that the permissions on the ntp.keys file matter. They should be
600.
(I wrote all this in my email to you and the list on the 11th of Feb;
both points (that you need a controlkey and that you need to set the
permissions on the keys file) were included).
Final point: when you're done and you got it working, throw away your
keys file and generate a new-one, because now everybody in the world
knows your keys.
HTH, Jan
Hi Jan, thank you.
I'm using my own PC as an ntp server, and my embedded box(linux system) as ntp
client. I generate key files through ntp-keygen on my PC and copied it both to
/etc/ntp.keys on ntp client(the box) and my PC, then log on to the box. the
ntp.conf on ntp client is:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 8 600
controlkey 8
restrict default ignore
restrict 127.0.0.1
#enable mode7
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 192.168.1.101 nomodify notrap
server 192.168.1.101 minpoll 3 maxpoll 4
key file is
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
600 MD5 mypassword # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I just changed the 10th one manually. After I logged, and execute: ntpq :config
unconfig 10.172.161.16 . The results still like this:
~ # ntpq
ntpq :config unconfig 10.172.161.16
Keyid: 600
MD5 Password: (mypassword)
***Server disallowed request (authentication?)
ntpq
Is there anything wrong in my operation? Thank you.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 28/02/15 03:47, catherine.wei1...@gmail.com wrote: Is there anything wrong in my operation? Thank you. Only thing I can think of is that the keys file might not be owned by root. Is it? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
Ggg ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 27/02/15 10:54, catherine.wei1...@gmail.com wrote: However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. I found that the permissions on the ntp.keys file matter. They should be 600. (I wrote all this in my email to you and the list on the 11th of Feb; both points (that you need a controlkey and that you need to set the permissions on the keys file) were included). Final point: when you're done and you got it working, throw away your keys file and generate a new-one, because now everybody in the world knows your keys. HTH, Jan ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany OK, thank you. Very sorry for my repeat post here, my network is not stable and quite slow, I thought I had failed to posted it so I posted again. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated in
4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I set
it to 1, but it requires a MD5 Password. I don't quite understand how to
get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated
in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I
set it to 1, but it requires a MD5 Password. I don't quite understand how
to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
By the way, how can I define the controlkey for ntpq. In my case, I just define
the controlkey to 5 randomly, is there any rule? The third column in
/etc/ntp.keys is the password of MD5, right?
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
catherine.wei1...@gmail.com wrote:
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands
which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1
version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I set it
to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and
password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
Hm, that should work.
Can you try it with a simple password first? E.g.:
1 MD5 passwd1
5 MD5 passwd5
By the way, how can I define the controlkey for ntpq. In my case, I just define
the controlkey to 5 randomly, is there any rule?
AFAIK there is no rule. The keys file is just a list of passwords. If
you have more than one machines running ntpd then every other machine
may have a single, individual trusted key, each with index 1.
If your local ntpd should talk to all the others then of course you
can't add several keys with inde 1 in your local file, so you need to
have a keys fle containing all the keys of the other servers, for time
sync, plus the control key for your local ntpd. The number is just
associated to the entry number of the keys file you are supplying to
your local ntpd.
This is very flexible, but you need to take care to get the keys and
index/ID numbers right.
The third column in /etc/ntp.keys is the password of MD5, right?
Yes.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
