Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: NTP Authentication Issues: Help Please!
Operating Systems Linux Red Hat NTP Authentication Issues: Help Please! Post 302869433 by rchaud10 on Wednesday 30th of October 2013 10:33:04 AM
Old 10-30-2013
Wrench NTP Authentication Issues: Help Please!
Hello everyone,

I've been trying to set up NTP authentication between a server and a workstation. Both point to the same NTP server which is on a different physical box with its own IP address. I followed the steps below but I get the following result. How can I get this working?

Expected (on workstation):
Code:
ind  assID  status  conf  reach  auth  condition  last_event  cnt
=================================================================
  1  12345   f123   yes    yes   ok    sys.peer   reachable    1

Result:
Code:
ind  assID  status  conf  reach  auth  condition  last_event  cnt
=================================================================
  1  12345   c000   yes    yes   bad    reject   

Directions followed:
Server Configuration
•	Ensure the following entries are in /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict -6 ::1
server <ntp.server.com>
broadcast <broadcast/multicast ip> autokey
crypto
includefile /etc/ntp/crypto/pw
keysdir /etc/ntp/
•	Generate the server-side keys
# cd /etc/ntp
# ntp-keygen -T -p password
•	Restart the NTP service
# service ntpd restart
•	Ensure that the service started
# ntpq -p
    remote       refid     st  t  when  poll  reach  delay  offset  jitter
==============================================================================
<brdcst.address> .BCST.    16  u   -     64     0    0.000  0.000   0.000
<ntp.server.com> <refid>     5  u  17     64     377  0.000  0.000   0.000   
Client Configuration
•	Ensure the following entries are in /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict -6 ::1
crypto
includefile /etc/ntp/crypto/pw
keysdir /etc/ntp/
server <ntp.server.com> autokey
•	Generate the client-side keys
# cd /etc/ntp
# ntp-keygen -H -p clientpassword
•	Restart the NTP service
•	Ensure authenticated NTP is connecting successfully
# ntpq -c as
ind  assID  status  conf  reach  auth  condition  last_event  cnt
=================================================================
  1  12345   f123   yes    yes   ok    sys.peer   reachable    1
Crypto Configuration
•	Sample /etc/ntp/crypto/pw file
# Specify the password to decrypt files containing private keys and identity
# parameters.  This is required only if these files have been encrypted.
#
crypto pw <password>
Diagnostic Steps
Troubleshooting the Configuration
•	For error: "RAND_load_file /root/.rnd not found or empty"
dd if=/dev/urandom of=/root/.rnd bs=512 count=1
•	For error: "crypto_setup: random seed file not found error:"
◦	Add crypto
◦	 randfile /dev/urandom entry to /etc/ntp.conf
•	Important: Ensure that no keys, key directories, or files containing passwords are world readable

Last edited by Scott; 10-30-2013 at 02:18 PM.. Reason: Added code tags
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

NTP and 11.i .....

Hi there! Does anybody know if HP-UX 11.i supports NTP? If yes, what version on NTP should be used? Thanx (1 Reply)
Discussion started by: penguin-friend
1 Replies

2. IP Networking

Ntp

How can I install ntp on AIX (4.3-5.1) ? thnx (1 Reply)
Discussion started by: Gismo
1 Replies

3. Solaris

ntp server and ntp client

All, How do you set a Solaris 9 server which received ntp updates from a ntp server to broadcast them on a local subnet. I have created a /etc/inet/ntp.conf file to receive the updates from a server on network and need to make this server become like a ntp relay from the main server. Any... (1 Reply)
Discussion started by: bubba112557
1 Replies

4. UNIX for Dummies Questions & Answers

Solaris 10: Cannot ssh into machine- authentication issues

Greetings! I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured. I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Discussion started by: agummad
2 Replies

5. Red Hat

NTP issues

Hi, I have gone through various sites describing on how to setup NTP and also troubleshooting. Even then, I have problems. It is described as under: My NTP server is running on Windows 2003. It is also a PDC. It gets its time through a GPS based solution. While all my workstations running on XP... (10 Replies)
Discussion started by: jagsrao
10 Replies

6. Solaris

SSH and PAM authentication issues on Solaris 10

This is a zone running Solaris 10u8 on a 6320 blade. The global zone is also running 10u8. One my users is attempting to change his password and getting a following screen: $ ssh remotesys Password: Warning: Your password has expired, please change it now. New Password: Re-enter new... (1 Reply)
Discussion started by: bluescreen
1 Replies

7. Linux

How often does Linux NTP server update its time with the external NTP server?

All here, thank you for listening. Now I've set up a Linux NTP server by adding a external windows NTP server in /etc/ntp.conf. Then I start the ntpd daemon. But how often does the Linux NTP server update its time with the external NTP server? I've looked up everywhere but found no information... (1 Reply)
Discussion started by: MichaelLi
1 Replies

8. HP-UX

Setting up NTP HP-UX clients from solaris NTP server

Hi I wonder if its possible to setup NTP clients running HP-UX o.s. from a solaris 10 NTP server? FR (3 Replies)
Discussion started by: fretagi
3 Replies

9. Red Hat

Ntp client sync with local over ntp server

Hi, I have two ntp servers in my cluster and I want all the nodes in my cluster to sync with either of the ntp servers or just one. Unfortunately it keep rotating the sync, between my ntp server 1, ntp server 2 and local. Is there anyway I can change the sync to avoid local? # ntpq -p ... (3 Replies)
Discussion started by: pjeedu2247
3 Replies

10. UNIX for Advanced & Expert Users

NTP time issue with md5 authentication.

Hi All Appreciate your help. Here is the scenario: 1. Five months back we configured md5 authentication with network devices and NTP server and it worked fine. 2.Last week all of a sudden the network devices are out of sync. 3.We changed the md5 key and it started working. ... (0 Replies)
Discussion started by: iqtan
0 Replies

LEARN ABOUT OSF1

ntptrace

ntptrace(8)						      System Manager's Manual						       ntptrace(8)

NAME

       ntptrace - Traces a chain of NTP hosts back to their master time source

SYNOPSIS

       /usr/sbin/ntptrace [-dnv] [-r retries] [-t timeout] [server]

OPTIONS

       Turns  on  some	debugging output.  Turns off the printing of host names; instead, host IP addresses are given.	This may be necessary if a
       nameserver is down.  Sets the number of retransmission attempts for each host; default = 5.  Sets the retransmission timeout (in  seconds);
       default = 2.  Prints verbose information about the NTP servers.

DESCRIPTION

       The  ntptrace  command determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers
       back to their master time source. If given no arguments, it starts with localhost.

       The following is an example of the output from ntptrace: % ntptrace  localhost:	stratum  4,  offset  0.0019529,  synch	distance  0.144135
       server2.bozo.com:  stratum  2,  offset  0.0124263, synch distance 0.115784 usndh.edu: stratum 1, offset 0.0019298, synch distance 0.011993,
       refid 'WWVB'

       On each line, the fields are (left to right): the host name, the host's stratum, the time offset between that host and the local  host  (as
       measured  by  ntptrace;	this  is  why  it  is not always zero for localhost), the host's synchronization distance, and (only for stratum-1
       servers) the reference clock ID.  All times are given in seconds. (Synchronization distance is a measure of the	goodness  of  the  clock's
       time.)

SEE ALSO

       Commands: xntpd(8), xntpdc(8)

																       ntptrace(8)
All times are GMT -4. The time now is 04:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy