Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: NTP Authentication Issues: Help Please!
Operating Systems Linux Red Hat NTP Authentication Issues: Help Please! Post 302869433 by rchaud10 on Wednesday 30th of October 2013 10:33:04 AM
Old 10-30-2013
Wrench NTP Authentication Issues: Help Please!
Hello everyone,

I've been trying to set up NTP authentication between a server and a workstation. Both point to the same NTP server which is on a different physical box with its own IP address. I followed the steps below but I get the following result. How can I get this working?

Expected (on workstation):
Code:
ind  assID  status  conf  reach  auth  condition  last_event  cnt
=================================================================
  1  12345   f123   yes    yes   ok    sys.peer   reachable    1

Result:
Code:
ind  assID  status  conf  reach  auth  condition  last_event  cnt
=================================================================
  1  12345   c000   yes    yes   bad    reject   

Directions followed:
Server Configuration
•	Ensure the following entries are in /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict -6 ::1
server <ntp.server.com>
broadcast <broadcast/multicast ip> autokey
crypto
includefile /etc/ntp/crypto/pw
keysdir /etc/ntp/
•	Generate the server-side keys
# cd /etc/ntp
# ntp-keygen -T -p password
•	Restart the NTP service
# service ntpd restart
•	Ensure that the service started
# ntpq -p
    remote       refid     st  t  when  poll  reach  delay  offset  jitter
==============================================================================
<brdcst.address> .BCST.    16  u   -     64     0    0.000  0.000   0.000
<ntp.server.com> <refid>     5  u  17     64     377  0.000  0.000   0.000   
Client Configuration
•	Ensure the following entries are in /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict -6 ::1
crypto
includefile /etc/ntp/crypto/pw
keysdir /etc/ntp/
server <ntp.server.com> autokey
•	Generate the client-side keys
# cd /etc/ntp
# ntp-keygen -H -p clientpassword
•	Restart the NTP service
•	Ensure authenticated NTP is connecting successfully
# ntpq -c as
ind  assID  status  conf  reach  auth  condition  last_event  cnt
=================================================================
  1  12345   f123   yes    yes   ok    sys.peer   reachable    1
Crypto Configuration
•	Sample /etc/ntp/crypto/pw file
# Specify the password to decrypt files containing private keys and identity
# parameters.  This is required only if these files have been encrypted.
#
crypto pw <password>
Diagnostic Steps
Troubleshooting the Configuration
•	For error: "RAND_load_file /root/.rnd not found or empty"
dd if=/dev/urandom of=/root/.rnd bs=512 count=1
•	For error: "crypto_setup: random seed file not found error:"
◦	Add crypto
◦	 randfile /dev/urandom entry to /etc/ntp.conf
•	Important: Ensure that no keys, key directories, or files containing passwords are world readable

Last edited by Scott; 10-30-2013 at 02:18 PM.. Reason: Added code tags
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

NTP and 11.i .....

Hi there! Does anybody know if HP-UX 11.i supports NTP? If yes, what version on NTP should be used? Thanx (1 Reply)
Discussion started by: penguin-friend
1 Replies

2. IP Networking

Ntp

How can I install ntp on AIX (4.3-5.1) ? thnx (1 Reply)
Discussion started by: Gismo
1 Replies

3. Solaris

ntp server and ntp client

All, How do you set a Solaris 9 server which received ntp updates from a ntp server to broadcast them on a local subnet. I have created a /etc/inet/ntp.conf file to receive the updates from a server on network and need to make this server become like a ntp relay from the main server. Any... (1 Reply)
Discussion started by: bubba112557
1 Replies

4. UNIX for Dummies Questions & Answers

Solaris 10: Cannot ssh into machine- authentication issues

Greetings! I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured. I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Discussion started by: agummad
2 Replies

5. Red Hat

NTP issues

Hi, I have gone through various sites describing on how to setup NTP and also troubleshooting. Even then, I have problems. It is described as under: My NTP server is running on Windows 2003. It is also a PDC. It gets its time through a GPS based solution. While all my workstations running on XP... (10 Replies)
Discussion started by: jagsrao
10 Replies

6. Solaris

SSH and PAM authentication issues on Solaris 10

This is a zone running Solaris 10u8 on a 6320 blade. The global zone is also running 10u8. One my users is attempting to change his password and getting a following screen: $ ssh remotesys Password: Warning: Your password has expired, please change it now. New Password: Re-enter new... (1 Reply)
Discussion started by: bluescreen
1 Replies

7. Linux

How often does Linux NTP server update its time with the external NTP server?

All here, thank you for listening. Now I've set up a Linux NTP server by adding a external windows NTP server in /etc/ntp.conf. Then I start the ntpd daemon. But how often does the Linux NTP server update its time with the external NTP server? I've looked up everywhere but found no information... (1 Reply)
Discussion started by: MichaelLi
1 Replies

8. HP-UX

Setting up NTP HP-UX clients from solaris NTP server

Hi I wonder if its possible to setup NTP clients running HP-UX o.s. from a solaris 10 NTP server? FR (3 Replies)
Discussion started by: fretagi
3 Replies

9. Red Hat

Ntp client sync with local over ntp server

Hi, I have two ntp servers in my cluster and I want all the nodes in my cluster to sync with either of the ntp servers or just one. Unfortunately it keep rotating the sync, between my ntp server 1, ntp server 2 and local. Is there anyway I can change the sync to avoid local? # ntpq -p ... (3 Replies)
Discussion started by: pjeedu2247
3 Replies

10. UNIX for Advanced & Expert Users

NTP time issue with md5 authentication.

Hi All Appreciate your help. Here is the scenario: 1. Five months back we configured md5 authentication with network devices and NTP server and it worked fine. 2.Last week all of a sudden the network devices are out of sync. 3.We changed the md5 key and it started working. ... (0 Replies)
Discussion started by: iqtan
0 Replies

LEARN ABOUT MOJAVE

ntp.keys

ntp.keys(5)							   File Formats 						       ntp.keys(5)

NAME

       ntp.keys - NTP symmetric key file format configuration file

SYNOPSIS

	[--option-name] [--option-name value]

       All arguments must be options.

DESCRIPTION

       This  document  describes the format of an NTP symmetric key file.  For a description of the use of this type of file, see the "Authentica-
       tion Support" section of the ntp.conf(5) page.

       ntpd(8) reads its keys from a file specified using the -k command line option or the keys statement in the configuration file.	While  key
       number  0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or more keys numbered between 1 and 65535 may be arbi-
       trarily set in the keys file.

       The key file uses the same comment conventions as the configuration file.  Key entries use a fixed format of the form

	   keyno type key opt_IP_list

       where keyno is a positive integer (between 1 and 65535), type is the message digest algorithm, key is the key itself, and opt_IP_list is an
       optional  comma-separated  list of IPs where the keyno should be trusted.  that are allowed to serve time.  Each IP in opt_IP_list may con-
       tain an optional /subnetbits specification which identifies the number of bits for the desired subnet of trust.	If opt_IP_list	is  empty,
       any properly-authenticated message will be accepted.

       The  key  may  be  given  in  a format controlled by the type field.  The type MD5 is always supported.	If ntpd was built with the OpenSSL
       library then any digest library supported by that library may be specified.  However, if compliance with FIPS 140-2 is  required  the  type
       must be either SHA or SHA1.

       What follows are some key types, and corresponding formats:

       MD5    The key is 1 to 16 printable characters terminated by an EOL, whitespace, or a # (which is the "start of comment" character).

       SHA
       SHA1
       RMD160 The key is a hex-encoded ASCII string of 40 characters, which is truncated as necessary.

       Note  that  the keys used by the ntpq(8) and ntpdc(8) programs are checked against passwords requested by the programs and entered by hand,
       so it is generally appropriate to specify these keys in ASCII format.

FILES

       /etc/ntp.keys the default name of the configuration file

SEE ALSO

       ntp.conf(5), ntpd(1), ntpdate(1), ntpdc(1), sntp(1)

AUTHORS

       The University of Delaware and Network Time Foundation

COPYRIGHT

       Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation all rights reserved.  This program  is  released	under  the
       terms of the NTP license, <http://ntp.org/license>.

BUGS

       Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

NOTES

       This document was derived from FreeBSD.

       This manual page was AutoGen-erated from the ntp.keys option definitions.

4.2.8p13							    20 Feb 2019 						       ntp.keys(5)
All times are GMT -4. The time now is 09:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy