From: Derek Fage (DerekF@xxxxxxxxxxx)
Date: Wed Aug 25 1999 - 04:46:20 GMT-3
Dave,
Without adding the key parameter to the ntp server statement on the client,
the client would sync to the server, but did not display "authenticated"
with show ntp assic det.
This is rather confusing, as I thought that adding the 'ntp authenticate'
command meant that the client would only make authenticated connections.
If I added the key parameter without the ntp trusted-key statement, the
client refused to sync to the server. I kept getting "failed validity test
10" messages (or something like that).
I think I'll stick to using the trusted-key statement to make sure.
Ciao,
Derek...
PS I'm taking my lab on Sept 2-3 in Brussles (2nd time).
> -----Original Message-----
> From: doakman@home.com [SMTP:doakman@home.com]
> Sent: 25 August 1999 00:37
> To: 'Derek Fage'
> Cc: 'ccielab@groupstudy.com'
> Subject: RE: NTP Authentication
>
> Derek,
>
> On R1
>
> r1#show ntp associations detail
> 192.168.1.33 configured, authenticated, our_master, sane, valid, stratum 3
> ref ID 127.127.7.1, time AF3D15B1.343CF03A (23:07:29.204 UTC Mon Mar 1
> 1993)
> our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
> root delay 0.00 msec, root disp 0.03, reach 374, sync dist 27.771
> delay 50.26 msec, offset -0.4073 msec, dispersion 2.61
> precision 2**19, version 3
> org time AF3D1649.CDF703D3 (23:10:01.804 UTC Mon Mar 1 1993)
> rcv time AF3D1649.D6F34282 (23:10:01.839 UTC Mon Mar 1 1993)
> xmt time AF3D1649.C6CE1F87 (23:10:01.776 UTC Mon Mar 1 1993)
> filtdelay = 69.15 58.73 52.60 52.15 50.26 51.27 52.38
> 52.93
> filtoffset = 0.62 2.34 0.66 0.63 -0.41 -0.10 0.05
> 0.63
> filterror = 0.02 0.99 1.97 1.98 2.00 2.01 2.03
> 2.04
>
> You do bring up a question that I have where and when would you use the
> ntp trusted-key?
> The trusted key must be the same # as the authentication key. if a key is
> specified with the server statement
> then all 3 must be the same. what value does the trusted key add ?
>
> Where are you taking you test ? I will be in Halifax on sept 1-2.
>
> ttfn
> daveO
>
>
> -----Original Message-----
> From: Derek Fage [SMTP:DerekF@itexjsy.com]
> Sent: Tuesday, August 24, 1999 5:47 PM
> To: ccielab@groupstudy.com
> Subject: NTP Authentication
>
> Hi,
>
> I'm having trouble in getting to grips with NTP autentication.
>
> The commands I initially entered were as follows (R2 is server, R1
> is
> client):
>
> hostname R2
> clock timezone GMT -0
> clock timezone BST recurring
> ntp authentication-key 1 md5 ccie
> ntp master 5
>
> hostname R1
> clock timezone GMT -0
> clock timezone BST recurring
> ntp authentication-key 1 md5 ccie
> ntp authenticate
> ntp server 192.168.2.10
>
> This caused the client to sync, but I do not think any
> authentication took
> place.
>
> Changing the ntp server command to 'ntp server 192.168.2.10 key 1'
> causes
> the client to never sync. I just keep getting the following debug
> messages
> (when debugging authentication and validity)
>
> Adding the 'ntp trusted 1' to the client seems to get it to
> synchronise OK
> now
>
> So I think I've got it working now, but just wanted to get some
> feedback if
> anybnody thinks I have it wrong.
>
> From what I understand, all you do is the folowing:
> - setup an authentication key on the server and client
> - add the ntp authenticate command to the client only
> - add the ntp trusted-key command to the client only
> - add the key parameter to the ntp server command on the client
>
> Cheers,
>
> Derek (9 days...)
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:47 GMT-3