NTP on Solaris
#1
Scooby Regular
Thread Starter
Join Date: Mar 2001
Location: Berkshire
Posts: 5,528
Likes: 0
Received 0 Likes
on
0 Posts
Anyone got an example of an ntp.conf file from an ntp server, and an example of an ntp.keys file.
I am sure i have the ntp.conf file right, but the syntax of the ntp.keys file is baffling me !!
Dave
I am sure i have the ntp.conf file right, but the syntax of the ntp.keys file is baffling me !!
Dave
#2
NTP Information and Setup
Free Info Docs: 20748
http://sunsolve.sun.com/pub-cgi/retr...48&zone_32=NTP
Excerpt Below:
#----- start of ntp.conf file ---------------------
# @(#)ntp.server 1.4 97/05/05 SMI
#
# /etc/inet/ntp.server
#
# An example file that could be copied over to /etc/inet/ntp.conf and
# edited; it provides a configuration template for a server that
# listens to an external hardware clock, synchronizes the local clock,
# and announces itself on the NTP multicast net.
#
# SEE RFC 1305 ON FOLLOWING CLOCK DEVICES:
# This is the external clock device. The following devices are
# recognized by xntpd 3.4y:
#
# XType Device Name Description
# -------------------------------------------------------
# 1 (none) LOCAL Undisciplined Local Clock
# 2 trak GPS_TRAK TRAK 8820 GPS Receiver
# 3 pst WWV_PST PSTI/Traconex WWV/WWVH Receiver
# 4 wwvb WWVB_SPEC Spectracom WWVB Receiver
# 5 goes GPS_GOES_TRUE TrueTime GPS/GOES Receivers
# 6 irig IRIG_AUDIO IRIG Audio Decoder
# 7 chu CHU Scratchbuilt CHU Receiver
# 8 refclock- GENERIC Generic Reference Clock Driver
# 9 gps GPS_MX4200 Magnavox MX4200 GPS Receiver
# 10 gps GPS_AS2201 Austron 2201A GPS Receiver
# 11 omega OMEGA_TRUE TrueTime OM-DC OMEGA Receiver
# 12 tpro IRIG_TPRO KSI/Odetics TPRO/S IRIG Interface
# 13 leitch ATOM_LEITCH Leitch CSD 5300 Master Clock Controller
# 14 ees MSF_EES EES M201 MSF Receiver
# 15 gpstm GPS_TRUE TrueTime GPS/TM-TMD Receiver
# 17 datum GPS_DATUM Datum Precision Time System
# 18 acts NIST_ACTS NIST Automated Computer Time Service
# 19 heath WWV_HEATH Heath WWV/WWVH Receiver
# 20 nmea GPS_NMEA Generic NMEA GPS Receiver
# 22 pps ATOM_PPS PPS Clock Discipline
# 23 ptbacts PTB_ACTS PTB Automated Computer Time Service
#
# Some of the devices benefit from "fudge" factors. See the xntpd
# documentation.
# Either a peer or server. Replace "XType" with a value from the
# table above.
#If you are adding a local hardware clock device,
#its driver is identified here by a directive like: server
#127.127.XX.0 where 127.127 alerts NTP that this is a local rather
#than a remote network peer, and XX is a clocktype described in
#the NTP distribution. The restrict directive in this config file
#specifies that this host will only talk to the two IP addresses
#specified; it won't trust anyone else, and it won't serve time
#to anyone else.
#following three lines are there by default, change them according to your own setup.
server 127.127.XType.0 prefer
fudge 127.127.XType.0 stratum 0
broadcast 224.0.1.1 ttl 4
#three types of time servers
# 1. peer host_address [ key # ] [ version # ] [ prefer ]
# Specifies that local server is to operate in symmetric active mode with
# remote server specified as host_address, i.e.
# local server can be synchronized to the remote server
# 2. server host_address [ key # ] [ version # ] [ prefer ] [ mode] server
# Specifies that the local server is to operate in
# "client" mode with the remote server named in the com-
# mand. In this mode the local server can be synchronized
# to the remote server, but the remote server can never
# be synchronized to the local server.
# 3. broadcast host_address [ key # ] [ version # ] [ ttl # ]
# Specifies that the local server is to operate in
# "broadcast" mode where the local server sends periodic
# broadcast messages to a client population at the
# broadcast/multicast address named in the command
#
# key Indicates that all packets sent to the
# address are to include authentication fields,
# encrypted using the specified key number. The
# range of this number is that of an unsigned
# 32 bit integer. By default, an encryption
# field is not included.
# version Specifies the version number to be used for
# outgoing NTP packets. Versions 1, 2, and 3
# are the choices; version 3 is the default.
# prefer Marks the host as a preferred host. This
# host will be preferred for synchronization
over other comparable hosts.
# for complete listing see man page on xntpd
Sample ntp.conf file for an NTP primary stratum 1 server:
server 127.127.5.0
fudge 127.127.5.0 stratum 1
Sample ntp.conf file for an NTP server in peer mode:
peer ntppeerserver
Sample ntp.conf file for an NTP server in server mode:
server sometimeserver prefer
server sometimeserver
server sometimeserver
# we can always fall back to the local clock.
server 127.127.1.0
fudge 127.127.1.0 stratum 9
Once you have created your ntp.conf file, save it and start the xntpd
daemon.
# /usr/lib/inet/xntpd &
#3
Scooby Regular
Thread Starter
Join Date: Mar 2001
Location: Berkshire
Posts: 5,528
Likes: 0
Received 0 Likes
on
0 Posts
Thanks Michael, thats ace. I have the ntp.conf right on the server but it fails to start as thre is no ntp.keys file. I really am stuck on the format and contents of the ntp.keys file.
Dave
Dave
#4
Try this one:
http://docsrv.caldera.com/NET_tcpip/ntpT.auth_recon.html..
Authenticating NTP runtime reconfiguration
To turn on authentication of requests to use xntpdc(1Mtcp) to reconfigure the NTP daemon while it is running:
Create one or more keys that will be used for authenticating reconfiguration requests. This key can be unique to each peer. The format of such keys is described in ``The NTP keys file''.
On each host on which you want to configure authentication, add the following lines to the /etc/inet/ntp.conf file if not already present:
authenticate yes
keys /etc/inet/ntp.keys
If the line currently defines authenticate as no, change the value to yes.
Add the following line to /etc/inet/ntp.conf:
requestkey ID
ID is the ID number of the key that will be used to authenticate reconfiguration requests.
If it does not already exist, create a /etc/inet/ntp.keys file on each peer, and add the request key for the peer to this file.
To have xntpd re-read its configuration file, stop xntpd by killing its process ID found using ps, then restart it using the command in.xntpd &.
The NTP keys file
The /etc/inet/ntp.keys file contains a list of numeric key IDs and key values. These IDs and values are used to verify that mode 6 and mode 7 NTP packets should be processed. For example, when running the xntpdc program, you must supply a valid key ID in response to the Keyid prompt and its associated key value in response to the Password prompt. See ``Examples of using ntpq and xntpdc'' for sample displays of this.
In addition to a key ID and its associated value, each entry also contains a one-letter code indicating the type of the key value. The format of an entry in the key file is:
key_ID key_type key_value
The three fields shown above are separated by any combination of blanks and tabs. Comments may appear on any line and must begin with the number sign (#).
The fields are:
key_ID
An arbitrary, unsigned 32-bit number, written in decimal. The range of possible values is zero through 4,294,967,295. Key IDs are specified by the requestkey and controlkey statements in the configuration file.
key_type
Identifies the authentication scheme. Only M for MD5 authentication is currently supported.
--------------------------------------------------------------------------------
NOTE: DES authentication is not included in this release.
--------------------------------------------------------------------------------
key_value
For MD5 authentication, this is a password consisting of a string of one to eight ASCII characters. If the string is longer than eight characters, only the first eight will be used.
--------------------------------------------------------------------------------
NOTE: The NTP keys file contains sensitive data. Limit read permission to the owner root.
--------------------------------------------------------------------------------
The following is a sample ntp.keys file:
4 M DonTTelL
6 M hElloWorld
22 M ImASecret
http://docsrv.caldera.com/NET_tcpip/ntpT.auth_recon.html..
Authenticating NTP runtime reconfiguration
To turn on authentication of requests to use xntpdc(1Mtcp) to reconfigure the NTP daemon while it is running:
Create one or more keys that will be used for authenticating reconfiguration requests. This key can be unique to each peer. The format of such keys is described in ``The NTP keys file''.
On each host on which you want to configure authentication, add the following lines to the /etc/inet/ntp.conf file if not already present:
authenticate yes
keys /etc/inet/ntp.keys
If the line currently defines authenticate as no, change the value to yes.
Add the following line to /etc/inet/ntp.conf:
requestkey ID
ID is the ID number of the key that will be used to authenticate reconfiguration requests.
If it does not already exist, create a /etc/inet/ntp.keys file on each peer, and add the request key for the peer to this file.
To have xntpd re-read its configuration file, stop xntpd by killing its process ID found using ps, then restart it using the command in.xntpd &.
The NTP keys file
The /etc/inet/ntp.keys file contains a list of numeric key IDs and key values. These IDs and values are used to verify that mode 6 and mode 7 NTP packets should be processed. For example, when running the xntpdc program, you must supply a valid key ID in response to the Keyid prompt and its associated key value in response to the Password prompt. See ``Examples of using ntpq and xntpdc'' for sample displays of this.
In addition to a key ID and its associated value, each entry also contains a one-letter code indicating the type of the key value. The format of an entry in the key file is:
key_ID key_type key_value
The three fields shown above are separated by any combination of blanks and tabs. Comments may appear on any line and must begin with the number sign (#).
The fields are:
key_ID
An arbitrary, unsigned 32-bit number, written in decimal. The range of possible values is zero through 4,294,967,295. Key IDs are specified by the requestkey and controlkey statements in the configuration file.
key_type
Identifies the authentication scheme. Only M for MD5 authentication is currently supported.
--------------------------------------------------------------------------------
NOTE: DES authentication is not included in this release.
--------------------------------------------------------------------------------
key_value
For MD5 authentication, this is a password consisting of a string of one to eight ASCII characters. If the string is longer than eight characters, only the first eight will be used.
--------------------------------------------------------------------------------
NOTE: The NTP keys file contains sensitive data. Limit read permission to the owner root.
--------------------------------------------------------------------------------
The following is a sample ntp.keys file:
4 M DonTTelL
6 M hElloWorld
22 M ImASecret
Thread
Thread Starter
Forum
Replies
Last Post
Markus
Computer & Technology Related
3
30 June 2005 02:44 PM
DrEvil
Computer & Technology Related
9
13 January 2004 10:36 AM