I'll take a look at our setup in the morning. We always use NTP and RHEL 6 VMs.
Posted on 01/24/2016 4:32:58 PM PST by Washi
Are there any Linux gurus here?
I've looked around online and asked some questions in various forums, but I'm not getting anywhere. I've found explanations of how to set it up, but no examples. I have yet to get it working.
I am trying to configure an environment with several Red Hat Enterprise Linux 6.1 virtual machines. All of these machines need to be NTP clients of my NTP server. The NTP server uses MD5 authentication, and I need to have the Linux clients authenticate the NTP traffic.
Can someone please post a working "ntp.conf" and "keys" file so that I can see the correct way to enable authentication on my Red Hat Enterprise Linux 6.1 NTP clients?
Also, please recommend the best method to verify that authentication is being used and that only authenticated NTP messages are influencing the clients.
Thanks!
Not me but . . .
I'll take a look at our setup in the morning. We always use NTP and RHEL 6 VMs.
and you want that for FREE????
Absolutely.
I do have a couple of ideas. PM me to send me you current config and I should be able to troubleshoot it for you.
To prevent spoofing.
If you want to pay, you can do that too.
Sent. Thank you.
If you’re worried about spoofing, I kind of wonder if you are trying to use the wrong tool for the job. Depending on the environment, iptables (or syncing via hypervisor tools) is probably a much better tool.
But anyway, here’s a easy to follow explanation with examples:
http://www.articlesbase.com/programming-articles/how-to-configure-your-linux-ntp-server-1105782.html
As far as confirming operation, ntpq should (I think, working from memory here). If that’s not enough for you, break it intentionally and test.
Ha ha ha!
LOL
Thanks, Darth. That’s one of the articles I’ve read. There must be some trick I’m missing. My clients will sync right up with the server...which normally would be a good thing. However, when I intentionally use bad keys, it also syncs right up. It doesn’t appear that the clients are actually trying to authenticate the NTP messages.
Is this a new configuration? Is the current NTP server already serving up authenticated requests? If not, are you sure that the server is configured properly?
It’s a new configuration on the Linux VMs.
The server is already serving authenticated NTP to other clients (Cisco switches and such). I’m just not a Linux guy.
Red Hat has an article for configuring NTP with symmetric key auth at https://access.redhat.com/solutions/393663
Also, the ntp_auth(5) page any be useful for you - https://www.mankier.com/5/ntp_auth
Okay, you since you said you’re not a Linux guy in another post, I have to ask:
Are your clients running ntpd or using ntpdate? If ntpd, are what are you doing to cause it to re-read ntp.conf when you make changes to ntp.conf?
Oh, and how are you editing ntp.conf? On the linux machine, or on a windows machine and transferring to Linux?
Thanks, I’ll get one of my buddies with a subscription to access that for me tomorrow.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.