[Info-vax] OpenVMS TCP/IP Services NTP using symmetric key authentication
RobertsonEricW
robertsonericw at netzero.net
Wed Mar 25 15:48:02 EDT 2015
Has anyone in this group successfully configured the NTP service for HP OpenVMS TCP/IP services to use the authenticated NTP service offered through NIST? The version of NTP reported in the NTP log file is 4.2.0-1. I am running an AlphaServer ES45 with OpenVMS Alpha V8.3 running OpenVMS TCP/IP Services V5.7 ECO 5 with the following NTP.CONF file and I get the following message when I attempt to run NTPDATE to perform the initial clock synchronization with the NIST authenticated NTP servers:
$ NTPDATE "ntp-a.boulder.nist.gov" "ntp-b.nist.gov"
Looking for host ntp-a.boulder.nist.gov
host found : ntp-a.boulder.nist.gov
Looking for host ntp-b.nist.gov
host found : host-24-56-178-141.beyondbb.com
25 Mar 15:31:31 NTPDATE[1206]: no server suitable for synchronization found
I have triple checked that the trustedkey value specified in the TCPIP$NTP.CONF file matches the information supplied by NIST and contained in the NTP.KEYS file.
As far as I can tell the contents of TCPIP$NTP.CONF that I am using is consistent with both the documentation for NTP 4.2.0 and the instructions from NIST. I have run out of things to try by changing the contents in TCPIP$NTP.CONF. Any wisdom would be appreciated.
Eric
TCPIP$NTP.CONF:
#
# Configure logging of all clock information and synchronization
# events.
#
logconfig +syncall +clockall
#
# Statistics (this is for temporary troubleshooting of authenticted NTP from NIST.)
#
statistics loopstats peerstats clockstats cryptostats rawstats
statsdir SYS$SPECIFIC:[TCPIP$NTP]
#
# Configure the Keys file needed to contact authenticated NTP
# Services.
#
keys SYS$SPECIFIC:[TCPIP$NTP]NTP.KEYS
#
# Configure the trusted key ID's for NTP services authenticated via symmetric key
# authentication
#
trustedkey 75331
#
# Configure the use of a clock drift file.
#
driftfile SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.DRIFT
#
# Ignore any communication from unconfigured NTP servers, clients or networks.
#
restrict default ignore
#
# Configure to allow non-querying, non-modifying communication from known, local
# machines/LANs (i.e. only time sync can be requested by known, local hosts/LANs).
#
restrict 192.168.1.0 mask 255.255.255.0 noquery nomodify
#
# Configure stratum 1 time sync NTP servers.
#
server ntp-a.boulder.nist.gov prefer iburst
server ntp-b.nist.gov iburst
#
# Configure communication with NTP stratum 1 servers for time sync only and only when
# attempted communication packets received are authenticated via a trusted key.
#
restrict ntp-a.boulder.nist.gov noquery nomodify notrust
restrict ntp-b.nist.gov noquery nomodify notrust
More information about the Info-vax
mailing list