How to configure ntp authentication.

This document (7017993) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11

Situation

NTP client should be able to verify server via authentication keys (no autokey).
In this sample case, id 1 is NTP server, and id 2 and 3 are NTP clients.

Resolution

Both NTP server and NTP client need the same /etc/ntp.keys file (keys in identical order) :

1 M bad2f48
2 M be45b2e
3 M 4e3e952

(no spaces at line end or blank lines)

Server configuration:
/etc/ntp.conf :

    keys /etc/ntp.keys              # path for keys file
    trustedkey 1 2 3                # define trusted keys
    requestkey 1                    # key (7) for accessing server variables
    controlkey 1                    # key (6) for accessing server variables

Client configuration:
/etc/ntp.conf:

    keys /etc/ntp.keys              # path for keys file
    trustedkey 1 2                  # define trusted keys
    requestkey 2                    # key (7) for accessing server variables
    controlkey 2                    # key (6) for accessing server variables
    server <server-ip-address> key 1

(As eh NTP server has id 1, the NTP client id would be 2 or 3.)

Cause

Client unable to prove auth - "ntpq -p" show INIT.
When running NTP in debug mode, the client prints : "bad auth crypto_NAK".

Additional Information

To enable debug on either NTP client, or server, add option "-d" to "NTPD_OPTIONS" in /etc/sysconfig/ntp

To generate symmetric md5 keys:
for i in `seq 1 10`; do tmp=$(dd if=/dev/urandom count=1 2>/dev/null | md5sum); tmp=${tmp:0:7}; echo "$i M $tmp"; done

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7017993
  • Creation Date: 29-Aug-2016
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center