Using NTP
Save the changes and close the file. In vi, press the Esc key and enter:
:wq
Restart ntpd. The most reliable way to do this is to reboot the system by entering:
shutdown -r now
When the system and ntpd restart, the new configuration should be in effect.
Note: Mismatched keys or partially configured authentication may prevent synchronization
between two NTP nodes.
Using Autokey
Recommendation: When configuring NTP authentication, log in to the SyncServer securely
by selecting the Secure checkbox on the Login page. This opens an https session with port
443 on the SyncServer. Also see Enabling Secure Login (on page 164).
Generating and downloading autokeys
1.
Log in to the SyncServer securely and go to the NTP - Autokey page.
2.
Select an Identity Scheme.
3.
(Optional) Create a peer, broadcast, or multicast association using the Server Role and
Server Address fields.
4.
Enter an alphanumeric Server Password.
5.
If the Identity Scheme is IFF, enter an alphanumeric Client Password.
6.
Click the GENERATE button.
7. Download the keys or certificates:
n
If the Identity Scheme is PC, use SAVE AS to download the Server Host Key and
Server Certificate to your workstation one at a time.
n
If the Identity Scheme is IFF or GQ, use SAVE AS to download the Client Group
Key to your workstation.
8.
Click the RESTART button.
Enabling autokey for a particular NTP association
The Role of the association must be Server, Peer, or Broadcast.
1. After generating the keys or certificates on the SyncServer.
2. If needed, log in to the SyncServer securely.
3.
Go to the NTP - Config page.
4. Create or edit an NTP association.
5.
Set MD5 Key to Auto.
6.
Click the SAVE button.
7.
Click the RESTART button.
After several minutes go to NTP - Assoc and confirm that Reach for this association is greater
than 0. If not, authentication isn't working.
Uploading autokey keys and certificates to another SyncServer
997-01520-02 Rev. F1.......................................................................... Page 163
To Next Page
Loading...
