Ntpd and chroot

john_lelos · 2017-10-11 14:18:21 UTC

Hello all

I apologise if this has been answered previously, but searching turned up nothing for me.

I am trying to get ntpd to start inside a chroot directory.
I have solved a few issues I had until now but I have stuck with authentication.

I get the following error:

ntpd[22401]: Command line: /usr/sbin/ntpd -p /var/chroot/ntp/var/run/ntpd.pid -i /var/chroot/ntp -4 -u ntp:ntp
systemd[1]: Started LSB: Start NTP daemon.
ntp[22392]: Starting NTP server: ntpd.
ntpd[22403]: proto: precision = 0.303 usec (-22)
ntpd[22403]: line 52 column 17 syntax error, unexpected T_Key, expecting T_EOC
ntpd[22403]: syntax error in /etc/ntp.conf line 52, column 17

and this relates to ntp.conf:

48: enable auth
49: keys /etc/ntp/ntpkeys
50: trustedkey 1 2 3 4 5 6 7 8 9

52: restrict 10.2.2.10 key 8

Any idea why authentication fails?

mnordhoff · 2017-10-12 22:20:06 UTC

“restrict” doesn’t have a “key” flag, does it?

https://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict

john_lelos · 2017-10-13 20:21:16 UTC

http://www.ntp.org/ntpfaq/NTP-s-trbl-general.htm#FTN.AEN5299
Note 1: Also note that ntpd fails to find the keys when running in a chroot environment.

Does this apply until today?

john_lelos · 2017-10-19 08:18:42 UTC

Yes, you are absolutely correct.

I am a bit confused with my setup.
I have a local range with clients allowing unauthenticated access.
Everything fine up to here.

I have a second ntp server, which should synchronize to the first one using authentication.
The first server should not get time from second one; stratum are configured as 4 and 5.
But I am not sure that this is enough.

ntpd servers configuration:

1st ntpd

restrict 10.50.18.11
peer 10.50.18.11 iburst key 8 prefer

Is peer a valid association?
But I don’t want this server to be updated from the second ntp!

2nd ntpd

server 192.168.3.10 iburst key 8 prefer

Which is the correct relationship ?
Should it be “server”, shouldn’t?