NTP MD5 or SHA56 Authentication Configurations Are Incomplete
An NTP authentication mode (MD5 or SHA56) is configured, and the ntp-service authentication enable command is run, but no other authentication-related commands are run. As a result, the NTP client fails to synchronize clock signals with the NTP server.
Scenario
NTP authentication is enabled on an NTP client using the ntp-service authentication enable command in the system view.
Configuration Requirements
The following commands must be all run in the system view to ensure that the NTP client synchronizes clock signals with the NTP server:
<HUAWEI> system-view
[HUAWEI] ntp-service authentication enable
[HUAWEI] ntp-service reliable authentication-keyid 169
[HUAWEI] ntp-service unicast-server 172.0.0.1 authentication-keyid 169
[HUAWEI] ntp-service authentication-keyid 169 authentication-mode md5 cipher Root@123
Misconfiguration Risks
Risk description:
The NTP client fails to synchronize clock signals with the NTP server if any of the following commands is not run:
ntp-service authentication-keyid key-id authentication-mode mode cipher password
ntp-service reliable authentication-keyid key-id key-id
ntp-service unicast-server server-ip authentication-keyid key-id (applicable to the NTP client, not to the server)
Identification method:
Run the display current-configuration configuration ntp command in the user view to check whether all the preceding commands have been run.
In the following example, only the ntp-service authentication enable command is run.
<HUAWEI> display current-configuration configuration ntp
# ntp-service authentication enable #
Recovery measures:
Ensure that all the preceding commands are run.
This is what I want to talk about/share with you today, thank you!
