NTP Server is setup for ntp keys. How can we configure windows server to communicate to our time server using the keys?

IT_User

10/8/22, 8:04 PM

We have an NTP server that was setup with NTP keys. https://docs.ntpsec.org/latest/ntp_keys.html

We are trying to configure our domain controllers to use this NTP server as the authoritative time source. We can talk to the NTP server without keys fine but as soon as we enable keys on the NTP side, communication fails. Where can we specify a keys file/strings to allow Windows to talk to our NTP server using NTP keys? Thank you!

167

1 + 0

windows

ntp

windows-server-2012-r2

Score:1

Server

John Mahowald

10/9/22, 5:45 PM

w32time is not compatible with ntpd's symmetric key implementation. Meinberg cites Microsoft MS-SNTP spec in which packets are either using MS netlogon based auth extension, or unauthenticated. ntpd gained experimental mssntp support, but no guarantee it will be available on your NTP server.

The goal of NTP auth is to reduce the risk of an impostor NTP server serving the wrong time. When this is difficult to implement, use alternative controls at the network level.

Assuming you wish to continue running your NTP servers on not-Windows, remove the keys and use unauthenticated. Domain controllers use it as an "internet" source. Protect the NTP server by restricting access to it. Use a private network for transport. Limit queries to allowed subnets with firewalls and possibly ntpd's restrict keyword.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: NTP Server is setup for ntp keys. How can we configure windows server to communicate to our time server using the keys?

TH: เซิร์ฟเวอร์ NTP ถูกตั้งค่าสำหรับคีย์ ntp เราจะกำหนดค่า windows server เพื่อสื่อสารกับเซิร์ฟเวอร์เวลาของเราโดยใช้คีย์ได้อย่างไร

RO: Serverul NTP este configurat pentru chei ntp. Cum putem configura Windows Server pentru a comunica cu serverul nostru de timp folosind tastele?

RU: NTP-сервер настроен для ключей ntp. Как мы можем настроить сервер Windows для связи с нашим сервером времени с помощью ключей?

VI: Máy chủ NTP được thiết lập cho các khóa ntp. Làm cách nào chúng tôi có thể định cấu hình máy chủ windows để giao tiếp với máy chủ thời gian của mình bằng các phím?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.