forwarded 1033088 https://gitlab.com/NTPsec/ntpsec/-/issues/785 thanks
Sorry for the delay in responding. I had hoped to try to reproduce this myself. But I need to be honest with myself that it's simply not going to happen.
Can you confirm whether you get either of these messages to stderr on startup:
A) MS-SNTP signd operations currently block ntpd degrading service to all clients.
B) mssntp restrict bit ignored, this ntpd was configured without --enable-mssntp.
I would expect "A". If you are getting "B", that is bad (and makes no sense, as the Debian ntpsec package is built with --enable-mssntp).
Is there any chance you could test with ntpsec 1.1.3? You'd have to build from source (and note that upstream stores the config file in /etc/ntp, not /etc/ntpsec). It is available here:
https://ftp.ntpsec.org/pub/releases/ntpsec-1.1.3.tar.gzIf ntpsec 1.1.3 works and 1.1.4 does not, then I'm wondering if commit ee7677d0cff27c9e208cc3716db41f51bf29c1fb would be to blame. That said, I don't see anything wrong with that change. It's just that there aren't many other changes to mssntp code in ntpsec.
Other than that, I don't have any ideas. I've forwarded the bug upstream. You can see the URL in the control commands at the top of this message.
-- Richard
OpenPGP_signature
Description: OpenPGP digital signature
