IDS Sensor and setting NTP

RichardSW · ‎05-18-2006

I'm configuring all of the cisco sensors I manage to update their time using a public NTP server.

I've hit two bumps.

On a few of the 4.x sensors I get the error "Error: Could not run ntpdate utility. Fatal Error has occurred. Node MUST be rebooted to enable alarming."

On all of the 5.x sensors, I can't apply the NTP settings because it requries two additional values (keys?) - but the public NTP I'm using doesn't require these. I was able to get this to work on the 4.x servers by entering the value 1 in both fields, but the 5.x sensor seems to be doing some additional checking.

Any help/insight is much appreciated. I checked the configuration documentation but didn't find anything other than descriptions of the fields.

gfullage · ‎05-18-2006

The error message is a known issue, see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed84480&Submit=Search for the details and workarounds to it.

The second issue is actually the way it's supposed to work. NTP on the sensor requires NTP authentication, but because of a bug in the 4.x code it actually let you set it by just putting in dummy values (although it would only sync up once upon reboot and then get slowly out of sync as time went on). Version 5.x fixed the authentication "problem" and it now requires authentication to be set up correctly right from the start. You'll need an NTP server that can handle authentication correctly to get your 5.x sensors to sync up with it.

RichardSW · ‎05-19-2006

I tried the URL you provided, but I get a Error #403: Forbidden. Is it only accessible by those who subscribe to the extended forum options?

Thanks for the quick reply on the NTP authentication.

slug420 · ‎06-16-2006

any insight on how to configure ntpd or some other linux ntp service to support this authentication?

Im not seeing it documented at ntp.org