Open axkar opened 4 hours ago
Additional findings:
When running a check for chronyc serverstats
as admin
user, the following error appears:
admin@infix-00-00-00:~$ chronyc serverstats
501 Not authorised
However, running the same command as root
works fine:
admin@infix-00-00-00:~$ sudo chronyc serverstats
NTP packets received : 0
NTP packets dropped : 0
Command packets received : 11
Command packets dropped : 0
Client log records dropped : 0
NTS-KE connections accepted: 0
NTS-KE connections dropped : 0
Authenticated NTP packets : 0
Interleaved NTP packets : 0
NTP timestamps held : 0
NTP timestamp span : 0
NTP daemon RX timestamps : 0
NTP daemon TX timestamps : 0
NTP kernel RX timestamps : 0
NTP kernel TX timestamps : 0
NTP hardware RX timestamps : 0
NTP hardware TX timestamps : 0
Similarly, when using ntp
as the admin (as described above):
admin@infix-00-00-00:/> show ntp
NTP client not enabled.
admin@infix-00-00-00:/>
admin@infix-00-00-00:~$ /bin/ntp
NTP client not enabled.
And again, as the root
user, the command works fine:
admin@infix-00-00-00:~$ sudo clish
root@infix-00-00-00:/> show ntp
Reference ID : C23ACD94 (svl2.ntp.netnod.se)
Stratum : 2
Ref time (UTC) : Thu Oct 17 15:21:57 2024
System time : 0.000035142 seconds fast of NTP time
Last offset : -0.000068587 seconds
RMS offset : 0.000068587 seconds
Frequency : 0.434 ppm fast
Residual freq : -0.011 ppm
Skew : 28.615 ppm
Root delay : 0.013573844 seconds
Root dispersion : 0.001952836 seconds
Update interval : 64.4 seconds
Leap status : Normal
It seems there is a specific handling of user settings for chronyc
, as the script fails at the initial check:
admin@infix-00-00-00:~$ cat /bin/ntp
#!/bin/sh
# Helper script to chronyc, checks if daemon is running
if ! chronyc serverstats >/dev/null; then
echo "NTP client not enabled."
exit 1
fi
case $1 in
tracking)
chronyc tracking
;;
sources)
chronyc sources -v
;;
*)
echo "Unknown NTP command."
;;
esac
admin@infix-00-00-00:~$ chronyc serverstats
501 Not authorised
The message "NTP client not enabled" is kind of misleading...
Please update infix.xml with a 'doas ' prefix for the backend shell command to the 'show ntp' CLI command. Similar to what has already been done for the container.xml. See src/klish-plugim-infix/xml/.
Navigate to
cli
, enablentp
, andshow
thentp
configurationHowever, it is verified that the
chronyd
is started properly. Obs! Ensure that dhcp client is enabled as well: