<div>Hello Folks,<br></div><div>I'm not a programmer, just an ops guy so please bear with me. <br></div><div><br></div><div>Currently we have a need to monitor both appliance-based NTP services, and Active Directory-based NTP services. I discovered that I wasn't able to use check_ntp_peer to monitor AD-based NTP as we wouldn't get any response from AD (while all other methods of interrogating AD-based NTP are working fine (eg: Chrony, ntpdate -q).<br></div><div><br></div><div>I can however use check_ntp_time against AD-based NTP services, though I can't do things like check stratum, so this is of limited use. I have *zero* access to Active Directory's administrative information, so I immediately fired up tcpdump to see what was different, and discovered that check_ntp_peer uses NTPv2 requests, and check_ntp_time uses NTPv4 requests. AD seems to ignore NTPv2 and responds to NTPv4 with packets that self-identify as NTPv3. <br></div><div><br></div><div>I suppose my request at this point is: Could some C programmer please take a look at check_ntp_peer and perhaps refactor the code to create NTPv4 requests as check_ntp_time does? <br></div><div><br></div><div>Here's the packet capture:<br></div><div><br></div><div>check_ntp_peer:<br></div><div><br></div><div>09:45:20.547797 IP (tos 0x0, ttl 64, id 40308, offset 0, flags [DF], proto UDP (17), length 40)<br></div><div> 123.123.123.166.56721 > 123.123.123.17.123: NTPv2, length 12<br></div><div> Reserved, Leap indicator: (0), Stratum 1 (primary reference), poll 0 (1s), precision 1<br></div><div> Root Delay: 0.000000, Root dispersion: 0.000000 [|ntp]<br></div><div><br></div><div>check_ntp_time:<br></div><div><br></div><div>14:15:48.323492 IP (tos 0x0, ttl 64, id 33946, offset 0, flags [DF], proto UDP (17), length 76)<br></div><div> 123.123.123.166.44232 > 123.123.123.17.123: NTPv4, length 48<br></div><div> Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 4 (16s), precision -6<br></div><div> Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec)<br></div><div> Reference Timestamp: 0.000000000<br></div><div> Originator Timestamp: 0.000000000<br></div><div> Receive Timestamp: 0.000000000<br></div><div> Transmit Timestamp: 3827240148.323479000 (2021/04/12 14:15:48)<br></div><div> Originator - Receive Timestamp: 0.000000000<br></div><div> Originator - Transmit Timestamp: 3827240148.323479000 (2021/04/12 14:15:48)<br></div><div><br></div><div>14:15:48.323813 IP (tos 0x0, ttl 128, id 12733, offset 0, flags [none], proto UDP (17), length 76)<br></div><div> 123.123.123.17.123 > 123.123.123.166.44232: NTPv3, length 48<br></div><div> Server, Leap indicator: (0), Stratum 5 (secondary reference), poll 4 (16s), precision -6<br></div><div> Root Delay: 0.136962, Root dispersion: 0.210037, Reference-ID: 123.123.123.22<br></div><div> Reference Timestamp: 3827239257.946514999 (2021/04/12 14:00:57)<br></div><div> Originator Timestamp: 3827240148.323479000 (2021/04/12 14:15:48)<br></div><div> Receive Timestamp: 3827240148.321514999 (2021/04/12 14:15:48)<br></div><div> Transmit Timestamp: 3827240148.321514999 (2021/04/12 14:15:48)<br></div><div> Originator - Receive Timestamp: -0.001964000<br></div><div> Originator - Transmit Timestamp: -0.001964000<br></div><div><br></div><div>We're using the version of monitoring-plugins bundled with Ubuntu 20.04, which is 2.2. I did however check the release notes for 2.3.0 & 2.3.1 as well as the commit log for check_ntp_peer, and nothing has changed since 2.2.<br></div><div><br></div><div>Thanks very much,<br></div><div> - Kodiak Firesmith</div><div><br></div><div><br></div><div><br></div><div class="protonmail_signature_block"><div class="protonmail_signature_block-user protonmail_signature_block-empty"><br></div><div class="protonmail_signature_block-proton">Sent with <a href="https://protonmail.com" target="_blank">ProtonMail</a> Secure Email.<br></div></div><div><br></div>