You are not out of sync if, when doing simulation for step number X, you have all the inputs from all the clients for step X.
The server cannot send out all commands for step X until it has received messages from all clients regarding step X.
Once a client has sent its commands for step X, it cannot change its mind -- it has to "commit."
The server needs to detect when data is missing from some client for step X, and not execute the commands, or forward the inputs, until that client catches up. Simple case, the game simulation (not necessarily display!) will lag a little bit. Worst case, the game has to pause while that client catches up, or is determined to have dropped. You have likely seen this happen to RTS games like Starcraft, etc. Suddenly, the game pauses, saying "waiting for player P to catch up."
Clients run the simulation for step X once it gets the command packet for step X. Server runs the simulation for step X and forwards commands to all clients once it has gotten all the inputs for step X. While client is waiting for the command packet for step X, it sends commands timestamped for step X+N, where N is determined based on single round-trip latency (round up.)
As long as you do lock-step, both the client and the server is actually very, very simple. You don't need any "go-ahead" signals or additional round-trips. All you need is to set the command send-ahead time on the client to the longest roundtrip latency that particular client is expected to see -- or, if you want a "fair" game, set the send-ahead time to the maximum round-trip-time of any player in the game.
Typically, when you do lock-step, you also use TCP for transport, as the in-order, re-transmitting behavior of TCP is pretty well matched to the needs of lock-step simulation. If you want UDP, then you typically want to duplicate commands for multiple, older, steps, into each packet you send, so that a single dropped packet will be "made up for" by the next packet sent. Typically, you'll make the amount of duplication match the value of N -- send all commands you have pending that haven't yet been received back by the server, properly timestamped (don't change the timestamp of commands when re-sending!)