From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Mon, 24 Mar 2014 10:09:34 -0400 To: 9fans@9fans.net Message-ID: <367fe014777c643663f1c18bcbc3659a@brasstown.quanstro.net> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] Remote auth server Topicbox-Message-UUID: cf063bea-ead8-11e9-9d60-3106f5b1d025 > But is it actually possible to have the auth server and terminal not > on the same LAN? Every configuration example I've seen has all the > resources on the same IP address block. yes. i used to run a single authentication server for 2 sites. you'll need to make sure the auth server is announcing the right services on the right ports. assuming that you're using net.alt (adjust to /net if not) aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service.ext /net.alt/tcp you'll need tcp567 in that directory. if you have !tcp567 in that directory, you can simply rename it. additionally, it helps to have the following entries in your ndb files. here's authdom=myauthdom auth=myauthserver if you're using dhcp, it helps to have an entry that looks like the following. this will allow cs (through !ipinfo see ndbipinfo in ndb(2)) to associate the correct auth server with every machine on this subnet. (unless overridden in a specific entry.) this is an example from 9atom.org ipnet=labs.9atom.org ip=10.220.0.0 ipmask=/112 fs=land.9atom.org gw=gw.9atom.org auth=atta.9atom.org dns=10.220.1.10 dnsdomain=9atom.org ipgw=10.220.10.1 - erik