From: "Paul A. Anokhin" <paul7@paul7.net>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Remote auth server
Date: Mon, 24 Mar 2014 19:41:29 +0400 [thread overview]
Message-ID: <CAOotBeJtG8UoXe62N-ZrvqPGqdAxeJ64qCoH3Koq6Km6_PwOzg@mail.gmail.com> (raw)
In-Reply-To: <367fe014777c643663f1c18bcbc3659a@brasstown.quanstro.net>
OK, I checked and found out that the auth server seems to announce all
the needed services. In fact i use a recent 9front and it seems to
have reasonable defaults regarding all this stuff.
When I turn off authentication on the server side, I can mount my auth
server's filesystem via 9fs script from my local standalone Plan9
installation.
However if I turn authentication on, I get
mount failed: phase error protocol phase error: read in state SNeedProto
So I guess that the network configuration is fine, but maybe auth
configuration is not.
I have to be missing something important.
On Mon, Mar 24, 2014 at 6:09 PM, erik quanstrom <quanstro@quanstro.net> wrote:
>> But is it actually possible to have the auth server and terminal not
>> on the same LAN? Every configuration example I've seen has all the
>> resources on the same IP address block.
>
> yes. i used to run a single authentication server for 2 sites.
> you'll need to make sure the auth server is announcing the
> right services on the right ports. assuming that you're using
> net.alt (adjust to /net if not)
>
> aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service.ext /net.alt/tcp
>
> you'll need tcp567 in that directory. if you have !tcp567 in that
> directory, you can simply rename it.
>
> additionally, it helps to have the following entries in your ndb
> files. here's
>
> authdom=myauthdom auth=myauthserver
>
> if you're using dhcp, it helps to have an entry that looks
> like the following. this will allow cs (through !ipinfo see
> ndbipinfo in ndb(2)) to associate the correct auth server
> with every machine on this subnet. (unless overridden in
> a specific entry.)
>
> this is an example from 9atom.org
>
> ipnet=labs.9atom.org ip=10.220.0.0 ipmask=/112
> fs=land.9atom.org
> gw=gw.9atom.org
> auth=atta.9atom.org
> dns=10.220.1.10
> dnsdomain=9atom.org
> ipgw=10.220.10.1
>
> - erik
>
--
Павел Анохин
next prev parent reply other threads:[~2014-03-24 15:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-24 13:35 Paul A. Anokhin
2014-03-24 13:53 ` Ingo Krabbe
2014-03-24 14:11 ` cinap_lenrek
2014-03-24 14:16 ` erik quanstrom
2014-03-24 14:09 ` erik quanstrom
2014-03-24 15:41 ` Paul A. Anokhin [this message]
2014-03-24 16:34 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOotBeJtG8UoXe62N-ZrvqPGqdAxeJ64qCoH3Koq6Km6_PwOzg@mail.gmail.com \
--to=paul7@paul7.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).