From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
In-Reply-To: <367fe014777c643663f1c18bcbc3659a@brasstown.quanstro.net>
References: <CAOotBeL=pVM9nGiae3aOHe_F9WnB-_kUaj3JdVJmPuk_HF4faw@mail.gmail.com>
	<367fe014777c643663f1c18bcbc3659a@brasstown.quanstro.net>
Date: Mon, 24 Mar 2014 19:41:29 +0400
Message-ID: <CAOotBeJtG8UoXe62N-ZrvqPGqdAxeJ64qCoH3Koq6Km6_PwOzg@mail.gmail.com>
From: "Paul A. Anokhin" <paul7@paul7.net>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [9fans] Remote auth server
Topicbox-Message-UUID: cf18f104-ead8-11e9-9d60-3106f5b1d025

OK, I checked and found out that the auth server seems to announce all
the needed services. In fact i use a recent 9front and it seems to
have reasonable defaults regarding all this stuff.
When I turn off authentication on the server side, I can mount my auth
server's filesystem via 9fs script from my local standalone Plan9
installation.
However if I turn authentication on, I get
mount failed: phase error protocol phase error: read in state SNeedProto

So I guess that the network configuration is fine, but maybe auth
configuration is not.
I have to be missing something important.

On Mon, Mar 24, 2014 at 6:09 PM, erik quanstrom <quanstro@quanstro.net> wro=
te:
>> But is it actually possible to have the auth server and terminal not
>> on the same LAN? Every configuration example I've seen has all the
>> resources on the same IP address block.
>
> yes.  i used to run a single authentication server for 2 sites.
> you'll need to make sure the auth server is announcing the
> right services on the right ports.  assuming that you're using
> net.alt (adjust to /net if not)
>
>         aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service.ext /net=
.alt/tcp
>
> you'll need tcp567 in that directory.  if you have !tcp567 in that
> directory, you can simply rename it.
>
> additionally, it helps to have the following entries in your ndb
> files.  here's
>
> authdom=3Dmyauthdom auth=3Dmyauthserver
>
> if you're using dhcp, it helps to have an entry that looks
> like the following.  this will allow cs (through !ipinfo see
> ndbipinfo in ndb(2)) to associate the correct auth server
> with every machine on this subnet.  (unless overridden in
> a specific entry.)
>
> this is an example from 9atom.org
>
> ipnet=3Dlabs.9atom.org ip=3D10.220.0.0 ipmask=3D/112
>         fs=3Dland.9atom.org
>         gw=3Dgw.9atom.org
>         auth=3Datta.9atom.org
>         dns=3D10.220.1.10
>         dnsdomain=3D9atom.org
>         ipgw=3D10.220.10.1
>
> - erik
>



--=20
   =D0=9F=D0=B0=D0=B2=D0=B5=D0=BB =D0=90=D0=BD=D0=BE=D1=85=D0=B8=D0=BD