> But is it actually possible to have the auth server and terminal not
> on the same LAN? Every configuration example I've seen has all the
> resources on the same IP address block.
yes. i used to run a single authentication server for 2 sites.
you'll need to make sure the auth server is announcing the
right services on the right ports. assuming that you're using
net.alt (adjust to /net if not)
aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service.ext
/net.alt/tcp
you'll need tcp567 in that directory. if you have !tcp567 in that
directory, you can simply rename it.
additionally, it helps to have the following entries in your ndb
files. here's
authdom=myauthdom auth=myauthserver
if you're using dhcp, it helps to have an entry that looks
like the following. this will allow cs (through !ipinfo see
ndbipinfo in ndb(2)) to associate the correct auth server
with every machine on this subnet. (unless overridden in
a specific entry.)
this is an example from 9atom.org
ipnet=labs.9atom.org ip=10.220.0.0 ipmask=/112
fs=land.9atom.org
gw=gw.9atom.org
auth=atta.9atom.org
dns=10.220.1.10
dnsdomain=9atom.org
ipgw=10.220.10.1
- erik
