smb-auth-20040711

[openafs.git] / doc / txt / winnotes / registry.txt

Registry keys and Environment Variables used in the Windows AFS Client
----------------------------------------------------------------------

REGISTRY KEYS:

1. Service parameters
---------------------

The service parameters primarily affect the behavior of the AFS client
service (afsd_service.exe).

Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]

Value   : LANadapter
Type    : DWORD
Default : -1
Variable: LANadapter

  LAN adapter number to use.  This is the lana number of the LAN
  adapter that the SMB server should bind to.  If unspecified or set
  to -1, a LAN adapter with named 'AFS' or a loopback adapter will be
  selected.  If neither are present, then all available adapters will
  be bound to.  When binding to a non-loopback adapter, the NetBIOS
  name '%hostname%-AFS' will be used (where %hostname% is the NetBIOS
  name of the host truncated to 11 characters). Otherwise, the NetBIOS
  name will be 'AFS'.

Value   : CacheSize
Type    : QWORD
Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
Variable: cm_initParams.cacheSize

  Size of the AFS cache.

Value   : ChunkSize
Type    : DWORD
Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)

  Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.

Value   : Daemons
Type    : DWORD
Default : 2 (CM_CONFIGDEFAULT_DAEMONS)
Variable: numBkgD

  Number of background daemons (number of threads of
  cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)

Value   : ServerThreads
Type    : DWORD
Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
Variable: numSvThreads

  Number of SMB server threads (number of threads of smb_Server). (see
  smb_Server in smb.c).

Value   : Stats
Type    : QWORD
Default : 1000 (CM_CONFIGDEFAULT_STATS)
Variable: cm_initParams.nStatCaches

  Cache configuration.

Value   : LogoffTokenTransfer
Type    : DWORD {1,0}
Default : 1
Variable: smb_LogoffTokenTransfer

  If enabled (set to 1), activates functionality where the user's
  tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
  elapse after user logs off.  If roaming profiles are used and the
  roaming profile takes a long time to be written back, this ensures
  that the tokens remain valid until the profile save is complete.

Value   : LogoffTokenTransferTimeout
Type    : QWORD
Default : 10
Variable: smb_LogoffTokenTransferTimeout

  See LogoffTokenTransfer above.

Value   : RootVolume
Type    : REG_SZ
Default : "root.afs"
Variable: cm_rootVolumeName

  Root volume name.

Value   : Mountroot
Type    : REG_SZ
Default : "/afs"
Variable: cm_mountRoot

  Name of root mount point.  In symlinks, if a path starts with
  cm_mountRoot, it is assumed that the path is absolute (as opposed to
  relative) and is adjusted accordingly. Eg: if a path is specified as
  /afs/athena.mit.edu/foo/bar/baz and cm_mountRoot is "/afs", then the
  path is interpreted as \\afs\all\athena.mit.edu\foo\bar\baz.  If a
  path does not start with with cm_mountRoot, the path is assumed to
  be relative and suffixed to the reference directory (i.e. directory
  where the symlink exists)
 
Value   : CachePath
Type    : REG_SZ
Default : "\AFSCache"
Variable: cm_CachePath

  Location of on-disk cache file.  The default implies the root 
  directory of the boot disk

Value   : TrapOnPanic
Type    : DWORD {1,0}
Default : 0
Variable: traceOnPanic

  Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).

Value   : NetbiosName
Type    : REG_EXPAND_SZ
Default : "AFS"
Variable: cm_NetbiosName

  Specifies the NetBIOS name to be used when binding to a Loopback
  adapter.  To provide the old behavior specify a value of 
  "%COMPUTERNAME%-AFS"

Value   : IsGateway
Type    : DWORD {1,0}
Default : 0
Variable: isGateway

  Select whether or not this AFS client should act as a gateway.  If
  set and the NetBIOS name hostname-AFS is bound to a physical NIC,
  other machines in the subnet can access AFS via SMB connections to
  hostname-AFS.

  When IsGateway is non-zero, the LAN adapter detection code will
  avoid binding to a loopback adapter.  This will ensure that the
  NetBIOS name will be of the form hostname-AFS instead of the value
  set by the "NetbiosName" registry value.

Value   : ReportSessionStartups
Type    : DWORD {1,0}
Default : 0
Variable: reportSessionStartups

  If enabled, all SMB sessions created are recorded in the Application
  event log.  This also enables other events such as drive mappings
  or various error types to be logged.

Value   : TraceBufferSize
Type    : QWORD
Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
Variable: traceBufSize

  Number of entries to keep in trace log.

Value   : SysName
Type    : REG_SZ
Default : "i386_nt40"
Variable: cm_sysName

  Self explanatory.

Value   : SecurityLevel
Type    : DWORD {1,0}
Default : 0
Variable: cryptall

  Enables encryption on RX calls.

Value   : UseDNS
Type    : DWORD {1,0}
Default : 1
Variable: cm_dnsEnabled

  Enables resolving volservers using AFSDB DNS queries. (see
  afsdb-freelance-notes).

  As of 1.3.60, this value is ignored as the DNS query support
  utilizes the Win32 DNSQuery API which is available on Win2000
  and above.

Value   : FreelanceClient
Type    : DWORD {1,0}
Default : 0
Variable: cm_freelanceEnabled

  Enables freelance client. (see afsdb-freelance-notes)

Value   : HideDotFiles
Type    : DWORD {1,0}
Default : 1
Variable: smb_hideDotFiles

  Enables marking dotfiles with the hidden attribute.  Dot files are
  files whose name starts with a period (excluding "." and "..").

Value   : MaxMpxRequests
Type    : DWORD
Default : 50
Variable: smb_maxMpxRequests

  Maximum number of multiplexed SMB requests that can be made.

Value   : MaxVCPerServer
Type    : DWORD
Default : 100
Variable: smb_maxVCPerServer

  Maximum number of SMB virtual circuits.

Value   : Cell
Type    : REG_SZ
Default : <none>
Variable: rootCellName

  Name of root cell (the cell from which root.afs should be mounted in
  \\afs\all).

Value   : RxNoJumbo
Type    : DWORD {0,1}
Default : 0
Variable: rx_nojumbo

  If enabled, does not send or indicate that we are able to send or
  receive RX jumbograms.

Value   : RxMaxMTU
Type    : DWORD
Default : -1
Variable: rx_mtu

  If set to anything other than -1, uses that value as the maximum MTU
  supported by the RX interface.

  In order to enable OpenAFS to operate across the Cisco IPSec VPN
  client, this value must be set to 1264 or smaller.

Value   : ConnDeadTimeout
Type    : DWORD
Default : 60 (seconds)
Variable: ConnDeadtimeout

  The Connection Dead Time is enforced to be at a minimum 15 seconds 
  longer than the minimum SMB timeout as specified by 

  HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
    SessTimeout

  If the minimum SMB timeout is not specified the value is 45 seconds.
  See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp


Value   : HardDeadTimeout
Type    : DWORD
Default : 120 (seconds)
Variable: HardDeadtimeout

  The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
  The provides an opportunity for at least one retry.


Value   : AllSubmount
Type    : DWORD {0, 1}
Default : 1
Variable: allSubmount (smb.c)

  By setting this value to 0, the "\\NetbiosName\all" mount point 
  will not be created.  This allows the read-write versions of 
  root.afs to be hidden.

Value   : NoFindLanaByName
Type    : DWORD {0, 1}
Default : 0

  Disables the attempt to identity the network adapter to use by 
  looking for an adapter with a display name of "AFS".

Value   : MaxCPUs
Type    : DWORD {1..32} or {1..64} depending on the architecture
Default : <no default>

  If this value is specified, afsd_service.exe will restrict itself
  to executing on the specified number of CPUs if there are a greater
  number installed in the machine.  

  NOTE: Setting this entry to "1" may be required on hyperthreaded 
  systems to avoid crashes in the RX library.

Value   : smbAuthType
Type    : DWORD {0..2} 
Default : 2

  If this value is specified, it defines the type of SMB authentication    
  which must be present in order for the Windows SMB client to connect
  to the AFS Client Service's SMB server.  The values are:
    0 = No authentication required
    1 = NTLM authentication required
    2 = Extended (GSS SPNEGO) authentication required
  The default is Extended authentication

Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]

Value   : <Drive Letter:> for example "G:"
Type    : SZ

    Specifies the submount name to be mapped by afsd_service.exe at startup
    to the provided drive letter.



Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]


2. Network provider parameters
------------------------------
Affects the network provider (aklogon.dll).

Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]

Value   : FailLoginsSilently
Type    : DWORD
Default : 0

  Do not display message boxes if the login fails.

Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]

Value   : NoWarnings
Type    : DWORD
Default : 0

  Disables visible warnings during logon.

Value   : AuthentProviderPath
Type    : REG_SZ
NSIS    : <install path>\afslogon.dll

  Specifies the install location of the authentication provider dll.

Value   : Class
Type    : DWORD
NSIS    : 0x02

  Specifies the class of network provider

Value   : DependOnGroup
Type    : REG_MULTI_SZ
NSIS    : PNP_TDI

  Specifies the service groups upon which the AFS Client Service 
  depends.  Windows should not attempt to start the AFS Client Service
  until all of the services within these groups have successfully 
  started.

Value   : DependOnService
Type    : REG_MULTI_SZ
NSIS    : Tcpip NETBIOS RpcSs

  Specifies a list of services upon which the AFS Client Service 
  depends.  Windows should not attempt to start the AFS Client Service
  until all of the specified services have successfully started.
  
Value   : LogonOptions
Type    : DWORD
NSIS    : depends on user configuration

  0x00 - Integrated Logon is not used
  0x01 - Integrated Logon is used
  0x02 - High Security Mode is used
  0x03 - Integrated Logon with High Security Mode is used

  High Security Mode generates random SMB names for the creation of
  Drive Mappings.  This mode should not be used without Integrated Logon.

Value   : LogonScript
Type    : REG_SZ
NSIS    : <install path>\afscreds.exe -:%s -x

  Specifies the command to be executed at the end of successful logon.

Value   : Name
Type    : REG_SZ
NSIS    : "OpenAFSDaemon"

  Specifies the display name of the AFS Client Service

Value   : ProviderPath
Type    : REG_SZ
NSIS    : <install path>\afslogon.dll

  Specifies the DLL to use for the network provider

Value  : TraceOption
Type   : DWORD {1|0}
Default : 0

  Enables trace events for the network provider.

Value   : VerboseLogging
Type    : DWORD
NSIS    : 0x0a

  Determines the level of logging to be enabled


3. AFS Credentials System Tray Tool parameters
----------------------------------------------
Affects the behavior of afscreds.exe

Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]

Value   : Gateway
Type    : REG_SZ
Default : ""
Function: GetGatewayName()

  If the AFS client is utilizing a gateway to obtain AFS access, 
  the name of the gateway is specified by this value.

Value   : Cell
Type    : REG_SZ
Default : <none>
Variable: IsServiceConfigured()

  The value Cell is used to determine if the AFS Client Service has
  been properly configured or not.


Regkey:
[HKLM\SOFTWARE\OpenAFS\Client]
[HKCU\SOFTWARE\OpenAFS\Client]

Value   : ShowTrayIcon
Type    : DWORD {0, 1}
Default : 1
Function: InitApp(), Main_OnCheckTerminate()

  This value is used to determine whether or not a shortcut should be
  maintained in the user's Start Menu->Programs->Startup folder. 

  This value used to be stored at 
  [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].

Value   : EnableKFW
Type    : DWORD {0, 1}
Default : 1
Function: KFW_is_available()

  When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
  to obtain AFS credentials.  By setting this value to 0, the internal
  Kerberos 4 implementation will be used instead.

Value   : AfscredsShortcutParams
Type    : REG_SZ
Default : "-A -M -N -Q"
Function: Shortcut_FixStartup

  This value specifies the command line options which should be set
  as part of the shortcut to afscreds.exe.


Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Reminders]

Value   : "afs cell name"
Type    : DWORD {0, 1}
Default : <none>
Function: LoadRemind(), SaveRemind()

  These values are used to save and restore the state of the reminder
  flag for each cell for which the user has obtained tokens.

  This value used to be stored at 
  [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].


ENVIRONMENT VARIABLES:

Variable: AFS_RPC_ENCRYPT 
Values:   "OFF" disables the use of RPC encryption
          any other value allows RPC encryption to be used
Default:  RPC encryption is on


Variable: AFS_RPC_PROTSEQ
Values:   "ncalrpc"  - local RPC 
          "ncacn_np" - named pipes
          "ncacn_ip_tcp" - tcp/ip
Default:  local RPC