2 Registry keys and Environment Variables used in the Windows AFS Client
3 ----------------------------------------------------------------------
10 The service parameters primarily affect the behavior of the AFS client
11 service (afsd_service.exe).
14 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
21 LAN adapter number to use. This is the lana number of the LAN
22 adapter that the SMB server should bind to. If unspecified or set
23 to -1, a LAN adapter with named 'AFS' or a loopback adapter will be
24 selected. If neither are present, then all available adapters will
25 be bound to. When binding to a non-loopback adapter, the NetBIOS
26 name '%hostname%-AFS' will be used (where %hostname% is the NetBIOS
27 name of the host truncated to 11 characters). Otherwise, the NetBIOS
32 Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
33 Variable: cm_initParams.cacheSize
35 Size of the AFS cache.
39 Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
40 Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)
42 Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.
46 Default : 2 (CM_CONFIGDEFAULT_DAEMONS)
49 Number of background daemons (number of threads of
50 cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)
54 Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
55 Variable: numSvThreads
57 Number of SMB server threads (number of threads of smb_Server). (see
62 Default : 1000 (CM_CONFIGDEFAULT_STATS)
63 Variable: cm_initParams.nStatCaches
67 Value : LogoffTokenTransfer
70 Variable: smb_LogoffTokenTransfer
72 If enabled (set to 1), activates functionality where the user's
73 tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
74 elapse after user logs off. If roaming profiles are used and the
75 roaming profile takes a long time to be written back, this ensures
76 that the tokens remain valid until the profile save is complete.
78 Value : LogoffTokenTransferTimeout
81 Variable: smb_LogoffTokenTransferTimeout
83 See LogoffTokenTransfer above.
88 Variable: cm_rootVolumeName
95 Variable: cm_mountRoot
97 Name of root mount point. In symlinks, if a path starts with
98 cm_mountRoot, it is assumed that the path is absolute (as opposed to
99 relative) and is adjusted accordingly. Eg: if a path is specified as
100 /afs/athena.mit.edu/foo/bar/baz and cm_mountRoot is "/afs", then the
101 path is interpreted as \\afs\all\athena.mit.edu\foo\bar\baz. If a
102 path does not start with with cm_mountRoot, the path is assumed to
103 be relative and suffixed to the reference directory (i.e. directory
104 where the symlink exists)
108 Default : "\AFSCache"
109 Variable: cm_CachePath
111 Location of on-disk cache file. The default implies the root
112 directory of the boot disk
117 Variable: traceOnPanic
119 Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).
124 Variable: cm_NetbiosName
126 Specifies the NetBIOS name to be used when binding to a Loopback
127 adapter. To provide the old behavior specify a value of
135 Select whether or not this AFS client should act as a gateway. If
136 set and the NetBIOS name hostname-AFS is bound to a physical NIC,
137 other machines in the subnet can access AFS via SMB connections to
140 When IsGateway is non-zero, the LAN adapter detection code will
141 avoid binding to a loopback adapter. This will ensure that the
142 NetBIOS name will be of the form hostname-AFS instead of the value
143 set by the "NetbiosName" registry value.
145 Value : ReportSessionStartups
148 Variable: reportSessionStartups
150 If enabled, all SMB sessions created are recorded in the Application
151 event log. This also enables other events such as drive mappings
152 or various error types to be logged.
154 Value : TraceBufferSize
156 Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
157 Variable: traceBufSize
159 Number of entries to keep in trace log.
163 Default : "i386_nt40"
168 Value : SecurityLevel
173 Enables encryption on RX calls.
178 Variable: cm_dnsEnabled
180 Enables resolving volservers using AFSDB DNS queries. (see
181 afsdb-freelance-notes).
183 As of 1.3.60, this value is ignored as the DNS query support
184 utilizes the Win32 DNSQuery API which is available on Win2000
187 Value : FreelanceClient
190 Variable: cm_freelanceEnabled
192 Enables freelance client. (see afsdb-freelance-notes)
197 Variable: smb_hideDotFiles
199 Enables marking dotfiles with the hidden attribute. Dot files are
200 files whose name starts with a period (excluding "." and "..").
202 Value : MaxMpxRequests
205 Variable: smb_maxMpxRequests
207 Maximum number of multiplexed SMB requests that can be made.
209 Value : MaxVCPerServer
212 Variable: smb_maxVCPerServer
214 Maximum number of SMB virtual circuits.
219 Variable: rootCellName
221 Name of root cell (the cell from which root.afs should be mounted in
229 If enabled, does not send or indicate that we are able to send or
230 receive RX jumbograms.
237 If set to anything other than -1, uses that value as the maximum MTU
238 supported by the RX interface.
240 In order to enable OpenAFS to operate across the Cisco IPSec VPN
241 client, this value must be set to 1264 or smaller.
243 Value : ConnDeadTimeout
245 Default : 60 (seconds)
246 Variable: ConnDeadtimeout
248 The Connection Dead Time is enforced to be at a minimum 15 seconds
249 longer than the minimum SMB timeout as specified by
251 HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
254 If the minimum SMB timeout is not specified the value is 45 seconds.
255 See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp
258 Value : HardDeadTimeout
260 Default : 120 (seconds)
261 Variable: HardDeadtimeout
263 The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
264 The provides an opportunity for at least one retry.
268 Type : DWORD {0, 1, 2, 3}
271 Enables logging of debug output to the Windows Event Log.
272 Bit 0 enables logging of "Logon Events" processed by the Network Provider
273 and Winlogon Event Notification Handler.
274 Bit 1 enables logging of events captured by the AFS Client Service.
279 Variable: allSubmount (smb.c)
281 By setting this value to 0, the "\\NetbiosName\all" mount point
282 will not be created. This allows the read-write versions of
283 root.afs to be hidden.
285 Value : NoFindLanaByName
289 Disables the attempt to identity the network adapter to use by
290 looking for an adapter with a display name of "AFS".
293 Type : DWORD {1..32} or {1..64} depending on the architecture
294 Default : <no default>
296 If this value is specified, afsd_service.exe will restrict itself
297 to executing on the specified number of CPUs if there are a greater
298 number installed in the machine.
300 NOTE: Setting this entry to "1" may be required on hyperthreaded
301 systems to avoid crashes in the RX library.
307 If this value is specified, it defines the type of SMB authentication
308 which must be present in order for the Windows SMB client to connect
309 to the AFS Client Service's SMB server. The values are:
310 0 = No authentication required
311 1 = NTLM authentication required
312 2 = Extended (GSS SPNEGO) authentication required
313 The default is Extended authentication
316 Type : DWORD {0 .. MAXDWORD}
319 This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
320 file. If the file is larger than this value when afsd_service.exe starts
321 the file will be reset to 0 bytes. If this value is 0, it means the file
322 should be allowed to grow indefinitely.
326 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
328 Value : <Drive Letter:> for example "G:"
331 Specifies the submount name to be mapped by afsd_service.exe at startup
332 to the provided drive letter.
337 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
340 2. Network provider parameters
341 ------------------------------
342 Affects the network provider (afslogon.dll).
345 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
347 Value : FailLoginsSilently
351 Do not display message boxes if the login fails.
354 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
360 Disables visible warnings during logon.
362 Value : AuthentProviderPath
364 NSIS : %WINDIR%\SYSTEM32\afslogon.dll
366 Specifies the install location of the authentication provider dll.
372 Specifies the class of network provider
374 Value : DependOnGroup
378 Specifies the service groups upon which the AFS Client Service
379 depends. Windows should not attempt to start the AFS Client Service
380 until all of the services within these groups have successfully
383 Value : DependOnService
385 NSIS : Tcpip NETBIOS RpcSs
387 Specifies a list of services upon which the AFS Client Service
388 depends. Windows should not attempt to start the AFS Client Service
389 until all of the specified services have successfully started.
393 NSIS : "OpenAFSDaemon"
395 Specifies the display name of the AFS Client Service
399 NSIS : %WINDIR%\SYSTEM32\afslogon.dll
401 Specifies the DLL to use for the network provider
405 [HKLM\SOFTWARE\OpenAFS\Client]
407 Value : CellServDBDir
409 Default : <not defined>
411 Specifies the directory containing the CellServDB file.
412 When this value is not specified, the AFS Client install
417 2.1 Domain specific configuration keys for the Network Provider
418 ---------------------------------------------------------------
420 The network provider can be configured to have different behavior
421 depending on the domain that the user logs into. These settings are
422 only relevant when using integrated login. A domain refers to an
423 Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
424 local machine (i.e. local account logins). The domain name that is
425 used for selecting the domain would be the domain that is passed into
426 the NPLogonNotify function of the network provider.
428 Domain specific registry keys are :
430 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
433 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
436 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
437 (Specific domain key. One per domain.)
439 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
443 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
450 Each of the domain specific keys can have the set of values described
451 in 2.1.1. The effective values are chosen as described in 2.1.2.
453 2.1.1 Domain specific configuration values
454 -------------------------------------------
455 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
456 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
457 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
458 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
463 NSIS/WiX: depends on user configuration
465 0x00 - Integrated Logon is not used
466 0x01 - Integrated Logon is used
467 0x02 - High Security Mode is used
468 0x03 - Integrated Logon with High Security Mode is used
470 High Security Mode generates random SMB names for the creation of
471 Drive Mappings. This mode should not be used without Integrated Logon.
473 As of 1.3.65 the SMB server supports SMB authentication. The High
474 Security Mode should not be used when using SMB authentication
475 (SMBAuthType setting is non zero).
477 Value : FailLoginsSilently
482 If true, does not display any visible warnings in the event of an
483 error during the integrated login process.
486 Type : REG_SZ or REG_EXPAND_SZ
488 NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
490 A logon script that will be scheduled to be run after the profile
491 load is complete. If using the REG_EXPAND_SZ type, you can use
492 any system environment variable as "%varname%" which would be
493 expanded at the time the network provider is run. Optionally
494 using a "%s" in the value would result in it being expanded into
495 the AFS SMB username for the session.
497 Value : LoginRetryInterval
502 If the OpenAFS client service has not started yet, the network
503 provider will wait for a maximum of "LoginRetryInterval" seconds
504 while retrying every "LoginSleepInterval" seconds to check if the
507 Value : LoginSleepInterval
512 See description of LoginRetryInterval.
515 2.1.2 Selection of effective values for domain specific configuration
516 ----------------------------------------------------------------------
518 During login to domain X, where X is the domain passed into
519 NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
520 'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
521 computer, the following keys will be looked up.
523 1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
524 2. Domains key. (NP key\"Domain")
525 3. Specific domain key. (Domains key\X)
527 If the specific domain key does not exist, then the domains key will
528 be ignored. All the configuration information in this case will
529 come from the NP key.
531 If the specific domain key exists, then for each of the values
532 metioned in (2), they will be looked up in the specific domain key,
533 domains key and the NP key successively until the value is found.
534 The first instance of the value found this way will be the effective
535 for the login session. If no such instance can be found, the
536 default will be used. To re-iterate, a value in a more specific key
537 supercedes a value in a less specific key. The exceptions to this
538 rule are stated below.
540 2.1.3 Exceptions to 2.1.2
541 --------------------------
543 To retain backwards compatibility, the following exceptions are made
546 2.1.3.1 'FailLoginsSilently'
548 Historically, the 'FailLoginsSilently' value was in
549 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
550 key and not in the NP key. Therefore, for backwards compatibility,
551 the value in the Parameters key will supercede all instances of this
552 value in other keys. In the absence of this value in the Parameters
553 key, normal scope rules apply.
555 2.1.3.2 'LogonScript'
557 If a 'LogonScript' is not specified in the specific domain key nor
558 in the domains key, the value in the NP key will only be checked if
559 the effective 'LogonOptions' specify a high security integrated
560 login. If a logon script is specified in the specific domain key or
561 the domains key, it will be used regardless of the high security
562 setting. Please be aware of this when setting this value.
565 3. AFS Credentials System Tray Tool parameters
566 ----------------------------------------------
567 Affects the behavior of afscreds.exe
570 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
575 Function: GetGatewayName()
577 If the AFS client is utilizing a gateway to obtain AFS access,
578 the name of the gateway is specified by this value.
583 Variable: IsServiceConfigured()
585 The value Cell is used to determine if the AFS Client Service has
586 been properly configured or not.
590 [HKLM\SOFTWARE\OpenAFS\Client]
591 [HKCU\SOFTWARE\OpenAFS\Client]
596 Function: InitApp(), Main_OnCheckTerminate()
598 This value is used to determine whether or not a shortcut should be
599 maintained in the user's Start Menu->Programs->Startup folder.
601 This value used to be stored at
602 [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
607 Function: KFW_is_available()
609 When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
610 to obtain AFS credentials. By setting this value to 0, the internal
611 Kerberos 4 implementation will be used instead.
613 Value : AfscredsShortcutParams
615 Default : "-A -M -N -Q"
616 Function: Shortcut_FixStartup
618 This value specifies the command line options which should be set
619 as part of the shortcut to afscreds.exe.
623 [HKCU\SOFTWARE\OpenAFS\Client]
625 Value : Authentication Cell
628 Function: Afscreds.exe GetDefaultCell()
630 This value allows the user to configure a different cell name to
631 be used as the default cell when acquiring tokens in afscreds.exe
635 [HKCU\SOFTWARE\OpenAFS\Client]
637 Value : Authentication Cell
640 Function: Afscreds.exe GetDefaultCell()
642 This value allows the user to configure a different cell name to
643 be used as the default cell when acquiring tokens in afscreds.exe
647 [HKCU\SOFTWARE\OpenAFS\Client\Reminders]
649 Value : "afs cell name"
652 Function: LoadRemind(), SaveRemind()
654 These values are used to save and restore the state of the reminder
655 flag for each cell for which the user has obtained tokens.
657 This value used to be stored at
658 [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
662 [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
664 Value : "upper case drive letter"
668 These values are used to store the persistence state of the AFS
669 drive mappings as listed in the [...\Client\Mappings] key
671 These values used to be stored in the afsdsbmt.ini file
674 [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
676 Value : "upper case drive letter"
680 These values are used to store the AFS path in Unix notation
681 to which the drive letter is to be mapped.
683 These values used to be stored in the afsdsbmt.ini file.
687 [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
689 Value : "smb/cifs share name"
693 This key is used to map SMB/CIFS shares to Client Side Caching
694 (off-line access) policies. For each share one of the following
695 policies may be used: "manual", "programs", "documents", "disable"
697 These values used to be stored in afsdsbmt.ini
700 [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
702 Value : "numeric value"
706 This key is used to store newline terminated mount point strings
707 for use in constructing the fake root.afs volume when Freelance
708 (dynamic roots) mode is activated.
710 "athena.mit.edu#athena.mit.edu:root.cell.\n"
711 ".athena.mit.edu%athena.mit.edu:root.cell.\n"
713 These values used to be stored in afs_freelance.ini
717 [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
719 Value : "submount name"
723 This key is used to store mappings of unix style AFS paths
724 to submount names which can be referenced as UNC paths.
725 For example the submount string "/athena.mit.edu/user/j/a/jaltman"
726 can be associated with the submount name "jaltman.home".
727 This can then be referenced as the UNC path \\AFS\jaltman.home.
729 These values used to be stored in afsdsbmt.ini
733 [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
735 Value : "upper case drive letter"
739 These values are used to store the persistence state of the AFS
740 drive mappings as listed in the [...\Client\Mappings] key
742 These values used to be stored in the afsdsbmt.ini file
745 [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
747 Value : "upper case drive letter"
751 These values are used to store the AFS path in Unix notation
752 to which the drive letter is to be mapped.
754 These values used to be stored in the afsdsbmt.ini file.
758 [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
760 Value : "smb/cifs share name"
764 This key is used to map SMB/CIFS shares to Client Side Caching
765 (off-line access) policies. For each share one of the following
766 policies may be used: "manual", "programs", "documents", "disable"
768 These values used to be stored in afsdsbmt.ini
771 [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
773 Value : "numeric value"
777 This key is used to store newline terminated mount point strings
778 for use in constructing the fake root.afs volume when Freelance
779 (dynamic roots) mode is activated.
781 "athena.mit.edu#athena.mit.edu:root.cell.\n"
782 ".athena.mit.edu%athena.mit.edu:root.cell.\n"
784 These values used to be stored in afs_freelance.ini
788 [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
790 Value : "submount name"
794 This key is used to store mappings of unix style AFS paths
795 to submount names which can be referenced as UNC paths.
796 For example the submount string "/athena.mit.edu/user/j/a/jaltman"
797 can be associated with the submount name "jaltman.home".
798 This can then be referenced as the UNC path \\AFS\jaltman.home.
800 These values used to be stored in afsdsbmt.ini
803 ENVIRONMENT VARIABLES:
805 Variable: AFS_RPC_ENCRYPT
806 Values: "OFF" disables the use of RPC encryption
807 any other value allows RPC encryption to be used
808 Default: RPC encryption is on
811 Variable: AFS_RPC_PROTSEQ
812 Values: "ncalrpc" - local RPC
813 "ncacn_np" - named pipes
814 "ncacn_ip_tcp" - tcp/ip