2 Registry keys and Environment Variables used in the Windows AFS Client
3 ----------------------------------------------------------------------
10 The service parameters primarily affect the behavior of the AFS client
11 service (afsd_service.exe).
14 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
21 LAN adapter number to use. This is the lana number of the LAN
22 adapter that the SMB server should bind to. If unspecified or set
23 to -1, a LAN adapter with named 'AFS' or a loopback adapter will be
24 selected. If neither are present, then all available adapters will
25 be bound to. When binding to a non-loopback adapter, the NetBIOS
26 name '%hostname%-AFS' will be used (where %hostname% is the NetBIOS
27 name of the host truncated to 11 characters). Otherwise, the NetBIOS
32 Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
33 Variable: cm_initParams.cacheSize
35 Size of the AFS cache in 1k blocks.
39 Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
40 Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)
42 Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.
46 Default : 2 (CM_CONFIGDEFAULT_DAEMONS)
49 Number of background daemons (number of threads of
50 cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)
54 Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
55 Variable: numSvThreads
57 Number of SMB server threads (number of threads of smb_Server). (see
62 Default : 1000 (CM_CONFIGDEFAULT_STATS)
63 Variable: cm_initParams.nStatCaches
67 Value : LogoffTokenTransfer
70 Variable: smb_LogoffTokenTransfer
72 If enabled (set to 1), activates functionality where the user's
73 tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
74 elapse after user logs off. If roaming profiles are used and the
75 roaming profile takes a long time to be written back, this ensures
76 that the tokens remain valid until the profile save is complete.
78 Value : LogoffTokenTransferTimeout
81 Variable: smb_LogoffTokenTransferTimeout
83 See LogoffTokenTransfer above.
88 Variable: cm_rootVolumeName
95 Variable: cm_mountRoot
97 Name of root mount point. In symlinks, if a path starts with
98 cm_mountRoot, it is assumed that the path is absolute (as opposed to
99 relative) and is adjusted accordingly. Eg: if a path is specified as
100 /afs/athena.mit.edu/foo/bar/baz and cm_mountRoot is "/afs", then the
101 path is interpreted as \\afs\all\athena.mit.edu\foo\bar\baz. If a
102 path does not start with with cm_mountRoot, the path is assumed to
103 be relative and suffixed to the reference directory (i.e. directory
104 where the symlink exists)
107 Type : REG_SZ or REG_EXPAND_SZ
108 Default : "%SYSTEMDRIVE%\AFSCache"
109 Variable: cm_CachePath
111 Location of on-disk cache file. The default implies the root
112 directory of the boot disk
115 Value : NonPersistentCaching
118 Variable: buf_CacheType
120 When this registry value is set to a non-zero value, the CachePath
121 value is ignored and the cache data is stored in the windows paging
122 file. This prevents the use of persistent caching (when available)
123 as well as the ability to alter the size of the cache at runtime
124 using the "fs setcachesize" command.
130 Variable: traceOnPanic
132 Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).
137 Variable: cm_NetbiosName
139 Specifies the NetBIOS name to be used when binding to a Loopback
140 adapter. To provide the old behavior specify a value of
148 Select whether or not this AFS client should act as a gateway. If
149 set and the NetBIOS name hostname-AFS is bound to a physical NIC,
150 other machines in the subnet can access AFS via SMB connections to
153 When IsGateway is non-zero, the LAN adapter detection code will
154 avoid binding to a loopback adapter. This will ensure that the
155 NetBIOS name will be of the form hostname-AFS instead of the value
156 set by the "NetbiosName" registry value.
158 Value : ReportSessionStartups
161 Variable: reportSessionStartups
163 If enabled, all SMB sessions created are recorded in the Application
164 event log. This also enables other events such as drive mappings
165 or various error types to be logged.
167 Value : TraceBufferSize
169 Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
170 Variable: traceBufSize
172 Number of entries to keep in trace log.
176 Default : "i386_nt40"
179 Provides an initial value for "fs sysname". The string can contain
180 one or more replacement values for @sys in order of preference separated
183 Value : SecurityLevel
188 Enables encryption on RX calls.
193 Variable: cm_dnsEnabled
195 Enables resolving volservers using AFSDB DNS queries. (see
196 afsdb-freelance-notes).
198 As of 1.3.60, this value is ignored as the DNS query support
199 utilizes the Win32 DNSQuery API which is available on Win2000
202 Value : FreelanceClient
205 Variable: cm_freelanceEnabled
207 Enables freelance client. (see afsdb-freelance-notes)
212 Variable: smb_hideDotFiles
214 Enables marking dotfiles with the hidden attribute. Dot files are
215 files whose name starts with a period (excluding "." and "..").
217 Value : MaxMpxRequests
220 Variable: smb_maxMpxRequests
222 Maximum number of multiplexed SMB requests that can be made.
224 Value : MaxVCPerServer
227 Variable: smb_maxVCPerServer
229 Maximum number of SMB virtual circuits.
234 Variable: rootCellName
236 Name of root cell (the cell from which root.afs should be mounted in
244 If enabled, does not send or indicate that we are able to send or
245 receive RX jumbograms.
252 If set to anything other than -1, uses that value as the maximum MTU
253 supported by the RX interface.
255 In order to enable OpenAFS to operate across the Cisco IPSec VPN
256 client, this value must be set to 1264 or smaller.
258 Value : ConnDeadTimeout
260 Default : 60 (seconds)
261 Variable: ConnDeadtimeout
263 The Connection Dead Time is enforced to be at a minimum 15 seconds
264 longer than the minimum SMB timeout as specified by
266 HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
269 If the minimum SMB timeout is not specified the value is 45 seconds.
270 See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp
273 Value : HardDeadTimeout
275 Default : 120 (seconds)
276 Variable: HardDeadtimeout
278 The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
279 The provides an opportunity for at least one retry.
283 Type : DWORD {0, 1, 2, 3}
286 Enables logging of debug output to the Windows Event Log.
287 Bit 0 enables logging of "Logon Events" processed by the Network Provider
288 and Winlogon Event Notification Handler.
289 Bit 1 enables logging of events captured by the AFS Client Service.
294 Variable: allSubmount (smb.c)
296 By setting this value to 0, the "\\NetbiosName\all" mount point
297 will not be created. This allows the read-write versions of
298 root.afs to be hidden.
300 Value : NoFindLanaByName
304 Disables the attempt to identity the network adapter to use by
305 looking for an adapter with a display name of "AFS".
308 Type : DWORD {1..32} or {1..64} depending on the architecture
309 Default : <no default>
311 If this value is specified, afsd_service.exe will restrict itself
312 to executing on the specified number of CPUs if there are a greater
313 number installed in the machine.
315 NOTE: Setting this entry to "1" may be required on hyperthreaded
316 systems to avoid crashes in the RX library.
322 If this value is specified, it defines the type of SMB authentication
323 which must be present in order for the Windows SMB client to connect
324 to the AFS Client Service's SMB server. The values are:
325 0 = No authentication required
326 1 = NTLM authentication required
327 2 = Extended (GSS SPNEGO) authentication required
328 The default is Extended authentication
331 Type : DWORD {0 .. MAXDWORD}
334 This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
335 file. If the file is larger than this value when afsd_service.exe starts
336 the file will be reset to 0 bytes. If this value is 0, it means the file
337 should be allowed to grow indefinitely.
339 Value : FlushOnHibernate
343 If set, flushes all volumes before the machine goes on hibernate or
347 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
349 Value : <Drive Letter:> for example "G:"
352 Specifies the submount name to be mapped by afsd_service.exe at startup
353 to the provided drive letter.
358 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
361 2. Network provider parameters
362 ------------------------------
363 Affects the network provider (afslogon.dll).
366 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
368 Value : FailLoginsSilently
372 Do not display message boxes if the login fails.
375 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
381 Disables visible warnings during logon.
383 Value : AuthentProviderPath
385 NSIS : %WINDIR%\SYSTEM32\afslogon.dll
387 Specifies the install location of the authentication provider dll.
393 Specifies the class of network provider
395 Value : DependOnGroup
399 Specifies the service groups upon which the AFS Client Service
400 depends. Windows should not attempt to start the AFS Client Service
401 until all of the services within these groups have successfully
404 Value : DependOnService
406 NSIS : Tcpip NETBIOS RpcSs
408 Specifies a list of services upon which the AFS Client Service
409 depends. Windows should not attempt to start the AFS Client Service
410 until all of the specified services have successfully started.
414 NSIS : "OpenAFSDaemon"
416 Specifies the display name of the AFS Client Service
420 NSIS : %WINDIR%\SYSTEM32\afslogon.dll
422 Specifies the DLL to use for the network provider
426 [HKLM\SOFTWARE\OpenAFS\Client]
428 Value : CellServDBDir
430 Default : <not defined>
432 Specifies the directory containing the CellServDB file.
433 When this value is not specified, the AFS Client install
437 Value : VerifyServiceSignature
441 This value can be used to disable the runtime verification of
442 the digital signatures applied to afsd_service.exe and the
443 OpenAFS DLLs it loads. This test is performed to verify that
444 the DLLs which are loaded by afsd_service.exe are from the
445 same distribution as afsd_service.exe. This is to prevent
446 random errors caused when DLLs from one distribution of AFS
447 are loaded by another one. This is not a security test. The
448 reason for disabling this test is to free up additional memory
449 which can be used for a large cache size.
456 This value can be used to debug the cause of pioctl() failures.
457 Set a non-zero value and the pioctl() library will output status
458 information to stdout. Executing command line tools such as
459 tokens.exe, fs.exe, etc can then be used to determine why the
460 pioctl() call is failing.
463 Value : StoreAnsiFilenames
467 This value can be used to force the AFS Client Service to
468 store filenames using the Windows system's ANSI character set
469 instead of the OEM Code Page character set which has traditionally
470 been used by SMB file systems.
472 Note: The use of ANSI characters will render access to files
473 with 8-bit OEM file names unaccessible from Windows. This option
474 is of use primarily when you wish to allow file names produced
475 on Windows to be accessible from Latin-1 Unix systems and vice
480 2.1 Domain specific configuration keys for the Network Provider
481 ---------------------------------------------------------------
483 The network provider can be configured to have different behavior
484 depending on the domain that the user logs into. These settings are
485 only relevant when using integrated login. A domain refers to an
486 Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
487 local machine (i.e. local account logins). The domain name that is
488 used for selecting the domain would be the domain that is passed into
489 the NPLogonNotify function of the network provider.
491 Domain specific registry keys are :
493 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
496 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
499 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
500 (Specific domain key. One per domain.)
502 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
506 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
513 Each of the domain specific keys can have the set of values described
514 in 2.1.1. The effective values are chosen as described in 2.1.2.
516 2.1.1 Domain specific configuration values
517 -------------------------------------------
518 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
519 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
520 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
521 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
526 NSIS/WiX: depends on user configuration
528 0x00 - Integrated Logon is not used
529 0x01 - Integrated Logon is used
530 0x02 - High Security Mode is used
531 0x03 - Integrated Logon with High Security Mode is used
533 High Security Mode generates random SMB names for the creation of
534 Drive Mappings. This mode should not be used without Integrated Logon.
536 As of 1.3.65 the SMB server supports SMB authentication. The High
537 Security Mode should not be used when using SMB authentication
538 (SMBAuthType setting is non zero).
540 Value : FailLoginsSilently
545 If true, does not display any visible warnings in the event of an
546 error during the integrated login process.
549 Type : REG_SZ or REG_EXPAND_SZ
551 NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
553 A logon script that will be scheduled to be run after the profile
554 load is complete. If using the REG_EXPAND_SZ type, you can use
555 any system environment variable as "%varname%" which would be
556 expanded at the time the network provider is run. Optionally
557 using a "%s" in the value would result in it being expanded into
558 the AFS SMB username for the session.
560 Value : LoginRetryInterval
565 If the OpenAFS client service has not started yet, the network
566 provider will wait for a maximum of "LoginRetryInterval" seconds
567 while retrying every "LoginSleepInterval" seconds to check if the
570 Value : LoginSleepInterval
575 See description of LoginRetryInterval.
578 2.1.2 Selection of effective values for domain specific configuration
579 ----------------------------------------------------------------------
581 During login to domain X, where X is the domain passed into
582 NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
583 'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
584 computer, the following keys will be looked up.
586 1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
587 2. Domains key. (NP key\"Domain")
588 3. Specific domain key. (Domains key\X)
590 If the specific domain key does not exist, then the domains key will
591 be ignored. All the configuration information in this case will
592 come from the NP key.
594 If the specific domain key exists, then for each of the values
595 metioned in (2), they will be looked up in the specific domain key,
596 domains key and the NP key successively until the value is found.
597 The first instance of the value found this way will be the effective
598 for the login session. If no such instance can be found, the
599 default will be used. To re-iterate, a value in a more specific key
600 supercedes a value in a less specific key. The exceptions to this
601 rule are stated below.
603 2.1.3 Exceptions to 2.1.2
604 --------------------------
606 To retain backwards compatibility, the following exceptions are made
609 2.1.3.1 'FailLoginsSilently'
611 Historically, the 'FailLoginsSilently' value was in
612 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
613 key and not in the NP key. Therefore, for backwards compatibility,
614 the value in the Parameters key will supercede all instances of this
615 value in other keys. In the absence of this value in the Parameters
616 key, normal scope rules apply.
618 2.1.3.2 'LogonScript'
620 If a 'LogonScript' is not specified in the specific domain key nor
621 in the domains key, the value in the NP key will only be checked if
622 the effective 'LogonOptions' specify a high security integrated
623 login. If a logon script is specified in the specific domain key or
624 the domains key, it will be used regardless of the high security
625 setting. Please be aware of this when setting this value.
628 3. AFS Credentials System Tray Tool parameters
629 ----------------------------------------------
630 Affects the behavior of afscreds.exe
633 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
638 Function: GetGatewayName()
640 If the AFS client is utilizing a gateway to obtain AFS access,
641 the name of the gateway is specified by this value.
646 Variable: IsServiceConfigured()
648 The value Cell is used to determine if the AFS Client Service has
649 been properly configured or not.
653 [HKLM\SOFTWARE\OpenAFS\Client]
654 [HKCU\SOFTWARE\OpenAFS\Client]
659 Function: InitApp(), Main_OnCheckTerminate()
661 This value is used to determine whether or not a shortcut should be
662 maintained in the user's Start Menu->Programs->Startup folder.
664 This value used to be stored at
665 [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
667 The current user value is checked first; if it does not exist the local
668 machine value is checked.
674 Function: KFW_is_available()
676 When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
677 to obtain AFS credentials. By setting this value to 0, the internal
678 Kerberos 4 implementation will be used instead. The current user value
679 is checked first; if it does not exist the local machine value is checked.
684 Function: KFW_use_krb524()
686 When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
687 to obtain AFS credentials. By setting this value to 1, the Kerberos 5
688 tickets will be converted to Kerberos 4 tokens via a call to the krb524
689 daemon. The current user value is checked first; if it does not exist
690 the local machine value is checked.
692 Value : AfscredsShortcutParams
694 Default : "-A -M -N -Q"
695 Function: Shortcut_FixStartup
697 This value specifies the command line options which should be set
698 as part of the shortcut to afscreds.exe. afscreds.exe rewrites the
699 shortcut each time it exits so as to ensure that the shortcut points
700 to the latest version of the program. This value is used to determine
701 which values should be used for command line parameters. The current
702 user value is checked first; if it does not exist the local machine
707 [HKCU\SOFTWARE\OpenAFS\Client]
709 Value : Authentication Cell
712 Function: Afscreds.exe GetDefaultCell()
714 This value allows the user to configure a different cell name to
715 be used as the default cell when acquiring tokens in afscreds.exe
719 [HKCU\SOFTWARE\OpenAFS\Client\Reminders]
721 Value : "afs cell name"
724 Function: LoadRemind(), SaveRemind()
726 These values are used to save and restore the state of the reminder
727 flag for each cell for which the user has obtained tokens.
729 This value used to be stored at
730 [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
734 [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
736 Value : "upper case drive letter"
740 These values are used to store the persistence state of the AFS
741 drive mappings as listed in the [...\Client\Mappings] key
743 These values used to be stored in the afsdsbmt.ini file
746 [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
748 Value : "upper case drive letter"
752 These values are used to store the AFS path in Unix notation
753 to which the drive letter is to be mapped.
755 These values used to be stored in the afsdsbmt.ini file.
759 [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
761 Value : "smb/cifs share name"
765 This key is used to map SMB/CIFS shares to Client Side Caching
766 (off-line access) policies. For each share one of the following
767 policies may be used: "manual", "programs", "documents", "disable"
769 These values used to be stored in afsdsbmt.ini
772 [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
774 Value : "numeric value"
778 This key is used to store dot terminated mount point strings
779 for use in constructing the fake root.afs volume when Freelance
780 (dynamic roots) mode is activated.
782 "athena.mit.edu#athena.mit.edu:root.cell."
783 ".athena.mit.edu%athena.mit.edu:root.cell."
785 These values used to be stored in afs_freelance.ini
789 [HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks]
791 Value : "numeric value"
795 This key is used to store a dot terminated symlink strings
796 for use in constructing the fake root.afs volume when Freelance
797 (dynamic roots) mode is activated.
799 "linkname:destination-path."
800 "athena:athena.mit.edu."
801 "home:athena.mit.edu\user\j\a\jaltman."
802 "filename:path\file."
806 [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
808 Value : "submount name"
812 This key is used to store mappings of unix style AFS paths
813 to submount names which can be referenced as UNC paths.
814 For example the submount string "/athena.mit.edu/user/j/a/jaltman"
815 can be associated with the submount name "jaltman.home".
816 This can then be referenced as the UNC path \\AFS\jaltman.home.
818 These values used to be stored in afsdsbmt.ini
821 ENVIRONMENT VARIABLES:
823 Variable: AFS_RPC_ENCRYPT
824 Values: "OFF" disables the use of RPC encryption
825 any other value allows RPC encryption to be used
826 Default: RPC encryption is on
829 Variable: AFS_RPC_PROTSEQ
830 Values: "ncalrpc" - local RPC
831 "ncacn_np" - named pipes
832 "ncacn_ip_tcp" - tcp/ip