2 Registry keys and Environment Variables used in the Windows AFS Client
3 ----------------------------------------------------------------------
10 The service parameters primarily affect the behavior of the AFS client
11 service (afsd_service.exe).
14 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
21 LAN adapter number to use. This is the lana number of the LAN
22 adapter that the SMB server should bind to. If unspecified or set
23 to -1, a LAN adapter with named 'AFS' or a loopback adapter will be
24 selected. If neither are present, then all available adapters will
25 be bound to. When binding to a non-loopback adapter, the NetBIOS
26 name '%hostname%-AFS' will be used (where %hostname% is the NetBIOS
27 name of the host truncated to 11 characters). Otherwise, the NetBIOS
32 Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
33 Variable: cm_initParams.cacheSize
35 Size of the AFS cache.
39 Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
40 Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)
42 Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.
46 Default : 2 (CM_CONFIGDEFAULT_DAEMONS)
49 Number of background daemons (number of threads of
50 cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)
54 Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
55 Variable: numSvThreads
57 Number of SMB server threads (number of threads of smb_Server). (see
62 Default : 1000 (CM_CONFIGDEFAULT_STATS)
63 Variable: cm_initParams.nStatCaches
67 Value : LogoffTokenTransfer
70 Variable: smb_LogoffTokenTransfer
72 If enabled (set to 1), activates functionality where the user's
73 tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
74 elapse after user logs off. If roaming profiles are used and the
75 roaming profile takes a long time to be written back, this ensures
76 that the tokens remain valid until the profile save is complete.
78 Value : LogoffTokenTransferTimeout
81 Variable: smb_LogoffTokenTransferTimeout
83 See LogoffTokenTransfer above.
88 Variable: cm_rootVolumeName
95 Variable: cm_mountRoot
97 Name of root mount point. In symlinks, if a path starts with
98 cm_mountRoot, it is assumed that the path is absolute (as opposed to
99 relative) and is adjusted accordingly. Eg: if a path is specified as
100 /afs/athena.mit.edu/foo/bar/baz and cm_mountRoot is "/afs", then the
101 path is interpreted as \\afs\all\athena.mit.edu\foo\bar\baz. If a
102 path does not start with with cm_mountRoot, the path is assumed to
103 be relative and suffixed to the reference directory (i.e. directory
104 where the symlink exists)
108 Default : "\AFSCache"
109 Variable: cm_CachePath
111 Location of on-disk cache file. The default implies the root
112 directory of the boot disk
115 Value : NonPersistentCaching
118 Variable: buf_CacheType
120 When this registry value is set to a non-zero value, the CachePath
121 value is ignored and the cache data is stored in the windows paging
122 file. This prevents the use of persistent caching (when available)
123 as well as the ability to alter the size of the cache at runtime
124 using the "fs setcachesize" command.
130 Variable: traceOnPanic
132 Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).
137 Variable: cm_NetbiosName
139 Specifies the NetBIOS name to be used when binding to a Loopback
140 adapter. To provide the old behavior specify a value of
148 Select whether or not this AFS client should act as a gateway. If
149 set and the NetBIOS name hostname-AFS is bound to a physical NIC,
150 other machines in the subnet can access AFS via SMB connections to
153 When IsGateway is non-zero, the LAN adapter detection code will
154 avoid binding to a loopback adapter. This will ensure that the
155 NetBIOS name will be of the form hostname-AFS instead of the value
156 set by the "NetbiosName" registry value.
158 Value : ReportSessionStartups
161 Variable: reportSessionStartups
163 If enabled, all SMB sessions created are recorded in the Application
164 event log. This also enables other events such as drive mappings
165 or various error types to be logged.
167 Value : TraceBufferSize
169 Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
170 Variable: traceBufSize
172 Number of entries to keep in trace log.
176 Default : "i386_nt40"
181 Value : SecurityLevel
186 Enables encryption on RX calls.
191 Variable: cm_dnsEnabled
193 Enables resolving volservers using AFSDB DNS queries. (see
194 afsdb-freelance-notes).
196 As of 1.3.60, this value is ignored as the DNS query support
197 utilizes the Win32 DNSQuery API which is available on Win2000
200 Value : FreelanceClient
203 Variable: cm_freelanceEnabled
205 Enables freelance client. (see afsdb-freelance-notes)
210 Variable: smb_hideDotFiles
212 Enables marking dotfiles with the hidden attribute. Dot files are
213 files whose name starts with a period (excluding "." and "..").
215 Value : MaxMpxRequests
218 Variable: smb_maxMpxRequests
220 Maximum number of multiplexed SMB requests that can be made.
222 Value : MaxVCPerServer
225 Variable: smb_maxVCPerServer
227 Maximum number of SMB virtual circuits.
232 Variable: rootCellName
234 Name of root cell (the cell from which root.afs should be mounted in
242 If enabled, does not send or indicate that we are able to send or
243 receive RX jumbograms.
250 If set to anything other than -1, uses that value as the maximum MTU
251 supported by the RX interface.
253 In order to enable OpenAFS to operate across the Cisco IPSec VPN
254 client, this value must be set to 1264 or smaller.
256 Value : ConnDeadTimeout
258 Default : 60 (seconds)
259 Variable: ConnDeadtimeout
261 The Connection Dead Time is enforced to be at a minimum 15 seconds
262 longer than the minimum SMB timeout as specified by
264 HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
267 If the minimum SMB timeout is not specified the value is 45 seconds.
268 See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp
271 Value : HardDeadTimeout
273 Default : 120 (seconds)
274 Variable: HardDeadtimeout
276 The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
277 The provides an opportunity for at least one retry.
281 Type : DWORD {0, 1, 2, 3}
284 Enables logging of debug output to the Windows Event Log.
285 Bit 0 enables logging of "Logon Events" processed by the Network Provider
286 and Winlogon Event Notification Handler.
287 Bit 1 enables logging of events captured by the AFS Client Service.
292 Variable: allSubmount (smb.c)
294 By setting this value to 0, the "\\NetbiosName\all" mount point
295 will not be created. This allows the read-write versions of
296 root.afs to be hidden.
298 Value : NoFindLanaByName
302 Disables the attempt to identity the network adapter to use by
303 looking for an adapter with a display name of "AFS".
306 Type : DWORD {1..32} or {1..64} depending on the architecture
307 Default : <no default>
309 If this value is specified, afsd_service.exe will restrict itself
310 to executing on the specified number of CPUs if there are a greater
311 number installed in the machine.
313 NOTE: Setting this entry to "1" may be required on hyperthreaded
314 systems to avoid crashes in the RX library.
320 If this value is specified, it defines the type of SMB authentication
321 which must be present in order for the Windows SMB client to connect
322 to the AFS Client Service's SMB server. The values are:
323 0 = No authentication required
324 1 = NTLM authentication required
325 2 = Extended (GSS SPNEGO) authentication required
326 The default is Extended authentication
329 Type : DWORD {0 .. MAXDWORD}
332 This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
333 file. If the file is larger than this value when afsd_service.exe starts
334 the file will be reset to 0 bytes. If this value is 0, it means the file
335 should be allowed to grow indefinitely.
339 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
341 Value : <Drive Letter:> for example "G:"
344 Specifies the submount name to be mapped by afsd_service.exe at startup
345 to the provided drive letter.
350 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
353 2. Network provider parameters
354 ------------------------------
355 Affects the network provider (afslogon.dll).
358 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
360 Value : FailLoginsSilently
364 Do not display message boxes if the login fails.
367 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
373 Disables visible warnings during logon.
375 Value : AuthentProviderPath
377 NSIS : %WINDIR%\SYSTEM32\afslogon.dll
379 Specifies the install location of the authentication provider dll.
385 Specifies the class of network provider
387 Value : DependOnGroup
391 Specifies the service groups upon which the AFS Client Service
392 depends. Windows should not attempt to start the AFS Client Service
393 until all of the services within these groups have successfully
396 Value : DependOnService
398 NSIS : Tcpip NETBIOS RpcSs
400 Specifies a list of services upon which the AFS Client Service
401 depends. Windows should not attempt to start the AFS Client Service
402 until all of the specified services have successfully started.
406 NSIS : "OpenAFSDaemon"
408 Specifies the display name of the AFS Client Service
412 NSIS : %WINDIR%\SYSTEM32\afslogon.dll
414 Specifies the DLL to use for the network provider
418 [HKLM\SOFTWARE\OpenAFS\Client]
420 Value : CellServDBDir
422 Default : <not defined>
424 Specifies the directory containing the CellServDB file.
425 When this value is not specified, the AFS Client install
430 2.1 Domain specific configuration keys for the Network Provider
431 ---------------------------------------------------------------
433 The network provider can be configured to have different behavior
434 depending on the domain that the user logs into. These settings are
435 only relevant when using integrated login. A domain refers to an
436 Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
437 local machine (i.e. local account logins). The domain name that is
438 used for selecting the domain would be the domain that is passed into
439 the NPLogonNotify function of the network provider.
441 Domain specific registry keys are :
443 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
446 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
449 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
450 (Specific domain key. One per domain.)
452 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
456 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
463 Each of the domain specific keys can have the set of values described
464 in 2.1.1. The effective values are chosen as described in 2.1.2.
466 2.1.1 Domain specific configuration values
467 -------------------------------------------
468 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
469 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
470 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
471 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
476 NSIS/WiX: depends on user configuration
478 0x00 - Integrated Logon is not used
479 0x01 - Integrated Logon is used
480 0x02 - High Security Mode is used
481 0x03 - Integrated Logon with High Security Mode is used
483 High Security Mode generates random SMB names for the creation of
484 Drive Mappings. This mode should not be used without Integrated Logon.
486 As of 1.3.65 the SMB server supports SMB authentication. The High
487 Security Mode should not be used when using SMB authentication
488 (SMBAuthType setting is non zero).
490 Value : FailLoginsSilently
495 If true, does not display any visible warnings in the event of an
496 error during the integrated login process.
499 Type : REG_SZ or REG_EXPAND_SZ
501 NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
503 A logon script that will be scheduled to be run after the profile
504 load is complete. If using the REG_EXPAND_SZ type, you can use
505 any system environment variable as "%varname%" which would be
506 expanded at the time the network provider is run. Optionally
507 using a "%s" in the value would result in it being expanded into
508 the AFS SMB username for the session.
510 Value : LoginRetryInterval
515 If the OpenAFS client service has not started yet, the network
516 provider will wait for a maximum of "LoginRetryInterval" seconds
517 while retrying every "LoginSleepInterval" seconds to check if the
520 Value : LoginSleepInterval
525 See description of LoginRetryInterval.
528 2.1.2 Selection of effective values for domain specific configuration
529 ----------------------------------------------------------------------
531 During login to domain X, where X is the domain passed into
532 NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
533 'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
534 computer, the following keys will be looked up.
536 1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
537 2. Domains key. (NP key\"Domain")
538 3. Specific domain key. (Domains key\X)
540 If the specific domain key does not exist, then the domains key will
541 be ignored. All the configuration information in this case will
542 come from the NP key.
544 If the specific domain key exists, then for each of the values
545 metioned in (2), they will be looked up in the specific domain key,
546 domains key and the NP key successively until the value is found.
547 The first instance of the value found this way will be the effective
548 for the login session. If no such instance can be found, the
549 default will be used. To re-iterate, a value in a more specific key
550 supercedes a value in a less specific key. The exceptions to this
551 rule are stated below.
553 2.1.3 Exceptions to 2.1.2
554 --------------------------
556 To retain backwards compatibility, the following exceptions are made
559 2.1.3.1 'FailLoginsSilently'
561 Historically, the 'FailLoginsSilently' value was in
562 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
563 key and not in the NP key. Therefore, for backwards compatibility,
564 the value in the Parameters key will supercede all instances of this
565 value in other keys. In the absence of this value in the Parameters
566 key, normal scope rules apply.
568 2.1.3.2 'LogonScript'
570 If a 'LogonScript' is not specified in the specific domain key nor
571 in the domains key, the value in the NP key will only be checked if
572 the effective 'LogonOptions' specify a high security integrated
573 login. If a logon script is specified in the specific domain key or
574 the domains key, it will be used regardless of the high security
575 setting. Please be aware of this when setting this value.
578 3. AFS Credentials System Tray Tool parameters
579 ----------------------------------------------
580 Affects the behavior of afscreds.exe
583 [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
588 Function: GetGatewayName()
590 If the AFS client is utilizing a gateway to obtain AFS access,
591 the name of the gateway is specified by this value.
596 Variable: IsServiceConfigured()
598 The value Cell is used to determine if the AFS Client Service has
599 been properly configured or not.
603 [HKLM\SOFTWARE\OpenAFS\Client]
604 [HKCU\SOFTWARE\OpenAFS\Client]
609 Function: InitApp(), Main_OnCheckTerminate()
611 This value is used to determine whether or not a shortcut should be
612 maintained in the user's Start Menu->Programs->Startup folder.
614 This value used to be stored at
615 [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
620 Function: KFW_is_available()
622 When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
623 to obtain AFS credentials. By setting this value to 0, the internal
624 Kerberos 4 implementation will be used instead.
626 Value : AfscredsShortcutParams
628 Default : "-A -M -N -Q"
629 Function: Shortcut_FixStartup
631 This value specifies the command line options which should be set
632 as part of the shortcut to afscreds.exe.
636 [HKCU\SOFTWARE\OpenAFS\Client]
638 Value : Authentication Cell
641 Function: Afscreds.exe GetDefaultCell()
643 This value allows the user to configure a different cell name to
644 be used as the default cell when acquiring tokens in afscreds.exe
648 [HKCU\SOFTWARE\OpenAFS\Client\Reminders]
650 Value : "afs cell name"
653 Function: LoadRemind(), SaveRemind()
655 These values are used to save and restore the state of the reminder
656 flag for each cell for which the user has obtained tokens.
658 This value used to be stored at
659 [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
663 [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
665 Value : "upper case drive letter"
669 These values are used to store the persistence state of the AFS
670 drive mappings as listed in the [...\Client\Mappings] key
672 These values used to be stored in the afsdsbmt.ini file
675 [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
677 Value : "upper case drive letter"
681 These values are used to store the AFS path in Unix notation
682 to which the drive letter is to be mapped.
684 These values used to be stored in the afsdsbmt.ini file.
688 [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
690 Value : "smb/cifs share name"
694 This key is used to map SMB/CIFS shares to Client Side Caching
695 (off-line access) policies. For each share one of the following
696 policies may be used: "manual", "programs", "documents", "disable"
698 These values used to be stored in afsdsbmt.ini
701 [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
703 Value : "numeric value"
707 This key is used to store newline terminated mount point strings
708 for use in constructing the fake root.afs volume when Freelance
709 (dynamic roots) mode is activated.
711 "athena.mit.edu#athena.mit.edu:root.cell.\n"
712 ".athena.mit.edu%athena.mit.edu:root.cell.\n"
714 These values used to be stored in afs_freelance.ini
718 [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
720 Value : "submount name"
724 This key is used to store mappings of unix style AFS paths
725 to submount names which can be referenced as UNC paths.
726 For example the submount string "/athena.mit.edu/user/j/a/jaltman"
727 can be associated with the submount name "jaltman.home".
728 This can then be referenced as the UNC path \\AFS\jaltman.home.
730 These values used to be stored in afsdsbmt.ini
733 ENVIRONMENT VARIABLES:
735 Variable: AFS_RPC_ENCRYPT
736 Values: "OFF" disables the use of RPC encryption
737 any other value allows RPC encryption to be used
738 Default: RPC encryption is on
741 Variable: AFS_RPC_PROTSEQ
742 Values: "ncalrpc" - local RPC
743 "ncacn_np" - named pipes
744 "ncacn_ip_tcp" - tcp/ip