-OpenAFS for Windows 1.3.72 Installation Notes
+OpenAFS for Windows 1.3.82 Installation Notes
---------------------------------------------
The OpenAFS for Windows product was very poorly maintained throughout the
series but also attempts to enhance the functionality of the product to better
fit the usage model of today's users. Several items standout.
+0. The default AFSCache file is approximately 100MB. This space is required
+in addition to the space allocated to OpenAFS binaries.
1. The Kerberos 4 infrastructure on which the 1.2 series is reliant is no
longer secure. Cross-realm Kerberos is very important in the AFS context and
When the MLA is installed, UNC paths of the form \\AFS\cellname\path may be used.
+The MLA is installed with a binding to "Client for Microsoft Networks" but not
+to "File and Printer Sharing for Microsoft Networks". If you fail to bind
+"Client Microsoft Networks" you will not be able to access the AFS Client
+Service when the machine is disconnect from the network. If you bind "File
+and Printer Sharing ..." there will be a conflict between the name "AFS" and
+the name of the machine on the published IP Address. This will result in a
+failure to be able to access files in AFS. The "NET VIEW" command will return
+a "System Error 52" message when this conflict exists. To correct the problem:
+
+ * stop the AFS Client Service
+ * bind the "Client for Microsoft Networks" to the MLA
+ * unbind "File and Printer Sharing for Microsoft Networks" from the MLA
+ * Disable and then Enable the MLA
+ * start the AFS Client Service
+
3. Traditionally, when the AFS Client Service starts it must be able to
access the "root.afs" volume of the default cell. The "root.afs" volume
dynamically constructed when the service starts. This mode is called
Freelance mode. Freelance mode is turned on by default.
-The contents of the
-fake "root.afs" volume are constructed dynamically as cells are accessed.
-When the fake "root.afs" volume is constructed it will only contain two
-mount points: a read-only and read-write mount point used to access the
-"root.cell" volume of the default AFS cell. Any attempt to access a
-valid cell name will automatically result in a new mount point
+The contents of the fake "root.afs" volume are constructed dynamically as
+cells are accessed. When the fake "root.afs" volume is constructed it will
+only contain two mount points: a read-only and read-write mount point used
+to access the "root.cell" volume of the default AFS cell. Any attempt to
+access a valid cell name will automatically result in a new mount point
being created in the fake "root.afs" volume. If the cellname begins with
a "." the mount point will be read-write; otherwise the mount point will
be read-only. These mount points are preserved in the registry at key:
+
HKLM\SOFTWARE\OpenAFS\Client\Freelance
Additional mount points may be manually created using the "fs mkmount"
command. Mount points may be removed using the "fs rmmount" command.
- fs mkmount \\AFS\all\athena.mit.edu root.cell athena.mit.edu
- fs mkmount \\AFS\all\.athena.mit.edu root.cell athena.mit.edu -rw
- fs rmmount \\AFS\all\athena.mit.edu
- fs rmmount \\AFS\all\.athena.mit.edu
+ >fs mkmount \\AFS\all\athena.mit.edu root.cell athena.mit.edu
+ >fs mkmount \\AFS\all\.athena.mit.edu root.cell athena.mit.edu -rw
+ >fs rmmount \\AFS\all\athena.mit.edu
+ >fs rmmount \\AFS\all\.athena.mit.edu
+
+Beginning in 1.3.74, the Freelance fake root.afs volume will support
+the creation of symlinks.
+
+ >symlink make \\afs\all\link \\afs\all\athena.mit.edu\user\j\a\jaltman
+
+ >symlink list \\afs\all\link
+ '\\afs\all\link' is a symlink to 'athena.mit.edu\user\j\a\jaltman'
+
+ >symlink rm \\afs\all\link
+
+The symlinks are stored in the registry at:
+
+ HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks
4. The OpenAFS for Windows client will use AFSDB DNS records to
Kerberos KDC is inaccessible at logon time.
-7. The AFS Systray tool (afscreds.exe) supports several new command line
+7. The AFS Systray tool (afscreds.exe) supports several command line
options:
-A = autoinit
+ -E = force existing afscreds to exit
+ -I = install startup shortcut
-M = renew drive maps
-N = ip address change detection
+ -Q = quiet mode. do not display start service dialog
+ if afsd_service is not already running
+ -S = show tokens dialog on startup
+ -U = uninstall startup shortcut
+ -X = test and do map share
-Z = unmap drives
+ -: = magic parameter for high security mode
autoinit will result in automated attempts to acquire AFS tokens when
afscreds.exe is started. afscreds.exe will attempt to utilize tickets stored
of the Status Cache and all requests will result in network operations.
If you are experiencing poor performance you might want to increase the
-maximum number of Status Cache entries. Each entry requires 164K. Only
-those entries which are used are allocated.
+maximum number of Status Cache entries. Each entry requires approximately
+1.2K. Note that the default number of Status Cache entries was increased
+to 10,000 starting in 1.3.80.
+
+
+26. "Netbios over TCP/IP" must be active on the machine in order for
+communication with the AFS Client Service to succeed. If "Netbios over
+TCP/IP" is disabled on the machine, then communication with the AFS Client
+Service will be impossible.
+
+
+27. The AFS Client Service and related binaries are digitally signed by
+"Secure Endpoints Inc." beginning with the 1.3.7400 release of OpenAFS
+for Windows. Starting in the 1.3.7500 release, the AFS Client Service
+will perform a run-time verification check to ensure that all AFS related
+DLLs loaded by the service match the same file version number and were
+signed by the same entity. This check has been added to prevent the
+stability problems caused by more then one version of AFS being installed
+on a machine at the same time. Many hours of support time have been wasted
+tracking down problems caused by the mixture of files from different
+releases.
+
+The registry.txt file documents the "VerifyServiceSignature" registry
+value which can be used to disable the signature check. The file version
+check cannot be disabled.
+
+
+28. The maximum cache size is approximately 1.3GB. This is the largest
+contiguous block of memory in the 2GB process address space which can be
+used for the memory mapped file. Due to fragmentation of the process
+spaced caused by the digital signature verification code, any attempt to
+specify a cache size greater then 700MB will result in the automatic
+disabling of the signature check.
+
+
+29. OpenAFS for Windows implements an SMB server which is used as a
+gateway to the AFS filesystem. Because of the use of SMB, Windows
+stores all files into AFS using the OEM code pages such as CP437 (United
+States) or CP850 (Western Europe). These code pages are incompatible
+with the ISO Latin-1 character set typically used as a default on Unix
+systems in both the United States and Western Europe. Filenames stored
+by OpenAFS for Windows are therefore unreadable on Unix systems if they
+include any of the following characters:
+
+ [Ç] 128 08/00 200 80 C cedilla
+ [ü] 129 08/01 201 81 u diaeresis
+ [é] 130 08/02 202 82 e acute
+ [â] 131 08/03 203 83 a circumflex
+ [ä] 132 08/04 204 84 a diaeresis
+ [à] 133 08/05 205 85 a grave
+ [å] 134 08/06 206 86 a ring
+ [ç] 135 08/07 207 87 c cedilla
+ [ê] 136 08/08 210 88 e circumflex
+ [ë] 137 08/09 211 89 e diaeresis
+ [è] 138 08/10 212 8A e grave
+ [ï] 139 08/11 213 8B i diaeresis
+ [î] 140 08/12 214 8C i circumflex
+ [ì] 141 08/13 215 8D i grave
+ [Ä] 142 08/14 216 8E A diaeresis
+ [Å] 143 08/15 217 8F A ring
+ [É] 144 09/00 220 90 E acute
+ [æ] 145 09/01 221 91 ae diphthong
+ [Æ] 146 09/02 222 92 AE diphthong
+ [ô] 147 09/03 223 93 o circumflex
+ [ö] 148 09/04 224 94 o diaeresis
+ [ò] 149 09/05 225 95 o grave
+ [û] 150 09/06 226 96 u circumflex
+ [ù] 151 09/07 227 97 u grave
+ [ÿ] 152 09/08 230 98 y diaeresis
+ [Ö] 153 09/09 231 99 O diaeresis
+ [Ü] 154 09/10 232 9A U diaeresis
+ [ø] 155 09/11 233 9B o slash
+ [£] 156 09/12 234 9C Pound sterling sign
+ [Ø] 157 09/13 235 9D O slash
+ [×] 158 09/14 236 9E Multiplication sign
+ [] 159 09/15 237 9F Florin sign
+
+As of 1.3.75, a new registry value, HKLM\SOFTWARE\OpenAFS\Client
+"StoreAnsiFilenames" can be set to instruct OpenAFS for Windows to store
+filenames using the ANSI Code Page instead of the OEM Code Page. The ANSI
+Code Page is a compatible superset of Latin-1. This setting is not the
+default setting because making this change would prevent OpenAFS for Windows
+from being able to access filenames containing the above characters which
+were created without this setting.
+
+
+30. There is a known issue with storing Windows Roaming Profiles when
+the profile contains either directories or files with names which cannot
+be represented in the local OEM character set. In this case, attempts
+to write the profile back to AFS will fail. OpenAFS for Windows does
+not currently support UNICODE. To avoid this problem some sites run
+logoff scripts (assigned by group policy) which rename all files to use
+only the supported characters for the locale.
+
+
+31. As of 1.3.80 the AFS Cache file is stored by default at %TEMP%\AFSCache
+in a persistent file marked with the Hidden and System attributes. The
+persistent nature of the data stored in the cache file improves the
+performance of OpenAFS by reducing the number of times data must be read
+from the AFS file servers.
+
+
+32. Integrated Login (as of 1.3.80) supports the ability to obtain tokens
+for multiple cells. See the "TheseCells" value in registry.txt.
+
+
+33. New command line tool:
+
+ afsdacl : Set or reset the DACL to allow starting or stopping
+ the afsd service by any ordinary user.
+
+ Usage : afsdacl [-set | -reset] [-show]
+ -set : Sets the DACL
+ -reset : Reset the DACL
+ -show : Show current DACL (SDSF)
+
+34. As of 1.3.80, the default @sys name list has been changed to
+"x86_win32 i386_w2k i386_nt40" for 32-bit x86 systems. The default
+for itanium will be "ia64_win64" and "amd64_win64" for amd 64-bit
+processors.
+
+
+35. As of 1.3.80, symlinks to \\AFS[\all]\... will now be treated
+the same as symlinks to /afs/... However, please use /afs/... as
+the Windows UNC form will not work on Unix.
+
+
+36. As of 1.3.80, OpenAFS for Windows implements the Cache Manager
+Debugging RPC Interface. The CM debugger can be queried with
+cmdebug.exe.
+
+Usage: cmdebug -servers <server machine> [-port <IP port>] [-long]
+ [-addrs] [-cache] [-help]
+Where: -long print all info
+ -addrs print only host interfaces
+ -cache print only cache configuration
+
+37. If you are a site which utilizes MIT/Heimdal Kerberos principals
+to logon to Windows via a cross-realm relationship with a multi-domain
+Windows forest, you must enable Windows logon caching unless the
+workstation is Longhorn Beta 1 or later.
+
+
+38. VLDB and File Server Preferences can now be provided initial
+values using registry keys. This is useful for managed machines in a
+Windows domain which are centrally located (e.g., in a computing
+lab.) See registry.txt for details on the "Server Preferences" keys.
+
+
+39. As of 1.3.81, timestamps on file stored in AFS are reported to
+Windows in UTC all year round. Previously, in locales with daylight
+savings time, the time reported by AFS to Windows when DST is active
+was UTC+1. This was done to preserve the relative local time for the
+user. A file stored at 11:00am EST in January would be reported as
+having been stored at 11:00am EDT in June. Unfortunately, this has
+the negative side effect of changing the reported timestamp from 16:00UTC
+to 15:00UTC. Since Windows treats all file times in UTC, data
+synchronization applications which rely on the timestamp would believe
+that all files stored in AFS had changed. This will no longer be the
+case.
+
+It should be noted that Unix based operating systems (such as Solaris)
+do not appear to report file times to applications in UTC. They do
+preserve the relative local time. This may confuse some users who are
+used to being able to compare the timestamp in an Unix shell with the
+timestamp from the Windows explorer. During DST, these two times will
+no longer agree even though they are in fact describing the same time.
+
+40. If the installer refuses to install and complains about an RPC
+configuration error, check to ensure that the following registry
+entries are present and that they refer to the dll "rpcrt4.dll":
+
+ HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_np"
+ HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_ip_tcp"
+ HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncadg_ip_udp"
------------------------------------------------------------------------
%WINDIR%\TEMP\afsd_init.log. Send the last continuous block of log
information from this file.
+Configuring DrWatson to generate dump files for crashes:
+
+ * Run drwtsn32.exe to configure or to identify where the log and the crash dump
+ files are created:
+ - click Start > Run...
+ - type drwtsn32 <enter>.
+ - Select either a Crash Dump Type: Mini or Full.
+ - Clear Dump Symbol Table
+ - Clear Append to Existing Log file.
+ - Check Dump All Thread Contexts.
+ - Check Create Crash Dump File
+ * Next run the monitoring module of Dr. Watson:
+ - click Start > Run...
+ - type drwatson <enter>.
+ - Once a crash happens, Dr. Watson generates a dump file and a report in the
+ log file, including the address of the crash and the stack dump.
+
+Once you have the Dr. Watson's logfile and minidump, zip them and send them as
+attachments with your e-mail to openafs-bugs@openafs.org.
+
+When reporting a error, please be sure to include the version of OpenAFS.
+
+
------------------------------------------------------------------------
How to Contribute to the Development of OpenAFS for Windows: