name will be 'AFS'.
Value : CacheSize
-Type : QWORD
+Type : DWORD
Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
Variable: cm_initParams.cacheSize
- Size of the AFS cache.
+ Size of the AFS cache in 1k blocks.
Value : ChunkSize
Type : DWORD
smb_Server in smb.c).
Value : Stats
-Type : QWORD
+Type : DWORD
Default : 1000 (CM_CONFIGDEFAULT_STATS)
Variable: cm_initParams.nStatCaches
that the tokens remain valid until the profile save is complete.
Value : LogoffTokenTransferTimeout
-Type : QWORD
+Type : DWORD
Default : 10
Variable: smb_LogoffTokenTransferTimeout
where the symlink exists)
Value : CachePath
-Type : REG_SZ
-Default : "\AFSCache"
+Type : REG_SZ or REG_EXPAND_SZ
+Default : "%SYSTEMDRIVE%\AFSCache"
Variable: cm_CachePath
Location of on-disk cache file. The default implies the root
directory of the boot disk
+
+Value : NonPersistentCaching
+Type : DWORD [0..1]
+Default : 0
+Variable: buf_CacheType
+
+ When this registry value is set to a non-zero value, the CachePath
+ value is ignored and the cache data is stored in the windows paging
+ file. This prevents the use of persistent caching (when available)
+ as well as the ability to alter the size of the cache at runtime
+ using the "fs setcachesize" command.
+
+
Value : TrapOnPanic
Type : DWORD {1,0}
Default : 0
or various error types to be logged.
Value : TraceBufferSize
-Type : QWORD
+Type : DWORD
Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
Variable: traceBufSize
The provides an opportunity for at least one retry.
+Value : TraceOption
+Type : DWORD {0, 1, 2, 3}
+Default : 0
+
+ Enables logging of debug output to the Windows Event Log.
+ Bit 0 enables logging of "Logon Events" processed by the Network Provider
+ and Winlogon Event Notification Handler.
+ Bit 1 enables logging of events captured by the AFS Client Service.
+
Value : AllSubmount
Type : DWORD {0, 1}
Default : 1
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
+Value : MaxLogSize
+Type : DWORD {0 .. MAXDWORD}
+Default : 100K
+
+ This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
+ file. If the file is larger than this value when afsd_service.exe starts
+ the file will be reset to 0 bytes. If this value is 0, it means the file
+ should be allowed to grow indefinitely.
+
+
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
2. Network provider parameters
------------------------------
-Affects the network provider (aklogon.dll).
+Affects the network provider (afslogon.dll).
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : AuthentProviderPath
Type : REG_SZ
-NSIS : <install path>\afslogon.dll
+NSIS : %WINDIR%\SYSTEM32\afslogon.dll
Specifies the install location of the authentication provider dll.
depends. Windows should not attempt to start the AFS Client Service
until all of the specified services have successfully started.
-Value : LogonOptions
-Type : DWORD
-NSIS : depends on user configuration
+Value : Name
+Type : REG_SZ
+NSIS : "OpenAFSDaemon"
+
+ Specifies the display name of the AFS Client Service
+
+Value : ProviderPath
+Type : REG_SZ
+NSIS : %WINDIR%\SYSTEM32\afslogon.dll
+
+ Specifies the DLL to use for the network provider
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client]
+
+Value : CellServDBDir
+Type : REG_SZ
+Default : <not defined>
+
+ Specifies the directory containing the CellServDB file.
+ When this value is not specified, the AFS Client install
+ directory is used.
+
+
+
+2.1 Domain specific configuration keys for the Network Provider
+---------------------------------------------------------------
+
+The network provider can be configured to have different behavior
+depending on the domain that the user logs into. These settings are
+only relevant when using integrated login. A domain refers to an
+Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
+local machine (i.e. local account logins). The domain name that is
+used for selecting the domain would be the domain that is passed into
+the NPLogonNotify function of the network provider.
+
+Domain specific registry keys are :
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+ (NP key)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
+ (Domains key)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
+ (Specific domain key. One per domain.)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+ (Localhost key)
+
+eg:
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
+ |
+ +- Domain
+ +-AD1.EXAMPLE.COM
+ +-AD2.EXAMPLE.NET
+ +-LOCALHOST
+
+Each of the domain specific keys can have the set of values described
+in 2.1.1. The effective values are chosen as described in 2.1.2.
+
+2.1.1 Domain specific configuration values
+-------------------------------------------
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+
+ Value : LogonOptions
+ Type : DWORD
+ Default : 0x01
+ NSIS/WiX: depends on user configuration
0x00 - Integrated Logon is not used
0x01 - Integrated Logon is used
High Security Mode generates random SMB names for the creation of
Drive Mappings. This mode should not be used without Integrated Logon.
-Value : LogonScript
-Type : REG_SZ
-NSIS : <install path>\afscreds.exe -:%s -x
+ As of 1.3.65 the SMB server supports SMB authentication. The High
+ Security Mode should not be used when using SMB authentication
+ (SMBAuthType setting is non zero).
- Specifies the command to be executed at the end of successful logon.
+ Value : FailLoginsSilently
+ Type : DWORD (1|0)
+ Default : 0
+ NSIS/WiX: (not set)
-Value : Name
-Type : REG_SZ
-NSIS : "OpenAFSDaemon"
+ If true, does not display any visible warnings in the event of an
+ error during the integrated login process.
- Specifies the display name of the AFS Client Service
+ Value : LogonScript
+ Type : REG_SZ or REG_EXPAND_SZ
+ Default : (null)
+ NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
-Value : ProviderPath
-Type : REG_SZ
-NSIS : <install path>\afslogon.dll
+ A logon script that will be scheduled to be run after the profile
+ load is complete. If using the REG_EXPAND_SZ type, you can use
+ any system environment variable as "%varname%" which would be
+ expanded at the time the network provider is run. Optionally
+ using a "%s" in the value would result in it being expanded into
+ the AFS SMB username for the session.
- Specifies the DLL to use for the network provider
+ Value : LoginRetryInterval
+ Type : DWORD
+ Default : 30
+ NSIS/WiX: (not set)
-Value : TraceOption
-Type : DWORD {1|0}
-Default : 0
+ If the OpenAFS client service has not started yet, the network
+ provider will wait for a maximum of "LoginRetryInterval" seconds
+ while retrying every "LoginSleepInterval" seconds to check if the
+ service is up.
- Enables trace events for the network provider.
+ Value : LoginSleepInterval
+ Type : DWORD
+ Default : 5
+ NSIS/WiX: (not set)
-Value : VerboseLogging
-Type : DWORD
-NSIS : 0x0a
+ See description of LoginRetryInterval.
+
+
+2.1.2 Selection of effective values for domain specific configuration
+----------------------------------------------------------------------
+
+ During login to domain X, where X is the domain passed into
+ NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
+ 'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
+ computer, the following keys will be looked up.
+
+ 1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
+ 2. Domains key. (NP key\"Domain")
+ 3. Specific domain key. (Domains key\X)
+
+ If the specific domain key does not exist, then the domains key will
+ be ignored. All the configuration information in this case will
+ come from the NP key.
+
+ If the specific domain key exists, then for each of the values
+ metioned in (2), they will be looked up in the specific domain key,
+ domains key and the NP key successively until the value is found.
+ The first instance of the value found this way will be the effective
+ for the login session. If no such instance can be found, the
+ default will be used. To re-iterate, a value in a more specific key
+ supercedes a value in a less specific key. The exceptions to this
+ rule are stated below.
+
+2.1.3 Exceptions to 2.1.2
+--------------------------
+
+ To retain backwards compatibility, the following exceptions are made
+ to 2.1.2.
- Determines the level of logging to be enabled
+2.1.3.1 'FailLoginsSilently'
+
+ Historically, the 'FailLoginsSilently' value was in
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
+ key and not in the NP key. Therefore, for backwards compatibility,
+ the value in the Parameters key will supercede all instances of this
+ value in other keys. In the absence of this value in the Parameters
+ key, normal scope rules apply.
+
+2.1.3.2 'LogonScript'
+
+ If a 'LogonScript' is not specified in the specific domain key nor
+ in the domains key, the value in the NP key will only be checked if
+ the effective 'LogonOptions' specify a high security integrated
+ login. If a logon script is specified in the specific domain key or
+ the domains key, it will be used regardless of the high security
+ setting. Please be aware of this when setting this value.
3. AFS Credentials System Tray Tool parameters
This value used to be stored at
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
+ The current user value is checked first; if it does not exist the local
+ machine value is checked.
+
+
Value : EnableKFW
Type : DWORD {0, 1}
Default : 1
When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
to obtain AFS credentials. By setting this value to 0, the internal
- Kerberos 4 implementation will be used instead.
+ Kerberos 4 implementation will be used instead. The current user value
+ is checked first; if it does not exist the local machine value is checked.
Value : AfscredsShortcutParams
Type : REG_SZ
Function: Shortcut_FixStartup
This value specifies the command line options which should be set
- as part of the shortcut to afscreds.exe.
-
-
-Regkey:
-[HKCU\SOFTWARE\OpenAFS\Client]
-
-Value : Authentication Cell
-Type : REG_SZ
-Default : <none>
-Function: Afscreds.exe GetDefaultCell()
-
- This value allows the user to configure a different cell name to
- be used as the default cell when acquiring tokens in afscreds.exe
+ as part of the shortcut to afscreds.exe. afscreds.exe rewrites the
+ shortcut each time it exits so as to ensure that the shortcut points
+ to the latest version of the program. This value is used to determine
+ which values should be used for command line parameters. The current
+ user value is checked first; if it does not exist the local machine
+ value is checked.
Regkey:
These values used to be stored in afsdsbmt.ini
-Regkey:
-[HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
-
-Value : "upper case drive letter"
-Type : DWORD {0, 1}
-Default : <none>
-
- These values are used to store the persistence state of the AFS
- drive mappings as listed in the [...\Client\Mappings] key
-
- These values used to be stored in the afsdsbmt.ini file
-
-Regkey:
-[HKCU\SOFTWARE\OpenAFS\Client\Mappings]
-
-Value : "upper case drive letter"
-Type : REG_SZ
-Default : <none>
-
- These values are used to store the AFS path in Unix notation
- to which the drive letter is to be mapped.
-
- These values used to be stored in the afsdsbmt.ini file.
-
-
-Regkey:
-[HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
-
-Value : "smb/cifs share name"
-Type : REG_SZ
-Default : <none>
-
- This key is used to map SMB/CIFS shares to Client Side Caching
- (off-line access) policies. For each share one of the following
- policies may be used: "manual", "programs", "documents", "disable"
-
- These values used to be stored in afsdsbmt.ini
-
-Regkey:
-[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
-
-Value : "numeric value"
-Type : REG_SZ
-Default : <none>
-
- This key is used to store newline terminated mount point strings
- for use in constructing the fake root.afs volume when Freelance
- (dynamic roots) mode is activated.
-
- "athena.mit.edu#athena.mit.edu:root.cell.\n"
- ".athena.mit.edu%athena.mit.edu:root.cell.\n"
-
- These values used to be stored in afs_freelance.ini
-
-
-Regkey:
-[HKLM\SOFTWARE\OpenAFS\Client\Submounts]
-
-Value : "submount name"
-Type : REG_SZ
-Default : <none>
-
- This key is used to store mappings of unix style AFS paths
- to submount names which can be referenced as UNC paths.
- For example the submount string "/athena.mit.edu/user/j/a/jaltman"
- can be associated with the submount name "jaltman.home".
- This can then be referenced as the UNC path \\AFS\jaltman.home.
-
- These values used to be stored in afsdsbmt.ini
-
-
ENVIRONMENT VARIABLES:
Variable: AFS_RPC_ENCRYPT