-Registry keys used in the Windows AFS Client
---------------------------------------------
+Registry keys and Environment Variables used in the Windows AFS Client
+----------------------------------------------------------------------
-This file describes the registry keys used in the Windows AFS clients.
+REGISTRY KEYS:
1. Service parameters
---------------------
The provides an opportunity for at least one retry.
+Value : TraceOption
+Type : DWORD {0, 1, 2, 3}
+Default : 0
+
+ Enables logging of debug output to the Windows Event Log.
+ Bit 0 enables logging of "Logon Events" processed by the Network Provider
+ and Winlogon Event Notification Handler.
+ Bit 1 enables logging of events captured by the AFS Client Service.
+
Value : AllSubmount
Type : DWORD {0, 1}
Default : 1
Disables the attempt to identity the network adapter to use by
looking for an adapter with a display name of "AFS".
+Value : MaxCPUs
+Type : DWORD {1..32} or {1..64} depending on the architecture
+Default : <no default>
+
+ If this value is specified, afsd_service.exe will restrict itself
+ to executing on the specified number of CPUs if there are a greater
+ number installed in the machine.
+
+ NOTE: Setting this entry to "1" may be required on hyperthreaded
+ systems to avoid crashes in the RX library.
+
+Value : smbAuthType
+Type : DWORD {0..2}
+Default : 2
+
+ If this value is specified, it defines the type of SMB authentication
+ which must be present in order for the Windows SMB client to connect
+ to the AFS Client Service's SMB server. The values are:
+ 0 = No authentication required
+ 1 = NTLM authentication required
+ 2 = Extended (GSS SPNEGO) authentication required
+ The default is Extended authentication
+
+Value : MaxLogSize
+Type : DWORD {0 .. MAXDWORD}
+Default : 100K
+
+ This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
+ file. If the file is larger than this value when afsd_service.exe starts
+ the file will be reset to 0 bytes. If this value is 0, it means the file
+ should be allowed to grow indefinitely.
+
+
+Regkey:
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
+
+Value : <Drive Letter:> for example "G:"
+Type : SZ
+
+ Specifies the submount name to be mapped by afsd_service.exe at startup
+ to the provided drive letter.
+
Regkey:
2. Network provider parameters
------------------------------
-Affects the network provider (aklogon.dll).
+Affects the network provider (afslogon.dll).
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : AuthentProviderPath
Type : REG_SZ
-NSIS : <install path>\afslogon.dll
+NSIS : %WINDIR%\SYSTEM32\afslogon.dll
Specifies the install location of the authentication provider dll.
depends. Windows should not attempt to start the AFS Client Service
until all of the specified services have successfully started.
-Value : LogonOptions
-Type : DWORD
-NSIS : depends on user configuration
+Value : Name
+Type : REG_SZ
+NSIS : "OpenAFSDaemon"
+
+ Specifies the display name of the AFS Client Service
+
+Value : ProviderPath
+Type : REG_SZ
+NSIS : %WINDIR%\SYSTEM32\afslogon.dll
+
+ Specifies the DLL to use for the network provider
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client]
+
+Value : CellServDBDir
+Type : REG_SZ
+Default : <not defined>
+
+ Specifies the directory containing the CellServDB file.
+ When this value is not specified, the AFS Client install
+ directory is used.
+
+
+
+2.1 Domain specific configuration keys for the Network Provider
+---------------------------------------------------------------
+
+The network provider can be configured to have different behavior
+depending on the domain that the user logs into. These settings are
+only relevant when using integrated login. A domain refers to an
+Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
+local machine (i.e. local account logins). The domain name that is
+used for selecting the domain would be the domain that is passed into
+the NPLogonNotify function of the network provider.
+
+Domain specific registry keys are :
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+ (NP key)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
+ (Domains key)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
+ (Specific domain key. One per domain.)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+ (Localhost key)
+
+eg:
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
+ |
+ +- Domain
+ +-AD1.EXAMPLE.COM
+ +-AD2.EXAMPLE.NET
+ +-LOCALHOST
+
+Each of the domain specific keys can have the set of values described
+in 2.1.1. The effective values are chosen as described in 2.1.2.
+
+2.1.1 Domain specific configuration values
+-------------------------------------------
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+
+ Value : LogonOptions
+ Type : DWORD
+ Default : 0x01
+ NSIS/WiX: depends on user configuration
0x00 - Integrated Logon is not used
0x01 - Integrated Logon is used
High Security Mode generates random SMB names for the creation of
Drive Mappings. This mode should not be used without Integrated Logon.
-Value : LogonScript
-Type : REG_SZ
-NSIS : <install path>\afscreds.exe -:%s -x
+ As of 1.3.65 the SMB server supports SMB authentication. The High
+ Security Mode should not be used when using SMB authentication
+ (SMBAuthType setting is non zero).
- Specifies the command to be executed at the end of successful logon.
+ Value : FailLoginsSilently
+ Type : DWORD (1|0)
+ Default : 0
+ NSIS/WiX: (not set)
-Value : Name
-Type : REG_SZ
-NSIS : "OpenAFSDaemon"
+ If true, does not display any visible warnings in the event of an
+ error during the integrated login process.
- Specifies the display name of the AFS Client Service
+ Value : LogonScript
+ Type : REG_SZ or REG_EXPAND_SZ
+ Default : (null)
+ NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
-Value : ProviderPath
-Type : REG_SZ
-NSIS : <install path>\afslogon.dll
+ A logon script that will be scheduled to be run after the profile
+ load is complete. If using the REG_EXPAND_SZ type, you can use
+ any system environment variable as "%varname%" which would be
+ expanded at the time the network provider is run. Optionally
+ using a "%s" in the value would result in it being expanded into
+ the AFS SMB username for the session.
- Specifies the DLL to use for the network provider
+ Value : LoginRetryInterval
+ Type : DWORD
+ Default : 30
+ NSIS/WiX: (not set)
-Value : VerboseLogging
-Type : DWORD
-NSIS : 0x0a
+ If the OpenAFS client service has not started yet, the network
+ provider will wait for a maximum of "LoginRetryInterval" seconds
+ while retrying every "LoginSleepInterval" seconds to check if the
+ service is up.
+
+ Value : LoginSleepInterval
+ Type : DWORD
+ Default : 5
+ NSIS/WiX: (not set)
+
+ See description of LoginRetryInterval.
+
+
+2.1.2 Selection of effective values for domain specific configuration
+----------------------------------------------------------------------
- Determines the level of logging to be enabled
+ During login to domain X, where X is the domain passed into
+ NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
+ 'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
+ computer, the following keys will be looked up.
+
+ 1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
+ 2. Domains key. (NP key\"Domain")
+ 3. Specific domain key. (Domains key\X)
+
+ If the specific domain key does not exist, then the domains key will
+ be ignored. All the configuration information in this case will
+ come from the NP key.
+
+ If the specific domain key exists, then for each of the values
+ metioned in (2), they will be looked up in the specific domain key,
+ domains key and the NP key successively until the value is found.
+ The first instance of the value found this way will be the effective
+ for the login session. If no such instance can be found, the
+ default will be used. To re-iterate, a value in a more specific key
+ supercedes a value in a less specific key. The exceptions to this
+ rule are stated below.
+
+2.1.3 Exceptions to 2.1.2
+--------------------------
+
+ To retain backwards compatibility, the following exceptions are made
+ to 2.1.2.
+
+2.1.3.1 'FailLoginsSilently'
+
+ Historically, the 'FailLoginsSilently' value was in
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
+ key and not in the NP key. Therefore, for backwards compatibility,
+ the value in the Parameters key will supercede all instances of this
+ value in other keys. In the absence of this value in the Parameters
+ key, normal scope rules apply.
+
+2.1.3.2 'LogonScript'
+
+ If a 'LogonScript' is not specified in the specific domain key nor
+ in the domains key, the value in the NP key will only be checked if
+ the effective 'LogonOptions' specify a high security integrated
+ login. If a logon script is specified in the specific domain key or
+ the domains key, it will be used regardless of the high security
+ setting. Please be aware of this when setting this value.
3. AFS Credentials System Tray Tool parameters
Regkey:
+[HKCU\SOFTWARE\OpenAFS\Client]
+
+Value : Authentication Cell
+Type : REG_SZ
+Default : <none>
+Function: Afscreds.exe GetDefaultCell()
+
+ This value allows the user to configure a different cell name to
+ be used as the default cell when acquiring tokens in afscreds.exe
+
+
+Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Reminders]
Value : "afs cell name"
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
+Regkey:
+[HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+
+Value : "upper case drive letter"
+Type : DWORD {0, 1}
+Default : <none>
+
+ These values are used to store the persistence state of the AFS
+ drive mappings as listed in the [...\Client\Mappings] key
+
+ These values used to be stored in the afsdsbmt.ini file
+
+Regkey:
+[HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+
+Value : "upper case drive letter"
+Type : REG_SZ
+Default : <none>
+
+ These values are used to store the AFS path in Unix notation
+ to which the drive letter is to be mapped.
+
+ These values used to be stored in the afsdsbmt.ini file.
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+
+Value : "smb/cifs share name"
+Type : REG_SZ
+Default : <none>
+
+ This key is used to map SMB/CIFS shares to Client Side Caching
+ (off-line access) policies. For each share one of the following
+ policies may be used: "manual", "programs", "documents", "disable"
+
+ These values used to be stored in afsdsbmt.ini
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+
+Value : "numeric value"
+Type : REG_SZ
+Default : <none>
+
+ This key is used to store newline terminated mount point strings
+ for use in constructing the fake root.afs volume when Freelance
+ (dynamic roots) mode is activated.
+
+ "athena.mit.edu#athena.mit.edu:root.cell.\n"
+ ".athena.mit.edu%athena.mit.edu:root.cell.\n"
+
+ These values used to be stored in afs_freelance.ini
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+
+Value : "submount name"
+Type : REG_SZ
+Default : <none>
+
+ This key is used to store mappings of unix style AFS paths
+ to submount names which can be referenced as UNC paths.
+ For example the submount string "/athena.mit.edu/user/j/a/jaltman"
+ can be associated with the submount name "jaltman.home".
+ This can then be referenced as the UNC path \\AFS\jaltman.home.
+
+ These values used to be stored in afsdsbmt.ini
+
+
+ENVIRONMENT VARIABLES:
+
+Variable: AFS_RPC_ENCRYPT
+Values: "OFF" disables the use of RPC encryption
+ any other value allows RPC encryption to be used
+Default: RPC encryption is on
+
+
+Variable: AFS_RPC_PROTSEQ
+Values: "ncalrpc" - local RPC
+ "ncacn_np" - named pipes
+ "ncacn_ip_tcp" - tcp/ip
+Default: local RPC
+
git://git.openafs.org / openafs.git / blobdiff