<listitem>
<para>Microsoft Windows 2008 Server R2 (64-bit Intel)</para>
</listitem>
+ <listitem>
+ <para>Microsoft Windows 8 (32-bit and 64-bit Intel)</para>
+ </listitem>
+ <listitem>
+ <para>Microsoft Windows Server 2012 (64-bit Intel)</para>
+ </listitem>
</itemizedlist>
</para>
</section>
<para>
<indexterm significance="normal">
<primary>disk space required</primary>
- </indexterm>
- Up to 60mb required for the OpenAFS binaries plus 100MB for the default AFSCache file. The size of the AFSCache file may be adjusted via <link linkend="Regkey_TransarcAFSDaemon_Parameters_CacheSize">the Registry</link> after installation. The maximum cache size for 32-bit Windows is approximately 1.2GB. On 64-bit Windows there is no practical limit on the cache size.
- </para>
+ </indexterm> Up to 60mb required for the OpenAFS binaries plus 100MB for the default
+ AFSCache file. The size of the AFSCache file may be adjusted via <link
+ linkend="Regkey_TransarcAFSDaemon_Parameters_CacheSize">the Registry</link> after
+ installation. The maximum cache size for 32-bit Windows is approximately 1.2GB. On 64-bit
+ Windows there is no enforced limit on the cache size. </para>
</section>
<section>
<title id="Additional_Software_Packages">2.3 Additional Software Packages</title>
<para>The OpenAFS for Windows client will use DNS SRV records and DNS AFSDB records to
discover the location of AFS Volume Database servers when entries for the cell are not
present in either the client's CellServDB registry store or file
- (\%PROGRAMFILES%\OpenAFS\Client\CellServDB). Also see <link
- linkend="Registry_VLDB_Configuration">Registry Configuration for AFS Volume Database
- Servers</link>.</para>
+ (\%ALLUSERSPROFILE%\OpenAFS\Client\CellServDB or \%PROGRAMFILES%\OpenAFS\Client\CellServDB).
+ Also see <link linkend="Registry_VLDB_Configuration">Registry Configuration for AFS Volume
+ Database Servers</link>.</para>
</section>
<section>
<title id="Integrated_Logon">3.6. Obtaining AFS Tokens as a Integrated Part of Windows Logon</title>
<indexterm significance="normal">
<primary>tokens</primary>
</indexterm>
- <para>OpenAFS for Windows installs a WinLogon Network Provider to provide Single Sign-On
- functionality (aka Integrated Logon.) Integrated Logon can be used to obtain AFS tokens when
- the Windows username and password match the username and password associated with the
- default cell's Kerberos realm. For example, if the Windows username is "jaltman" and the
- default cell is "your-file-system.com", then Integrated Logon can be successfully used if
- the windows password matches the password assigned to the Kerberos principal
+ <para>OpenAFS for Windows installs a WinLogon Authentication Provider to provide Single
+ Sign-On functionality (aka Integrated Logon.) Integrated Logon can be used to obtain AFS
+ tokens when the Windows username and password match the username and password associated
+ with the default cell's Kerberos realm. For example, if the Windows username is "jaltman"
+ and the default cell is "your-file-system.com", then Integrated Logon can be successfully
+ used if the windows password matches the password assigned to the Kerberos principal
"jaltman@YOUR-FILE-SYSTEM.COM". The realm "YOUR-FILE-SYSTEM.COM" is obtained by performing a
domain name to realm mapping on the hostname of one of the cell's Volume Database
servers.</para>
system. OpenAFS does not provide tools for synchronizing the Windows and Kerberos user
accounts and passwords. Integrated Logon can be enabled or disabled via the <link
linkend="Value_LogonOptions">LogonOptions</link> registry value.</para>
- <para>When KFW is configured, Integrated Logon will use it to obtain tokens. Use of KFW for Integrated Logon can be disabled via the
- <link linkend="Value_EnableKFW">EnableKFW</link> registry value.
- </para>
+ <para>When Heimdal or KFW is installed, Integrated Logon will use it to obtain tokens using
+ Kerberos v5. If you must use the <emphasis role="italic">deprecated</emphasis> kaserver for
+ authentication instead of Kerberos v5, the use of KFW can be disabled via the <link
+ linkend="Value_EnableKFW">EnableKFW</link> registry value. </para>
<para>Integrated Logon will not transfer Kerberos v5 tickets into the user's logon session credential cache. This is no longer possible on Vista and Windows 7.</para>
- <para>Integrated Logon does not have the ability to cache the user's username and password for the purpose of obtaining tokens if the Kerberos KDC is inaccessible at logon time.</para>
- <para>Integrated Logon supports the ability to obtain tokens for multiple cells. For further information on how to configure this feature, read about the
- <link linkend="Value_TheseCells">TheseCells</link> value.
+ <para>Integrated Logon does not have the ability to cache the username and password for the
+ purpose of obtaining tokens if the Kerberos KDC is inaccessible at logon time.</para>
+ <para>Integrated Logon supports the ability to obtain tokens for multiple cells. For further
+ information on how to configure this feature, read about the <link
+ linkend="Value_TheseCells">TheseCells</link> registry value. </para>
+ <para>Depending on the configuration of the local machine, it is possible for logon
+ authentication to complete with one of the following user account types:</para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>Local Machine Account (<emphasis role="italic">LOCALHOST</emphasis> domain)</para>
+ </listitem>
+ <listitem>
+ <para>Domain or Forest Account</para>
+ </listitem>
+ <listitem>
+ <para>Domain or Forest Account NETBIOS-compatible name</para>
+ </listitem>
+ <listitem>
+ <para>Kerberos Principal mapped to a local or domain or forest account</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>For each "domain" context, the following properties are configurable:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Obtain AFS Tokens at Logon</para>
+ <itemizedlist>
+ <listitem>
+ <para>Yes</para>
+ </listitem>
+ <listitem>
+ <para>No</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Alternate Kerberos Realm Name - combined with the username to construct a Kerberos
+ principal</para>
+ </listitem>
+ <listitem>
+ <para>TheseCells - A list of cell names other than the workstation cell for which tokens
+ should be obtained</para>
+ </listitem>
+ <listitem>
+ <para>Fail Logons Silently</para>
+ <itemizedlist>
+ <listitem>
+ <para>Yes</para>
+ </listitem>
+ <listitem>
+ <para>No</para>
+ </listitem>
+ </itemizedlist>
+
+ </listitem>
+ <listitem>
+ <para>Logon Script to Execute</para>
+ </listitem>
+ <listitem>
+ <para>Logon Retry Interval</para>
+ </listitem>
+ <listitem>
+ <para>Logon Sleep between Failure Interval</para>
+ </listitem>
+ </itemizedlist>
+ <para>Within a "domain" context it is often desireable to apply alternate rules for a
+ particular user. The rules can include a username substitution.</para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>Obtain AFS Tokens at Logon</para>
+ <itemizedlist>
+ <listitem>
+ <para>Yes</para>
+ </listitem>
+ <listitem>
+ <para>No</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Alternate User Name</para>
+ </listitem>
+ <listitem>
+ <para>Alternate Kerberos Realm Name - combined with the username to construct a Kerberos
+ principal</para>
+ </listitem>
+ <listitem>
+ <para>TheseCells - A list of cell names other than the workstation cell for which tokens
+ should be obtained</para>
+ </listitem>
+ <listitem>
+ <para>Fail Logons Silently</para>
+ <itemizedlist>
+ <listitem>
+ <para>Yes</para>
+ </listitem>
+ <listitem>
+ <para>No</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Logon Script to Execute</para>
+ </listitem>
+ <listitem>
+ <para>Logon Retry Interval</para>
+ </listitem>
+ <listitem>
+ <para>Logon Sleep between Failure Interval</para>
+ </listitem>
+ </itemizedlist>
</para>
+ <para>The configuration hierarchy is specified in the registry under the
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain key. For
+ example:</para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>...\NetworkProvider\Domain\LOCALHOST\</para>
+ </listitem>
+ <listitem>
+ <para>...\NetworkProvider\Domain\LOCALHOST\Administrator\</para>
+ </listitem>
+ <listitem>
+ <para>...\NetworkProvider\Domain\AD\</para>
+ </listitem>
+ <listitem>
+ <para>...\NetworkProvider\Domain\AD.EXAMPLE.ORG\</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para> From the perspective of configuration, the Full domain name and the
+ NETBIOS-compatibility name are separate entities. </para>
</section>
<section>
<title id="AFS_System_Tray">3.7. AFS Authentication Tool Command Line Options</title>
<primary>PowerShell</primary>
</indexterm>
<para>The OpenAFS client supports UNC paths everywhere. UNC paths provide a canonical name for resources stored within AFS. UNC paths should be used instead of drive letter mappings whenever possible. This is especially true when specifying the location of roaming profiles and redirected folders.</para>
- <para>Power users that make extensive use of the command line shell, cmd.exe, should consider using JP Software's 4NT or Take Command command processors. Unlike cmd.exe, the JPSoftware shells fully support UNC paths as the current directory. JPSoftware added special recognition for OpenAFS to its command shells, 4NT 7.0 and Take Command 7.0. AFS paths can be entered in UNIX notation (e.g., /afs/openafs.org/software), space utilization reports the output of the volume status for the specified path, and many AFS specific functions and variables have been added to the command language. Take Command 13.1 will include support for OpenAFS IFS Reparse Points.</para>
+ <para>Power users that make extensive use of the command line shell, cmd.exe, should consider
+ using JP Software's 4NT or Take Command command processors. Unlike cmd.exe, the JPSoftware
+ shells fully support UNC paths as the current directory. JPSoftware added special
+ recognition for OpenAFS to its command shells, 4NT 7.0 and Take Command 7.0. AFS paths can
+ be entered in UNIX notation (e.g., /afs/openafs.org/software), space utilization reports the
+ output of the volume status for the specified path, and many AFS specific functions and
+ variables have been added to the command language. Take Command 14.03 includes support for
+ OpenAFS IFS Reparse Points and Hard Links.</para>
<para>JPSoftware's web site is
<ulink url="http://www.jpsoft.com/">http://www.jpsoft.com</ulink>.
</para>
<indexterm significance="normal">
<primary>checked builds</primary>
</indexterm>
- <para>The OpenAFS for Windows installers include Debugging Symbol files which should be installed if you are experiencing problems and need to send crash reports. This is true for both the release and the debug versions of the installers. The difference between the release and debug versions are:</para>
+ <para>The OpenAFS for Windows installers include Debugging Symbol files which should be
+ installed if you are experiencing problems and need to send crash reports or view OpenAFS
+ stack traces within Process Explorer or Debug View. This is true for both the release and
+ the debug versions of the installers. The difference between the release and debug versions
+ are:</para>
<itemizedlist>
<listitem>
<para>whether or not the binaries were compiled with optimization (release: yes, debug: no)</para>
</tbody>
</tgroup>
</informaltable>
- <para></para>
<para>The pre-1.5.50 OpenAFS Client provided an optional registry value,
<link linkend="Value_StoreAnsiFilenames">StoreAnsiFilenames</link>, that could be set to instruct OpenAFS to store filenames using the ANSI Code Page instead of the OEM Code Page. The ANSI Code Page is a compatible superset of Latin-1. This setting is not the default setting because making this change would prevent OpenAFS for Windows from being able to access filenames containing the above characters which were created without this setting.
</para>
<indexterm significance="normal">
<primary>fs whichcell</primary>
</indexterm>
- <para>Beginning with the 1.5.31 release, the fs commands
- <emphasis>examine</emphasis>,
- <emphasis>flush</emphasis>,
- <emphasis>whereis</emphasis>, and
- <emphasis>whichcell</emphasis> provide a new command-line parameter,
- <emphasis>-literal</emphasis>. When specified, if the evaluated object is a symlink or a mountpoint the resulting output will describe the specified object and not the target of the symlink or mountpoint.
- </para>
+ <para>Beginning with the 1.5.31 release, the fs commands <emphasis>examine</emphasis>,
+ <emphasis>flush</emphasis>, <emphasis>getuseraccess</emphasis>, <emphasis>whereis</emphasis>, and
+ <emphasis>whichcell</emphasis> provide a new command-line parameter,
+ <emphasis>-literal</emphasis>. When specified, if the evaluated object is a symlink or a
+ mountpoint the resulting output will describe the specified object and not the target of the
+ symlink or mountpoint. </para>
</section>
<section>
<title id="Out_of_Quota_Errors">3.47. Out of Quota errors</title>
The following is a list of known issues when using the IFS redirector driver:
<itemizedlist>
<listitem>
- <para>It is not possible to execute an application out of AFS under
- the following conditions:
- <itemizedlist>
- <listitem><para>The path is a drive letter mapping</para></listitem>
- <listitem><para>The application requires elevated privileges</para></listitem>
- </itemizedlist>
- Workaround: use SUBST instead of NET USE to assign drive
- letters to UNC paths.
- </para>
- </listitem>
+ <para>Adobe Reader Protected Mode prevents saving PDF documents to AFS. </para>
+ <para>
+ In Acrobat Reader 9.3.2 Adobe added a new security feature "Protected
+Mode" which is enabled by default. Protected mode runs AcroRd32.exe in
+a sandbox and prevents undesirable network access. The release notes
+with all versions of Reader since 9.3.2 indicate that DFS and NFS
+network paths are inaccessible when Protected Mode is on.
+ </para>
+ </listitem>
+ <listitem>
+ <para>Command Prompt .LNK files do not behave properly when stored within AFS <itemizedlist>
+ <listitem>
+ <para>Custom properties will be ignored.</para>
+ </listitem>
+ <listitem>
+ <para>It is not possible to make changes to the LNK properties.</para>
+ </listitem>
+ </itemizedlist> These issues are the result of the <emphasis role="italic">Console
+ Window Host</emphasis> process (conhost.exe) running outside the logon session's
+ authentication group. While conhost.exe impersonates the Windows user, it does not
+ impersonate a logon session process. As a result, it has no tokens and cannot access
+ the LNK file.</para>
+ </listitem>
<listitem>
<para>The Windows File System <ulink url="http://msdn.microsoft.com/en-us/library/ff549293%28v=vs.85%29.aspx">Volume Query Quota Interface</ulink> is not implemented. As a result, AFS quota information is not available to application processes or end users via Windows dialogs.</para>
</listitem>
</itemizedlist>
</para>
</section>
+ <section>
+ <title id="windows8_changes">3.56. Changes for Windows 8 and Server 2012</title>
+ <indexterm significance="normal">
+ <primary>Windows 8</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>Server 2012</primary>
+ </indexterm>
+ <para>
+ In Windows 8 and Server 2012 Microsoft has introduced a new file system, ReFS, and has begun the process of transitioning away from several legacy file system properties including 8.3 compatible short names for all file system objects.
+ The OpenAFS file system has followed suit and is disabling automatic generation of 8.3 compatible names on Windows 8 and Server 2012.
+ </para>
+ </section>
</chapter>
<chapter id="chap_4">
</section>
<section>
<title id="Direct_Code_Contributions">6.4. Direct contributions of code and/or documentation </title>
- <para>Organizations that use OpenAFS in house and have development staffs are encouraged to contribute any code modifications they make to OpenAFS.org via openafs-bugs@openafs.org. Contributions of documentation are highly desired. </para>
+ <para>Organizations that use OpenAFS in house and have development staffs are encouraged to
+ contribute code and documentation modifications to OpenAFS.org via
+ <emphasis>>http://gerrit.openafs.org/</emphasis>.</para>
</section>
<section>
<title id="OAFW_Mailing_Lists">6.5. OpenAFS for Windows Mailing Lists</title>
<indexterm significance="normal">
<primary>openafs-info</primary>
</indexterm>
- <para>If you wish to participate in OpenAFS for Windows development please join the
- <ulink url="mailto:openafs-win32-devel@openafs.org?subject=OpenAFS%20for%20Windows%20Development%20Contribution">openafs-win32-devel@openafs.org</ulink> mailing list.
- </para>
+ <para>If you wish to participate in OpenAFS for Windows development, please join the <ulink
+ url="mailto:openafs-win32-devel@openafs.org?subject=OpenAFS%20for%20Windows%20Development%20Contribution"
+ >openafs-win32-devel@openafs.org</ulink> mailing list. </para>
<para>
<emphasis role="bold">https://lists.openafs.org/mailman/listinfo/openafs-win32-devel</emphasis>
</para>
</tbody>
</tgroup>
</informaltable>
- <para></para>
<para>The example adds domain specific keys for 'ATHENA.MIT.EDU' (enable integrated logon) and 'LOCALHOST' (disable integrated logon and fail logins silently).</para>
</section>
<section>
<para>Default: -1</para>
<para>Variable: LANadapter</para>
<para>LAN adapter number to use. This is the lana number of the LAN adapter that the SMB server should bind to. If unspecified or set to -1, a LAN adapter with named 'AFS' or a loopback adapter will be selected. If neither are present, then all available adapters will be bound to. When binding to a non-loopback adapter, the NetBIOS name hostname%-AFS' will be used (where %hostname% is the NetBIOS name of the host truncated to 11 characters). Otherwise, the NetBIOS name will be 'AFS'.</para>
+ <para>[This parameter is ignored unless SMB mode is active.]</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_CacheSize">Value: CacheSize</title>
<para>Type: DWORD</para>
<para>Default: 98304 (CM_CONFIGDEFAULT_CACHESIZE)</para>
<para>Variable: cm_initParams.cacheSize</para>
- <para>Size of the AFS cache in 1k blocks.</para>
+ <para>Size of the AFS data cache specified in 1k blocks.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_ChunkSize">Value: ChunkSize</title>
<para>Type: DWORD</para>
<para>Default: 20 (CM_CONFIGDEFAULT_CHUNKSIZE)</para>
<para>Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)</para>
- <para>Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize. The default chunk size is therefore 1 MB.</para>
+ <para>Maximum size of chunk for reading and writing. Actual chunk size is
+ 2^cm_logChunkSize. The default chunk size is therefore 1 MB.</para>
+ </section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_BlockSize">Value: BlockSize</title>
+ <indexterm>
+ <primary>BlockSize</primary>
+ </indexterm>
+ <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD</para>
+ <para>Default: 4096 (CM_CONFIGDEFAULT_BLOCKSIZE)</para>
+ <para>Size of buffer allocation. Must be an even multiple of 1024 and (2^cm_logChuckSize
+ mod BlockSize) must equal zero.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_Daemons">Value: Daemons</title>
<para>Type: DWORD</para>
<para>Default: 16 (CM_CONFIGDEFAULT_DAEMONS)</para>
<para>Variable: numBkgD</para>
- <para>Number of background daemons (number of threads of cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)</para>
+ <para>Number of background daemon threads used to fetch data from and store data to the
+ file servers.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_ServerThreads">Value: ServerThreads</title>
<para>Type: DWORD</para>
<para>Default: 25 (CM_CONFIGDEFAULT_SVTHREADS)</para>
<para>Variable: numSvThreads</para>
- <para>Number of SMB server threads (number of threads of smb_Server). (see smb_Server in smb.c).</para>
+ <para>Number of SMB server or AFS Redirector worker threads used to process application
+ file system requests..</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_Stats">Value: Stats</title>
<para>Type: DWORD</para>
<para>Default: 10000 (CM_CONFIGDEFAULT_STATS)</para>
<para>Variable: cm_initParams.nStatCaches</para>
- <para>Cache configuration.</para>
+ <para>The number of file system status objects. One status object is required for each
+ directory entry (file, directory, mount point, symlink).</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_Volumes">Value: Volumes</title>
</para>
<para>
Variable: cm_initParams.nVolumes</para>
- <para>
- <emphasis>Cache configuration.</emphasis>
- </para>
+ <para> The number of volume group objects. One volume group object is required for each
+ set of volume, volume.readonly and volume.backup. </para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_Cells">Value: Cells</title>
</para>
<para>
Variable: cm_initParams.nCells</para>
- <para>
- <emphasis>Cache configuration.</emphasis>
- </para>
+ <para> The number of cell objects. One cell object is required for each cell accessed by
+ the AFS cache manager.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_LogoffPreserveTokens">Value: LogoffPreserveTokens</title>
</para>
<para>
Default : 0</para>
- <para>If enabled (set to 1), the Logoff Event handler will not attempt to delete the user's tokens if the user's profile is stored outside of AFS.</para>
+ <para>If enabled (set to 1), the Logoff Event handler will not attempt to delete the
+ user's tokens if the user's profile is stored outside of AFS. This option only applies
+ when the AFS SMB gateway interface is in use.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_RootVolume">Value: RootVolume</title>
</para>
<para>
Variable: cm_NetbiosName</para>
- <para>Specifies the NetBIOS name (or SMB Server Name) to be used when binding to a Loopback adapter. To provide the old behavior specify a value of "%COMPUTERNAME%-AFS".</para>
+ <para>Specifies the NetBIOS name (or SMB Server Name) to be used when binding to a
+ Loopback adapter. To provide the old behavior specify a value of "%COMPUTERNAME%-AFS".
+ When the AFS Redirector interface is in use, this value specifies the UNC server name
+ registered with the Windows Multiple UNC Provider.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_IsGateway">Value: IsGateway</title>
Variable: isGateway</para>
<para>Select whether or not this AFS client should act as a gateway. If set and the NetBIOS name hostname-AFS is bound to a physical NIC, other machines in the subnet can access AFS via SMB connections to hostname-AFS.</para>
<para>When IsGateway is non-zero, the LAN adapter detection code will avoid binding to a loopback adapter. This will ensure that the NetBIOS name will be of the form hostname-AFS instead of the value set by the "NetbiosName" registry value.</para>
+ <para>This setting only applies when the AFS SMB interface is in use.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_ReportSessionStartups">Value: ReportSessionStartups</title>
<para>Enables freelance client.</para>
</section>
<section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_FreelanceImportCellServDB">Value: FreelanceImportCellServDB</title>
+ <indexterm significance="normal">
+ <primary>FreelanceImportCellServDB</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>dynroot</primary>
+ </indexterm>
+ <para id="Value_FreelanceImportCellServDB">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {1,0}
+ </para>
+ <para>
+ Default: 0
+ </para>
+ <para>
+ Variable: cm_freelanceImportCellServDB</para>
+ <para>Creates Freelance Mount Points for each cell listed in the CellServDB during startup.</para>
+ </section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_FreelanceDiscovery">Value: FreelanceDiscovery</title>
+ <indexterm significance="normal">
+ <primary>FreelanceDiscovery</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>dynroot</primary>
+ </indexterm>
+ <para id="Value_FreelanceDiscovery">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {1,0}
+ </para>
+ <para>
+ Default: 1
+ </para>
+ <para>
+ Variable: cm_freelanceDiscovery</para>
+ <para>Enables automatic discovery of cell mount points within the Freelance root.</para>
+ </section>
+ <section>
<title id="Regkey_TransarcAFSDaemon_Parameters_HideDotFiles">Value: HideDotFiles</title>
<indexterm significance="normal">
<primary>HideDotFiles</primary>
<para>
Variable: rx_enable_peer_stats</para>
<para>When set to 1, the Rx library collects peer statistics.</para>
- <para></para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_RxEnableProcessStats">Value: RxEnableProcessStats</title>
<para>
Variable: rx_extra_process_stats</para>
<para>When set to 1, the Rx library collects process statistics.</para>
- <para></para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_RxExtraPackets">Value: RxExtraPackets</title>
</member>
</simplelist>
</para>
- <para>
-The default is Extended authentication</para>
+ <para> The default is Extended authentication This value only applies when the SMB server
+ interface is in use.</para>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_MaxLogSize">Value: MaxLogSize</title>
<para>The "fs getverify" and "fs setverify {on, off}" commands can be used to query and
set this value at runtime.</para>
</section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_ShortNames">Value: ShortNames</title>
+ <indexterm significance="normal">
+ <primary>ShortNames</primary>
+ </indexterm>
+ <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {0, 1}
+ </para>
+ <para>
+ Default: 0 on Windows 8 and Server 2012, 1 otherwise</para>
+ <para>Determines whether or not the AFS Cache Manager will generate 8.3 compatible shortnames for all objects stored in AFS. Short names are disabled by default on Windows 8 and Server 2012. All prior operating systems enable short names by default.</para>
+ <para>0: do not generate 8.3 compatible short names.</para>
+ <para>1: generate 8.3 compatible short names.</para>
+ </section>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_GlobalAutoMapper">Regkey:
<para>HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider</para>
<para> |</para>
<para> +- Domain</para>
- <para> +-AD1.EXAMPLE.COM</para>
- <para> +-AD2.EXAMPLE.NET</para>
- <para> +-LOCALHOST</para>
+ <para> +-AD1.EXAMPLE.COM</para>
+ <para> +-AD1</para>
+ <para> +-AD2.EXAMPLE.NET</para>
+ <para> +-AD2</para>
+ <para> +-LOCALHOST</para>
+ <para> +-Administrator</para>
+ <para> +-Other User</para>
<para>Each of the domain specific keys can have the set of values described in 2.1.1. The
effective values are chosen as described in 2.1.2.</para>
</section>
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain
name"]
- [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</title>
+ [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain
+ name"]["user name"]
+ [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+ [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\"user name"]
+ </title>
<section>
<title id="Domain_Specific_Regkeys_LogonOptions">Value: LogonOptions</title>
<indexterm significance="normal">
>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: DWORD </para>
<para> Default: 0x01</para>
<para>NSIS/WiX: depends on user configuration</para>
<simplelist type="vert">
<member>0x00 - Integrated Logon is not used </member>
<member> 0x01 - Integrated Logon is used </member>
- <member> 0x02 - High Security Mode is used (deprecated) </member>
- <member> 0x03 - Integrated Logon with High Security Mode is used (deprecated)
- </member>
</simplelist>
</para>
- <para>High Security Mode generates random SMB names for the creation of Drive
- Mappings. This mode should not be used without Integrated Logon.</para>
- <para>As of 1.3.65 the SMB server supports SMB authentication. The High Security Mode
- should not be used when using SMB authentication (SMBAuthType setting is non
- zero).</para>
</section>
<section>
<title id="Domain_Specific_Regkeys_FailLoginsSilently">Value:
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: DWORD (1|0) </para>
<para> Default: 0 </para>
<para> NSIS/WiX: (not set)</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: REG_SZ or REG_EXPAND_SZ </para>
<para> Default: (null) </para>
<para> NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: DWORD </para>
<para> Default: 30 </para>
<para> NSIS/WiX: (not set)</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: DWORD </para>
<para> Default: 5 </para>
<para> NSIS/WiX: (not set)</para>
>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: REG_SZ </para>
<para> NSIS: <not set></para>
<para>When Kerberos v5 is being used, Realm specifies the Kerberos v5 realm that
>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: REG_MULTI_SZ </para>
<para> NSIS: <not set></para>
<para>When Kerberos v5 is being used, TheseCells provides a list of additional cells
for which tokens should be obtained with the default Kerberos v5 principal.</para>
</section>
+ <section>
+ <title id="Domain_User_Specific_Regkeys_Username">Value: Username</title>
+ <indexterm significance="normal">
+ <primary>Username</primary>
+ </indexterm>
+ <para id="Value_Username"
+ >[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ name>\<user name>]</para>
+ <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
+ <para>Type: REG_SZ </para>
+ <para> NSIS: <not set></para>
+ <para>Username specifies an alternate username to be combined with the Realm when constructing
+ the Kerberos v5 principal for which AFS tokens should be obtained.</para>
+ </section>
</section>
</section>
<section>
<para>Bit 17 (0x20000): Process creation and destruction</para>
<para>Bit 18 (0x40000): Extent Active counting</para>
<para>Bit 19 (0x80000): Redirector initialization</para>
+ <para>Bit 20 (0x100000): Name Array processing</para>
</section>
</section>
<section>
- <title>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]</title>
+ <title>[HKLM\SYSTEM\CurrentControlSet\Services\AFSRedirector\NetworkProvider]</title>
<para/>
<section>
<title>Value: Debug</title>
git://git.openafs.org / openafs.git / blobdiff