jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-21 08:20:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
46bafc8a62
openafs/doc/txt/winnotes/registry.txt

734 lines
21 KiB
Plaintext
Raw Normal View History

skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
winnotes-registry-20040708 Add descriptions of Global Drive Mappings; MaxCPUs, and Environment Variables
2004-07-08 16:45:58 +01:00
Registry keys and Environment Variables used in the Windows AFS Client
----------------------------------------------------------------------
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
winnotes-registry-20040708 Add descriptions of Global Drive Mappings; MaxCPUs, and Environment Variables
2004-07-08 16:45:58 +01:00
REGISTRY KEYS:
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
1. Service parameters
---------------------
The service parameters primarily affect the behavior of the AFS client
service (afsd_service.exe).
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : LANadapter
Type : DWORD
Default : -1
Variable: LANadapter
LAN adapter number to use. This is the lana number of the LAN
adapter that the SMB server should bind to. If unspecified or set
to -1, a LAN adapter with named 'AFS' or a loopback adapter will be
selected. If neither are present, then all available adapters will
be bound to. When binding to a non-loopback adapter, the NetBIOS
name '%hostname%-AFS' will be used (where %hostname% is the NetBIOS
name of the host truncated to 11 characters). Otherwise, the NetBIOS
name will be 'AFS'.
Value : CacheSize
Type : QWORD
Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
Variable: cm_initParams.cacheSize
Size of the AFS cache.
Value : ChunkSize
Type : DWORD
Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)
Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.
Value : Daemons
Type : DWORD
Default : 2 (CM_CONFIGDEFAULT_DAEMONS)
Variable: numBkgD
Number of background daemons (number of threads of
cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)
Value : ServerThreads
Type : DWORD
Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
Variable: numSvThreads
Number of SMB server threads (number of threads of smb_Server). (see
smb_Server in smb.c).
Value : Stats
Type : QWORD
Default : 1000 (CM_CONFIGDEFAULT_STATS)
Variable: cm_initParams.nStatCaches
Cache configuration.
Value : LogoffTokenTransfer
Type : DWORD {1,0}
Default : 1
Variable: smb_LogoffTokenTransfer
If enabled (set to 1), activates functionality where the user's
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
elapse after user logs off. If roaming profiles are used and the
roaming profile takes a long time to be written back, this ensures
that the tokens remain valid until the profile save is complete.
Value : LogoffTokenTransferTimeout
Type : QWORD
Default : 10
Variable: smb_LogoffTokenTransferTimeout
See LogoffTokenTransfer above.
Value : RootVolume
Type : REG_SZ
Default : "root.afs"
Variable: cm_rootVolumeName
Root volume name.
Value : Mountroot
Type : REG_SZ
Default : "/afs"
Variable: cm_mountRoot
Name of root mount point. In symlinks, if a path starts with
cm_mountRoot, it is assumed that the path is absolute (as opposed to
relative) and is adjusted accordingly. Eg: if a path is specified as
/afs/athena.mit.edu/foo/bar/baz and cm_mountRoot is "/afs", then the
path is interpreted as \\afs\all\athena.mit.edu\foo\bar\baz. If a
path does not start with with cm_mountRoot, the path is assumed to
be relative and suffixed to the reference directory (i.e. directory
where the symlink exists)
Value : CachePath
Type : REG_SZ
Default : "\AFSCache"
Variable: cm_CachePath
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Location of on-disk cache file. The default implies the root
directory of the boot disk
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Value : TrapOnPanic
Type : DWORD {1,0}
Default : 0
Variable: traceOnPanic
Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Value : NetbiosName
reg-expand-str-20040316 Change the NetbiosName registry value from REG_SZ to REG_EXPAND_SZ and add the necessary code to expand the strings. This will allow the use of %COMPUTERNAME%-AFS in case people want to explicitly use a non-portable name. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== Update text for NetbiosName value.
2004-03-16 22:03:00 +00:00
Type : REG_EXPAND_SZ
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Default : "AFS"
Variable: cm_NetbiosName
Specifies the NetBIOS name to be used when binding to a Loopback
reg-expand-str-20040316 Change the NetbiosName registry value from REG_SZ to REG_EXPAND_SZ and add the necessary code to expand the strings. This will allow the use of %COMPUTERNAME%-AFS in case people want to explicitly use a non-portable name. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== Update text for NetbiosName value.
2004-03-16 22:03:00 +00:00
adapter. To provide the old behavior specify a value of
"%COMPUTERNAME%-AFS"
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Value : IsGateway
Type : DWORD {1,0}
Default : 0
Variable: isGateway
Select whether or not this AFS client should act as a gateway. If
set and the NetBIOS name hostname-AFS is bound to a physical NIC,
other machines in the subnet can access AFS via SMB connections to
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
hostname-AFS.
When IsGateway is non-zero, the LAN adapter detection code will
avoid binding to a loopback adapter. This will ensure that the
NetBIOS name will be of the form hostname-AFS instead of the value
set by the "NetbiosName" registry value.
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Value : ReportSessionStartups
Type : DWORD {1,0}
Default : 0
Variable: reportSessionStartups
If enabled, all SMB sessions created are recorded in the Application
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
event log. This also enables other events such as drive mappings
or various error types to be logged.
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Value : TraceBufferSize
Type : QWORD
Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
Variable: traceBufSize
Number of entries to keep in trace log.
Value : SysName
Type : REG_SZ
Default : "i386_nt40"
Variable: cm_sysName
Self explanatory.
Value : SecurityLevel
Type : DWORD {1,0}
Default : 0
Variable: cryptall
Enables encryption on RX calls.
Value : UseDNS
Type : DWORD {1,0}
Default : 1
Variable: cm_dnsEnabled
Enables resolving volservers using AFSDB DNS queries. (see
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
afsdb-freelance-notes).
As of 1.3.60, this value is ignored as the DNS query support
utilizes the Win32 DNSQuery API which is available on Win2000
and above.
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Value : FreelanceClient
Type : DWORD {1,0}
Default : 0
Variable: cm_freelanceEnabled
Enables freelance client. (see afsdb-freelance-notes)
Value : HideDotFiles
Type : DWORD {1,0}
Default : 1
Variable: smb_hideDotFiles
Enables marking dotfiles with the hidden attribute. Dot files are
files whose name starts with a period (excluding "." and "..").
Value : MaxMpxRequests
Type : DWORD
Default : 50
Variable: smb_maxMpxRequests
Maximum number of multiplexed SMB requests that can be made.
Value : MaxVCPerServer
Type : DWORD
Default : 100
Variable: smb_maxVCPerServer
Maximum number of SMB virtual circuits.
Value : Cell
Type : REG_SZ
Default : <none>
Variable: rootCellName
Name of root cell (the cell from which root.afs should be mounted in
\\afs\all).
Value : RxNoJumbo
Type : DWORD {0,1}
Default : 0
Variable: rx_nojumbo
If enabled, does not send or indicate that we are able to send or
receive RX jumbograms.
Value : RxMaxMTU
Type : DWORD
Default : -1
Variable: rx_mtu
If set to anything other than -1, uses that value as the maximum MTU
supported by the RX interface.
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
In order to enable OpenAFS to operate across the Cisco IPSec VPN
client, this value must be set to 1264 or smaller.
winnotes-20040605 Document changes up to this date since 1.3.64 and new registry values
2004-06-05 20:59:41 +01:00
Value : ConnDeadTimeout
Type : DWORD
Default : 60 (seconds)
Variable: ConnDeadtimeout
The Connection Dead Time is enforced to be at a minimum 15 seconds
longer than the minimum SMB timeout as specified by
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
SessTimeout
If the minimum SMB timeout is not specified the value is 45 seconds.
See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp
Value : HardDeadTimeout
Type : DWORD
Default : 120 (seconds)
Variable: HardDeadtimeout
The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
The provides an opportunity for at least one retry.
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Value : TraceOption
trace-logging-20040721 TraceLogging is supposed to be activated for different purposes with bit flags. The osi log and afslogon both used the same bit flag. Bit 0 is now for afslogon; and Bit 1 is for osi log.
2004-07-21 23:41:33 +01:00
Type : DWORD {0, 1, 2, 3}
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Default : 0
trace-logging-20040721 TraceLogging is supposed to be activated for different purposes with bit flags. The osi log and afslogon both used the same bit flag. Bit 0 is now for afslogon; and Bit 1 is for osi log.
2004-07-21 23:41:33 +01:00
Enables logging of debug output to the Windows Event Log.
Bit 0 enables logging of "Logon Events" processed by the Network Provider
and Winlogon Event Notification Handler.
Bit 1 enables logging of events captured by the AFS Client Service.
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Value : AllSubmount
Type : DWORD {0, 1}
Default : 1
Variable: allSubmount (smb.c)
By setting this value to 0, the "\\NetbiosName\all" mount point
will not be created. This allows the read-write versions of
root.afs to be hidden.
registry-20040320 Document "NoFindLanaByName"
2004-03-21 04:27:10 +00:00
Value : NoFindLanaByName
Type : DWORD {0, 1}
Default : 0
Disables the attempt to identity the network adapter to use by
looking for an adapter with a display name of "AFS".
maxcpus-20040625 Add documentation on MaxCPUs entry.
2004-06-25 23:18:44 +01:00
Value : MaxCPUs
Type : DWORD {1..32} or {1..64} depending on the architecture
Default : <no default>
If this value is specified, afsd_service.exe will restrict itself
to executing on the specified number of CPUs if there are a greater
number installed in the machine.
NOTE: Setting this entry to "1" may be required on hyperthreaded
systems to avoid crashes in the RX library.
smb-auth-20040711 Over last several years significant efforts have been made to work around the inability to protect user tokens from use by inappropriate entities. The tokens are associated with a given userid and session by a combination of an SMB based ioctl and an authenticated/encrypted RPC. This has opened the door for tokens to be borrowed by other users if they could connect to the same SMB server with the identical userid. This was trivially possible because the SMB connections were unauthenticated. This patch adds two forms of authenticated SMB connections: NTLM and Extended Security (aka GSS SPNEGO). By default Extended Security mode is used. This patch has been tested on 2000 workstation, 2000 server, XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on all platforms except for XP SP2 RC2 regards of whether or not the machine is part of a domain or not; and whether or not a local or domain account is used. On XP SP2 RC2, attempts to use negotiate Extended Security result in a Logon Denied error from AcceptSecurityContext() and a substatus code of 0x7C90486A is logged to the Security Event log via the NTLM SSP. The SMB AUTH NTLM mode succeeds on XP SP2 RC2. Disabling SMB Authentication or specifying the use of NTLM mode may be done via the registry. Value : smbAuthType Type : DWORD {0..2} Default : 2 If this value is specified, it defines the type of SMB authentication which must be present in order for the Windows SMB client to connect to the AFS Client Service's SMB server. The values are: 0 = No authentication required 1 = NTLM authentication required 2 = Extended (GSS SPNEGO) authentication required The default is Extended authentication
2004-07-11 23:22:57 +01:00
Value : smbAuthType
Type : DWORD {0..2}
Default : 2
If this value is specified, it defines the type of SMB authentication
which must be present in order for the Windows SMB client to connect
to the AFS Client Service's SMB server. The values are:
0 = No authentication required
1 = NTLM authentication required
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
maxcpus-20040625 Add documentation on MaxCPUs entry.
2004-06-25 23:18:44 +01:00
afslogon-20040722 the procedure used to obtain the profile directory failed in Domains which were not Forests. If ADS_NAME_INITTYPE_GC fails, we must try ADS_NAME_INITTYPE_DOMAIN which requires the Domain. Added a Domain parameter to QueryAdHomePathFromSid. This was easy to obtain in the NPLogonNotify since the logon domain is provided as a parameter. Unfortunately, the domain provided to the winlogon event notification routine is the user authentication domain, not the logon domain for the local machine. Needed to create a GetLocalShortDomain function which uses the IADsADSystemInfo COM interface to obtain the local short domain. With this in place, we can now properly detect the profile directory in all cases. Document MaxLogSize in registry.txt
2004-07-23 00:15:37 +01:00
Value : MaxLogSize
Type : DWORD {0 .. MAXDWORD}
Default : 100K
This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
file. If the file is larger than this value when afsd_service.exe starts
the file will be reset to 0 bytes. If this value is 0, it means the file
should be allowed to grow indefinitely.
winnotes-registry-20040708 Add descriptions of Global Drive Mappings; MaxCPUs, and Environment Variables
2004-07-08 16:45:58 +01:00
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
Value : <Drive Letter:> for example "G:"
Type : SZ
Specifies the submount name to be mapped by afsd_service.exe at startup
to the provided drive letter.
registry-20040320 Document "NoFindLanaByName"
2004-03-21 04:27:10 +00:00
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
2. Network provider parameters
------------------------------
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Affects the network provider (afslogon.dll).
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : FailLoginsSilently
Type : DWORD
Default : 0
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Do not display message boxes if the login fails.
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
Value : NoWarnings
Type : DWORD
Default : 0
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Disables visible warnings during logon.
Value : AuthentProviderPath
Type : REG_SZ
registry-docs-logoff-20040721 * Update Windows Notes files * Modify logoff procedure to use a pioctl to check if an arbitrary path exists within AFS * Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir which can be used to locate the CellServDB file in an arbitrary directory
2004-07-21 16:05:59 +01:00
NSIS : %WINDIR%\SYSTEM32\afslogon.dll
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Specifies the install location of the authentication provider dll.
Value : Class
Type : DWORD
NSIS : 0x02
Specifies the class of network provider
Value : DependOnGroup
Type : REG_MULTI_SZ
NSIS : PNP_TDI
Specifies the service groups upon which the AFS Client Service
depends. Windows should not attempt to start the AFS Client Service
until all of the services within these groups have successfully
started.
Value : DependOnService
Type : REG_MULTI_SZ
NSIS : Tcpip NETBIOS RpcSs
Specifies a list of services upon which the AFS Client Service
depends. Windows should not attempt to start the AFS Client Service
until all of the specified services have successfully started.
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Value : Name
Type : REG_SZ
NSIS : "OpenAFSDaemon"
Specifies the display name of the AFS Client Service
Value : ProviderPath
Type : REG_SZ
registry-docs-logoff-20040721 * Update Windows Notes files * Modify logoff procedure to use a pioctl to check if an arbitrary path exists within AFS * Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir which can be used to locate the CellServDB file in an arbitrary directory
2004-07-21 16:05:59 +01:00
NSIS : %WINDIR%\SYSTEM32\afslogon.dll
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Specifies the DLL to use for the network provider
registry-docs-logoff-20040721 * Update Windows Notes files * Modify logoff procedure to use a pioctl to check if an arbitrary path exists within AFS * Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir which can be used to locate the CellServDB file in an arbitrary directory
2004-07-21 16:05:59 +01:00
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client]
Value : CellServDBDir
Type : REG_SZ
Default : <not defined>
Specifies the directory containing the CellServDB file.
When this value is not specified, the AFS Client install
directory is used.
2.1 Domain specific configuration keys for the Network Provider
---------------------------------------------------------------
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
The network provider can be configured to have different behavior
depending on the domain that the user logs into. These settings are
only relevant when using integrated login. A domain refers to an
Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
local machine (i.e. local account logins). The domain name that is
used for selecting the domain would be the domain that is passed into
the NPLogonNotify function of the network provider.
Domain specific registry keys are :
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(NP key)
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
(Domains key)
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
(Specific domain key. One per domain.)
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
(Localhost key)
eg:
HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
|
+- Domain
+-AD1.EXAMPLE.COM
+-AD2.EXAMPLE.NET
+-LOCALHOST
Each of the domain specific keys can have the set of values described
in 2.1.1. The effective values are chosen as described in 2.1.2.
2.1.1 Domain specific configuration values
-------------------------------------------
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
Value : LogonOptions
Type : DWORD
Default : 0x01
NSIS/WiX: depends on user configuration
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
0x00 - Integrated Logon is not used
0x01 - Integrated Logon is used
0x02 - High Security Mode is used
0x03 - Integrated Logon with High Security Mode is used
High Security Mode generates random SMB names for the creation of
Drive Mappings. This mode should not be used without Integrated Logon.
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
As of 1.3.65 the SMB server supports SMB authentication. The High
Security Mode should not be used when using SMB authentication
(SMBAuthType setting is non zero).
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Value : FailLoginsSilently
Type : DWORD (1|0)
Default : 0
NSIS/WiX: (not set)
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
If true, does not display any visible warnings in the event of an
error during the integrated login process.
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Value : LogonScript
Type : REG_SZ or REG_EXPAND_SZ
Default : (null)
NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
A logon script that will be scheduled to be run after the profile
load is complete. If using the REG_EXPAND_SZ type, you can use
any system environment variable as "%varname%" which would be
expanded at the time the network provider is run. Optionally
using a "%s" in the value would result in it being expanded into
the AFS SMB username for the session.
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Value : LoginRetryInterval
Type : DWORD
Default : 30
NSIS/WiX: (not set)
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
If the OpenAFS client service has not started yet, the network
provider will wait for a maximum of "LoginRetryInterval" seconds
while retrying every "LoginSleepInterval" seconds to check if the
service is up.
smb-auth-20040711 Over last several years significant efforts have been made to work around the inability to protect user tokens from use by inappropriate entities. The tokens are associated with a given userid and session by a combination of an SMB based ioctl and an authenticated/encrypted RPC. This has opened the door for tokens to be borrowed by other users if they could connect to the same SMB server with the identical userid. This was trivially possible because the SMB connections were unauthenticated. This patch adds two forms of authenticated SMB connections: NTLM and Extended Security (aka GSS SPNEGO). By default Extended Security mode is used. This patch has been tested on 2000 workstation, 2000 server, XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on all platforms except for XP SP2 RC2 regards of whether or not the machine is part of a domain or not; and whether or not a local or domain account is used. On XP SP2 RC2, attempts to use negotiate Extended Security result in a Logon Denied error from AcceptSecurityContext() and a substatus code of 0x7C90486A is logged to the Security Event log via the NTLM SSP. The SMB AUTH NTLM mode succeeds on XP SP2 RC2. Disabling SMB Authentication or specifying the use of NTLM mode may be done via the registry. Value : smbAuthType Type : DWORD {0..2} Default : 2 If this value is specified, it defines the type of SMB authentication which must be present in order for the Windows SMB client to connect to the AFS Client Service's SMB server. The values are: 0 = No authentication required 1 = NTLM authentication required 2 = Extended (GSS SPNEGO) authentication required The default is Extended authentication
2004-07-11 23:22:57 +01:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
Value : LoginSleepInterval
Type : DWORD
Default : 5
NSIS/WiX: (not set)
smb-auth-20040711 Over last several years significant efforts have been made to work around the inability to protect user tokens from use by inappropriate entities. The tokens are associated with a given userid and session by a combination of an SMB based ioctl and an authenticated/encrypted RPC. This has opened the door for tokens to be borrowed by other users if they could connect to the same SMB server with the identical userid. This was trivially possible because the SMB connections were unauthenticated. This patch adds two forms of authenticated SMB connections: NTLM and Extended Security (aka GSS SPNEGO). By default Extended Security mode is used. This patch has been tested on 2000 workstation, 2000 server, XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on all platforms except for XP SP2 RC2 regards of whether or not the machine is part of a domain or not; and whether or not a local or domain account is used. On XP SP2 RC2, attempts to use negotiate Extended Security result in a Logon Denied error from AcceptSecurityContext() and a substatus code of 0x7C90486A is logged to the Security Event log via the NTLM SSP. The SMB AUTH NTLM mode succeeds on XP SP2 RC2. Disabling SMB Authentication or specifying the use of NTLM mode may be done via the registry. Value : smbAuthType Type : DWORD {0..2} Default : 2 If this value is specified, it defines the type of SMB authentication which must be present in order for the Windows SMB client to connect to the AFS Client Service's SMB server. The values are: 0 = No authentication required 1 = NTLM authentication required 2 = Extended (GSS SPNEGO) authentication required The default is Extended authentication
2004-07-11 23:22:57 +01:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
See description of LoginRetryInterval.
2.1.2 Selection of effective values for domain specific configuration
----------------------------------------------------------------------
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
registry-20040715 Description of new afslogon functionality
2004-07-16 06:49:26 +01:00
During login to domain X, where X is the domain passed into
NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
computer, the following keys will be looked up.
1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
2. Domains key. (NP key\"Domain")
3. Specific domain key. (Domains key\X)
If the specific domain key does not exist, then the domains key will
be ignored. All the configuration information in this case will
come from the NP key.
If the specific domain key exists, then for each of the values
metioned in (2), they will be looked up in the specific domain key,
domains key and the NP key successively until the value is found.
The first instance of the value found this way will be the effective
for the login session. If no such instance can be found, the
default will be used. To re-iterate, a value in a more specific key
supercedes a value in a less specific key. The exceptions to this
rule are stated below.
2.1.3 Exceptions to 2.1.2
--------------------------
To retain backwards compatibility, the following exceptions are made
to 2.1.2.
2.1.3.1 'FailLoginsSilently'
Historically, the 'FailLoginsSilently' value was in
HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
key and not in the NP key. Therefore, for backwards compatibility,
the value in the Parameters key will supercede all instances of this
value in other keys. In the absence of this value in the Parameters
key, normal scope rules apply.
2.1.3.2 'LogonScript'
If a 'LogonScript' is not specified in the specific domain key nor
in the domains key, the value in the NP key will only be checked if
the effective 'LogonOptions' specify a high security integrated
login. If a logon script is specified in the specific domain key or
the domains key, it will be used regardless of the high security
setting. Please be aware of this when setting this value.
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
3. AFS Credentials System Tray Tool parameters
----------------------------------------------
Affects the behavior of afscreds.exe
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : Gateway
Type : REG_SZ
Default : ""
Function: GetGatewayName()
If the AFS client is utilizing a gateway to obtain AFS access,
the name of the gateway is specified by this value.
Value : Cell
Type : REG_SZ
Default : <none>
Variable: IsServiceConfigured()
The value Cell is used to determine if the AFS Client Service has
been properly configured or not.
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client]
[HKCU\SOFTWARE\OpenAFS\Client]
Value : ShowTrayIcon
Type : DWORD {0, 1}
Default : 1
Function: InitApp(), Main_OnCheckTerminate()
This value is used to determine whether or not a shortcut should be
maintained in the user's Start Menu->Programs->Startup folder.
This value used to be stored at
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
Value : EnableKFW
Type : DWORD {0, 1}
Default : 1
Function: KFW_is_available()
When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
to obtain AFS credentials. By setting this value to 0, the internal
Kerberos 4 implementation will be used instead.
Value : AfscredsShortcutParams
Type : REG_SZ
Default : "-A -M -N -Q"
Function: Shortcut_FixStartup
This value specifies the command line options which should be set
as part of the shortcut to afscreds.exe.
winnotes-20040715 Update Windows note files with the latest changes.
2004-07-15 18:26:35 +01:00
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client]
Value : Authentication Cell
Type : REG_SZ
Default : <none>
Function: Afscreds.exe GetDefaultCell()
This value allows the user to configure a different cell name to
be used as the default cell when acquiring tokens in afscreds.exe
registry-notes-20040316 Update the registry usage for 1.3.60 Add information for the Network Provider values and the AFSCreds.exe values.
2004-03-16 16:15:36 +00:00
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Reminders]
Value : "afs cell name"
Type : DWORD {0, 1}
Default : <none>
Function: LoadRemind(), SaveRemind()
These values are used to save and restore the state of the reminder
flag for each cell for which the user has obtained tokens.
This value used to be stored at
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
skyrope-mit-merge-hell-20040226 From Skyrope: The Skyrope work attempted to improve on the end user experience of using OpenAFS in the following ways: * Obtain tokens using renewable Kerberos 5 tickets in order to reduce the need for end users to renew expired tokens * Monitor the list of IP Addresses in order to detect changes in the network configuration which might affect the reachability of cells or the state of the AFS Client Service. When cells are newly reachable, obtain tokens for the cells. If the AFS Client Service is not running, start it. If tokens are expiring attempt to renew them. * Use KDC probes to detect the accessibility of realms/cells. If the KDC is not reachable, do not prompt the end user for a username and password. (fs probe is not implemented on windows) * Automatically obtain tokens using the Windows Logon Session Kerberos credentials (if available) * Allow tokens for multiple cells to be obtained by using the same Kerberos 5 tickets. (no UI yet implemented) * Perform drive mapping persistance by tracking it within the afsdsbmt.ini file instead of relying on the Windows Shell to persist the state. * Add new afscreds.exe command line options and change the default set used when creating the "AFS Credentials" shortcut in the Start Menu->Programs->Startup folder. From MIT: * Auto-detection of loopback adapters. Use "AFS" as the netbios name when a loopback adapter is installed. * Support for responding to power management events. Used to flush the cache when the machine is about to suspend, hibernate, or shutdown * Documentation of Registry entries * Support for Extended SMB Requests * Beginning of support for true Event Log reporting from a message database * Hidden Dot File support (configured via the HideDotFiles registry option) * Configurable Max number of Multiplexed Sessions (MaxMpxRequests registry option) * Configurable Max MTU size (RxMaxMTU registry option) * Configurable Jumbogram support (RxNoJumbo registry option) * Configurable Max number of Virtual Connections per Server (MaxVCPerServer registry option) * Win32 DNS API support * Addition of SMB_ATTR_xxxx defines for use instead of hex numbers * A variety of heap access and resource deallocation errors corrected in the SMB code * Support for recursive directory creation * Modifications to the en_US version of the client configuration dialog (need to port to other languages) Notes on the current check-in: * The KfW code will always be used when installed on the machine. This code only supports Krb5 and will not work with Krb4 only realms. A registry flag indicating whether or not KfW should be used if found needs to be added. * afscreds.exe needs to have a registry entry created to control the parameter list it should be started with. There should be a dialog to control this in the installer and within afscreds.exe * The MIT method of auto-assigning the mount-root and the netbios name is in conflict with the morgan stanley submissions in some parts of the code. If you are using the loopback adapter with this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs" registry options must be specified. This will be fixed in coming days.
2004-02-26 19:22:35 +00:00
winnotes-20040715 Update Windows note files with the latest changes.
2004-07-15 18:26:35 +01:00
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
Value : "upper case drive letter"
Type : DWORD {0, 1}
Default : <none>
These values are used to store the persistence state of the AFS
drive mappings as listed in the [...\Client\Mappings] key
These values used to be stored in the afsdsbmt.ini file
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Mappings]
Value : "upper case drive letter"
Type : REG_SZ
Default : <none>
These values are used to store the AFS path in Unix notation
to which the drive letter is to be mapped.
These values used to be stored in the afsdsbmt.ini file.
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
Value : "smb/cifs share name"
Type : REG_SZ
Default : <none>
This key is used to map SMB/CIFS shares to Client Side Caching
(off-line access) policies. For each share one of the following
policies may be used: "manual", "programs", "documents", "disable"
These values used to be stored in afsdsbmt.ini
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
Value : "numeric value"
Type : REG_SZ
Default : <none>
This key is used to store newline terminated mount point strings
for use in constructing the fake root.afs volume when Freelance
(dynamic roots) mode is activated.
"athena.mit.edu#athena.mit.edu:root.cell.\n"
".athena.mit.edu%athena.mit.edu:root.cell.\n"
These values used to be stored in afs_freelance.ini
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\Submounts]
Value : "submount name"
Type : REG_SZ
Default : <none>
This key is used to store mappings of unix style AFS paths
to submount names which can be referenced as UNC paths.
For example the submount string "/athena.mit.edu/user/j/a/jaltman"
can be associated with the submount name "jaltman.home".
This can then be referenced as the UNC path \\AFS\jaltman.home.
These values used to be stored in afsdsbmt.ini
winnotes-registry-20040708 Add descriptions of Global Drive Mappings; MaxCPUs, and Environment Variables
2004-07-08 16:45:58 +01:00
ENVIRONMENT VARIABLES:
Variable: AFS_RPC_ENCRYPT
Values: "OFF" disables the use of RPC encryption
any other value allows RPC encryption to be used
Default: RPC encryption is on
Variable: AFS_RPC_PROTSEQ
Values: "ncalrpc" - local RPC
"ncacn_np" - named pipes
"ncacn_ip_tcp" - tcp/ip
Default: local RPC
Reference in New Issue Copy Permalink