diff --git a/doc/xml/ReleaseNotesWindows/relnotes.xml b/doc/xml/ReleaseNotesWindows/relnotes.xml index 0aba8b2c44..cde3b2936c 100644 --- a/doc/xml/ReleaseNotesWindows/relnotes.xml +++ b/doc/xml/ReleaseNotesWindows/relnotes.xml @@ -57,6 +57,8 @@ System Requirements
+ operating system versions, supported + system requirements 2.1 Supported Operating Systems @@ -95,6 +97,7 @@
+ operating system versions, unsupported 2.1.1 Unsupported Operating Systems @@ -116,11 +119,13 @@ Older releases of OpenAFS are available for download if unsupported operating systems must be used.  The last version of OpenAFS with support for Win9x is 1.2.2b.  The last version with support for Windows NT 4.0 is 1.2.10.
+ disk space required 2.2 Disk Space Up to 60mb required for the OpenAFS binaries plus 100MB for the default AFSCache file.   The size of the AFSCache file may be adjusted via the Registry after installation. The maximum cache size for 32-bit Windows is approximately 1.2GB. On 64-bit Windows there is no practical limit on the cache size.
2.3 Additional Software Packages + kerberos for windows MIT Kerberos for Windows 2.6.x or 3.x.x if Kerberos v5 authentication support is desired. The recommended release is version 3.2.2. For 64-bit Windows installations, the 64-bit version of Kerberos for Windows is required. For 32-bit Windows installations, the 32-bit version of Kerberos for Windows is required. @@ -132,6 +137,10 @@ Operational Notes
+ unicode + character sets + roaming profiles + folder redirection 3.1. Unicode Support Starting with the 1.5.50 release of OpenAFS for Windows, each of the AFS Client Service, the AFS Explorer Shell Extension, and the command-line tools are Unicode enabled. No longer is OpenAFS restricted to accessing file system objects whose names can be represented in the locale specific OEM code page. This has significant benefits for end users. Most importantly it permits non-Western languages to now be used for file system object names in AFS from Microsoft Windows operating systems. Now that Unicode names are supported, Roaming User Profiles and @@ -150,6 +159,7 @@ Neither UNIX AFS nor Microsoft Windows 2000 systems can perform Unicode Normalization for string comparisons. Although it is possible to store and read Unicode object names, it is possible that a user may not be able to open an object by typing the name of the object at the keyboard. GUI point and click operations should permit any object to be accessed.
+ kerberos for windows 3.2. Requirements for Kerberos v5 Authentication The Kerberos v4 infrastructure on which the OpenAFS 1.2 series is reliant is no longer secure.  Cross-realm Kerberos is very important in the AFS context and most sites have or are migrating to Kerberos v5 environments.  The OpenAFS 1.4 series (and later) integrates with MIT Kerberos for Windows 2.6.5 and above to support Kerberos v5 authentication including automatic renewal of AFS tokens and single sign-on via the Microsoft Windows Kerberos Logon Service. @@ -157,6 +167,7 @@ + network identity manager The recommended version of MIT Kerberos for Windows is 3.2.2. KFW 3.2.2 includes Network Identity Manager 1.3.1 which integrates with the AFS Provider installed as part of OpenAFS for Windows. @@ -164,8 +175,11 @@ + transarc afs When KFW is installed, the OpenAFS for Windows client will obtain Kerberos v5 tickets and use them as tokens without modification.  The OpenAFS client requires that all of the AFS Servers with which it communicates support the use of Kerberos v5 tickets as tokens. If Kerberos v5 based tokens are presented to an AFS server that does not support them, the server will be unable to communicate with the client when tokens are present. Kerberos v5 based tokens are supported by OpenAFS release 1.2.8 or later. IBM Transarc servers do not support Kerberos v5.
+ active directory + des-cbc-crc encryption type 3.2.1. Active Directory Microsoft Windows Active Directory can be used as a Kerberos v5 KDC in conjunction with OpenAFS. There are two things to consider when using an Active Directory as the Kerberos realm that issues the AFS service ticket.  First, the Kerberos v5 tickets issued by Active Directory can be quite large when compared to tickets issued by a traditional KDC due to the incorporation of authorization data (the Microsoft PAC).  If the issued tickets are larger than 344 bytes, the OpenAFS 1.2 servers will be unable to process them and will issue a RXKADBADTICKET error. OpenAFS 1.4 (and beyond) servers can support the largest tickets that Active Directory can issue.  Second, the Kerberos v5 tickets issued by Windows 2003 Active Directory are encrypted with the DES-CBC-MD5 encryption type (enctype).  OpenAFS 1.2 servers only support the DES-CBC-CRC enctype. As a result, OpenAFS 1.2 servers cannot process the resulting Kerberos v5 tokens. Windows 2000 Active Directory issues tickets with the DES-CBC-CRC enctype. Microsoft has documented in @@ -177,6 +191,9 @@ Note that an Active Directory computer object cannot be used for the afs service principal.
+ krb524 + port, 4444/udp + registry value, Use524 3.2.2. Using the krb524 Service Some organizations have AFS cell names and Kerberos realm names which differ by more then just lower and upper case and rely on a modification to krb524d which maps a Kerberos v5 ticket from realm FOO to a Kerberos v4 ticket in realm BAR.  This allows user@FOO to appear to be user@bar for the purposes of accessing the AFS cell.  As of OpenAFS 1.2.8, support was added to allow the immediate use of Kerberos v5 tickets as AFS (2b) tokens. This is the first building block necessary to break away from the limitations of Kerberos v4 with AFS.  By using Kerberos v5 directly we avoid the security holes inherent in Kerberos v4 cross-realm.  We also gain access to cryptographically stronger algorithms for authentication and encryption. Another reason for using Kerberos v5 directly is because the krb524 service runs on a port (4444/udp) which has increasingly been blocked by ISPs.  The port was used to spread a worm which attacked Microsoft Windows in the summer of 2003.  When the port is blocked users find that they are unable to authenticate. @@ -190,6 +207,7 @@
+ network identity manager 3.2.3. Network Identity Manager Provider As of release 1.5.9, OpenAFS for Windows includes a Network Identity Manager Provider for obtaining AFS tokens. This plug-in is a contribution from Secure Endpoints Inc. Network Identity Manager is a multiple identity credential management tool that ships with @@ -226,6 +244,7 @@
+ microsoft loopback adapter 3.3. Use of the Microsoft Loopback Adapter by the AFS Client Service By itself the OpenAFS Client Service does not provide robust behavior in a plug-n-play network environment.  Changes to the number of network adapters or their assigned IP addresses will cause the service to terminate unexpectedly.  To avoid this behavior OpenAFS for Windows installs a single instance of the Microsoft Loopback Adapter (MLA) on the machine.  With the MLA installed, the OpenAFS Client Service will not be affected by the configuration changes of other network adapters installed on the system.  The MLA is installed with a name of "AFS" and a pre-assigned IP address in the 10.x.x.x range.  The MLA is bound to the "Client for Microsoft Networks" service and not bound to the "File and Printer Sharing for Microsoft Networks".  If the MLA is unbound to "Client Microsoft Networks", the OpenAFS Client Service will become inaccessible when the machine is disconnected from the network.  If the MLA is bound to "File and Printer Sharing ..." there will be a service type collision between the name "AFS" and the name of the machine on the MLA's IP Address that will result in the OpenAFS client service becoming inaccessible and the "NET VIEW \\AFS" command will return a "System Error 52" message.  To correct the problem: @@ -251,6 +270,10 @@
+ freelance mode + root.afs volume, fake + mount points + symlinks 3.4. Using Freelance (Dynamic Root) Mode to Improve Mobility Traditionally, when the OpenAFS Client Service starts it must be able to access the "root.afs" volume of the default cell.  The "root.afs" volume contains the set of mount points to the "root.cell" volumes of various cells the administrator of the default cell believes should be accessible.  If the "root.afs" volume is inaccessible when the client service is started, the service will terminate unexpectedly.  Since many users now use laptops or otherwise operate in disconnected environments in which a VPN may be required to access the cell's servers, it is often the case that the "root.afs" volume for the default cell is not reachable and the OpenAFS Client Service will not successfully start. To allow the OpenAFS Client Service to operate in these environments, Freelance mode dynamically constructs a fake "root.afs" volume from mount points and symlinks stored in the local registry. @@ -282,16 +305,25 @@
+ dns, vldb lookups + afsdb dns records 3.5. Locating AFS Volume Database Servers via DNS The OpenAFS for Windows client will use DNS AFSDB records to discover the location of AFS Volume Database servers when entries for the cell are not present in the client's CellServDB file (\%PROGRAMFILES%\OpenAFS\Client\CellServDB). Also see Registry Configuration for AFS Volume Database Servers.
+ integrated logon + single sign-on + kerberos for windows + afslogon.dll + EnableKFW + Use524 + tokens 3.6. Obtaining AFS Tokens as a Integrated Part of Windows Logon OpenAFS for Windows installs a WinLogon Network Provider to provide Single Sign-On functionality (aka Integrated Logon.)  Integrated Logon can be used when the Windows username and password match the username and password associated with the default cell's Kerberos realm.  For example, if the Windows username is "jaltman" and the default cell is "athena.mit.edu", then Integrated Logon can be successfully used if the windows password matches the password assigned to the Kerberos principal "jaltman@ATHENA.MIT.EDU".  The realm "ATHENA.MIT.EDU" is obtained by performing a domain name to realm mapping on the hostname of one of the cell's Volume Database servers. Integrated Logon is required if you desire the ability to store roaming user profiles within the AFS file system.  OpenAFS does not provide tools for synchronizing the Windows and Kerberos user accounts and passwords. When KFW is configured, Integrated Logon will use it to obtain tokens. Use of KFW for Integrated Logon can be disabled via the - EnableKFW registry value. Use of the krb524 service can be configured via the + EnableKFW registry value. Use of the krb524 service can be configured via the Use524 registry value. Integrated Logon will not transfer Kerberos v5 tickets into the user’s logon session credential cache. KFW 3.1 and above provides that functionality on its own. @@ -301,6 +333,9 @@
+ afscreds.exe + system tray tool + network identity manager 3.7. AFS System Tray Command Line Options The AFS System Tray Tool (afscreds.exe) has been deprecated in favor of Network Identity Manager. afscreds.exe will be removed from the OpenAFS in a future release. The AFS System Tray tool (afscreds.exe) supports several command line options: @@ -344,6 +379,23 @@
+ AFS client administrator authorization group + AFS Client Admins + fs checkservers + fs setcachesize + fs newcell + fs sysname + fs exportafs + fs setcell + fs setserverprefs + fs storebehind + fs setcrypt + fs cscpolicy + fs trace + fs minidump + symlink make + fs makemount + Freelance root.afs volume 3.8. The "AFS Client Admins" Authorization Group The OpenAFS for Windows client supports a local Windows authorization group named "AFS Client Admins".  This group is used in place of the "Administrators" group to determine which users are allowed to modify the AFS Client Service configuration via the AFS Control Panel (afs_config.exe) or fs.exe command line tool.  The following fs.exe commands are now restricted to members of the "AFS Client Admins" group: @@ -391,6 +443,10 @@
+ UNC paths + JP Software4NT + JP SoftwareTake Commands + PowerShell 3.9. OpenAFS Support for UNC Paths The OpenAFS client supports UNC paths everywhere.  UNC paths provide a canonical name for resources stored within AFS.  UNC paths should be used instead of drive letter mappings whenever possible.   This is especially true when specifying the location of roaming profiles and redirected folders.   Power users that make extensive use of the command line shell, cmd.exe, should consider using JP Software's 4NT or Take Command command processors.  Unlike cmd.exe, the JPSoftware shells fully support UNC paths as the current directory.  JPSoftware added special recognition for OpenAFS to its command shells, 4NT 7.0 and Take Command 7.0.  AFS paths can be entered in UNIX notation (e.g., /afs/openafs.org/software), space utilization reports the output of the volume status for the specified path, and many AFS specific functions and variables have been added to the command language. @@ -400,6 +456,7 @@ Microsoft PowerShell 1.0 and 2.0 will also support UNC paths as the current directory.
+ aklog.exe 3.10. aklog.exe The OpenAFS Client ships with its own version of aklog.exe which should be used in preference to those obtained by other sources.  The OpenAFS aklog.exe supports Kerberos v5 as well as the ability to auto-generate AFS IDs within foreign PTS databases. @@ -420,6 +477,11 @@
+ OpenAFS Servers on Windows + Freelance mode + EnableKFW + power management + kaserver 3.11. OpenAFS Servers on Windows are Unsupported The AFS Server functionality provided as part of the OpenAFS install package might work but should be considered highly experimental.  It has not been thoroughly tested.  Any data which would cause pain if lost should not be stored in an OpenAFS Server on Windows. Known issues include lack of support for power management and dynamic network configuration. Salvager is also known to crash. @@ -439,7 +501,7 @@ The AFS Server and related tools only support the built in kaserver (Kerberos IV).  If kaserver is being used, MIT Kerberos for Windows should not be installed or must be disabled via the - EnableKFW registry value. + EnableKFW registry value. @@ -449,6 +511,7 @@
+ debug symbols 3.12. OpenAFS Debugging Symbol files The OpenAFS for Windows installers include Debugging Symbol files which should be installed if you are experiencing problems and need to send crash reports.  This is true for both the release and the debug versions of the installers.  The difference between the release and debug versions are: @@ -461,9 +524,6 @@ whether or not fs trace logging is turned on by default (release: no, debug: yes) - - - @@ -472,19 +532,29 @@
+ large file support + 64-bit file sizes 3.13. Large File (64-bit) Support As of release 1.5.3, OpenAFS for Windows supports files larger than 2GB.  The maximum file size is now 16777216 terabytes when the AFS File Server supports large files.   If the AFS File Server does not support 64-bit file sizes, then the maximum file size remains 2GB.
+ encryption + fs setcrypt 3.14. Encrypted AFS Network Communication The OpenAFS for Windows installer by default activates a weak form of encrypted data transfer between the AFS client and the AFS servers.  This is often referred to as "fcrypt" mode.  Encrypted data transfer can be turned on or off with the "fs crypt" command.  Transitions between "crypt" and "non-crypt" modes are logged to the Windows Application Event Log.
+ SMB authentication + NTLM + GSS SPNEGO 3.15. Authenticated SMB Access to the OpenAFS Client Service OpenAFS authenticates SMB connections using either NTLM or GSS SPNEGO (NTLM).  In previous versions of OpenAFS, the SMB connections were unauthenticated which opened the door for several attacks which could be used to obtain access to another user's tokens on shared machines.    When GSS SPNEGO attempts a Kerberos v5 authentication, the Windows SMB client will attempt to retrieve service tickets for "cifs/afs@REALM" (if the loopback adapter is in use) or "cifs/machine-afs@REALM" (if the loopback adapter is not being used).  It is extremely important that this service principal not exist in the KDC database as the Kerberos authentication must fail allowing automatic fallback to NTLM.  When NTLM is used a special local authentication mode will be used that does not require access to the user's password.  Instead, Windows will internally recognize the request as coming from a local logon session.
+ INI files + CellServDB + AFSCONF 3.16. INI Files Replaced By Windows Registry IBM AFS and OpenAFS 1.2 Windows clients stored configuration data in Windows .INI files.   This OpenAFS client does not use Windows .INI files for the storage of configuration data.   All settings are stored in the registry (see Appendix A).  The CellServDB file is now stored in either the %ALLUSERSPROFILE%\Application Data\OpenAFS\Client directory (aka \ProgramData\OpenAFS\Client on Vista\Win7\2008) or the %PROGRAMFILES%\OpenAFS\Client directory.   The @@ -493,16 +563,24 @@ For users converting from IBM AFS clients, during installation OpenAFS will relocate the contents of the "afsdcell.ini" file to the new CellServDB file.  OpenAFS will also import the contents of the "afs_freelance.ini" file to the Windows registry.   OpenAFS will not process the contents of the "afsddbmt.ini".
+ Windows Internet Connection Firewall + firewall + Back Connection 3.17. Microsoft Windows Internet Connection Firewall The OpenAFS Client is compatible with the Internet Connection Firewall that debuted with Windows XP SP2 and Windows 2003 SP1.  The Internet Connection Firewall will be automatically adjusted to allow the receipt of incoming callback messages from the AFS file server.  In addition, the appropriate Back Connection registry entries are added to allow SMB authentication to be performed across the Microsoft Loopback Adapter.
+ Explorer Shell + Microsoft Office 3.18. Browsing AFS from the Explorer Shell and Office - The OpenAFS Client Service implements the CIFS Remote Admin Protocol which allows Explorer to browse server and share information. This significantly enhances the interoperability of AFS volumes within the Explorer Shell and Microsoft Office applications. + The OpenAFS Client Service implements the CIFS Remote Admin Protocol and the Microsoft RPC SVRSVC and WKSSVC services which allows Explorer to browse server and share information. This significantly enhances the interoperability of AFS volumes within the Explorer Shell and Microsoft Office applications.
+ byte range locking + Microsoft Office + EnableServerLocks 3.19. Byte Range Locking Many applications on Windows (e.g. Microsoft Office) require the use of byte range locks applied to a file either to protect against simultaneous file access or as a signaling mechanism.   OpenAFS for Windows release 1.5 (or greater) implements byte range locking within the CIFS-AFS gateway server.   This support for byte range locking obtains AFS’ advisory file server locks to simulate Microsoft Windows mandatory locks.   When an application opens a file, a lock will be obtained from AFS indicating that the file is in use.  If the lock is a write lock, access to the file will be restricted to other applications running on the same machine as the first application to request the lock.   Applications running on other machines will see the AFS full file lock and will be unable to access the file. Most Windows applications and Windows itself opens files in shared read mode. When this is done, a read lock is applied to the file.   This does not prevent shared read access across multiple machines but is used to ensure that no one writes to the file while it is in use. @@ -538,6 +616,8 @@
+ tokens + LogoffPreserveTokens 3.20. Automatic Discarding of AFS Tokens at Logoff The OpenAFS Client will automatically forget a user's tokens upon Logoff unless the user's profile was loaded from an AFS volume.  In this situation there is no mechanism to determine when the profile has been successfully written back to the network.  It is therefore unsafe to release the user's tokens.  Whether or not the profile has been loaded from the registry can be determined for Local Accounts, Active Directory accounts and NT4 accounts. If there is a need to disable this functionality, the @@ -546,16 +626,23 @@
+ Terminal Server + 3.21. Windows Terminal Server installations When installing the NSIS (.exe) installer under Terminal Server, you must execute it from within the Add/Remove Programs Control Panel.  Failure to do so will result in AFS not running properly.  The AFS Server should not be installed on a machine with Terminal Server installed.
+ HideDotFiles 3.22. Hidden Dot Files AFS is a UNIX native file system.  The OpenAFS client attempts to treat the files stored in AFS as they would be on UNIX.  File and directory names beginning with a "." are automatically given the Hidden attribute so they will not normally be displayed. This behavior can be altered via the HideDotFiles registry value.
+ afs_confige.exe + AFS Configuration Control Panel + cache limits + Stats 3.23. Status Cache Limits The Status Cache (AFS Configuration Control Panel: Advanced Page) is defined to have a maximum number of entries.  Each entry represents a single file or directory entry accessed within the AFS file system.  When the maximum number of entries are allocated, entries will begin to be reused according to a least recently used (LRU) algorithm.  If the number of files or directories being accessed repeatedly by your applications is greater then the maximum number of entries, your host will begin to experience thrashing of the Status Cache and all requests will result in network operations. If you are experiencing poor performance try increasing the maximum number of Status Cache entries.  Each entry requires approximately 1.2K.  The default number of Status Cache entries is 10,000. This can be adjusted using the @@ -563,10 +650,14 @@
+ NETBIOS over TCP 3.24. NETBIOS over TCP/IP must be enabled "Netbios over TCP/IP" must be active on the machine in order for communication with the AFS Client Service to succeed.  If "Netbios over TCP/IP" is disabled on the machine, then communication with the AFS Client Service will be impossible. If you are using the Microsoft Loopback Adapter, configure the "Netbios over TCP/IP" setting for the adapter.
+ digital signatures + Secure Endpoints Inc. + VerifyServiceSignature 3.25. OpenAFS binaries are digitally signed The OpenAFS Client Service and related binaries distributed by OpenAFS.org are digitally signed by "Secure Endpoints Inc.".  The OpenAFS Client Service will perform a run-time verification check to ensure that all OpenAFS related DLLs loaded by the service match the same file version number and were signed by the same entity.  This check has been added to prevent the stability problems caused by more than one AFS installation present on a machine at the same time.  Many hours of support time have been wasted tracking down problems caused by the mixture of files from different releases.  @@ -575,11 +666,14 @@
+ cache size 3.26. Maximum Size of the AFSCache File The maximum cache size on 32-bit Windows is approximately 1.3GB.  This is the largest contiguous block of memory in the 2GB process address space which can be used for constructing a memory mapped file.  Due to fragmentation of the process space caused by the loading of libraries required by the digital signature verification code, any attempt to specify a cache size greater then 700MB will result in the automatic disabling of the signature check. Significantly larger cache sizes can be used on 64-bit Windows. On 32-bit systems that have Apple Bonjour 1.0.6 installed, the maximum cache size is further constrained due design flaw in the Apple mdnsNSP.dll which is injected into all processes that use network services. On these systems the maximum is approximately 512MB.
+ character sets + StoreAnsiFilenames 3.27. Filename Character Sets This section describes functionality and concerns related to pre-1.5.50 releases of OpenAFS for Windows. This release stores all file names on the file servers as Unicode encoded using UTF-8. OpenAFS for Windows implements an SMB server which is used as a gateway to the AFS filesystem.  Because of limitations of the SMB implementation in pre-1.5.50 releases, Windows stored all files into AFS using OEM code pages such as CP437 (United States) or CP850 (Western Europe).  These code pages are incompatible with the ISO Latin-1 or Unicode (UTF-8) character sets typically used as the default on UNIX systems in both the United States and Western Europe.  Filenames stored by OpenAFS for Windows were therefore unreadable on UNIX systems if they include any of the following characters: @@ -635,17 +729,25 @@
+ character sets + roaming profiles 3.28. Character Set Issues with Roaming Profiles This section describes functionality and concerns related to pre-1.5.50 releases of OpenAFS for Windows. This release stores all file names on the file servers as Unicode encoded using UTF-8. There is a known issue with storing Windows Roaming Profiles when the profile contains either directories or files with names which cannot be represented in the local OEM character set.  In this case, attempts to write the profile back to AFS will fail during the character set conversion.  The pre-1.5.50 OpenAFS Client’s CIFS gateway did not support UNICODE.  To avoid this problem some sites run custom logoff scripts (assigned by group policy) which rename all files to use only the supported characters for the locale. Versions of OpenAFS for Windows 1.5.50 and above do not suffer from these issues.
+ AFSCache + cache file + SysInternals 3.29. The AFSCache File The AFS Cache file is stored by default at %TEMP%\AFSCache in a persistent file marked with the Hidden and System attributes.  The persistent nature of the data stored in the cache file improves the performance of OpenAFS by reducing the number of times data must be read from the AFS file servers.  The performance of the AFS Client Service is significantly affected by the access times associated with the AFSCache paging file.   When given the choice, the AFSCache file should be placed on a fast disk, preferably NTFS, the file should not be compressed and should consist of as few fragments as possible.   Significant performance gains can be achieved by defragmenting the AFSCache file with SysInternal's Contig utility while the AFS Client Service is stopped.
+ service start restrictions + TransarcAFSDaemon + afsdacl.exe 3.30. Restricting OpenAFS Client Service Start and Stop A new command line tool, afsdacl.exe, can be used to restrict the ability to start and stop the OpenAFS Client Service. @@ -661,15 +763,25 @@
+ @sys + fs sysname + SysName 3.31. The @sys Name List The default @sys name list in the OpenAFS Client is set to "x86_win32 i386_w2k i386_nt40" for 32-bit x86 systems.  The default is "amd64_win64" for amd 64-bit versions of Windows.
+ UNC paths + symlinks + path separators + symlink.exe + symlink make 3.32. Symlinks to AFS UNC Paths In OpenAFS, symlinks to AFS UNC paths, \\AFS[\all]\..., are treated the same as symlinks to /afs/...  However, please use /afs/... as the Windows UNC form will not work on UNIX client. The symlink make command will automatically translate \\AFS\... to /afs/... for you.
+ debugging the cache manager + cmdebug.exe 3.33. Cache Manager Debugging The OpenAFS Client implements the Cache Manager Debugging RPC Interface.  The CM debugger can be queried with cmdebug.exe. @@ -687,10 +799,15 @@
+ windows logon caching + kerberos 3.34. Windows Logon Caching vs. Kerberos Logons If you are a site which utilizes MIT/Heimdal Kerberos principals to logon to Windows via a cross-realm relationship with a multi-domain Windows forest, you must enable Windows logon caching unless the workstation is Windows Vista.
+ server preferences + fs setserverprefs + setting server preferences 3.35. Initial Server Preferences VLDB and File Server Preferences can now be provided initial values using registry keys.  This is useful for managed machines in a Windows domain which are centrally located (e.g., in a computing lab.)  See Appendix A for details on the " @@ -698,11 +815,15 @@
+ timestamps + DST + UTC 3.36. File Timestamps and Daylight Saving Time The OpenAFS Client reports timestamps on files stored in AFS in UTC all year round.  In locales with daylight savings time, previous versions of AFS for Windows reported the time when DST is active as UTC+1.  This was done to preserve the relative local time for the user.  A file stored at 11:00am EST in January would be reported as having been stored at 11:00am EDT in June.  Unfortunately, this has the negative side effect of changing the reported timestamp from 16:00UTC to 15:00UTC.  Since Windows treats all file times in UTC, data synchronization applications which rely on the timestamp would believe that all files stored in AFS had changed. It should be noted that UNIX based operating systems (such as Solaris) do not appear to report file times to applications in UTC.  They do preserve the relative local time.  This may confuse some users who are used to being able to compare the timestamp in an UNIX shell with the timestamp from the Windows explorer.  During DST, these two times will no longer agree even though they are in fact representing the same moment in time.
+ RPC client support 3.37. Windows RPC client support must be installed If the installer refuses to install and complains about an RPC configuration error, check to ensure that the following registry entries are present and that they refer to the dll "rpcrt4.dll":    HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_np" @@ -711,10 +832,17 @@    HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_http"
+ minidumps + fs minidump 3.38. Generating Minidumps of the OpenAFS Client Service OpenAFS 1.4 added a new command, "fs minidump".  This command can be used at any time to generate a mini dump file containing the current stack of the afsd_service.exe process.   This output can be very helpful when debugging the AFS Client Service when it is unresponsive to SMB/CIFS requests.
+ UUIDs + system cloning + NonPersistentCaching + instloop.exe + msiexec.exe 3.39. AFS Client Universally Unique Identifiers (UUIDs) vs. System Cloning The OpenAFS Client implements Universally Unique Identifiers (UUIDs).  They are used to provide the AFS file server with a method of identifying the client that is independent of IP address.  This permits the AFS file server to track mobile clients or those behind Network Address Translators when they move from address to address or port to port. Tracking the client improves client performance by permitting callback state to be maintained across location changes. The UUID is generated when the AFSCache file is created and is maintained as long as the contents of the AFSCache file are valid.  The UUID is stored in the AFSCache file.  When cloning machines that have Windows AFS client installed it is necessary to generate a new UUID for each client. This will be done automatically if the Windows Machine SID is re-generated using Microsoft SysPrep. If the SID is not being re-generated either the AFSCache file should be deleted or the command @@ -731,6 +859,11 @@
+ delayed write errors + ConnDeadTimeout + SMBAsyncStoreSize + EnableSMBAsyncStore + SMB timeouts 3.40. Delayed Write Errors with Microsoft Office Applications Microsoft Office makes heavy use of asynchronous input/output methods for reading and writing to file streams.  This can result in hundreds of requests being simultaneously queued for service by the CIFS client with a fixed timeout period.  As the AFS CIFS server is local to the machine the Windows CIFS client believes that it can respond almost instantaneously to write requests as the actual writing to the AFS file server is performed by a background daemon thread.  When the actual network bandwidth to the AFS file server is slow and the file size is large it is possible for the CIFS client to time out the connection.  When this happens a "delayed write error" will be reported to the user and the application may crash.  The only workaround at the current time is to save first to a local disk and subsequently copy the file to AFS as copying a file with the explorer shell does not use asynchronous i/o. The CIFS session timeout defaults to 45 seconds and can be increased by modifying the @@ -748,6 +881,9 @@ from 45 seconds to 10 minutes.
+ global drives + service drive letters + path ioctl failures 3.41. Global Drives (aka Service Drive Letters) are no longer supported by Microsoft The Global DriveAuto-mount feature has been deprecated due to the following Microsoft KB article. @@ -764,11 +900,15 @@ on service mounted drive letters.
+ 64-bit Windows 3.42. 64-bit Microsoft Windows Installations Although 64-bit Windows platforms support both 64-bit and 32-bit applications, the OpenAFS Service installed on the machine must be 64-bit.  The 64-bit installer contains only 64-bit executables.  In order to support 32-bit applications that link against OpenAFS libraries it is required that a separate 32-bit OpenAFS Tools set be installed. For example, the 32-bit version of Kerberos for Windows can be used with the 32-bit OpenAFS Tools to manage AFS tokens. OpenAFS on 64-bit Windows benefits from the lifting of the 2GB process memory restriction that is present in 32-bit Windows.   Without this restriction the AFS Cache File can become arbitrarily large limited only by available disk space.
+ windows vista + windows 2008 + windows 7 3.43. Known Issues with Microsoft Windows Vista, Windows 7, and Server 2008 [R2] OpenAFS for Windows works with Microsoft Windows Vista, Windows 7 and Server 2008 [R2] from both the command prompt and the Explorer Shell. When performing an upgrade from earlier versions of Microsoft Windows the Microsoft Loopback Adapter (MSLA) will be uninstalled. @@ -786,6 +926,8 @@
+ share names + afs volumes - direct access 3.44. New AFS Share Name Syntax Provides Direct Access to Volumes Starting with the 1.5.21 release of OpenAFS for Windows, the following syntax can be used to access any volume in any cell without requiring the creation of a mount point. \\AFS\<cell><mount point type><volume>\ @@ -796,6 +938,11 @@ \\AFS\athena.mit.edu# 537235559\
+ fs examine + fs chown + fs chgrp + owner information + group information 3.45. Differences between Windows and UNIX "fs examine" The OpenAFS for Windows version of "fs examine" provide two additional lines of output when compared to the UNIX implementation. These lines include the owner and group information for the file as well as the volume status. @@ -816,6 +963,11 @@ To set the group use fs chgrp -group <user name or id> [-path <dir/file path>+] [-literal]
+ -literal + fs examine + fs flush + fs whereis + fs whichcell 3.46. Literal evaluation of AFS objects via fs commands Beginning with the 1.5.31 release, the fs commands examine, @@ -826,10 +978,17 @@
+ out of quota + quotas 3.47. Out of Quota errors Prior to the 1.5.31 release, out of quota errors were reported to the calling application as an out of space error. As of 1.5.31, an out of space error will indicate that the partition on which the volume is located is in fact out of space. Whereas an out of quota error indicates that the user does not have permission to allocate additional space.
+ linked cells + cell renaming + cell splitting + cell merging + CellServDB 3.48. Linked Cells The 1.5.55 release adds support for linked cells as implemented in the Unix OpenAFS client. When two cells are linked, a volume lookup in one cell that fails is retried in the linked cell. This functionality can be used to implement: @@ -859,17 +1018,22 @@
+ vldb server locations + CellServDB 3.49 Registry Configuration for AFS Volume Database Servers Beginning with the 1.5.60 release, the [HKLM\SOFTWARE\OpenAFS\Client\CellServDB] registry key can be used to distribute Volume Database Server location information either as a supplement to the CellServDB file or as a substitute for it. The precedence order for lookups is: Registry, File, and then DNS.
+ HTMLHelp 3.50 Documentation Converted to Windows HTML Help Starting with the 1.5.60 release, this document, the OpenAFS Administrator Guide and the OpenAFS User Guide are provided in HTML Help format instead of raw HTML pages.
+ Explorer Shell + Microsoft Office 3.51. Support for Microsoft RPC Services: WKSSVC and SRVSVC Beginning with the 1.5.62 release, the OpenAFS SMB Server supports named pipes and the Microsoft RPC Services WKSSVC and SRVSVC. This permits a significantly improved Netbios Server browsing experience with both the @@ -879,9 +1043,14 @@
+ debugging How to Debug Problems with OpenAFS for Windows OpenAFS for Windows provides a wide range of tools to assist you in debugging problems.  The techniques available to you are varied because of the wide range of issues that have been discovered over the years.
+ IoctlDebug + tokens.exe + aklog.exe + afscreds.exe 4.1. pioctl debugging ( <link linkend='Value_IoctlDebug'>IoctlDebug</link> registry key) @@ -919,6 +1088,8 @@ should be set.  Then any of the commands that perform pioctl calls should be executed from the command prompt.  With this key set the pioctl library will generate debugging output to stderr.  The output will contain the Win32 API calls executed along with their most important parameters and their return code.   The MSDN Library and the Microsoft KnowledgeBase can be used as a reference to help you determine the configuration probem with your system.
+ afsd_init.log + MaxLogSize 4.2. afsd_service initialization log (%WinDir%\TEMP\afsd_init.log) Every time the AFS Client Service starts it appends data about its progress and configuration to a file.  This file provides information crucial to determining why the service cannot start when there are problems.  When the process terminates due to a panic condition it will write to this file the source code file and line number of the error.  In many cases the panic condition is due to a misconfiguration of the machine.  In other cases it might be due to a programming error in the software.  A quick review of the location in the source code will quickly reveal the reason for the termination. The @@ -926,6 +1097,9 @@
+ afsd.log + fs trace + TraceBufferSize 4.3. afsd_service debug logs (fs trace {-on, -off, -dump} ->%WinDir%\TEMP\afsd.log) When attempting to debug the behavior of the SMB/CIFS Server and the Cache Manager it is often useful to examine a log of the operations being performed.  While running the AFS Client Service keeps an in memory log of many of its actions.   The default number of actions preserved at any one time is 5000.  This can be adjusted with the TraceBufferSize registry value: @@ -935,6 +1109,10 @@ A restart of the service is necessary when adjusting this value.   Execute "fs trace -on" to clear to the log and "fs trace -dump" to output the contents of the log to the file.
+ SysInternals + dbgview.exe + procmon.exe + TraceOption 4.4. Using SysInternal’s Debug Viewer, Process Monitor and Process Explorer Tools An alternatve option to the use of "fs trace -dump" to capture internal OpenAFS Client Service events is to use a tool such as Sysinternal's Debug Viewer to capture real-time debugging output.  When the OpenAFS Client Service starts and Bit 2 of the @@ -958,6 +1136,10 @@
+ minidumps + fs minidump + MiniDumpType + afsd.dmp 4.5. Creating Microsoft MiniDumps (fs minidump -> %WinDir%\TEMP\afsd.dmp) If the AFS Client Service become unresponsive to any form of communication there may be a serious error that can only be debugged by someone with access to the source code and a debugger.   The "fs minidump" command can be used to force the generation of a MiniDump file containing the state of all of the threads in the AFS Client Service process.  The most accurate MiniDump files will be produced after installing " @@ -968,6 +1150,8 @@
+ integrated logon + TraceOption 4.6. Single Sign-on (Integrated Logon) debugging If you are having trouble with the Integrated Logon operations it is often useful to be able to obtain a log of what it is attempting to do.   Setting Bit 0 of the TraceOption registry value: @@ -977,6 +1161,7 @@ will instruct the Integrated Logon Network Provider and Event Handlers to log information to the Windows Event Log: Application under the name "AFS Logon".
+ rxdebug.exe 4.7. RX (AFS RPC) debugging (rxdebug) The rxdebug.exe tool can be used to query a variety of information about the AFS services installed on a given machine.  The port for the AFS Cache Manager is 7001.  @@ -999,6 +1184,7 @@
+ cmdebug.exe 4.8. Cache Manager debugging (cmdebug) The cmdebug.exe tool can be used to query the state of the AFS Cache Manager on a given machine. @@ -1016,11 +1202,17 @@
+ AFSCache + validate cache file 4.9. Persistent Cache consistency check The persistent cache is stored in a Hidden System file at %WinDir%\TEMP\AFSCache.  If there is a problem with the persistent cache that prevent the AFS Client Service from being able to start a validation check on the file can be performed.   afsd_service.exe --validate-cache <cache-path>
+ tokens + klog.exe + kinit.exe + aklog.exe 4.10. Token Acquisition Debugging If you are having trouble obtaining tokens with the Network Identity Manager AFS credential provider, it is recommended that you verify your ability to obtain tokens using the command-line tools klog.exe (if you are using kaserver) or @@ -1031,6 +1223,7 @@
+ bug reports Reporting Bugs Bug reports should be sent to openafs-bugs@openafs.org.  Please include as much information as possible about the issue.  If you are reporting a crash, please install the debugging symbols by re-running the installer.  If a dump file is available for the problem, %WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file  %WINDIR%\TEMP\afsd.log.  The AFS Client startup log is %WINDIR%\TEMP\afsd_init.log.  Send the last continuous block of  log information from this file. @@ -1079,9 +1272,11 @@ + contributing to OpenAFS How to Contribute to the Development of OpenAFS for Windows Contributions to the development of OpenAFS for Windows are continuously needed.  Contributions may take many forms including cash donations, support contracts, donated developer time, and even donated tech writer time.
+ USENIX OpenAFS Fund 6.1. The USENIX OpenAFS Fund USENIX, a 501c3 non-profit corporation, has formed the USENIX OpenAFS Fund in order to accept tax deductible donations on behalf of the OpenAFS Elders. The donated funds will be allocated by the OpenAFS Elders to fund OpenAFS development, documentation, project management, and maintaining openafs.org. @@ -1110,6 +1305,7 @@
+ Secure Endpoints Inc. 6.2. Secure Endpoints Inc. Secure Endpoints Inc. provides development and support services for OpenAFS for Windows and @@ -1125,6 +1321,9 @@ Organizations that use OpenAFS in house and have development staffs are encouraged to contribute any code modifications they make to OpenAFS.org via openafs-bugs@openafs.org.  Contributions of documentation are highly desired.
+ mailing lists + openafs-win32-devel + openafs-info 6.4. OpenAFS for Windows Mailing Lists If you wish to participate in OpenAFS for Windows development please join the openafs-win32-devel@openafs.org mailing list. @@ -1142,6 +1341,8 @@
+ msi deployment + msi transforms MSI Deployment Guide
7.1. Introduction @@ -2195,6 +2396,7 @@
Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
+ LANadapter Value: LanAdapter Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2203,6 +2405,7 @@ LAN adapter number to use.  This is the lana number of the LAN adapter that the SMB server should bind to.  If unspecified or set to -1, a LAN adapter with named 'AFS' or a loopback adapter will be selected.  If neither are present, then all available adapters will be bound to.  When binding to a non-loopback adapter, the NetBIOS name hostname%-AFS' will be used (where %hostname% is the NetBIOS name of the host truncated to 11 characters). Otherwise, the NetBIOS name will be 'AFS'.
+ CacheSize <anchor id='Value_CacheSize' />Value: CacheSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2211,6 +2414,7 @@ Size of the AFS cache in 1k blocks.
+ ChunkSize Value: ChunkSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2231,6 +2435,7 @@
+ ServerThreads Value: ServerThreads Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2241,6 +2446,7 @@
+ Stats Value: Stats Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2252,6 +2458,7 @@
+ Volumes Value: Volumes Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2269,6 +2476,7 @@ Variable: cm_initParams.nVolumes
+ Cells Value: Cells Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2285,6 +2493,7 @@ Variable: cm_initParams.nCells
+ LogoffPreserveTokens Value: LogoffPreserveTokens Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2297,6 +2506,8 @@ Default : 0
+ RootVolume + root.afs Value: RootVolume Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -2311,6 +2522,8 @@ Variable: cm_rootVolumeName
+ MountRoot + /afs Value: MountRoot Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2326,6 +2539,8 @@ Variable: cm_mountRoot
+ CachePath + AFSCache Value: CachePath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2341,6 +2556,7 @@ Variable: cm_CachePath
+ NonPersistentCaching Value: NonPersistentCaching Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2356,6 +2572,7 @@ Variable: buf_CacheType
+ ValidateCache Value: ValidateCache Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD [0..2] @@ -2377,6 +2594,7 @@ Variable: buf_CacheType
+ TrapOnPanic Value: TrapOnPanic Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2391,6 +2609,9 @@ Variable: traceOnPanic
+ NetbiosName + SMB Server Name + \\AFS Value: NetbiosName Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2406,6 +2627,7 @@ Variable: cm_NetbiosName
+ IsGateway Value: IsGateway Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2421,6 +2643,7 @@ Variable: isGateway
+ ReportSessionStartups Value: ReportSessionStartups Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2435,6 +2658,7 @@ Variable: reportSessionStartups
+ TraceBufferSize Value: TraceBufferSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2450,6 +2674,7 @@ Variable: traceBufSize
+ SysName Value: SysName Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2468,6 +2693,8 @@ Variable: cm_sysName
+ SecurityLevel + fs setcrypt Value: SecurityLevel Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2483,6 +2710,9 @@ Variable: cryptall
+ UseDNS + AFSDB DNS records + SRV DNS records Value: UseDNS Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2493,11 +2723,13 @@ Default: 1 Variable: cm_dnsEnabled - Enables resolving volservers using AFSDB DNS queries. + Enables resolving volservers using AFSDB DNS and SRV DNS queries.
+ FreelanceClient + dynroot Value: FreelanceClient Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2513,6 +2745,7 @@ Variable: cm_freelanceEnabled
+ HideDotFiles Value: HideDotFiles Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2528,6 +2761,7 @@ Variable: smb_hideDotFiles
+ MaxMpxRequests Value: MaxMpxRequests Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2542,6 +2776,7 @@ Variable: smb_maxMpxRequests
+ MaxVCPerServer Value: MaxVCPerServer Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2556,6 +2791,8 @@ Variable: smb_maxVCPerServer
+ Cell + workstation cell name Value: Cell Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2571,6 +2808,7 @@ Variable: rootCellName
+ RxEnablePeerStats Value: RxEnablePeerStats Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2586,6 +2824,7 @@ Variable: rx_enable_peer_stats
+ RxEnableProcessStats Value: RxEnableProcessStats Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2601,6 +2840,7 @@ Variable: rx_extra_process_stats
+ RxExtraPackets Value: RxExtraPackets Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2615,6 +2855,7 @@ Variable: rx_extraPackets
+ RxMaxMTU Value: RxMaxMTU Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2631,6 +2872,7 @@ Variable: rx_mtu
+ RxNoJumbo Value: RxNoJumbo Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0,1} @@ -2645,6 +2887,7 @@ Variable: rx_nojumbo
+ ConnDeadTimeout Value: ConnDeadTimeout Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2660,6 +2903,7 @@ Variable: ConnDeadtimeout
+ HardDeadTimeout Value: HardDeadTimeout Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2682,6 +2926,7 @@ Variable: HardDeadtimeout
+ TraceOption Value: TraceOption Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2698,6 +2943,7 @@ Default: 0
+ AllSubmount Value: AllSubmount Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2710,6 +2956,7 @@ Default: 1
+ NoFindLanaByName Value: NoFindLanaByName Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2722,6 +2969,7 @@ Default: 0
+ MaxCPUs Value: MaxCPUs Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1..32} or {1..64} depending on the architecture @@ -2733,6 +2981,7 @@ Default: <no default>
+ SMBAuthType Value: SmbAuthType Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2759,6 +3008,7 @@ The default is Extended authentication
+ MaxLogSize Value: MaxLogSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2771,6 +3021,7 @@ Default: 100K
+ FlushOnHibernate Value: FlushOnHibernate Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0,1} @@ -2782,6 +3033,7 @@ Default: 1
+ DaemonCheckDownInterval Value: DaemonCheckDownInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2793,6 +3045,7 @@ Default: 180
+ DaemonCheckUpInterval Value: DaemonCheckUpInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2804,6 +3057,7 @@ Default: 600
+ DaemonCheckVolInterval Value: DaemonCheckVolInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2815,6 +3069,7 @@ Default: 3600
+ DaemonCheckCBInterval Value: DaemonCheckCBInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2826,6 +3081,7 @@ Default: 60
+ DaemonCheckLockInterval Value: DaemonCheckLockInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2837,6 +3093,7 @@ Default: 60
+ DaemonCheckTokenInterval Value: DaemonCheckTokenInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2848,6 +3105,7 @@ Default: 180
+ DaemonCheckOfflineVolInterval Value: DaemonCheckOfflineVolInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -2859,6 +3117,8 @@ Default: 600
+ CallBackPort + port 7001/udp Value: CallBackPort Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2870,6 +3130,7 @@ Default: 7001
+ EnableServerLocks Value: EnableServerLocks Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2885,6 +3146,7 @@ Default: 1
+ DeleteReadOnly Value: DeleteReadOnly Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2898,6 +3160,7 @@ Default: 0
+ BPlusTrees Value: BPlusTrees Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2911,6 +3174,7 @@ Default: 1
+ PrefetchExecutableExtensions Value: PrefetchExecutableExtensions Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: MULTI_SZ @@ -2922,6 +3186,7 @@ Default: none specified
+ OfflineReadOnlyIsValid Value: OfflineReadOnlyIsValid Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2935,6 +3200,7 @@ Default: 0
+ GiveUpAllCallBacks Value: GiveUpAllCallBacks Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2948,6 +3214,7 @@ Default: 0
+ FollowBackupPath Value: FollowBackupPath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2961,6 +3228,7 @@ Default: 0
+ RxUdpBufSize Value: RxUdpBufSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {bytes} @@ -2971,6 +3239,7 @@ Default: 262144
+ GlobalAutoMapper Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
@@ -2986,6 +3255,8 @@ Default: 262144
Regkey: [HKLM\SOFTWARE\OpenAFS\Client]
+ CellServDB + CellServDBDir Value: CellServDBDir Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -2998,6 +3269,7 @@ Default: <not defined>
+ VerifyServiceSignature Value: VerifyServiceSignature Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3010,6 +3282,8 @@ Default: 0x1
+ IoctlDebug + path ioctl debugging Value: IoctlDebug Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3022,6 +3296,8 @@ Default: 0x0
+ minidumps + MiniDumpType Value: MiniDumpType Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3084,6 +3360,7 @@ MiniDumpWithCodeSegs = 0x00002000
+ EnableSMBAsyncStore Value: EnableSMBAsyncStore Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3096,6 +3373,7 @@ Default: 0x1
+ SMBAsyncStoreSize Value: SMBAsyncStoreSize Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3108,6 +3386,9 @@ Default: 32
+ StoreAnsiFilenames + Unicode + character sets Value: StoreAnsiFilenames Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3122,6 +3403,7 @@ Default: 0x0
+ CSCPolicy Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
Value: <smb share name> @@ -3136,6 +3418,7 @@ Default: <none>
+ CellServDB Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CellServDB] The CellServDB key is an alternative to the CellServDB file that can be used either to supplement or override its contents. This registry entry is meant to provide organizations that centrally manage their client configurations using @@ -3234,6 +3517,8 @@ Default: <none>
+ Freelance + Freelance Mount Points Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
Value: <numeric value> @@ -3249,6 +3534,7 @@ Default: <none>
+ Freelance Symlinks Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks]
Value: <numeric value> @@ -3265,6 +3551,8 @@ Default: <none>
+ Realms + network identity manager Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Realms] The Realms key is used to provide initialization data to be used when new identities are added to the Network Identity Manager. The AFS Provider will search for a subkey that matches the realm of the identity. If such a key exists, its values will be used to populate the AFS configuration for the identity.
@@ -3308,6 +3596,7 @@ Default: <none>
+ Submounts Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
@@ -3324,6 +3613,7 @@ Default: <none>
+ Server Preferences Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\VLDB]
@@ -3351,11 +3641,13 @@ Default: <none>
+ integrated logon A.2. Integrated Logon Network Provider Parameters Affects the network provider (afslogon.dll).
Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
+ FailLoginsSilently Value: FailLoginsSilently Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -3369,6 +3661,7 @@ Default: 0 Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+ NoWarnings Value: NoWarnings Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: DWORD @@ -3380,6 +3673,8 @@ Default: 0
+ AuthentProviderPath + afslogon.dll Value: AuthentProviderPath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_SZ @@ -3391,6 +3686,7 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll
+ Class Value: Class Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: DWORD @@ -3402,6 +3698,7 @@ NSIS: 0x02
+ DependOnGroup Value: DependOnGroup Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_MULTI_SZ @@ -3413,6 +3710,7 @@ NSIS: PNP_TDI
+ DependOnService Value: DependOnService Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_MULTI_SZ @@ -3424,6 +3722,7 @@ NSIS: Tcpip NETBIOS RpcSs
+ Name - network provider Value: Name Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_SZ @@ -3435,6 +3734,8 @@ NSIS: "OpenAFSDaemon"
+ ProviderPath + afslogon.dll Value: ProviderPath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_SZ @@ -3447,6 +3748,7 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll
+ domain logon configuration A.2.1 Domain specific configuration keys for the Network Provider The network provider can be configured to have different behavior depending on the domain that the user logs into.  These settings are only relevant when using integrated login.  A domain refers to an Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the local machine (i.e. local account logins).  The domain name that is used for selecting the domain would be the domain that is passed into the NPLogonNotify function of the network provider. Domain specific registry keys are: @@ -3484,6 +3786,7 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+ LogonOptions Value: LogonOptions [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] @@ -3515,6 +3818,7 @@ Default: 0x01
+ FailLoginsSilently Value: FailLoginsSilently [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -3531,6 +3835,7 @@ NSIS/WiX: (not set)
+ LogonScript Value: LogonScript [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -3547,6 +3852,7 @@ NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a
+ LoginRetryInterval Value: LoginRetryInterval [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -3563,6 +3869,7 @@ NSIS/WiX: (not set)
+ LoginSleepInterval Value: LoginSleepInterval [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -3579,6 +3886,7 @@ NSIS/WiX: (not set)
+ Realm Value: Realm [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] @@ -3593,6 +3901,7 @@ NSIS: <not set>
+ TheseCells Value: TheseCells [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] @@ -3620,22 +3929,27 @@ NSIS: <not set> A.2.1.3 Exceptions to A.2.1.2 To retain backwards compatibility, the following exceptions are made to A.2.1.2.
+ FailLoginsSilently 2.1.3.1 'FailLoginsSilently' Historically, the 'FailLoginsSilently' value was in HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters key and not in the NP key.  Therefore, for backwards compatibility, the value in the Parameters key will supercede all instances of this value in other keys.  In the absence of this value in the Parameters key, normal scope rules apply.
+ LogonScript 2.1.3.2 'LogonScript' If a 'LogonScript' is not specified in the specific domain key nor in the domains key, the value in the NP key will only be checked if the effective 'LogonOptions' specify a high security integrated login.  If a logon script is specified in the specific domain key or the domains key, it will be used regardless of the high security setting.  Please be aware of this when setting this value.
+ afscreds.exe + System Tray Tool A.3. AFS Credentials System Tray Tool parameters Affects the behavior of afscreds.exe
Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
+ Gateway Value: Gateway Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -3650,6 +3964,7 @@ Function: GetGatewayName()
+ Cell Value: Cell Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -3667,6 +3982,7 @@ Variable: IsServiceConfigured() [HKLM\SOFTWARE\OpenAFS\Client] [HKCU\SOFTWARE\OpenAFS\Client]
+ ShowTrayIcon Value: ShowTrayIcon Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] @@ -3684,7 +4000,9 @@ Function: InitApp(), Main_OnCheckTerminate()
+ EnableKFW Value: EnableKFW + Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] Type: DWORD {0, 1} @@ -3699,6 +4017,7 @@ Function: KFW_is_available()
+ AcceptDottedPrincipalName Value: AcceptDottedPrincipalNames Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] @@ -3714,6 +4033,7 @@ Function: KFW_accept_dotted_usernames()
+ Use524 Value: Use524 Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3730,6 +4050,7 @@ Function: KFW_use_krb524()
+ AfscredsShortcutParams Value: AfscredsShortcutParams Regkey: [HKLM\SOFTWARE\OpenAFS\Client] @@ -3770,6 +4091,7 @@ Function: Shortcut_FixStartup Regkey: [HKCU\SOFTWARE\OpenAFS\Client]
+ Authentication Cell Value: Authentication Cell Regkey: [HKCU\SOFTWARE\OpenAFS\Client] Type: REG_SZ @@ -3784,6 +4106,7 @@ Function: Afscreds.exe GetDefaultCell()
+ Reminders Regkey: [HKCU\SOFTWARE\OpenAFS\Client\Reminders]
@@ -3801,6 +4124,7 @@ Function: LoadRemind(), SaveRemind()
+ ActiveMaps Regkey: [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
@@ -3835,6 +4159,7 @@ Default: <none>
A.4 OpenAFS Client Service Environment Variables
+ AFS_RPC_ENCRYPT Value: AFS_RPC_ENCRYPT Values: @@ -3849,6 +4174,7 @@ Default: RPC encryption is on
+ AFS_RPC_PROTSEQ Value: AFS_RPC_PROTSEQ Values: