jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 15:30:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b0920fe9c2
openafs/doc/txt/winnotes/registry.txt
Jeffrey Altman b0920fe9c2 registry-docs-logoff-20040721 
* Update Windows Notes files

* Modify logoff procedure to use a pioctl to check if an arbitrary path
  exists within AFS

* Add a new registry value HKLM\Software\OpenAFS\Client  CellServDBDir
  which can be used to locate the CellServDB file in an arbitrary directory
2004-07-21 15:05:59 +00:00

804 lines
22 KiB
Plaintext
Raw Blame History

Registry keys and Environment Variables used in the Windows AFS Client
----------------------------------------------------------------------
REGISTRY KEYS:
1. Service parameters
---------------------
The service parameters primarily affect the behavior of the AFS client
service (afsd_service.exe).
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : LANadapter
Type : DWORD
Default : -1
Variable: LANadapter
LAN adapter number to use. This is the lana number of the LAN
adapter that the SMB server should bind to. If unspecified or set
to -1, a LAN adapter with named 'AFS' or a loopback adapter will be
selected. If neither are present, then all available adapters will
be bound to. When binding to a non-loopback adapter, the NetBIOS
name '%hostname%-AFS' will be used (where %hostname% is the NetBIOS
name of the host truncated to 11 characters). Otherwise, the NetBIOS
name will be 'AFS'.
Value : CacheSize
Type : QWORD
Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
Variable: cm_initParams.cacheSize
Size of the AFS cache.
Value : ChunkSize
Type : DWORD
Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)
Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.
Value : Daemons
Type : DWORD
Default : 2 (CM_CONFIGDEFAULT_DAEMONS)
Variable: numBkgD
Number of background daemons (number of threads of
cm_BkgDaemon). (see cm_BkgDaemon in cm_daemon.c)
Value : ServerThreads
Type : DWORD
Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
Variable: numSvThreads
Number of SMB server threads (number of threads of smb_Server). (see
smb_Server in smb.c).
Value : Stats
Type : QWORD
Default : 1000 (CM_CONFIGDEFAULT_STATS)
Variable: cm_initParams.nStatCaches
Cache configuration.
Value : LogoffTokenTransfer
Type : DWORD {1,0}
Default : 1
Variable: smb_LogoffTokenTransfer
If enabled (set to 1), activates functionality where the user's
tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
elapse after user logs off. If roaming profiles are used and the
roaming profile takes a long time to be written back, this ensures
that the tokens remain valid until the profile save is complete.
Value : LogoffTokenTransferTimeout
Type : QWORD
Default : 10
Variable: smb_LogoffTokenTransferTimeout
See LogoffTokenTransfer above.
Value : RootVolume
Type : REG_SZ
Default : "root.afs"
Variable: cm_rootVolumeName
Root volume name.
Value : Mountroot
Type : REG_SZ
Default : "/afs"
Variable: cm_mountRoot
Name of root mount point. In symlinks, if a path starts with
cm_mountRoot, it is assumed that the path is absolute (as opposed to
relative) and is adjusted accordingly. Eg: if a path is specified as
/afs/athena.mit.edu/foo/bar/baz and cm_mountRoot is "/afs", then the
path is interpreted as \\afs\all\athena.mit.edu\foo\bar\baz. If a
path does not start with with cm_mountRoot, the path is assumed to
be relative and suffixed to the reference directory (i.e. directory
where the symlink exists)
Value : CachePath
Type : REG_SZ
Default : "\AFSCache"
Variable: cm_CachePath
Location of on-disk cache file. The default implies the root
directory of the boot disk
Value : TrapOnPanic
Type : DWORD {1,0}
Default : 0
Variable: traceOnPanic
Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).
Value : NetbiosName
Type : REG_EXPAND_SZ
Default : "AFS"
Variable: cm_NetbiosName
Specifies the NetBIOS name to be used when binding to a Loopback
adapter. To provide the old behavior specify a value of
"%COMPUTERNAME%-AFS"
Value : IsGateway
Type : DWORD {1,0}
Default : 0
Variable: isGateway
Select whether or not this AFS client should act as a gateway. If
set and the NetBIOS name hostname-AFS is bound to a physical NIC,
other machines in the subnet can access AFS via SMB connections to
hostname-AFS.
When IsGateway is non-zero, the LAN adapter detection code will
avoid binding to a loopback adapter. This will ensure that the
NetBIOS name will be of the form hostname-AFS instead of the value
set by the "NetbiosName" registry value.
Value : ReportSessionStartups
Type : DWORD {1,0}
Default : 0
Variable: reportSessionStartups
If enabled, all SMB sessions created are recorded in the Application
event log. This also enables other events such as drive mappings
or various error types to be logged.
Value : TraceBufferSize
Type : QWORD
Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
Variable: traceBufSize
Number of entries to keep in trace log.
Value : SysName
Type : REG_SZ
Default : "i386_nt40"
Variable: cm_sysName
Self explanatory.
Value : SecurityLevel
Type : DWORD {1,0}
Default : 0
Variable: cryptall
Enables encryption on RX calls.
Value : UseDNS
Type : DWORD {1,0}
Default : 1
Variable: cm_dnsEnabled
Enables resolving volservers using AFSDB DNS queries. (see
afsdb-freelance-notes).
As of 1.3.60, this value is ignored as the DNS query support
utilizes the Win32 DNSQuery API which is available on Win2000
and above.
Value : FreelanceClient
Type : DWORD {1,0}
Default : 0
Variable: cm_freelanceEnabled
Enables freelance client. (see afsdb-freelance-notes)
Value : HideDotFiles
Type : DWORD {1,0}
Default : 1
Variable: smb_hideDotFiles
Enables marking dotfiles with the hidden attribute. Dot files are
files whose name starts with a period (excluding "." and "..").
Value : MaxMpxRequests
Type : DWORD
Default : 50
Variable: smb_maxMpxRequests
Maximum number of multiplexed SMB requests that can be made.
Value : MaxVCPerServer
Type : DWORD
Default : 100
Variable: smb_maxVCPerServer
Maximum number of SMB virtual circuits.
Value : Cell
Type : REG_SZ
Default : <none>
Variable: rootCellName
Name of root cell (the cell from which root.afs should be mounted in
\\afs\all).
Value : RxNoJumbo
Type : DWORD {0,1}
Default : 0
Variable: rx_nojumbo
If enabled, does not send or indicate that we are able to send or
receive RX jumbograms.
Value : RxMaxMTU
Type : DWORD
Default : -1
Variable: rx_mtu
If set to anything other than -1, uses that value as the maximum MTU
supported by the RX interface.
In order to enable OpenAFS to operate across the Cisco IPSec VPN
client, this value must be set to 1264 or smaller.
Value : ConnDeadTimeout
Type : DWORD
Default : 60 (seconds)
Variable: ConnDeadtimeout
The Connection Dead Time is enforced to be at a minimum 15 seconds
longer than the minimum SMB timeout as specified by
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
SessTimeout
If the minimum SMB timeout is not specified the value is 45 seconds.
See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp
Value : HardDeadTimeout
Type : DWORD
Default : 120 (seconds)
Variable: HardDeadtimeout
The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
The provides an opportunity for at least one retry.
Value : TraceOption
Type : DWORD {1|0}
Default : 0
Enables trace events for the AFS client and network provider.
Value : AllSubmount
Type : DWORD {0, 1}
Default : 1
Variable: allSubmount (smb.c)
By setting this value to 0, the "\\NetbiosName\all" mount point
will not be created. This allows the read-write versions of
root.afs to be hidden.
Value : NoFindLanaByName
Type : DWORD {0, 1}
Default : 0
Disables the attempt to identity the network adapter to use by
looking for an adapter with a display name of "AFS".
Value : MaxCPUs
Type : DWORD {1..32} or {1..64} depending on the architecture
Default : <no default>
If this value is specified, afsd_service.exe will restrict itself
to executing on the specified number of CPUs if there are a greater
number installed in the machine.
NOTE: Setting this entry to "1" may be required on hyperthreaded
systems to avoid crashes in the RX library.
Value : smbAuthType
Type : DWORD {0..2}
Default : 2
If this value is specified, it defines the type of SMB authentication
which must be present in order for the Windows SMB client to connect
to the AFS Client Service's SMB server. The values are:
0 = No authentication required
1 = NTLM authentication required
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
Value : <Drive Letter:> for example "G:"
Type : SZ
Specifies the submount name to be mapped by afsd_service.exe at startup
to the provided drive letter.
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
2. Network provider parameters
------------------------------
Affects the network provider (afslogon.dll).
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : FailLoginsSilently
Type : DWORD
Default : 0
Do not display message boxes if the login fails.
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
Value : NoWarnings
Type : DWORD
Default : 0
Disables visible warnings during logon.
Value : AuthentProviderPath
Type : REG_SZ
NSIS : %WINDIR%\SYSTEM32\afslogon.dll
Specifies the install location of the authentication provider dll.
Value : Class
Type : DWORD
NSIS : 0x02
Specifies the class of network provider
Value : DependOnGroup
Type : REG_MULTI_SZ
NSIS : PNP_TDI
Specifies the service groups upon which the AFS Client Service
depends. Windows should not attempt to start the AFS Client Service
until all of the services within these groups have successfully
started.
Value : DependOnService
Type : REG_MULTI_SZ
NSIS : Tcpip NETBIOS RpcSs
Specifies a list of services upon which the AFS Client Service
depends. Windows should not attempt to start the AFS Client Service
until all of the specified services have successfully started.
Value : Name
Type : REG_SZ
NSIS : "OpenAFSDaemon"
Specifies the display name of the AFS Client Service
Value : ProviderPath
Type : REG_SZ
NSIS : %WINDIR%\SYSTEM32\afslogon.dll
Specifies the DLL to use for the network provider
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client]
Value : CellServDBDir
Type : REG_SZ
Default : <not defined>
Specifies the directory containing the CellServDB file.
When this value is not specified, the AFS Client install
directory is used.
2.1 Domain specific configuration keys for the Network Provider
---------------------------------------------------------------
The network provider can be configured to have different behavior
depending on the domain that the user logs into. These settings are
only relevant when using integrated login. A domain refers to an
Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
local machine (i.e. local account logins). The domain name that is
used for selecting the domain would be the domain that is passed into
the NPLogonNotify function of the network provider.
Domain specific registry keys are :
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(NP key)
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
(Domains key)
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
(Specific domain key. One per domain.)
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
(Localhost key)
eg:
HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
|
+- Domain
+-AD1.EXAMPLE.COM
+-AD2.EXAMPLE.NET
+-LOCALHOST
Each of the domain specific keys can have the set of values described
in 2.1.1. The effective values are chosen as described in 2.1.2.
2.1.1 Domain specific configuration values
-------------------------------------------
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
Value : LogonOptions
Type : DWORD
Default : 0x01
NSIS/WiX: depends on user configuration
0x00 - Integrated Logon is not used
0x01 - Integrated Logon is used
0x02 - High Security Mode is used
0x03 - Integrated Logon with High Security Mode is used
High Security Mode generates random SMB names for the creation of
Drive Mappings. This mode should not be used without Integrated Logon.
As of 1.3.65 the SMB server supports SMB authentication. The High
Security Mode should not be used when using SMB authentication
(SMBAuthType setting is non zero).
Value : FailLoginsSilently
Type : DWORD (1|0)
Default : 0
NSIS/WiX: (not set)
If true, does not display any visible warnings in the event of an
error during the integrated login process.
Value : LogonScript
Type : REG_SZ or REG_EXPAND_SZ
Default : (null)
NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
A logon script that will be scheduled to be run after the profile
load is complete. If using the REG_EXPAND_SZ type, you can use
any system environment variable as "%varname%" which would be
expanded at the time the network provider is run. Optionally
using a "%s" in the value would result in it being expanded into
the AFS SMB username for the session.
Value : LoginRetryInterval
Type : DWORD
Default : 30
NSIS/WiX: (not set)
If the OpenAFS client service has not started yet, the network
provider will wait for a maximum of "LoginRetryInterval" seconds
while retrying every "LoginSleepInterval" seconds to check if the
service is up.
Value : LoginSleepInterval
Type : DWORD
Default : 5
NSIS/WiX: (not set)
See description of LoginRetryInterval.
2.1.2 Selection of effective values for domain specific configuration
----------------------------------------------------------------------
During login to domain X, where X is the domain passed into
NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
computer, the following keys will be looked up.
1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
2. Domains key. (NP key\"Domain")
3. Specific domain key. (Domains key\X)
If the specific domain key does not exist, then the domains key will
be ignored. All the configuration information in this case will
come from the NP key.
If the specific domain key exists, then for each of the values
metioned in (2), they will be looked up in the specific domain key,
domains key and the NP key successively until the value is found.
The first instance of the value found this way will be the effective
for the login session. If no such instance can be found, the
default will be used. To re-iterate, a value in a more specific key
supercedes a value in a less specific key. The exceptions to this
rule are stated below.
2.1.3 Exceptions to 2.1.2
--------------------------
To retain backwards compatibility, the following exceptions are made
to 2.1.2.
2.1.3.1 'FailLoginsSilently'
Historically, the 'FailLoginsSilently' value was in
HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
key and not in the NP key. Therefore, for backwards compatibility,
the value in the Parameters key will supercede all instances of this
value in other keys. In the absence of this value in the Parameters
key, normal scope rules apply.
2.1.3.2 'LogonScript'
If a 'LogonScript' is not specified in the specific domain key nor
in the domains key, the value in the NP key will only be checked if
the effective 'LogonOptions' specify a high security integrated
login. If a logon script is specified in the specific domain key or
the domains key, it will be used regardless of the high security
setting. Please be aware of this when setting this value.
3. AFS Credentials System Tray Tool parameters
----------------------------------------------
Affects the behavior of afscreds.exe
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : Gateway
Type : REG_SZ
Default : ""
Function: GetGatewayName()
If the AFS client is utilizing a gateway to obtain AFS access,
the name of the gateway is specified by this value.
Value : Cell
Type : REG_SZ
Default : <none>
Variable: IsServiceConfigured()
The value Cell is used to determine if the AFS Client Service has
been properly configured or not.
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client]
[HKCU\SOFTWARE\OpenAFS\Client]
Value : ShowTrayIcon
Type : DWORD {0, 1}
Default : 1
Function: InitApp(), Main_OnCheckTerminate()
This value is used to determine whether or not a shortcut should be
maintained in the user's Start Menu->Programs->Startup folder.
This value used to be stored at
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
Value : EnableKFW
Type : DWORD {0, 1}
Default : 1
Function: KFW_is_available()
When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
to obtain AFS credentials. By setting this value to 0, the internal
Kerberos 4 implementation will be used instead.
Value : AfscredsShortcutParams
Type : REG_SZ
Default : "-A -M -N -Q"
Function: Shortcut_FixStartup
This value specifies the command line options which should be set
as part of the shortcut to afscreds.exe.
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client]
Value : Authentication Cell
Type : REG_SZ
Default : <none>
Function: Afscreds.exe GetDefaultCell()
This value allows the user to configure a different cell name to
be used as the default cell when acquiring tokens in afscreds.exe
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client]
Value : Authentication Cell
Type : REG_SZ
Default : <none>
Function: Afscreds.exe GetDefaultCell()
This value allows the user to configure a different cell name to
be used as the default cell when acquiring tokens in afscreds.exe
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Reminders]
Value : "afs cell name"
Type : DWORD {0, 1}
Default : <none>
Function: LoadRemind(), SaveRemind()
These values are used to save and restore the state of the reminder
flag for each cell for which the user has obtained tokens.
This value used to be stored at
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
Value : "upper case drive letter"
Type : DWORD {0, 1}
Default : <none>
These values are used to store the persistence state of the AFS
drive mappings as listed in the [...\Client\Mappings] key
These values used to be stored in the afsdsbmt.ini file
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Mappings]
Value : "upper case drive letter"
Type : REG_SZ
Default : <none>
These values are used to store the AFS path in Unix notation
to which the drive letter is to be mapped.
These values used to be stored in the afsdsbmt.ini file.
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
Value : "smb/cifs share name"
Type : REG_SZ
Default : <none>
This key is used to map SMB/CIFS shares to Client Side Caching
(off-line access) policies. For each share one of the following
policies may be used: "manual", "programs", "documents", "disable"
These values used to be stored in afsdsbmt.ini
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
Value : "numeric value"
Type : REG_SZ
Default : <none>
This key is used to store newline terminated mount point strings
for use in constructing the fake root.afs volume when Freelance
(dynamic roots) mode is activated.
"athena.mit.edu#athena.mit.edu:root.cell.\n"
".athena.mit.edu%athena.mit.edu:root.cell.\n"
These values used to be stored in afs_freelance.ini
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\Submounts]
Value : "submount name"
Type : REG_SZ
Default : <none>
This key is used to store mappings of unix style AFS paths
to submount names which can be referenced as UNC paths.
For example the submount string "/athena.mit.edu/user/j/a/jaltman"
can be associated with the submount name "jaltman.home".
This can then be referenced as the UNC path \\AFS\jaltman.home.
These values used to be stored in afsdsbmt.ini
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
Value : "upper case drive letter"
Type : DWORD {0, 1}
Default : <none>
These values are used to store the persistence state of the AFS
drive mappings as listed in the [...\Client\Mappings] key
These values used to be stored in the afsdsbmt.ini file
Regkey:
[HKCU\SOFTWARE\OpenAFS\Client\Mappings]
Value : "upper case drive letter"
Type : REG_SZ
Default : <none>
These values are used to store the AFS path in Unix notation
to which the drive letter is to be mapped.
These values used to be stored in the afsdsbmt.ini file.
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
Value : "smb/cifs share name"
Type : REG_SZ
Default : <none>
This key is used to map SMB/CIFS shares to Client Side Caching
(off-line access) policies. For each share one of the following
policies may be used: "manual", "programs", "documents", "disable"
These values used to be stored in afsdsbmt.ini
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
Value : "numeric value"
Type : REG_SZ
Default : <none>
This key is used to store newline terminated mount point strings
for use in constructing the fake root.afs volume when Freelance
(dynamic roots) mode is activated.
"athena.mit.edu#athena.mit.edu:root.cell.\n"
".athena.mit.edu%athena.mit.edu:root.cell.\n"
These values used to be stored in afs_freelance.ini
Regkey:
[HKLM\SOFTWARE\OpenAFS\Client\Submounts]
Value : "submount name"
Type : REG_SZ
Default : <none>
This key is used to store mappings of unix style AFS paths
to submount names which can be referenced as UNC paths.
For example the submount string "/athena.mit.edu/user/j/a/jaltman"
can be associated with the submount name "jaltman.home".
This can then be referenced as the UNC path \\AFS\jaltman.home.
These values used to be stored in afsdsbmt.ini
ENVIRONMENT VARIABLES:
Variable: AFS_RPC_ENCRYPT
Values: "OFF" disables the use of RPC encryption
any other value allows RPC encryption to be used
Default: RPC encryption is on
Variable: AFS_RPC_PROTSEQ
Values: "ncalrpc" - local RPC
"ncacn_np" - named pipes
"ncacn_ip_tcp" - tcp/ip
Default: local RPC
Reference in New Issue View Git Blame Copy Permalink