! The AFS configuration panel for each Kerberos 5 identity is used to configure which cells credentials should be obtained for and how they should be obtained. If the cell to realm mapping cannot be automatically determined, it can be explicitly ! specified. If the cell does not support ! Kerberos 5 tickets as tokens, then a krb524 service can be configured.
The AFS configuration panel for each Kerberos v5 identity is used to configure which cells credentials should be obtained for and how they should be obtained. If the cell to realm mapping cannot be automatically determined, it can be explicitly ! specified. If the cell does not support Kerberos ! v5 tickets as tokens, then a krb524 service can be configured.
The AFS plug-in configuration panel provider can be used to
check the status of the AFS Client Service and its version. An optional checkbox is provided that will
prevent the AFS System Tray Tool from being started by Windows after
--- 954,960 ----
The OpenAFS Provider configuration panel can be used to check the status of the AFS Client Service and its version. An optional checkbox is provided that will prevent the AFS System Tray Tool from being started by Windows after *************** *** 965,974 ****
By itself the OpenAFS Client Service does not provide robust behavior in a plug-n-play network environment. Changes to the number of network adapters or their assigned IP addresses will cause the service to ! terminate unexpectedly. To avoid this behavior OpenAFS for Windows installs ! a single instance of the Microsoft Loopback Adapter (MLA) on the machine. ! With the MLA installed, the OpenAFS Client Service will not be affected by the ! configuration changes of other network adapters installed on the system.
The MLA is installed with a name of "AFS" and a pre-assigned IP address in the 10.x.x.x range. The MLA is bound to the --- 970,980 ----
By itself the OpenAFS Client Service does not provide robust behavior in a plug-n-play network environment. Changes to the number of network adapters or their assigned IP addresses will cause the service to ! terminate unexpectedly. To avoid this behavior OpenAFS for Windows ! installs a single instance of the Microsoft Loopback Adapter (MLA) on the ! machine. With the MLA installed, the OpenAFS Client Service will not be ! affected by the configuration changes of other network adapters installed on ! the system.
The MLA is installed with a name of "AFS" and a pre-assigned IP address in the 10.x.x.x range. The MLA is bound to the *************** *** 1041,1052 **** modified as cells are accessed. When the fake "root.afs" volume is initially constructed it will only contain two mount points: a regular path and read-write path mount point used to access the ! "root.cell" volume of the default AFS cell. Any attempt to ! access a valid cell name will result in a new mount point being created in the ! fake "root.afs" volume. If the cellname begins with a ! "." the mount point will be a read-write path; otherwise the ! mount point will be a regular path. These mount points are ! preserved in the registry at key:
HKLM\SOFTWARE\OpenAFS\Client\Freelance
--- 1047,1058 ---- modified as cells are accessed. When the fake "root.afs" volume is initially constructed it will only contain two mount points: a regular path and read-write path mount point used to access the ! "root.cell" volume of the default AFS cell. Any attempt to access ! a valid cell name will result in a new mount point being created in the fake ! "root.afs" volume. If the cellname begins with a "." ! the mount point will be a read-write path; otherwise the mount point ! will be a regular path. These mount points are preserved in the ! registry at key:HKLM\SOFTWARE\OpenAFS\Client\Freelance
*************** *** 1107,1116 **** provide Single Sign-On functionality (aka Integrated Logon.) Integrated Logon can be used when the Windows username and password match the username and password associated with the default cell's Kerberos realm. For example, ! if the Windows username is "jaltman" and the default cell is "athena.mit.edu", ! then Integrated Logon can be successfully used if the windows password matches ! the password assigned to the Kerberos principal "jaltman@ATHENA.MIT.EDU". The realm “ATHENA.MIT.EDU” is obtained by performing a domain name to realm mapping on the hostname of one of the cell's Volume Database servers. --- 1113,1122 ---- provide Single Sign-On functionality (aka Integrated Logon.) Integrated Logon can be used when the Windows username and password match the username and password associated with the default cell's Kerberos realm. For example, ! if the Windows username is "jaltman" and the default cell is ! "athena.mit.edu", then Integrated Logon can be successfully used if ! the windows password matches the password assigned to the Kerberos principal ! "jaltman@ATHENA.MIT.EDU". The realm “ATHENA.MIT.EDU” is obtained by performing a domain name to realm mapping on the hostname of one of the cell's Volume Database servers. *************** *** 1120,1129 **** passwords.When KFW is configured, Integrated Logon will use it to ! obtain tokens. Use of KFW for Integrated Logon can be ! disabled via the EnableKFW registry ! value. Use of the krb524 service can be ! configured via the Use524 registry value.
Integrated Logon will not preserve the Kerberos v5 tickets. KFW 3.1 and above implements that functionality.
--- 1126,1135 ---- passwords.When KFW is configured, Integrated Logon will use it to ! obtain tokens. Use of KFW for Integrated Logon can be disabled via the EnableKFW registry value. Use of the krb524 service can be configured ! via the Use524 registry value.
Integrated Logon will not preserve the Kerberos v5 tickets. KFW 3.1 and above implements that functionality.
*************** *** 1143,1148 **** --- 1149,1159 ---- style='mso-bookmark:_Toc152605047'>3.6. AFS System Tray Command Line Options +The AFS System Tray Tool
+ (afscreds.exe) has been deprecated in favor of Network Identity Manager. afscreds.exe will be removed from the OpenAFS
+ in a future release.
The AFS System Tray tool (afscreds.exe) supports several command line options:
*************** *** 1175,1182 **** tokens when afscreds.exe is started. afscreds.exe will attempt to utilize tickets stored in the MSLSA credentials cache; any existing CCAPI credentials cache; and finally display an Obtain Tokens dialog to the user. When used ! in combination with IP address change detection, afscreds.exe will attempt to ! acquire AFS tokens whenever the IP address list changes and the Kerberos KDC is accessible.The renew drive maps option is used to ensure that the user --- 1186,1193 ---- tokens when afscreds.exe is started. afscreds.exe will attempt to utilize tickets stored in the MSLSA credentials cache; any existing CCAPI credentials cache; and finally display an Obtain Tokens dialog to the user. When used ! in combination with IP address change detection, afscreds.exe will attempt to acquire ! AFS tokens whenever the IP address list changes and the Kerberos KDC is accessible.
The renew drive maps option is used to ensure that the user *************** *** 1254,1262 **** style='font-size:9.0pt;font-family:Symbol'>· minidump
!The creation or removal of mount points and symlinks in the ! Freelance “root.afs” volume are also restricted to members of the “AFS Client ! Admins” group.
The initial membership of the "AFS Client Admins" group when created by the installer is equivalent to the local --- 1265,1273 ---- style='font-size:9.0pt;font-family:Symbol'>· minidump
!The creation or removal of mount points and symlinks in the Freelance ! “root.afs” volume are also restricted to members of the “AFS Client Admins” ! group.
The initial membership of the "AFS Client Admins" group when created by the installer is equivalent to the local *************** *** 1264,1271 **** "Administrators" group after the creation of the "AFS Client Admin" group, that user will not be an AFS Client Administrator. Only users that are members of the "AFS Client Admins" group are AFS ! Client Administrators. The local "SYSTEM" account is an ! implicit member of the "AFS Client Admins" group.
Setting the default sysname for a machine should be done via the registry and not via "fs --- 1275,1282 ---- "Administrators" group after the creation of the "AFS Client Admin" group, that user will not be an AFS Client Administrator. Only users that are members of the "AFS Client Admins" group are AFS ! Client Administrators. The local "SYSTEM" account is an implicit ! member of the "AFS Client Admins" group.
Setting the default sysname for a machine should be done via the registry and not via "fs *************** *** 1300,1310 **** name="_Toc115416115">3.9. ! OpenAFS includes aklog.exe
The OpenAFS Client ships with its own version of aklog.exe which should be used in preference to those obtained by other sources. ! The OpenAFS aklog.exe supports Kerberos 5 as well as the ability to auto-generate AFS IDs within foreign PTS databases.
Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
--- 1311,1321 ---- name="_Toc115416115">3.9. ! aklog.exeThe OpenAFS Client ships with its own version of aklog.exe which should be used in preference to those obtained by other sources. ! The OpenAFS aklog.exe supports Kerberos v5 as well as the ability to auto-generate AFS IDs within foreign PTS databases.
Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
*************** *** 1357,1373 **** style='mso-spacerun:yes'> The TransarcAFSServer service will auto-start the traditional AFS bos server. The former AFS Server Configuration wizard makes assumptions that no longer hold ! true. As a result, the installation ! process will fail. However, following ! the instructions for installing the AFS Servers on UNIX it is possible to ! properly configure the AFS Servers on Microsoft Windows. The AFS Server binaries, configuration files, ! and log files are installed under %Program Files%\OpenAFS\Server. kaserver is deprecated and its ! use is strongly discouraged. ! Instead, Active Directory or some other Kerberos 5 KDC should be used in ! its place.3.10.2. Using the AFS Client Service when the Server is installed
--- 1368,1383 ---- style='mso-spacerun:yes'> The TransarcAFSServer service will auto-start the traditional AFS bos server. The former AFS Server Configuration wizard makes assumptions that no longer hold ! true and it has therefore been disabled. ! However, following the instructions for installing the AFS Servers on ! UNIX it is possible to properly configure the AFS Servers on Microsoft ! Windows. The AFS Server binaries, ! configuration files, and log files are installed under %Program ! Files%\OpenAFS\Server. kaserver has been deprecated and its use is strongly ! discouraged. Instead, ! Active Directory or some other Kerberos v5 KDC should be used in its place.3.10.2. Using the AFS Client Service when the Server is installed
*************** *** 1379,1386 **** style='font-size:9.0pt;font-family:Symbol'>· Freelance mode should be disabled when the AFS Client Service is installed on the same ! machine as the AFS Server,. Otherwise, you will be unable to manipulate the ! contents of the root.afs volume for the hosted cell without constructing an explicit mountpoint to the root.afs volume from another volume.· Freelance mode should be disabled when the AFS Client Service is installed on the same ! machine as the AFS Server,. Otherwise, you will be unable to manipulate ! the contents of the root.afs volume for the hosted cell without constructing an explicit mountpoint to the root.afs volume from another volume.
MIT Kerberos for Windows should not be installed or must be disabled via the EnableKFW registry value.
MIT Kerberos for Windows should not be installed or must be disabled via the EnableKFW registry value. ! !
· The AFS ! Servers are not aware of power management events nor are they aware of network ! configuration changes. It is strongly ! advised that the AFS servers be installed only on systems that will not be ! shutdown or suspended unexpectedly. An inadvertent ! shutdown will corrupt volume data.
3.13. ! Encrypted AFS File Access
The OpenAFS for Windows installer by default activates a weak form of encrypted data transfer between the AFS client and the AFS --- 1460,1466 ---- name="_Toc115416119">3.13. ! Encrypted AFS Network Communication
The OpenAFS for Windows installer by default activates a weak form of encrypted data transfer between the AFS client and the AFS *************** *** 1458,1469 **** Authenticated Access to the OpenAFS Client Service
OpenAFS authenticates SMB connections using either NTLM or ! GSS SPNEGO (NTLM). In previous versions of OpenAFS, the SMB connections were ! unauthenticated which opened the door for several attacks which could be used ! to obtain access to another user's tokens on shared machines. !
!When GSS SPNEGO attempts a Kerberos 5 authentication, the Windows SMB client will attempt to retrieve service tickets for "cifs/afs@REALM" (if the loopback adapter is in use) or "cifs/machine-afs@REALM" (if the loopback adapter is not being --- 1476,1487 ---- Authenticated Access to the OpenAFS Client Service
OpenAFS authenticates SMB connections using either NTLM or ! GSS SPNEGO (NTLM). In previous versions of OpenAFS, the SMB connections ! were unauthenticated which opened the door for several attacks which could be ! used to obtain access to another user's tokens on shared ! machines.
!When GSS SPNEGO attempts a Kerberos v5 authentication, the Windows SMB client will attempt to retrieve service tickets for "cifs/afs@REALM" (if the loopback adapter is in use) or "cifs/machine-afs@REALM" (if the loopback adapter is not being *************** *** 1501,1510 ****
The OpenAFS Client is compatible with the Internet Connection Firewall that debuted with Windows XP SP2 and Windows 2003 ! SP1. The Internet Connection Firewall will be automatically adjusted to allow ! the receipt of incoming callback messages from the AFS file server. In ! addition, the appropriate Back Connection registry entries are added to ! allow SMB authentication to be performed across the Microsoft Loopback Adapter.
The OpenAFS Client is compatible with the Internet
Connection Firewall that debuted with Windows XP SP2 and Windows 2003
! SP1. The Internet Connection Firewall will be automatically adjusted to
! allow the receipt of incoming callback messages from the AFS file server.
! In addition, the appropriate Back Connection registry entries are added
! to allow SMB authentication to be performed across the Microsoft Loopback
! Adapter.
Many applications on Windows (e.g. Microsoft Office) require
the use of byte range locks applied to a file either to protect against
! simultaneous file access or as a signaling mechanism. OpenAFS for
! Windows release 1.5 (or greater) implements byte range locking within the
! CIFS-AFS gateway server. This support for byte range locking
! obtains AFS’ advisory file server locks to simulate Microsoft Windows mandatory
locks. When an application opens a file, a lock will be obtained
from AFS indicating that the file is in use. If the lock is a write lock,
access to the file will be restricted to other applications running on the same
--- 1545,1554 ----
Many applications on Windows (e.g. Microsoft Office) require
the use of byte range locks applied to a file either to protect against
! simultaneous file access or as a signaling mechanism. OpenAFS for Windows
! release 1.5 (or greater) implements byte range locking within the CIFS-AFS
! gateway server. This support for byte range locking obtains AFS’
! advisory file server locks to simulate Microsoft Windows mandatory
locks. When an application opens a file, a lock will be obtained
from AFS indicating that the file is in use. If the lock is a write lock,
access to the file will be restricted to other applications running on the same
***************
*** 1547,1559 ****
lock semantics on top of AFS lock semantics it is important to understand how
AFS file locks work. In Windows there are no special privileges
associated with obtaining file locks. If you can read or execute a file,
! then you can obtain shared and exclusive locks. In general, a Windows shared
! lock equates to an AFS read lock and a Windows exclusive lock equates to an AFS
! write lock. In AFS if you can write to a file, then you
! can obtain a write lock. However, in AFS if you can read a file it does
! not mean that you can obtain a read lock on it. The ability to
! obtain read locks is granted only if you have the lock (or ‘k’) privilege.
! This behavior is required in order to allow anonymous users to read files while
preventing them from being able to deny access to the files to other
users. OpenAFS 1.4.0 and earlier as well as all IBM AFS file servers
have an implementation bug that prevents users with write privileges from being
--- 1566,1578 ----
lock semantics on top of AFS lock semantics it is important to understand how
AFS file locks work. In Windows there are no special privileges
associated with obtaining file locks. If you can read or execute a file,
! then you can obtain shared and exclusive locks. In general, a Windows
! shared lock equates to an AFS read lock and a Windows exclusive lock equates to
! an AFS write lock. In AFS if you can write to a file, then you can obtain
! a write lock. However, in AFS if you can read a file it does not mean
! that you can obtain a read lock on it. The ability to obtain read
! locks is granted only if you have the lock (or ‘k’) privilege. This
! behavior is required in order to allow anonymous users to read files while
preventing them from being able to deny access to the files to other
users. OpenAFS 1.4.0 and earlier as well as all IBM AFS file servers
have an implementation bug that prevents users with write privileges from being
***************
*** 1567,1613 ****
inconvenience on end users.
! - If
the file is located on a read-only volume and the application requests a
! shared lock, the CIFS-AFS server will grant the lock request without asking
! the AFS file server.
! - If
! the file is located on a read-only volume and the application opens the
! file with write access and requests an exclusive lock, the CIFS-AFS server
will refuse the lock request and return a read only error.
! - If
! the file is located on a read-only volume and the application opens the
! file with only read access and requests an exclusive lock, the CIFS-AFS server
! will fulfill the lock request with a read lock.
! - If
the file is located on a read-write volume and the application requests an
! exclusive lock, the CIFS-AFS server will request a write lock from the AFS file
! server. If granted by the file server, then the CIFS-AFS server will
! grant the lock request.
!
! If the request is denied due to an access denied error and the user has the
! lookup, read and lock privileges and the file was opened for read only access,
! then the CIFS-AFS server will request a read lock from the file server.
!
! If the request is denied due to an access denied error and the user has the
! lookup and read privileges but not the lock privilege, then the CIFS-AFS
! server will grant the request even though the AFS file server said ‘no’.
! If the user does not have at least those permissions, the CIFS-AFS server
! will deny the request.
! - If
the file is located on a read-write volume and the application requests a
! shared lock, the CIFS-AFS server will request a read lock from the AFS file
! server. If granted by the file server, then the CIFS-AFS server
grants the lock request. If the request is denied due to an access
denied error and the user has the lookup and read privileges but not the
lock privilege, then the CIFS-AFS server will grant the request even
though the AFS file server said ‘no’. If the user does not have at
least those permissions, the CIFS-AFS server will deny the request.
! - If
multiple processes on the same machine attempt to access the same file
simultaneously, the CIFS-AFS server will locally manage the granted locks
and all processes will share a single lock on the AFS file server.
! - If
the CIFS-AFS server is unable to renew the AFS file server locks, then it
will invalidate the associated file handles. This is the same
behavior that an application will experience if it was using a Windows
--- 1586,1630 ----
inconvenience on end users.
! - If
the file is located on a read-only volume and the application requests a
! shared lock, the CIFS-AFS server will grant the lock request without
! asking the AFS file server.
! - If
! the file is located on a read-only volume and the application opens the
! file with write access and requests an exclusive lock, the CIFS-AFS server
will refuse the lock request and return a read only error.
! - If
! the file is located on a read-only volume and the application opens the
! file with only read access and requests an exclusive lock, the CIFS-AFS
! server will fulfill the lock request with a read lock.
! - If
the file is located on a read-write volume and the application requests an
! exclusive lock, the CIFS-AFS server will request a write lock from the AFS
! file server. If granted by the file server, then the CIFS-AFS server
! will grant the lock request. If the request is denied due to an
! access denied error and the user has the lookup, read and lock privileges
! and the file was opened for read only access, then the CIFS-AFS server
! will request a read lock from the file server. If the request is
! denied due to an access denied error and the user has the lookup and read
! privileges but not the lock privilege, then the CIFS-AFS server will grant
! the request even though the AFS file server said ‘no’. If the user
! does not have at least those permissions, the CIFS-AFS server will deny
! the request.
! - If
the file is located on a read-write volume and the application requests a
! shared lock, the CIFS-AFS server will request a read lock from the AFS
! file server. If granted by the file server, then the CIFS-AFS server
grants the lock request. If the request is denied due to an access
denied error and the user has the lookup and read privileges but not the
lock privilege, then the CIFS-AFS server will grant the request even
though the AFS file server said ‘no’. If the user does not have at
least those permissions, the CIFS-AFS server will deny the request.
! - If
multiple processes on the same machine attempt to access the same file
simultaneously, the CIFS-AFS server will locally manage the granted locks
and all processes will share a single lock on the AFS file server.
! - If
the CIFS-AFS server is unable to renew the AFS file server locks, then it
will invalidate the associated file handles. This is the same
behavior that an application will experience if it was using a Windows
***************
*** 1740,1753 ****
Filename Character Sets
OpenAFS for Windows implements an SMB server which is used
! as a gateway to the AFS filesystem. Because of limitations of the SMB implementation,
! Windows stores all files into AFS using OEM code pages such as CP437 (United
! States) or CP850 (Western Europe). These code pages are incompatible with
! the ISO Latin-1 character set typically used as the default on UNIX systems in
! both the United States and Western Europe . Filenames stored by OpenAFS for
! Windows are therefore unreadable on UNIX systems if they include any of the
! following characters:
Many applications on Windows (e.g. Microsoft Office) require the use of byte range locks applied to a file either to protect against ! simultaneous file access or as a signaling mechanism. OpenAFS for Windows ! release 1.5 (or greater) implements byte range locking within the CIFS-AFS ! gateway server. This support for byte range locking obtains AFS’ ! advisory file server locks to simulate Microsoft Windows mandatory locks. When an application opens a file, a lock will be obtained from AFS indicating that the file is in use. If the lock is a write lock, access to the file will be restricted to other applications running on the same *************** *** 1547,1559 **** lock semantics on top of AFS lock semantics it is important to understand how AFS file locks work. In Windows there are no special privileges associated with obtaining file locks. If you can read or execute a file, ! then you can obtain shared and exclusive locks. In general, a Windows shared ! lock equates to an AFS read lock and a Windows exclusive lock equates to an AFS ! write lock. In AFS if you can write to a file, then you ! can obtain a write lock. However, in AFS if you can read a file it does ! not mean that you can obtain a read lock on it. The ability to ! obtain read locks is granted only if you have the lock (or ‘k’) privilege. ! This behavior is required in order to allow anonymous users to read files while preventing them from being able to deny access to the files to other users. OpenAFS 1.4.0 and earlier as well as all IBM AFS file servers have an implementation bug that prevents users with write privileges from being --- 1566,1578 ---- lock semantics on top of AFS lock semantics it is important to understand how AFS file locks work. In Windows there are no special privileges associated with obtaining file locks. If you can read or execute a file, ! then you can obtain shared and exclusive locks. In general, a Windows ! shared lock equates to an AFS read lock and a Windows exclusive lock equates to ! an AFS write lock. In AFS if you can write to a file, then you can obtain ! a write lock. However, in AFS if you can read a file it does not mean ! that you can obtain a read lock on it. The ability to obtain read ! locks is granted only if you have the lock (or ‘k’) privilege. This ! behavior is required in order to allow anonymous users to read files while preventing them from being able to deny access to the files to other users. OpenAFS 1.4.0 and earlier as well as all IBM AFS file servers have an implementation bug that prevents users with write privileges from being *************** *** 1567,1613 **** inconvenience on end users.
-
!
- If the file is located on a read-only volume and the application requests a ! shared lock, the CIFS-AFS server will grant the lock request without asking ! the AFS file server. !
- If ! the file is located on a read-only volume and the application opens the ! file with write access and requests an exclusive lock, the CIFS-AFS server will refuse the lock request and return a read only error. !
- If ! the file is located on a read-only volume and the application opens the ! file with only read access and requests an exclusive lock, the CIFS-AFS server ! will fulfill the lock request with a read lock. !
- If the file is located on a read-write volume and the application requests an ! exclusive lock, the CIFS-AFS server will request a write lock from the AFS file ! server. If granted by the file server, then the CIFS-AFS server will ! grant the lock request. ! ! If the request is denied due to an access denied error and the user has the ! lookup, read and lock privileges and the file was opened for read only access, ! then the CIFS-AFS server will request a read lock from the file server. ! ! If the request is denied due to an access denied error and the user has the ! lookup and read privileges but not the lock privilege, then the CIFS-AFS ! server will grant the request even though the AFS file server said ‘no’. ! If the user does not have at least those permissions, the CIFS-AFS server ! will deny the request. !
- If the file is located on a read-write volume and the application requests a ! shared lock, the CIFS-AFS server will request a read lock from the AFS file ! server. If granted by the file server, then the CIFS-AFS server grants the lock request. If the request is denied due to an access denied error and the user has the lookup and read privileges but not the lock privilege, then the CIFS-AFS server will grant the request even though the AFS file server said ‘no’. If the user does not have at least those permissions, the CIFS-AFS server will deny the request. !
- If multiple processes on the same machine attempt to access the same file simultaneously, the CIFS-AFS server will locally manage the granted locks and all processes will share a single lock on the AFS file server. !
- If
the CIFS-AFS server is unable to renew the AFS file server locks, then it
will invalidate the associated file handles. This is the same
behavior that an application will experience if it was using a Windows
--- 1586,1630 ----
inconvenience on end users.
-
!
- If the file is located on a read-only volume and the application requests a ! shared lock, the CIFS-AFS server will grant the lock request without ! asking the AFS file server. !
- If ! the file is located on a read-only volume and the application opens the ! file with write access and requests an exclusive lock, the CIFS-AFS server will refuse the lock request and return a read only error. !
- If ! the file is located on a read-only volume and the application opens the ! file with only read access and requests an exclusive lock, the CIFS-AFS ! server will fulfill the lock request with a read lock. !
- If the file is located on a read-write volume and the application requests an ! exclusive lock, the CIFS-AFS server will request a write lock from the AFS ! file server. If granted by the file server, then the CIFS-AFS server ! will grant the lock request. If the request is denied due to an ! access denied error and the user has the lookup, read and lock privileges ! and the file was opened for read only access, then the CIFS-AFS server ! will request a read lock from the file server. If the request is ! denied due to an access denied error and the user has the lookup and read ! privileges but not the lock privilege, then the CIFS-AFS server will grant ! the request even though the AFS file server said ‘no’. If the user ! does not have at least those permissions, the CIFS-AFS server will deny ! the request. !
- If the file is located on a read-write volume and the application requests a ! shared lock, the CIFS-AFS server will request a read lock from the AFS ! file server. If granted by the file server, then the CIFS-AFS server grants the lock request. If the request is denied due to an access denied error and the user has the lookup and read privileges but not the lock privilege, then the CIFS-AFS server will grant the request even though the AFS file server said ‘no’. If the user does not have at least those permissions, the CIFS-AFS server will deny the request. !
- If multiple processes on the same machine attempt to access the same file simultaneously, the CIFS-AFS server will locally manage the granted locks and all processes will share a single lock on the AFS file server. !
- If the CIFS-AFS server is unable to renew the AFS file server locks, then it will invalidate the associated file handles. This is the same behavior that an application will experience if it was using a Windows *************** *** 1740,1753 **** Filename Character Sets
|
! [Ç] 128 ! 08/00 200 80 C cedilla ![ü] 129 ! 08/01 201 81 u diaeresis ![é] 130 ! 08/02 202 82 e acute ![â] 131 ! 08/03 203 83 a circumflex ![ä] 132 ! 08/04 204 84 a diaeresis ![à] 133 ! 08/05 205 85 a grave ![å] 134 ! 08/06 206 86 a ring ![ç] 135 ! 08/07 207 87 c cedilla ![ê] 136 08/08 ! 210 88 e circumflex ![ë] 137 ! 08/09 211 89 e diaeresis ![è] 138 ! 08/10 212 8A e grave ![ï] 139 ! 08/11 213 8B i diaeresis ![î] 140 ! 08/12 214 8C i circumflex ![ì] 141 ! 08/13 215 8D i grave ![Ä] 142 08/14 ! 216 8E A diaeresis ![Å] 143 ! 08/15 217 8F A ring ![É] 144 ! 09/00 220 90 E acute ![æ] 145 ! 09/01 221 91 ae diphthong ![Æ] 146 ! 09/02 222 92 AE diphthong ![ô] 147 ! 09/03 223 93 o circumflex ![ö] 148 ! 09/04 224 94 o diaeresis ![ò] 149 ! 09/05 225 95 o grave ![û] 150 ! 09/06 226 96 u circumflex ![ù] 151 ! 09/07 227 97 u grave ![ÿ] 152 ! 09/08 230 98 y diaeresis ![Ö] 153 ! 09/09 231 99 O diaeresis ![Ü] 154 ! 09/10 232 9A U diaeresis ![ø] 155 ! 09/11 233 9B o slash [£] 156 09/12 234 9C Pound sterling sign ![Ø] 157 ! 09/13 235 9D O slash ![×] 158 ! 09/14 236 9E Multiplication sign ! [ƒ] 159
! 09/15 237 9F |
[Ç] 128 08/00 200
! 80 C cedilla
! [ü] 129 08/01 201 81 u diaeresis
! [é] 130 08/02 202 82 e acute
! [â] 131 08/03 203 83 a circumflex
! [ä] 132 08/04 204 84 a diaeresis
! [à] 133 08/05 205 85 a grave
! [å] 134 08/06 206 86 a ring
! [ç] 135 08/07 207 87 c cedilla
! [ê] 136 08/08 210 88 e circumflex
! [ë] 137 08/09 211 89 e diaeresis
! [è] 138 08/10 212 8A e grave
! [ï] 139 08/11 213 8B i diaeresis
! [î] 140 08/12 214 8C i circumflex
! [ì] 141 08/13 215 8D i grave
! [Ä] 142 08/14 216 8E A diaeresis
! [Å] 143 08/15 217 8F A ring
! [É] 144 09/00 220 90 E acute
! [æ] 145 09/01 221 91 ae diphthong
! [Æ] 146 09/02 222 92 AE diphthong
! [ô] 147 09/03 223 93 o circumflex
! [ö] 148 09/04 224 94 o diaeresis
! [ò] 149 09/05 225 95 o grave
! [û] 150 09/06 226 96 u circumflex
! [ù] 151
! 09/07 227 97 u grave
! [ÿ] 152 09/08 230 98 y diaeresis
! [Ö] 153
! 09/09 231 99 O diaeresis
! [Ü] 154 09/10 232 9A U diaeresis
! [ø] 155 09/11 233 9B o slash
[£] 156 09/12 234 9C Pound sterling sign
! [Ø] 157 09/13 235
! 9D O slash
! [×] 158 09/14 236 9E Multiplication sign
! [ƒ] 159 09/15 237 9F
The performance of the AFS Client Service is significantly affected by the access times associated with the AFSCache paging ! file. When given the choice, the AFSCache file should be placed on ! a fast disk, preferably NTFS, the file should not be compressed and should consist of as few fragments as possible. Significant performance gains can be achieved by defragmenting the AFSCache file with Sysinternal's Contig utility while the AFS Client Service is stopped.
--- 1884,1891 ----The performance of the AFS Client Service is significantly affected by the access times associated with the AFSCache paging ! file. When given the choice, the AFSCache file should be placed on a ! fast disk, preferably NTFS, the file should not be compressed and should consist of as few fragments as possible. Significant performance gains can be achieved by defragmenting the AFSCache file with Sysinternal's Contig utility while the AFS Client Service is stopped.
*************** *** 2007,2014 ****HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncadg_ip_udp"
!HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" ! "ncacn_http"
HKLM
"SOFTWARE\Microsoft\RPC\ClientProtocols" "ncadg_ip_udp"
! HKLM
! "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_http"
! 3.39. Delayed Write Errors with Microsoft
Office Applications
Microsoft Office makes heavy use of asynchronous
--- 2058,2066 ----
file. When cloning machines that have Windows AFS client installed,
the AFSCache files should be deleted as part of the cloning process.
! 3.39. Delayed Write Errors with Microsoft
Office Applications
Microsoft Office makes heavy use of asynchronous
***************
*** 2082,2090 ****
applications should be modified to use of \\AFS\<cellname>\<path>
instead of drive letters.
! 3.41. 64-bit Microsoft Windows Installations
Although 64-bit Windows platforms support both 64-bit and
32-bit applications, the OpenAFS Service installed on the machine must be
--- 2104,2112 ----
applications should be modified to use of \\AFS\<cellname>\<path>
instead of drive letters.
! 3.41. 64-bit Microsoft Windows Installations
Although 64-bit Windows platforms support both 64-bit and
32-bit applications, the OpenAFS Service installed on the machine must be
***************
*** 2138,2460 ****
Start and Stop Service features of the AFS System Tray tool and the AFS Control
Panel will not work unless they are “Run as Administrator”.
!
! The help files provided with OpenAFS are in .HLP format.
! Windows Vista does not include a help engine for this format. 4. How to Debug Problems with OpenAFS for Windows:
!
!
OpenAFS for Windows provides a wide range of tools to assist
! the developers in debugging problems. The techniques available are varied
! because of the wide range of issues that have been discovered over the
! years. When filing bug reports to the
! OpenAFS developers, please collect as much information as possible and forward
! it as part of the bug
!
! 4.1.
! pioctl debugging (IoctlDebug
! registry key)
!
! pioctl (path-based ioctl) calls are used by various tools to
! communicate with the AFS Client Service. Some of the operations performed
! include:
!
! · setting/querying
! tokens (tokens.exe, aklog.exe, afscreds.exe)
!
! · setting/querying
! ACLs
!
! · setting/querying
! cache parameters
!
! · flushing
! files or volumes
!
! · setting/querying
! server preferences
!
! · querying
! path location
!
! · checking
! the status of servers and volumes
!
! · setting/querying
! the sysname list
!
! pioctl calls are implemented by writing to a special UNC
! path that is processed by the AFS Client Service. If there is a
! failure to communicate with the AFS Client Service via SMB/CIFS, it will be
! impossible to perform any of the above operations.
!
! To assist in debugging these problems, the registry value:
!
! [HKLM\SOFTWARE\OpenAFS\Client]
!
! REG_DWORD: IoctlDebug = 0x01
!
! should be set. Then any of the commands that perform
! pioctl calls should be executed from the command prompt. With this key
! set the pioctl library will generate debugging output to stderr. The
! output will contain the Win32 API calls executed along with their most
! important parameters and their return code. The MSDN Library and
! the Microsoft KnowledgeBase can be used as a reference to help you determine
! the configuration probem with your system.
!
! 4.2.
! afsd_service initialization log (%WinDir%\TEMP\afsd_init.log)
!
! Every time the AFS Client Service starts it appends data
! about its progress and configuration to a file. This file provides
! information crucial to determining why the service cannot start when there are
! problems. When the process terminates due to a panic condition it will
! write to this file the source code file and line number of the error. In
! many cases the panic condition is due to a misconfiguration of the
! machine. In other cases it might be due to a programming error in the
! software. A quick review of the location in the source code will quickly
! reveal the reason for the termination.
!
! The MaxLogSize
! registry value determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
! file. If the file is larger than this value when OpenAFS Client Service
! starts, the file will be reset to 0 bytes. If value is set to 0, the file
! will be allowed to grow indefinitely.
!
! 4.3.
! afsd_service debug logs (fs trace {-on, -off, -dump}
! ->%WinDir%\TEMP\afsd.log)
!
! When attempting to debug the behavior of the SMB/CIFS Server
! and the Cache Manager it is often useful to examine a log of the operations
! being performed. While running the AFS Client Service keeps an in memory
! log of many of its actions. The default number of actions preserved
! at any one time is 5000. This can be adjusted with the registry value:
!
!
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
!
! REG_DWORD TraceBufferSize
!
! A restart of the service is necessary when adjusting this
! value. Execute "fs trace -on" to clear to the log and
! "fs trace -dump" to output the contents of the log to the file.
!
! 4.4.
! Using SysInternal’s DbgView and FileMon Tools
!
! An alternatve option to the use of "fs trace
! -dump" to capture internal OpenAFS Client Service events is to use a tool
! such as Sysinternal's DbgView to capture real-time debugging output. When
! the OpenAFS Client Service starts and Bit 2 of the TraceOption value in the registry is set, all
! trace log events are output using the Windows Debug Monitor interface
! (OutputDebugString).
!
!
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
!
! REG_DWORD
! TraceOption = 0x04
!
! Use “fs trace –on” and “fs trace –off” to toggle the generation
! of log messages.
!
! Sysinternal’s
! FileMon utility can be use to monitor the file operations requested by
! applications and their success or failure. Use the Volumes menu to
! restrict FileMon monitor to Network volumes only in order to reduce the
! output to just the CIFS requests. Turn on the Advanced Output
! option in order to log with finer granularity.
!
! Turn on the Clock Time and Show Milliseconds
! options in both tools to make it easier to synchronize the application requests
! and the resulting OpenAFS Client Service operations. The captured
! data can be stored to files for inclusion in bug reports.
!
! 4.5. Microsoft MiniDumps
! (fs minidump -> %WinDir%\TEMP\afsd.dmp)
!
! If the AFS Client Service become unresponsive to any form of
! communication there may be a serious error that can only be debugged by someone
! with access to the source code and a debugger. The "fs
! minidump" command can be used to force the generation of a MiniDump file
! containing the state of all of the threads in the AFS Client Service process.
!
! 4.6.
! Single Sign-on (Integrated Logon) debugging
!
! If you are having trouble with the Integrated Logon
! operations it is often useful to be able to obtain a log of what it is
! attempting to do. Setting Bit 0 of the TraceOption registry value:
!
!
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
!
! REG_DWORD TraceOption = 0x01
!
! will instruct the Integrated Logon Network Provider and
! Event Handlers to log information to the Windows Event Log: Application under
! the name “AFS Logon".
!
! 4.7.
! RX (AFS RPC) debugging (rxdebug)
!
! The rxdebug.exe tool can be used to query a variety of
! information about the AFS services installed on a given machine. The port
! for the AFS Cache Manager is 7001.
!
! Usage: rxdebug -servers <server machine> [-port
! <IP port>] [-nodally]
!
!
! [-allconnections] [-rxstats] [-onlyserver] [-onlyclient]
!
! [-onlyport
! <show only <port>>]
!
! [-onlyhost
! <show only <host>>]
!
! [-onlyauth
! <show only <auth level>>] [-version]
!
! [-noconns]
! [-peers] [-help]
!
! Where:
! -nodally don't show dallying
! conns
!
!
! -allconnections don't filter out uninteresting connections
!
!
! -rxstats show Rx statistics
!
!
! -onlyserver only show server conns
!
!
! -onlyclient only show client conns
!
!
! -version show AFS version id
!
!
! -noconns show no connections
!
!
! -peers show peers
!
! 4.8.
! Cache Manager debugging (cmdebug)
!
! The cmdebug.exe tool can be used to query the state of the
! AFS Cache Manager on a given machine.
!
! Usage: cmdebug -servers <server machine> [-port
! <IP port>] [-long]
!
! [-refcounts]
! [-callbacks] [-addrs] [-cache] [-help]
!
! Where: -long
! print all info
!
! -refcounts
! print only cache entries with positive reference counts
!
! -callbacks
! print only cache entries with callbacks
!
!
! -addrs print only host interfaces
!
!
! -cache print only cache configuration
!
! 4.9.
! Persistent Cache consistency check
!
! The persistent cache is stored in a Hidden System file at
! %WinDir%\TEMP\AFSCache. If there is a problem with the persistent cache
! that prevent the AFS Client Service from being able to start a validation check
! on the file can be performed.
!
! afsd_service.exe --validate-cache
! <cache-path>
!
! 5. Reporting Bugs:
!
! Bug reports should be sent to openafs-bugs@openafs.org.
Please include as much information as possible about the issue. If you
are reporting a crash, please install the debugging symbols by re-running the
installer. If a dump file is available for the problem,
%WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file
! %WINDIR%\TEMP\afsd.log. The AFS Client startup log is
! %WINDIR%\TEMP\afsd_init.log. Send the last continuous block of log
! information from this file.
Configuring DrWatson to generate dump files for crashes:
--- 2160,2177 ----
Start and Stop Service features of the AFS System Tray tool and the AFS Control
Panel will not work unless they are “Run as Administrator”.
! The help files provided with OpenAFS are in .HLP format. Windows Vista does not include a
! help engine for this format. openafs-bugs@openafs.org.
Please include as much information as possible about the issue. If you
are reporting a crash, please install the debugging symbols by re-running the
installer. If a dump file is available for the problem,
%WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file
! %WINDIR%\TEMP\afsd.log. The AFS Client startup log is %WINDIR%\TEMP\afsd_init.log.
! Send the last continuous block of log information from this file.
Configuring DrWatson to generate dump files for crashes:
***************
*** 2582,2592 ****
Secure
Endpoints Inc. provides development and support services for OpenAFS for
Windows and MIT Kerberos for Windows.
! Donations provided to Secure Endpoints Inc. for the development of
! OpenAFS are used to cover the OpenAFS gatekeeper responsibilities; providing
! support to the OpenAFS community via the OpenAFS mailing lists; and furthering
! development of desired features that are either too small to be financed by
! development contracts.
Secure Endpoints Inc. accepts software development
agreements from organizations who wish to fund a well-defined set of bug fixes
--- 2299,2309 ----
Secure
Endpoints Inc. provides development and support services for OpenAFS for
Windows and MIT Kerberos for Windows.
! Donations provided to Secure Endpoints Inc. for the development of OpenAFS
! are used to cover the OpenAFS gatekeeper responsibilities; providing support to
! the OpenAFS community via the OpenAFS mailing lists; and furthering development
! of desired features that are either too small to be financed by development
! contracts.
Secure Endpoints Inc. accepts software development
agreements from organizations who wish to fund a well-defined set of bug fixes
***************
*** 2635,2645 ****
name="_MSI_Deployment_Guide">
7. MSI Deployment Guide
!
!
7. MSI Deployment Guide
!
!
and then checking the resulting openafs-test.msi to see if
! all changes you have made above to openafs-modified.msi is present in openafs-test.msi.
! 'msitran' will complain if some modification in the transform can not be
! successfully applied.
As mentioned above, you can use a tool like ORCA.EXE to edit
the MSI databases directly when editing openafs-modified.msi. More
--- 2457,2465 ----
-a openafs-transform.mst openafs-test.msi
and then checking the resulting openafs-test.msi to see if
! all changes you have made above to openafs-modified.msi is present in
! openafs-test.msi. 'msitran' will complain if some modification in the
! transform can not be successfully applied.
As mentioned above, you can use a tool like ORCA.EXE to edit
the MSI databases directly when editing openafs-modified.msi. More
***************
*** 2777,2787 ****
When one of the configurable properties is set, the
installer will use the property value to set the corresponding setting in the
! HKEY_LOCAL_MACHINE registry hive. The HKEY_CURRENT_USER hive is not
! touched by the installer.
! For each property, the associated registry setting is referenced
! by the same text used in Appendix A.
Strings are quoted using single quotes (e.g. 'a string'). An
empty string is denoted as ''. Note that you can't author null values
--- 2494,2505 ----
When one of the configurable properties is set, the
installer will use the property value to set the corresponding setting in the
! HKEY_LOCAL_MACHINE registry hive. The HKEY_CURRENT_USER hive is not touched
! by the installer.
! For each property, the associated registry setting is
! referenced by the same text used in Appendix
! A.
Strings are quoted using single quotes (e.g. 'a string'). An
empty string is denoted as ''. Note that you can't author null values
***************
*** 2828,2860 ****
(Service parameters):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
(Network provider):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(OpenAFS Client):
[HKLM\SOFTWARE\OpenAFS\Client]
--- 2546,2572 ----
(Service parameters):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
(Network provider):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(OpenAFS Client):
[HKLM\SOFTWARE\OpenAFS\Client]
***************
*** 2865,2882 ****
style='mso-bookmark:_Toc154229432'>7.2.1.2.1 Registry Properties
! These properties are used to set the values of registry
! entries associated with OpenAFS for Windows.
3.39. Delayed Write Errors with Microsoft Office Applications
Microsoft Office makes heavy use of asynchronous --- 2058,2066 ---- file. When cloning machines that have Windows AFS client installed, the AFSCache files should be deleted as part of the cloning process.
!3.39. Delayed Write Errors with Microsoft Office Applications
Microsoft Office makes heavy use of asynchronous *************** *** 2082,2090 **** applications should be modified to use of \\AFS\<cellname>\<path> instead of drive letters.
!3.41. 64-bit Microsoft Windows Installations
Although 64-bit Windows platforms support both 64-bit and 32-bit applications, the OpenAFS Service installed on the machine must be --- 2104,2112 ---- applications should be modified to use of \\AFS\<cellname>\<path> instead of drive letters.
!3.41. 64-bit Microsoft Windows Installations
Although 64-bit Windows platforms support both 64-bit and 32-bit applications, the OpenAFS Service installed on the machine must be *************** *** 2138,2460 **** Start and Stop Service features of the AFS System Tray tool and the AFS Control Panel will not work unless they are “Run as Administrator”.
!! The help files provided with OpenAFS are in .HLP format. ! Windows Vista does not include a help engine for this format. 4. How to Debug Problems with OpenAFS for Windows: ! !
OpenAFS for Windows provides a wide range of tools to assist ! the developers in debugging problems. The techniques available are varied ! because of the wide range of issues that have been discovered over the ! years. When filing bug reports to the ! OpenAFS developers, please collect as much information as possible and forward ! it as part of the bug
! !4.1. ! pioctl debugging (IoctlDebug ! registry key)
! !pioctl (path-based ioctl) calls are used by various tools to ! communicate with the AFS Client Service. Some of the operations performed ! include:
! !· setting/querying ! tokens (tokens.exe, aklog.exe, afscreds.exe)
! !· setting/querying ! ACLs
! !· setting/querying ! cache parameters
! !· flushing ! files or volumes
! !· setting/querying ! server preferences
! !· querying ! path location
! !· checking ! the status of servers and volumes
! !· setting/querying ! the sysname list
! !pioctl calls are implemented by writing to a special UNC ! path that is processed by the AFS Client Service. If there is a ! failure to communicate with the AFS Client Service via SMB/CIFS, it will be ! impossible to perform any of the above operations.
! !To assist in debugging these problems, the registry value:
! ![HKLM\SOFTWARE\OpenAFS\Client]
! !REG_DWORD: IoctlDebug = 0x01
! !should be set. Then any of the commands that perform ! pioctl calls should be executed from the command prompt. With this key ! set the pioctl library will generate debugging output to stderr. The ! output will contain the Win32 API calls executed along with their most ! important parameters and their return code. The MSDN Library and ! the Microsoft KnowledgeBase can be used as a reference to help you determine ! the configuration probem with your system.
! !4.2. ! afsd_service initialization log (%WinDir%\TEMP\afsd_init.log)
! !Every time the AFS Client Service starts it appends data ! about its progress and configuration to a file. This file provides ! information crucial to determining why the service cannot start when there are ! problems. When the process terminates due to a panic condition it will ! write to this file the source code file and line number of the error. In ! many cases the panic condition is due to a misconfiguration of the ! machine. In other cases it might be due to a programming error in the ! software. A quick review of the location in the source code will quickly ! reveal the reason for the termination.
! !The MaxLogSize ! registry value determines the maximum size of the %WINDIR%\TEMP\afsd_init.log ! file. If the file is larger than this value when OpenAFS Client Service ! starts, the file will be reset to 0 bytes. If value is set to 0, the file ! will be allowed to grow indefinitely.
! !4.3. ! afsd_service debug logs (fs trace {-on, -off, -dump} ! ->%WinDir%\TEMP\afsd.log)
! !When attempting to debug the behavior of the SMB/CIFS Server ! and the Cache Manager it is often useful to examine a log of the operations ! being performed. While running the AFS Client Service keeps an in memory ! log of many of its actions. The default number of actions preserved ! at any one time is 5000. This can be adjusted with the registry value:
! !! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
! !REG_DWORD TraceBufferSize
! !A restart of the service is necessary when adjusting this ! value. Execute "fs trace -on" to clear to the log and ! "fs trace -dump" to output the contents of the log to the file.
! !4.4. ! Using SysInternal’s DbgView and FileMon Tools
! !An alternatve option to the use of "fs trace ! -dump" to capture internal OpenAFS Client Service events is to use a tool ! such as Sysinternal's DbgView to capture real-time debugging output. When ! the OpenAFS Client Service starts and Bit 2 of the TraceOption value in the registry is set, all ! trace log events are output using the Windows Debug Monitor interface ! (OutputDebugString).
! !! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
! !REG_DWORD ! TraceOption = 0x04
! !Use “fs trace –on” and “fs trace –off” to toggle the generation ! of log messages.
! !Sysinternal’s ! FileMon utility can be use to monitor the file operations requested by ! applications and their success or failure. Use the Volumes menu to ! restrict FileMon monitor to Network volumes only in order to reduce the ! output to just the CIFS requests. Turn on the Advanced Output ! option in order to log with finer granularity.
! !Turn on the Clock Time and Show Milliseconds ! options in both tools to make it easier to synchronize the application requests ! and the resulting OpenAFS Client Service operations. The captured ! data can be stored to files for inclusion in bug reports.
! !4.5. Microsoft MiniDumps
! (fs minidump -> %WinDir%\TEMP\afsd.dmp)
!
! If the AFS Client Service become unresponsive to any form of ! communication there may be a serious error that can only be debugged by someone ! with access to the source code and a debugger. The "fs ! minidump" command can be used to force the generation of a MiniDump file ! containing the state of all of the threads in the AFS Client Service process.
! !4.6. ! Single Sign-on (Integrated Logon) debugging
! !If you are having trouble with the Integrated Logon ! operations it is often useful to be able to obtain a log of what it is ! attempting to do. Setting Bit 0 of the TraceOption registry value:
! !! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
! !REG_DWORD TraceOption = 0x01
! !will instruct the Integrated Logon Network Provider and ! Event Handlers to log information to the Windows Event Log: Application under ! the name “AFS Logon".
! !4.7. ! RX (AFS RPC) debugging (rxdebug)
! !The rxdebug.exe tool can be used to query a variety of ! information about the AFS services installed on a given machine. The port ! for the AFS Cache Manager is 7001.
! !Usage: rxdebug -servers <server machine> [-port ! <IP port>] [-nodally]
! !! [-allconnections] [-rxstats] [-onlyserver] [-onlyclient]
! ![-onlyport ! <show only <port>>]
! ![-onlyhost ! <show only <host>>]
! ![-onlyauth ! <show only <auth level>>] [-version]
! ![-noconns] ! [-peers] [-help]
! !Where: ! -nodally don't show dallying ! conns
! !! -allconnections don't filter out uninteresting connections
! !! -rxstats show Rx statistics
! !! -onlyserver only show server conns
! !! -onlyclient only show client conns
! !! -version show AFS version id
! !! -noconns show no connections
! !! -peers show peers
! !4.8. ! Cache Manager debugging (cmdebug)
! !The cmdebug.exe tool can be used to query the state of the ! AFS Cache Manager on a given machine.
! !Usage: cmdebug -servers <server machine> [-port ! <IP port>] [-long]
! ![-refcounts] ! [-callbacks] [-addrs] [-cache] [-help]
! !Where: -long ! print all info
! !-refcounts ! print only cache entries with positive reference counts
! !-callbacks ! print only cache entries with callbacks
! !! -addrs print only host interfaces
! !! -cache print only cache configuration
! !4.9. ! Persistent Cache consistency check
! !The persistent cache is stored in a Hidden System file at ! %WinDir%\TEMP\AFSCache. If there is a problem with the persistent cache ! that prevent the AFS Client Service from being able to start a validation check ! on the file can be performed.
! !afsd_service.exe --validate-cache ! <cache-path>
! !5. Reporting Bugs:
! !Bug reports should be sent to openafs-bugs@openafs.org. Please include as much information as possible about the issue. If you are reporting a crash, please install the debugging symbols by re-running the installer. If a dump file is available for the problem, %WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file ! %WINDIR%\TEMP\afsd.log. The AFS Client startup log is ! %WINDIR%\TEMP\afsd_init.log. Send the last continuous block of log ! information from this file.
Configuring DrWatson to generate dump files for crashes:
--- 2160,2177 ---- Start and Stop Service features of the AFS System Tray tool and the AFS Control Panel will not work unless they are “Run as Administrator”. !The help files provided with OpenAFS are in .HLP format. Windows Vista does not include a ! help engine for this format. openafs-bugs@openafs.org. Please include as much information as possible about the issue. If you are reporting a crash, please install the debugging symbols by re-running the installer. If a dump file is available for the problem, %WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file ! %WINDIR%\TEMP\afsd.log. The AFS Client startup log is %WINDIR%\TEMP\afsd_init.log. ! Send the last continuous block of log information from this file.
Configuring DrWatson to generate dump files for crashes:
*************** *** 2582,2592 ****Secure Endpoints Inc. provides development and support services for OpenAFS for Windows and MIT Kerberos for Windows. ! Donations provided to Secure Endpoints Inc. for the development of ! OpenAFS are used to cover the OpenAFS gatekeeper responsibilities; providing ! support to the OpenAFS community via the OpenAFS mailing lists; and furthering ! development of desired features that are either too small to be financed by ! development contracts.
Secure Endpoints Inc. accepts software development agreements from organizations who wish to fund a well-defined set of bug fixes --- 2299,2309 ----
Secure Endpoints Inc. provides development and support services for OpenAFS for Windows and MIT Kerberos for Windows. ! Donations provided to Secure Endpoints Inc. for the development of OpenAFS ! are used to cover the OpenAFS gatekeeper responsibilities; providing support to ! the OpenAFS community via the OpenAFS mailing lists; and furthering development ! of desired features that are either too small to be financed by development ! contracts.
Secure Endpoints Inc. accepts software development agreements from organizations who wish to fund a well-defined set of bug fixes *************** *** 2635,2645 **** name="_MSI_Deployment_Guide">
7. MSI Deployment Guide !!
7. MSI Deployment Guide
!
!
and then checking the resulting openafs-test.msi to see if
! all changes you have made above to openafs-modified.msi is present in openafs-test.msi.
! 'msitran' will complain if some modification in the transform can not be
! successfully applied.
As mentioned above, you can use a tool like ORCA.EXE to edit
the MSI databases directly when editing openafs-modified.msi. More
--- 2457,2465 ----
-a openafs-transform.mst openafs-test.msi
and then checking the resulting openafs-test.msi to see if
! all changes you have made above to openafs-modified.msi is present in
! openafs-test.msi. 'msitran' will complain if some modification in the
! transform can not be successfully applied.
As mentioned above, you can use a tool like ORCA.EXE to edit
the MSI databases directly when editing openafs-modified.msi. More
***************
*** 2777,2787 ****
When one of the configurable properties is set, the
installer will use the property value to set the corresponding setting in the
! HKEY_LOCAL_MACHINE registry hive. The HKEY_CURRENT_USER hive is not
! touched by the installer.
! For each property, the associated registry setting is referenced
! by the same text used in Appendix A.
Strings are quoted using single quotes (e.g. 'a string'). An
empty string is denoted as ''. Note that you can't author null values
--- 2494,2505 ----
When one of the configurable properties is set, the
installer will use the property value to set the corresponding setting in the
! HKEY_LOCAL_MACHINE registry hive. The HKEY_CURRENT_USER hive is not touched
! by the installer.
! For each property, the associated registry setting is
! referenced by the same text used in Appendix
! A.
Strings are quoted using single quotes (e.g. 'a string'). An
empty string is denoted as ''. Note that you can't author null values
***************
*** 2828,2860 ****
(Service parameters):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
(Network provider):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(OpenAFS Client):
[HKLM\SOFTWARE\OpenAFS\Client]
--- 2546,2572 ----
(Service parameters):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
(Network provider):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(OpenAFS Client):
[HKLM\SOFTWARE\OpenAFS\Client]
***************
*** 2865,2882 ****
style='mso-bookmark:_Toc154229432'>7.2.1.2.1 Registry Properties
! These properties are used to set the values of registry
! entries associated with OpenAFS for Windows.
and then checking the resulting openafs-test.msi to see if ! all changes you have made above to openafs-modified.msi is present in openafs-test.msi. ! 'msitran' will complain if some modification in the transform can not be ! successfully applied.
As mentioned above, you can use a tool like ORCA.EXE to edit the MSI databases directly when editing openafs-modified.msi. More --- 2457,2465 ---- -a openafs-transform.mst openafs-test.msi
and then checking the resulting openafs-test.msi to see if ! all changes you have made above to openafs-modified.msi is present in ! openafs-test.msi. 'msitran' will complain if some modification in the ! transform can not be successfully applied.
As mentioned above, you can use a tool like ORCA.EXE to edit the MSI databases directly when editing openafs-modified.msi. More *************** *** 2777,2787 ****
When one of the configurable properties is set, the installer will use the property value to set the corresponding setting in the ! HKEY_LOCAL_MACHINE registry hive. The HKEY_CURRENT_USER hive is not ! touched by the installer.
!For each property, the associated registry setting is referenced ! by the same text used in Appendix A.
Strings are quoted using single quotes (e.g. 'a string'). An empty string is denoted as ''. Note that you can't author null values --- 2494,2505 ----
When one of the configurable properties is set, the installer will use the property value to set the corresponding setting in the ! HKEY_LOCAL_MACHINE registry hive. The HKEY_CURRENT_USER hive is not touched ! by the installer.
!For each property, the associated registry setting is ! referenced by the same text used in Appendix ! A.
Strings are quoted using single quotes (e.g. 'a string'). An empty string is denoted as ''. Note that you can't author null values *************** *** 2828,2860 ****
(Service parameters):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
(Network provider):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(OpenAFS Client):
[HKLM\SOFTWARE\OpenAFS\Client]
(Service parameters):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
(Network provider):
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
(OpenAFS Client):
[HKLM\SOFTWARE\OpenAFS\Client]
These properties are used to set the values of registry ! entries associated with OpenAFS for Windows.
AFSCACHEPATH
Registry key : (Service parameters) Registry value : CachePath --- 2577,2593 ---- style='mso-bookmark:_Toc154229432'>7.2.1.2.1 Registry Properties !These properties are used to set the values of registry entries ! associated with OpenAFS for Windows.
The example adds a read-only mountpoint to the ! athena.mit.edu cell's root.afs volume as well as a read-write mountpoint. ! Aliases are also provided using symlinks. ! ! Component : 'rcm_FreelanceKeys'The example adds a read-only mountpoint to the athena.mit.edu ! cell's root.afs volume as well as a read-write mountpoint. Aliases are ! also provided using symlinks. Note that versions of the OpenAFS NSIS package prior to
1.3.65 had a bug where it couldn't be uninstalled properly in unattended
mode. Therefore the MSI package will not try to uninstall an OpenAFS NSIS
! package if running unattended. This means that group policy based deployments
! will fail on machines that have the OpenAFS NSIS package installed.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value: FreelanceClient
Type: DWORD {1,0} |
Value: UseDNSType: DWORD {1,0} Enables resolving volservers using AFSDB DNS queries. As of 1.3.60, this value is ignored as the DNS query ! support utilizes the Win32 DNSQuery API which is available on Win2000 and above. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value: FreelanceClientType: DWORD {1,0} |
Value:
! HideDotFiles
Type: DWORD {1,0} |
Value: HideDotFilesType: DWORD {1,0} |
Value:
! MaxMpxRequests
Type: DWORD |
Value: MaxMpxRequestsType: DWORD |
Value:
! MaxVCPerServer
Type: DWORD |
Value: MaxVCPerServerType: DWORD |
Value:
! Cell
Type: REG_SZ |
Value: CellType: REG_SZ |
Value:
! RxNoJumbo
Type: DWORD {0,1} |
Value: RxNoJumboType: DWORD {0,1} |
Value: RxMaxMTU
Type: DWORD |
Value: RxMaxMTUType: DWORD |
Value: ConnDeadTimeout
Type: DWORD |
Value: ConnDeadTimeoutType: DWORD |
Value:
! HardDeadTimeout
Type: DWORD |
Value: HardDeadTimeoutType: DWORD |
Value: TraceOption
Type: DWORD {0-15} Enables logging of debug output to the Windows Event --- 4312,4320 ---- |
Value: TraceOptionType: DWORD {0-15} Enables logging of debug output to the Windows Event *************** *** 4697,4707 **** |
Value:
! AllSubmount
Type: DWORD {0, 1} Variable: allSubmount (smb.c) --- 4333,4341 ---- |
Value: AllSubmountType: DWORD {0, 1} Variable: allSubmount (smb.c) *************** *** 4714,4740 **** |
Value: NoFindLanaByName
Type: DWORD {0, 1} Disables the attempt to identity the network adapter to use ! by looking for an adapter with a display name of "AFS". |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value:
! MaxCPUs
! Type: DWORD {1..32} or {1..64} depending on the
! architecture If this value is specified, afsd_service.exe will restrict itself to executing on the specified number of CPUs if there are a --- 4348,4370 ---- |
Value: NoFindLanaByNameType: DWORD {0, 1} Disables the attempt to identity the network adapter to ! use by looking for an adapter with a display name of "AFS". |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value: MaxCPUs!Type: DWORD {1..32} or {1..64} depending on the architecture If this value is specified, afsd_service.exe will restrict itself to executing on the specified number of CPUs if there are a *************** *** 4745,4755 **** |
Value: smbAuthType
Type: DWORD {0..2} If this value is specified, it defines the type of SMB --- 4375,4383 ---- |
Value: smbAuthTypeType: DWORD {0..2} If this value is specified, it defines the type of SMB *************** *** 4765,4775 **** |
Value: MaxLogSize
Type: DWORD {0 .. MAXDWORD} This entry determines the maximum size of the --- 4393,4401 ---- |
Value: MaxLogSizeType: DWORD {0 .. MAXDWORD} This entry determines the maximum size of the *************** *** 4782,4792 **** |
Value:
! FlushOnHibernate
Type: DWORD {0,1} If set, flushes all volumes before the machine goes on --- 4408,4416 ---- |
Value: FlushOnHibernateType: DWORD {0,1} If set, flushes all volumes before the machine goes on *************** *** 4797,4805 **** |
Value:
! daemonCheckDownInterval
Type: DWORD (seconds) This --- 4421,4427 ---- |
Value: daemonCheckDownIntervalType: DWORD (seconds) This *************** *** 4811,4819 **** |
Value:
! daemonCheckUpInterval
Type: DWORD (seconds) This value controls how frequently the AFS cache manager --- 4433,4439 ---- |
Value: daemonCheckUpIntervalType: DWORD (seconds) This value controls how frequently the AFS cache manager *************** *** 4824,4832 **** |
Value:
! daemonCheckVolInterval
Type: DWORD (seconds) This --- 4444,4450 ---- |
Value: daemonCheckVolIntervalType: DWORD (seconds) This *************** *** 4838,4860 **** |
Value:
! daemonCheckCBInterval
Type: DWORD (seconds) This
! value controls how frequently the AFS cache manager checks for callback
! invalidation. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value:
! daemonCheckLockInterval
Type: DWORD (seconds) This --- 4456,4473 ---- |
Value: daemonCheckCBIntervalType: DWORD (seconds) This
! value controls how frequently the AFS cache manager checks for callback invalidation. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value: daemonCheckLockIntervalType: DWORD (seconds) This *************** *** 4866,4874 **** |
Value:
! daemonTokenCheckInterval
Type: DWORD (seconds) This --- 4479,4485 ---- |
Value: daemonTokenCheckIntervalType: DWORD (seconds) This *************** *** 4880,4887 **** |
Value:
! CallBackPort
Type: DWORD This value specifies which port number should be used --- 4491,4497 ---- |
Value: CallBackPortType: DWORD This value specifies which port number should be used *************** *** 4897,4905 **** height:65.75pt'> Value:
! EnableServerLocks
Type: DWORD {0, 1, 2} Determines whether or not the AFS file server is --- 4507,4513 ---- height:65.75pt'> Value: EnableServerLocksType: DWORD {0, 1, 2} Determines whether or not the AFS file server is *************** *** 4927,4937 **** |
Value:
! <Drive Letter:> for example "G:"
Type: REG_SZ Specifies the submount name to be mapped by afsd_service.exe at startup to the provided drive letter. --- 4535,4544 ---- |
Value: <Drive Letter:> for example ! "G:"Type: REG_SZ Specifies the submount name to be mapped by afsd_service.exe at startup to the provided drive letter. *************** *** 4953,4963 **** |
Value: CellServDBDir
Type: REG_SZ Specifies the directory containing the CellServDB --- 4560,4568 ---- |
Value: CellServDBDirType: REG_SZ Specifies the directory containing the CellServDB *************** *** 4969,4980 **** |
Value:
! VerifyServiceSignature
Type: REG_DWORD This value can be used to disable the runtime --- 4574,4582 ---- |
Value: VerifyServiceSignatureType: REG_DWORD This value can be used to disable the runtime *************** *** 4992,5002 **** |
Value: IoctlDebug
Type: REG_DWORD This value can be used to debug the cause of pioctl() --- 4594,4602 ---- |
Value: IoctlDebugType: REG_DWORD This value can be used to debug the cause of pioctl() *************** *** 5010,5020 **** |
Value:
! MiniDumpType
Type: REG_DWORD This value is used to specify the type of minidump --- 4610,4618 ---- |
Value: MiniDumpTypeType: REG_DWORD This value is used to specify the type of minidump *************** *** 5045,5060 **** |
Value: StoreAnsiFilenames
Type: REG_DWORD This value can be used to force the AFS Client Service ! to store filenames using the Windows system's ANSI character set instead of ! the OEM Code Page character set which has traditionally been used by SMB file systems. Note: The use of ANSI characters will render access to files with 8-bit OEM file names unaccessible from Windows. This option --- 4643,4656 ---- |
Value: StoreAnsiFilenamesType: REG_DWORD This value can be used to force the AFS Client Service to ! store filenames using the Windows system's ANSI character set instead of the ! OEM Code Page character set which has traditionally been used by SMB file systems. Note: The use of ANSI characters will render access to files with 8-bit OEM file names unaccessible from Windows. This option *************** *** 5077,5087 **** |
Value:
! "smb/cifs share name"
Type: REG_SZ This key is used to map SMB/CIFS shares to Client Side --- 4673,4681 ---- |
Value: "smb/cifs share name"Type: REG_SZ This key is used to map SMB/CIFS shares to Client Side *************** *** 5106,5121 **** |
Value:
! "numeric value"
Type: REG_SZ This key is used to store dot terminated mount point ! strings for use in constructing the fake root.afs volume when Freelance ! (dynamic roots) mode is activated. "athena.mit.edu#athena.mit.edu:root.cell." ".athena.mit.edu%athena.mit.edu:root.cell." These values used to be stored in afs_freelance.ini --- 4700,4713 ---- |
Value: "numeric value"Type: REG_SZ This key is used to store dot terminated mount point ! strings for use in constructing the fake root.afs volume when Freelance (dynamic ! roots) mode is activated. "athena.mit.edu#athena.mit.edu:root.cell." ".athena.mit.edu%athena.mit.edu:root.cell." These values used to be stored in afs_freelance.ini *************** *** 5136,5146 **** |
Value:
! "numeric value"
Type: REG_SZ This key is used to store a dot terminated symlink --- 4728,4736 ---- |
Value: "numeric value"Type: REG_SZ This key is used to store a dot terminated symlink *************** *** 5167,5184 **** |
Value:
! "submount name"
Type: REG_EXPAND_SZ This key is used to store mappings of UNIX style AFS ! paths to submount names which can be referenced as UNC paths. For ! example the submount string “/athena.mit.edu/user/j/a/jaltman" can be ! associated with the submount name "jaltman.home". This can ! then be referenced as the UNC path \\AFS\jaltman.home. These values used to be stored in afsdsbmt.ini NOTE: Submounts should no longer be used with OpenAFS. Use the Windows Explorer to create drive mappings to AFS UNC paths instead of --- 4757,4772 ---- |
Value: "submount name"Type: REG_EXPAND_SZ This key is used to store mappings of UNIX style AFS paths ! to submount names which can be referenced as UNC paths. For example the ! submount string “/athena.mit.edu/user/j/a/jaltman" can be associated ! with the submount name "jaltman.home". This can then be ! referenced as the UNC path \\AFS\jaltman.home. These values used to be stored in afsdsbmt.ini NOTE: Submounts should no longer be used with OpenAFS. Use the Windows Explorer to create drive mappings to AFS UNC paths instead of *************** *** 5200,5210 **** |
Value:
! "hostname or ip address"
Type: REG_DWORD This key is used to specify a default set of VLDB server --- 4788,4796 ---- |
Value: "hostname or ip address"Type: REG_DWORD This key is used to specify a default set of VLDB server *************** *** 5229,5239 **** |
Value:
! "hostname or ip address"
Type: REG_DWORD This key is used to specify a default set of File server --- 4815,4823 ---- |
Value: "hostname or ip address"Type: REG_DWORD This key is used to specify a default set of File server *************** *** 5266,5276 **** |
Value:
! FailLoginsSilently
Type: DWORD Do not display message boxes if the login fails. --- 4850,4858 ---- |
Value: FailLoginsSilentlyType: DWORD Do not display message boxes if the login fails. *************** *** 5290,5300 **** |
Value:
! NoWarnings
Type: DWORD Disables visible warnings during logon. --- 4872,4880 ---- |
Value: NoWarningsType: DWORD Disables visible warnings during logon. *************** *** 5304,5314 **** |
Value:
! AuthentProviderPath
Type: REG_SZ Specifies the install location of the authentication --- 4884,4892 ---- |
Value: AuthentProviderPathType: REG_SZ Specifies the install location of the authentication *************** *** 5319,5328 **** |
Value:
! Class
Type: DWORD Specifies the class of network provider --- 4897,4905 ---- |
Value: ClassType: DWORD Specifies the class of network provider *************** *** 5332,5342 **** |
Value:
! DependOnGroup
Type: REG_MULTI_SZ Specifies the service groups upon which the AFS Client --- 4909,4917 ---- |
Value: DependOnGroupType: REG_MULTI_SZ Specifies the service groups upon which the AFS Client *************** *** 5349,5374 **** |
Value:
! DependOnService
Type: REG_MULTI_SZ Specifies a list of services upon which the AFS Client ! Service depends. Windows should not attempt to start the AFS Client ! Service until all of the specified services have successfully started. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value:
! Name
Type: REG_SZ Specifies the display name of the AFS Client Service --- 4924,4946 ---- |
Value: DependOnServiceType: REG_MULTI_SZ Specifies a list of services upon which the AFS Client ! Service depends. Windows should not attempt to start the AFS Client Service ! until all of the specified services have successfully started. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Value: NameType: REG_SZ Specifies the display name of the AFS Client Service *************** *** 5378,5388 **** |
Value:
! ProviderPath
Type: REG_SZ Specifies the DLL to use for the network provider --- 4950,4958 ---- |
Value: ProviderPathType: REG_SZ Specifies the DLL to use for the network provider *************** *** 5397,5408 **** Domain specific configuration keys for the Network ProviderThe network provider can be configured to have different ! behavior depending on the domain that the user logs into. These settings ! are only relevant when using integrated login. A domain refers to an ! Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the local ! machine (i.e. local account logins). The domain name that is used for ! selecting the domain would be the domain that is passed into the NPLogonNotify ! function of the network provider. Domain specific registry keys are: --- 4967,4978 ---- Domain specific configuration keys for the Network ProviderThe network provider can be configured to have different ! behavior depending on the domain that the user logs into. These settings are ! only relevant when using integrated login. A domain refers to an Active ! Directory (AD) domain, a trusted Kerberos (non-AD) realm or the local machine ! (i.e. local account logins). The domain name that is used for selecting ! the domain would be the domain that is passed into the NPLogonNotify function ! of the network provider. Domain specific registry keys are: *************** *** 5476,5486 **** |
Value: LogonOptions
Type: DWORD NSIS/WiX: depends on user configuration --- 5046,5054 ---- |
Value: LogonOptionsType: DWORD NSIS/WiX: depends on user configuration *************** *** 5500,5510 **** |
Value:
! FailLoginsSilentl
Type: DWORD (1|0) |
Value: FailLoginsSilentlType: DWORD (1|0) |
Value:
! LogonScript
Type: REG_SZ or REG_EXPAND_SZ |
Value: LogonScriptType: REG_SZ or REG_EXPAND_SZ |
Value:
! LoginRetryInterval
Type: DWORD |
Value: LoginRetryIntervalType: DWORD |
Value:
! LoginSleepInterval
Type: DWORD |
Value: LoginSleepIntervalType: DWORD |
Value: TheseCells
Type: REG_MULTI_SZ When Kerberos 5 is being used, TheseCells provides a list of additional cells for which tokens should be obtained with the default ! Kerberos 5 principal. |
Value: TheseCellsType: REG_MULTI_SZ When Kerberos v5 is being used, TheseCells provides a list of additional cells for which tokens should be obtained with the default ! Kerberos v5 principal. |
Value:
! Gateway
Type: REG_SZ
Default: ""
Function: GetGatewayName()
If the AFS client is utilizing a gateway to obtain AFS ! access, the name of the gateway is specified by this value.
Value:
! Cell
Type: REG_SZ
Default: <none>
Variable: IsServiceConfigured()
Value: Gateway
Type: REG_SZ
Default: ""
Function: GetGatewayName()
If the AFS client is utilizing a gateway to obtain AFS access, ! the name of the gateway is specified by this value.
Value: Cell
Type: REG_SZ
Default: <none>
Variable: IsServiceConfigured()
Value:
! ShowTrayIcon
Type: DWORD {0, 1}
Default: 1
Function: InitApp(), Main_OnCheckTerminate()
Value: ShowTrayIcon
Type: DWORD {0, 1}
Default: 1
Function: InitApp(), Main_OnCheckTerminate()
Value:
! EnableKFW
Type: DWORD {0, 1}
Default: 1
Function: KFW_is_available()
When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used to obtain AFS credentials. By setting this value to 0, the ! internal Kerberos 4 implementation will be used instead. The current user value is checked first; if it does not exist the local machine value is checked.
Value: EnableKFW
Type: DWORD {0, 1}
Default: 1
Function: KFW_is_available()
When MIT Kerberos for Windows can be loaded, Kerberos v5 will be used to obtain AFS credentials. By setting this value to 0, the ! internal Kerberos v4 implementation will be used instead. The current user value is checked first; if it does not exist the local machine value is checked.
Value:
! Use524
Type: DWORD {0, 1}
Default: 0
Function: KFW_use_krb524()
When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used to obtain AFS credentials. By setting this value to 1, the ! Kerberos 5 tickets will be converted to Kerberos 4 tokens via a call to the krb524 daemon. The current user value is checked first; if it does not exist the local machine value is checked.
Value: Use524
Type: DWORD {0, 1}
Default: 0
Function: KFW_use_krb524()
When MIT Kerberos for Windows can be loaded, Kerberos v5 will be used to obtain AFS credentials. By setting this value to 1, the ! Kerberos v5 tickets will be converted to Kerberos v4 tokens via a call to the krb524 daemon. The current user value is checked first; if it does not exist the local machine value is checked.
Value:
! AfscredsShortcutParams
Type: REG_SZ
Default: "-A -M -N -Q"
Function: Shortcut_FixStartup
Value: AfscredsShortcutParams
Type: REG_SZ
Default: "-A -M -N -Q"
Function: Shortcut_FixStartup
Value:
! Authentication Cell
Type: REG_SZ
Default: <none>
Function: Afscreds.exe GetDefaultCell()
Value: Authentication Cell
Type: REG_SZ
Default: <none>
Function: Afscreds.exe GetDefaultCell()
Value:
! "afs cell name"
Type: DWORD {0, 1}
Default: <none>
Function: LoadRemind(), SaveRemind()
Value: "afs cell name"
Type: DWORD {0, 1}
Default: <none>
Function: LoadRemind(), SaveRemind()
Value:
! "upper case drive letter"
Type: DWORD {0, 1}
Default: <none>
These values are used to store the persistence state of --- 5413,5421 ----
Value: "upper case drive letter"
Type: DWORD {0, 1}
Default: <none>
These values are used to store the persistence state of *************** *** 5896,5906 ****
Value:
! "upper case drive letter"
Type: REG_SZ
Default: <none>
These values are used to store the AFS path in UNIX --- 5438,5446 ----
Value: "upper case drive letter"
Type: REG_SZ
Default: <none>
These values are used to store the AFS path in UNIX *************** *** 5913,5931 ****
A.4 ! OpenAFS Client Service Environment Variables
Variable:
! AFS_RPC_ENCRYPT
Values: "OFF" disables the use of
RPC encryption any other value allows RPC encryption to be used A.4 OpenAFS Client Service Environment
! Variables
|