From d4440319c3f954432056044fb55b2630594a46b7 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 12 Jul 2010 23:40:01 -0400 Subject: [PATCH] Commit DTD validation errors in the Windows Release Notes Correct errors detected using xmllint Change-Id: I75c936084f116addbb7918856fe958b596e91b03 Reviewed-on: http://gerrit.openafs.org/2393 Reviewed-by: Russ Allbery Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman --- doc/xml/ReleaseNotesWindows/relnotes.xml | 404 ++++++++++++----------- 1 file changed, 205 insertions(+), 199 deletions(-) diff --git a/doc/xml/ReleaseNotesWindows/relnotes.xml b/doc/xml/ReleaseNotesWindows/relnotes.xml index 1d73aaf93..062d9205c 100644 --- a/doc/xml/ReleaseNotesWindows/relnotes.xml +++ b/doc/xml/ReleaseNotesWindows/relnotes.xml @@ -8,7 +8,7 @@ OpenAFS for Windows Release Notes - 2003-2009 + 2003-2010 Secure Endpoints Inc. @@ -41,11 +41,15 @@ + an executable (.exe) that is built using the Nullsoft Scriptable Installation System, or + + a Windows Installer package (.msi) that is built using WiX and can be customized for organizations via the use of MSI Transforms (see MSI Deployment Guide) + @@ -53,9 +57,10 @@ System Requirements
- operating system versions, supported - system requirements 2.1 Supported Operating Systems + + operating system versions, supported + system requirements Microsoft Windows 2000 Workstation @@ -91,10 +96,11 @@ Microsoft Windows 2008 Server R2 (32-bit and 64-bit Intel) -
+
- operating system versions, unsupported 2.1.1 Unsupported Operating Systems + + operating system versions, unsupported Microsoft Windows 95 @@ -112,12 +118,15 @@ Microsoft NT + Older releases of OpenAFS are available for download if unsupported operating systems must be used.  The last version of OpenAFS with support for Win9x is 1.2.2b.  The last version with support for Windows NT 4.0 is 1.2.10.
- disk space required 2.2 Disk Space - Up to 60mb required for the OpenAFS binaries plus 100MB for the default AFSCache file.   The size of the AFSCache file may be adjusted via the Registry after installation. The maximum cache size for 32-bit Windows is approximately 1.2GB. On 64-bit Windows there is no practical limit on the cache size. + + disk space required + Up to 60mb required for the OpenAFS binaries plus 100MB for the default AFSCache file.   The size of the AFSCache file may be adjusted via the Registry after installation. The maximum cache size for 32-bit Windows is approximately 1.2GB. On 64-bit Windows there is no practical limit on the cache size. +
2.3 Additional Software Packages @@ -131,11 +140,11 @@ Operational Notes
+ 3.1. Unicode Support unicode character sets roaming profiles folder redirection - 3.1. Unicode Support Starting with the 1.5.50 release of OpenAFS for Windows, each of the AFS Client Service, the AFS Explorer Shell Extension, and the command-line tools are Unicode enabled. No longer is OpenAFS restricted to accessing file system objects whose names can be represented in the locale specific OEM code page. This has significant benefits for end users. Most importantly it permits non-Western languages to now be used for file system object names in AFS from Microsoft Windows operating systems. Now that Unicode names are supported, Roaming User Profiles and Folder Redirection will no longer fail when a user attempts to store an object with a name that cannot be represented in the OEM code page. @@ -147,8 +156,8 @@ Neither UNIX AFS nor Microsoft Windows 2000 systems can perform Unicode Normalization for string comparisons. Although it is possible to store and read Unicode object names, it is possible that a user may not be able to open an object by typing the name of the object at the keyboard. GUI point and click operations should permit any object to be accessed.
- kerberos for windows 3.2. Requirements for Kerberos v5 Authentication + kerberos for windows The OpenAFS distribution ships with its own implementation of Kerberos v4 and although it is Kerberos v5 capable, it relies on third party Kerberos v5 libraries. The OpenAFS 1.4 series (and later) integrates with MIT Kerberos for Windows 2.6.5 and above. OpenAFS Kerberos v5 capable functionality includes integrated logon, the AFS Authentication Tool, the Network Identity Manager AFS provider, and the aklog command. These tools provide support for Kerberos v5 authentication including acquisition and automatic renewal of AFS tokens as well as support for single sign-on via the Microsoft Windows Kerberos Logon Service. @@ -160,9 +169,9 @@ transarc afs With Kerberos for Windows installed, the OpenAFS for Windows client can obtain Kerberos v5 service tickets for AFS cells for use as tokens.  When a Kerberos v5 derived AFS token is in use, all of the AFS Servers within the authenticated cell must support Kerberos v5 authentication. If a Kerberos v5 based token is presented to an AFS server that does not support them, the server will be unable to communicate with the client. Attempts to access AFS volumes stored on such a server will fail with a "No Kerberos Key" error. Kerberos v5 based tokens are supported by OpenAFS revisions 1.2.8 or later. IBM Transarc servers do not support Kerberos v5.
- active directory - des-cbc-crc encryption type 3.2.1. Active Directory + active directory + des-cbc-crc encryption type Microsoft Windows Active Directory can be used as a Kerberos v5 KDC in conjunction with OpenAFS. There are two things to consider when using an Active Directory as the Kerberos realm that issues the AFS service ticket.  First, the Kerberos v5 tickets issued by Active Directory can be quite large when compared to tickets issued by a traditional UNIX KDCs due to the inclusion of Windows specific authorization data (the Microsoft PAC).  If the issued tickets are larger than 344 bytes, the OpenAFS 1.2 servers will be unable to process them and will issue a RXKADBADTICKET error. OpenAFS 1.4 (and beyond) servers can support the largest tickets that Active Directory can issue.  Second, the Kerberos v5 tickets issued by Windows 2003 Active Directory are encrypted with the DES-CBC-MD5 encryption type (enctype).  OpenAFS 1.2 servers only support the DES-CBC-CRC enctype. As a result, OpenAFS 1.2 servers cannot process the resulting Kerberos v5 tokens. Windows 2000 Active Directory issues tickets with the DES-CBC-CRC enctype. Windows Server 2008 R2 Active Directory domain by default disables use of DES-CBC-MD5 and it must be enabled. Microsoft has documented in Knowledge Base article 832572 a new NO_AUTH_REQUIRED flag that can be set on the account mapped to the AFS service principal. When this flag is set, the PAC authorization data will not be included in the ticket. Setting this flag is recommended for all accounts that are associated with non-Windows services and that do not understand the authorization data stored in the PAC. This flag cannot be used if AFS service tickets are obtained via cross-realm using an Active Directory user principal. @@ -170,10 +179,10 @@ Note that an Active Directory computer object cannot be used for the afs service principal.
- krb524 - port, 4444/udp - registry value, Use524 3.2.2. Using the krb524 Service + krb524 + port, 4444/udp + registry value, Use524 Before there was native support for Kerberos v5 derived AFS tokens, the krb524 service was used to convert a Kerberos v5 service ticket into a Kerberos v4 service ticket that could in turn be used to construct an AFS authentication token.  As of OpenAFS 1.2.8, support was added to allow the immediate use of Kerberos v5 tickets as AFS (2b) tokens. This is the first building block necessary to break away from the limitations of Kerberos v4 with AFS.  By using Kerberos v5 directly we avoid the security holes inherent in Kerberos v4 cross-realm.  We also gain access to cryptographically stronger algorithms for authentication and encryption. Another reason for using Kerberos v5 directly is because the krb524 service runs on a port (4444/udp) which has increasingly been blocked by ISPs.  The port was used to spread a worm which attacked Microsoft Windows in the summer of 2003.  When the port is blocked users find that they are unable to authenticate. @@ -186,8 +195,8 @@
- network identity manager 3.2.3. Network Identity Manager Provider + network identity manager As of release 1.5.9, OpenAFS for Windows includes a Network Identity Manager Provider for obtaining AFS tokens. This plug-in is a contribution from Secure Endpoints Inc. Network Identity Manager is a multiple identity credential management tool that ships with MIT Kerberos for Windows version 3.0 and above. The OpenAFS plug-in requires @@ -227,8 +236,8 @@
- microsoft loopback adapter 3.3. Use of the Microsoft Loopback Adapter by the AFS Client Service + microsoft loopback adapter The Microsoft Loopback Adapter (MLA) is installed with a name "AFS" and a pre-assigned IP address of 10.254.254.253.  The MLA is bound to the "Client for Microsoft Networks" service and not bound to the "File and Printer Sharing for Microsoft Networks" service.  If the MLA is unbound to "Client Microsoft Networks", the OpenAFS Client Service will become inaccessible when the machine is disconnected from the network.  If the MLA is bound to "File and Printer Sharing ..." there will be a service type collision between the "AFS" SMB Service and the local machine's File Sharing Service. This will result in the OpenAFS client service becoming inaccessible and the "NET VIEW \\AFS" command will return a "System Error 52" message.  To correct the problem: @@ -251,11 +260,11 @@
+ 3.4. Using Freelance (Dynamic Root) Mode to Improve Mobility freelance mode root.afs volume, fake mount points symlinks - 3.4. Using Freelance (Dynamic Root) Mode to Improve Mobility Traditionally, when the OpenAFS Client Service starts it must be able to access the "root.afs" volume of the default cell.  The "root.afs" volume contains the set of mount points to the "root.cell" volumes of various cells the administrator of the default cell believes should be accessible.  If the "root.afs" volume is inaccessible when the client service is started, the service will terminate unexpectedly.  Since many users now use laptops or otherwise operate in disconnected environments in which a VPN may be required to access the cell's servers, it is often the case that the "root.afs" volume for the default cell is not reachable and the OpenAFS Client Service will not successfully start. To allow the OpenAFS Client Service to operate in these environments, Freelance mode dynamically constructs a fake "root.afs" volume from mount points and symlinks stored in the local registry. The content of the fake "root.afs" volume is dynamically generated as cells are accessed.  When the fake "root.afs" volume is initially constructed it will only contain two mount points: a @@ -283,13 +292,14 @@
- dns, vldb lookups - afsdb dns records 3.5. Locating AFS Volume Database Servers via DNS + dns, vldb lookups + afsdb dns records The OpenAFS for Windows client will use DNS SRV records and AFSDB records to discover the location of AFS Volume Database servers when entries for the cell are not present in the client's CellServDB file (\%PROGRAMFILES%\OpenAFS\Client\CellServDB). Also see Registry Configuration for AFS Volume Database Servers.
+ 3.6. Obtaining AFS Tokens as a Integrated Part of Windows Logon integrated logon single sign-on kerberos for windows @@ -297,7 +307,6 @@ EnableKFW Use524 tokens - 3.6. Obtaining AFS Tokens as a Integrated Part of Windows Logon OpenAFS for Windows installs a WinLogon Network Provider to provide Single Sign-On functionality (aka Integrated Logon.)  Integrated Logon can be used when the Windows username and password match the username and password associated with the default cell's Kerberos realm.  For example, if the Windows username is "jaltman" and the default cell is "athena.mit.edu", then Integrated Logon can be successfully used if the windows password matches the password assigned to the Kerberos principal "jaltman@ATHENA.MIT.EDU".  The realm "ATHENA.MIT.EDU" is obtained by performing a domain name to realm mapping on the hostname of one of the cell's Volume Database servers. Integrated Logon is required if you desire the ability to store roaming user profiles within the AFS file system.  OpenAFS does not provide tools for synchronizing the Windows and Kerberos user accounts and passwords. When KFW is configured, Integrated Logon will use it to obtain tokens. Use of KFW for Integrated Logon can be disabled via the @@ -311,10 +320,10 @@
+ 3.7. AFS Authentication Tool Command Line Options afscreds.exe system tray tool network identity manager - 3.7. AFS Authentication Tool Command Line Options The AFS Authentication Tool (afscreds.exe) has been deprecated in favor of Network Identity Manager. afscreds.exe will be removed from the OpenAFS in a future release. The AFS Authentication Tool (afscreds.exe) supports several command line options: @@ -360,6 +369,7 @@
+ 3.8. The "AFS Client Admins" Authorization Group AFS client administrator authorization group AFS Client Admins fs checkservers @@ -377,7 +387,6 @@ symlink make fs makemount Freelance root.afs volume - 3.8. The "AFS Client Admins" Authorization Group The OpenAFS for Windows client supports a local Windows authorization group named "AFS Client Admins".  This group is used in place of the "Administrators" group to determine which users are allowed to modify the AFS Client Service configuration via the AFS Control Panel (afs_config.exe) or fs.exe command line tool.  The following fs.exe commands are now restricted to members of the "AFS Client Admins" group: @@ -424,11 +433,11 @@
+ 3.9. OpenAFS Support for UNC Paths UNC paths JP Software4NT JP SoftwareTake Commands PowerShell - 3.9. OpenAFS Support for UNC Paths The OpenAFS client supports UNC paths everywhere.  UNC paths provide a canonical name for resources stored within AFS.  UNC paths should be used instead of drive letter mappings whenever possible.   This is especially true when specifying the location of roaming profiles and redirected folders.   Power users that make extensive use of the command line shell, cmd.exe, should consider using JP Software's 4NT or Take Command command processors.  Unlike cmd.exe, the JPSoftware shells fully support UNC paths as the current directory.  JPSoftware added special recognition for OpenAFS to its command shells, 4NT 7.0 and Take Command 7.0.  AFS paths can be entered in UNIX notation (e.g., /afs/openafs.org/software), space utilization reports the output of the volume status for the specified path, and many AFS specific functions and variables have been added to the command language. JPSoftware's web site is @@ -437,8 +446,8 @@ Microsoft PowerShell 1.0 and 2.0 will also support UNC paths as the current directory.
- aklog.exe 3.10. aklog.exe + aklog.exe The OpenAFS Client ships with its own version of aklog.exe which should be used in preference to those obtained by other sources.  The OpenAFS aklog.exe supports Kerberos v5 as well as the ability to auto-generate AFS IDs within foreign PTS databases. @@ -458,12 +467,12 @@
+ 3.11. OpenAFS Servers on Windows are Unsupported OpenAFS Servers on Windows Freelance mode EnableKFW power management kaserver - 3.11. OpenAFS Servers on Windows are Unsupported The AFS Server functionality provided as part of the OpenAFS install package might work but should be considered highly experimental.  It has not been thoroughly tested.  Any data which would cause pain if lost should not be stored in an OpenAFS Server on Windows. Known issues include lack of support for power management and dynamic network configuration. Salvager is also known to crash.
@@ -492,8 +501,8 @@
- debug symbols 3.12. OpenAFS Debugging Symbol files + debug symbols The OpenAFS for Windows installers include Debugging Symbol files which should be installed if you are experiencing problems and need to send crash reports.  This is true for both the release and the debug versions of the installers.  The difference between the release and debug versions are: @@ -513,30 +522,30 @@
+ 3.13. Large File (64-bit) Support large file support 64-bit file sizes - 3.13. Large File (64-bit) Support As of release 1.5.3, OpenAFS for Windows supports files larger than 2GB.  The maximum file size is now 16777216 terabytes when the AFS File Server supports large files.   If the AFS File Server does not support 64-bit file sizes, then the maximum file size remains 2GB.
+ 3.14. Encrypted AFS Network Communication encryption fs setcrypt - 3.14. Encrypted AFS Network Communication The OpenAFS for Windows installer by default activates a weak form of encrypted data transfer between the AFS client and the AFS servers.  This is often referred to as "fcrypt" mode.  Encrypted data transfer can be turned on or off with the "fs crypt" command.  Transitions between "crypt" and "non-crypt" modes are logged to the Windows Application Event Log.
+ 3.15. Authenticated SMB Access to the OpenAFS Client Service SMB authentication NTLM GSS SPNEGO - 3.15. Authenticated SMB Access to the OpenAFS Client Service OpenAFS authenticates SMB connections using either NTLM or GSS SPNEGO (NTLM).  In previous versions of OpenAFS, the SMB connections were unauthenticated which opened the door for several attacks which could be used to obtain access to another user's tokens on shared machines.    When GSS SPNEGO attempts a Kerberos v5 authentication, the Windows SMB client will attempt to retrieve service tickets for "cifs/afs@REALM" (if the loopback adapter is in use) or "cifs/machine-afs@REALM" (if the loopback adapter is not being used).  It is extremely important that this service principal not exist in the KDC database as the Kerberos authentication must fail allowing automatic fallback to NTLM.  When NTLM is used a special local authentication mode will be used that does not require access to the user's password.  Instead, Windows will internally recognize the request as coming from a local logon session.
+ 3.16. INI Files Replaced By Windows Registry INI files CellServDB AFSCONF - 3.16. INI Files Replaced By Windows Registry IBM AFS and OpenAFS 1.2 Windows clients stored configuration data in Windows .INI files.   This OpenAFS client does not use Windows .INI files for the storage of configuration data.   All settings are stored in the registry (see Appendix A).  The CellServDB file is now stored in either the %ALLUSERSPROFILE%\Application Data\OpenAFS\Client directory (aka \ProgramData\OpenAFS\Client on Vista\Win7\2008) or the %PROGRAMFILES%\OpenAFS\Client directory.   The CellServDBDir registry value or the AFSCONF environment variable can be used to specify an alternative location. @@ -544,25 +553,25 @@ For users converting from IBM AFS clients, during installation OpenAFS will relocate the contents of the "afsdcell.ini" file to the new CellServDB file.  OpenAFS will also import the contents of the "afs_freelance.ini" file to the Windows registry.   OpenAFS will not process the contents of the "afsddbmt.ini".
+ 3.17. Microsoft Windows Internet Connection Firewall Windows Internet Connection Firewall firewall Back Connection - 3.17. Microsoft Windows Internet Connection Firewall The OpenAFS Client is compatible with the Internet Connection Firewall that debuted with Windows XP SP2 and Windows 2003 SP1.  The Internet Connection Firewall will be automatically adjusted to allow the receipt of incoming callback messages from the AFS file server.  In addition, the appropriate Back Connection registry entries are added to allow SMB authentication to be performed across the Microsoft Loopback Adapter.
+ 3.18. Browsing AFS from the Explorer Shell and Office Explorer Shell Microsoft Office - 3.18. Browsing AFS from the Explorer Shell and Office The OpenAFS Client Service implements the CIFS Remote Admin Protocol and the Microsoft RPC SVRSVC and WKSSVC services which allows Explorer to browse server and share information. This significantly enhances the interoperability of AFS volumes within the Explorer Shell and Microsoft Office applications.
+ 3.19. Byte Range Locking byte range locking Microsoft Office EnableServerLocks - 3.19. Byte Range Locking Many applications on Windows (e.g. Microsoft Office) require the use of byte range locks applied to a file either to protect against simultaneous file access or as a signaling mechanism.   OpenAFS for Windows release 1.5 (or greater) implements byte range locking within the CIFS-AFS gateway server.   This support for byte range locking obtains AFS’ advisory file server locks to simulate Microsoft Windows mandatory locks.   When an application opens a file, a lock will be obtained from AFS indicating that the file is in use.  If the lock is a write lock, access to the file will be restricted to other applications running on the same machine as the first application to request the lock.   Applications running on other machines will see the AFS full file lock and will be unable to access the file. Most Windows applications and Windows itself opens files in shared read mode. When this is done, a read lock is applied to the file.   This does not prevent shared read access across multiple machines but is used to ensure that no one writes to the file while it is in use. As the CIFS-AFS gateway server attempts to implement Windows lock semantics on top of AFS lock semantics it is important to understand how AFS file locks work.  In Windows there are no special privileges associated with obtaining file locks.  If you can read or execute a file, then you can obtain shared and exclusive locks.  In general, a Windows shared lock equates to an AFS read lock and a Windows exclusive lock equates to an AFS write lock.  In AFS if you can write to a file, then you can obtain a write lock.  However, in AFS if you can read a file it does not mean that you can obtain a read lock on it.   The ability to obtain read locks is granted only if you have the lock (or ‘k’) privilege.  This behavior is required in order to allow anonymous users to read files while preventing them from being able to deny access to the files to other users.  @@ -597,9 +606,9 @@
+ 3.20. Automatic Discarding of AFS Tokens at Logoff tokens LogoffPreserveTokens - 3.20. Automatic Discarding of AFS Tokens at Logoff The OpenAFS Client will automatically forget a user's tokens upon Logoff unless the user's profile was loaded from an AFS volume.  In this situation there is no mechanism to determine when the profile has been successfully written back to the network.  It is therefore unsafe to release the user's tokens.  Whether or not the profile has been loaded from the registry can be determined for Local Accounts, Active Directory accounts and NT4 accounts. If there is a need to disable this functionality, the LogoffPreserveTokens registry value can be used. (see @@ -607,39 +616,39 @@
- Terminal Server - 3.21. Windows Terminal Server installations + Terminal Server + Installation When installing the NSIS (.exe) installer under Terminal Server, you must execute it from within the Add/Remove Programs Control Panel.  Failure to do so will result in AFS not running properly.  The AFS Server should not be installed on a machine with Terminal Server installed.
- HideDotFiles 3.22. Hidden Dot Files + HideDotFiles AFS is a UNIX native file system.  The OpenAFS client attempts to treat the files stored in AFS as they would be on UNIX.  File and directory names beginning with a "." are automatically given the Hidden attribute so they will not normally be displayed. This behavior can be altered via the HideDotFiles registry value.
+ 3.23. Status Cache Limits afs_confige.exe AFS Configuration Control Panel cache limits Stats - 3.23. Status Cache Limits The Status Cache (AFS Configuration Control Panel: Advanced Page) is defined to have a maximum number of entries.  Each entry represents a single file or directory entry accessed within the AFS file system.  When the maximum number of entries are allocated, entries will begin to be reused according to a least recently used (LRU) algorithm.  If the number of files or directories being accessed repeatedly by your applications is greater then the maximum number of entries, your host will begin to experience thrashing of the Status Cache and all requests will result in network operations. If you are experiencing poor performance try increasing the maximum number of Status Cache entries.  Each entry requires approximately 1.2K.  The default number of Status Cache entries is 10,000. This can be adjusted using the Stats registry value.
- NETBIOS over TCP 3.24. NETBIOS over TCP/IP must be enabled + NETBIOS over TCP "Netbios over TCP/IP" must be active on the machine in order for communication with the AFS Client Service to succeed.  If "Netbios over TCP/IP" is disabled on the machine, then communication with the AFS Client Service will be impossible. If you are using the Microsoft Loopback Adapter, configure the "Netbios over TCP/IP" setting for the adapter.
+ 3.25. OpenAFS binaries are digitally signed digital signatures Secure Endpoints Inc. VerifyServiceSignature - 3.25. OpenAFS binaries are digitally signed The OpenAFS Client Service and related binaries distributed by OpenAFS.org are digitally signed by "Secure Endpoints Inc.".  The OpenAFS Client Service will perform a run-time verification check to ensure that all OpenAFS related DLLs loaded by the service match the same file version number and were signed by the same entity.  This check has been added to prevent the stability problems caused by more than one AFS installation present on a machine at the same time.  Many hours of support time have been wasted tracking down problems caused by the mixture of files from different releases.  Appendix A documents the " @@ -647,15 +656,15 @@
- cache size 3.26. Maximum Size of the AFSCache File + cache size The maximum cache size on 32-bit Windows is approximately 1.3GB.  This is the largest contiguous block of memory in the 2GB process address space which can be used for constructing a memory mapped file.  Due to fragmentation of the process space caused by the loading of libraries required by the digital signature verification code, any attempt to specify a cache size greater then 700MB will result in the automatic disabling of the signature check. Significantly larger cache sizes can be used on 64-bit Windows. On 32-bit systems that have Apple Bonjour 1.0.6 installed, the maximum cache size is further constrained due design flaw in the Apple mdnsNSP.dll which is injected into all processes that use network services. On these systems the maximum is approximately 512MB.
+ 3.27. Filename Character Sets character sets StoreAnsiFilenames - 3.27. Filename Character Sets This section describes functionality and concerns related to pre-1.5.50 releases of OpenAFS for Windows. This release stores all file names on the file servers as Unicode encoded using UTF-8. OpenAFS for Windows implements an SMB server which is used as a gateway to the AFS filesystem.  Because of limitations of the SMB implementation in pre-1.5.50 releases, Windows stored all files into AFS using OEM code pages such as CP437 (United States) or CP850 (Western Europe).  These code pages are incompatible with the ISO Latin-1 or Unicode (UTF-8) character sets typically used as the default on UNIX systems in both the United States and Western Europe.  Filenames stored by OpenAFS for Windows were therefore unreadable on UNIX systems if they include any of the following characters: @@ -710,26 +719,26 @@
+ 3.28. Character Set Issues with Roaming Profiles character sets roaming profiles - 3.28. Character Set Issues with Roaming Profiles This section describes functionality and concerns related to pre-1.5.50 releases of OpenAFS for Windows. This release stores all file names on the file servers as Unicode encoded using UTF-8. There is a known issue with storing Windows Roaming Profiles when the profile contains either directories or files with names which cannot be represented in the local OEM character set.  In this case, attempts to write the profile back to AFS will fail during the character set conversion.  The pre-1.5.50 OpenAFS Client’s CIFS gateway did not support UNICODE.  To avoid this problem some sites run custom logoff scripts (assigned by group policy) which rename all files to use only the supported characters for the locale. Versions of OpenAFS for Windows 1.5.50 and above do not suffer from these issues.
+ 3.29. The AFSCache File AFSCache cache file SysInternals - 3.29. The AFSCache File The AFS Cache file is stored by default at %TEMP%\AFSCache in a persistent file marked with the Hidden and System attributes.  The persistent nature of the data stored in the cache file improves the performance of OpenAFS by reducing the number of times data must be read from the AFS file servers.  The performance of the AFS Client Service is significantly affected by the access times associated with the AFSCache paging file.   When given the choice, the AFSCache file should be placed on a fast disk, preferably NTFS, the file should not be compressed and should consist of as few fragments as possible.   Significant performance gains can be achieved by defragmenting the AFSCache file with SysInternal's Contig utility while the AFS Client Service is stopped.
+ 3.30. Restricting OpenAFS Client Service Start and Stop service start restrictions TransarcAFSDaemon afsdacl.exe - 3.30. Restricting OpenAFS Client Service Start and Stop A new command line tool, afsdacl.exe, can be used to restrict the ability to start and stop the OpenAFS Client Service. @@ -744,26 +753,26 @@
+ 3.31. The @sys Name List @sys fs sysname SysName - 3.31. The @sys Name List The default @sys name list in the OpenAFS Client is set to "x86_win32 i386_w2k i386_nt40" for 32-bit x86 systems.  The default is "amd64_win64" for amd 64-bit versions of Windows.
+ 3.32. Symlinks to AFS UNC Paths UNC paths symlinks path separators symlink.exe symlink make - 3.32. Symlinks to AFS UNC Paths In OpenAFS, symlinks to AFS UNC paths, \\AFS[\all]\..., are treated the same as symlinks to /afs/...  However, please use /afs/... as the Windows UNC form will not work on UNIX client. The symlink make command will automatically translate \\AFS\... to /afs/... for you.
+ 3.33. Cache Manager Debugging debugging the cache manager cmdebug.exe - 3.33. Cache Manager Debugging The OpenAFS Client implements the Cache Manager Debugging RPC Interface.  The CM debugger can be queried with cmdebug.exe. @@ -780,32 +789,32 @@
+ 3.34. Windows Logon Caching vs. Kerberos Logons windows logon caching kerberos - 3.34. Windows Logon Caching vs. Kerberos Logons If you are a site which utilizes MIT/Heimdal Kerberos principals to logon to Windows via a cross-realm relationship with a multi-domain Windows forest, you must enable Windows logon caching unless the workstation is Windows Vista.
+ 3.35. Initial Server Preferences server preferences fs setserverprefs setting server preferences - 3.35. Initial Server Preferences VLDB and File Server Preferences can now be provided initial values using registry keys.  This is useful for managed machines in a Windows domain which are centrally located (e.g., in a computing lab.)  See Appendix A for details on the " Server Preferences" keys.
+ 3.36. File Timestamps and Daylight Saving Time timestamps DST UTC - 3.36. File Timestamps and Daylight Saving Time The OpenAFS Client reports timestamps on files stored in AFS in UTC all year round.  In locales with daylight savings time, previous versions of AFS for Windows reported the time when DST is active as UTC+1.  This was done to preserve the relative local time for the user.  A file stored at 11:00am EST in January would be reported as having been stored at 11:00am EDT in June.  Unfortunately, this has the negative side effect of changing the reported timestamp from 16:00UTC to 15:00UTC.  Since Windows treats all file times in UTC, data synchronization applications which rely on the timestamp would believe that all files stored in AFS had changed. It should be noted that UNIX based operating systems (such as Solaris) do not appear to report file times to applications in UTC.  They do preserve the relative local time.  This may confuse some users who are used to being able to compare the timestamp in an UNIX shell with the timestamp from the Windows explorer.  During DST, these two times will no longer agree even though they are in fact representing the same moment in time.
- RPC client support 3.37. Windows RPC client support must be installed + RPC client support If the installer refuses to install and complains about an RPC configuration error, check to ensure that the following registry entries are present and that they refer to the dll "rpcrt4.dll":    HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_np"    HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_ip_tcp" @@ -813,18 +822,18 @@    HKLM "SOFTWARE\Microsoft\RPC\ClientProtocols" "ncacn_http"
+ 3.38. Generating Minidumps of the OpenAFS Client Service minidumps fs minidump - 3.38. Generating Minidumps of the OpenAFS Client Service OpenAFS 1.4 added a new command, "fs minidump".  This command can be used at any time to generate a mini dump file containing the current stack of the afsd_service.exe process.   This output can be very helpful when debugging the AFS Client Service when it is unresponsive to SMB/CIFS requests.
+ 3.39. AFS Client Universally Unique Identifiers (UUIDs) vs. System Cloning UUIDs system cloning NonPersistentCaching instloop.exe msiexec.exe - 3.39. AFS Client Universally Unique Identifiers (UUIDs) vs. System Cloning The OpenAFS Client implements Universally Unique Identifiers (UUIDs).  They are used to provide the AFS file server with a method of identifying the client that is independent of IP address.  This permits the AFS file server to track mobile clients or those behind Network Address Translators when they move from address to address or port to port. Tracking the client improves client performance by permitting callback state to be maintained across location changes. The UUID is generated when the AFSCache file is created and is maintained as long as the contents of the AFSCache file are valid.  The UUID is stored in the AFSCache file.  When cloning machines that have Windows AFS client installed it is necessary to generate a new UUID for each client. This will be done automatically if the Windows Machine SID is re-generated using Microsoft SysPrep. If the SID is not being re-generated either the AFSCache file should be deleted or the command fs uuid -generate must be executed after the the clone is created. @@ -840,12 +849,12 @@
+ 3.40. Delayed Write Errors with Microsoft Office Applications delayed write errors ConnDeadTimeout SMBAsyncStoreSize EnableSMBAsyncStore SMB timeouts - 3.40. Delayed Write Errors with Microsoft Office Applications Microsoft Office makes heavy use of asynchronous input/output methods for reading and writing to file streams.  This can result in hundreds of requests being simultaneously queued for service by the CIFS client with a fixed timeout period.  As the AFS CIFS server is local to the machine the Windows CIFS client believes that it can respond almost instantaneously to write requests as the actual writing to the AFS file server is performed by a background daemon thread.  When the actual network bandwidth to the AFS file server is slow and the file size is large it is possible for the CIFS client to time out the connection.  When this happens a "delayed write error" will be reported to the user and the application may crash.  The only workaround at the current time is to save first to a local disk and subsequently copy the file to AFS as copying a file with the explorer shell does not use asynchronous i/o. The CIFS session timeout defaults to 45 seconds and can be increased by modifying the ConnDeadTimeout registry value. @@ -862,10 +871,10 @@ from 45 seconds to 10 minutes.
+ 3.41. Global Drives (aka Service Drive Letters) are no longer supported by Microsoft global drives service drive letters path ioctl failures - 3.41. Global Drives (aka Service Drive Letters) are no longer supported by Microsoft The Global DriveAuto-mount feature has been deprecated due to the following Microsoft KB article. http://msdn.microsoft.com/library/en-us/dllproc/base/services_and_redirected_drives.asp @@ -881,16 +890,16 @@ on service mounted drive letters.
+ 3.42. 64-bit Microsoft Windows Installations 64-bit Windows - 3.42. 64-bit Microsoft Windows Installations Although 64-bit Windows platforms support both 64-bit and 32-bit applications, the OpenAFS Service installed on the machine must be 64-bit.  The 64-bit installer contains only 64-bit executables.  In order to support 32-bit applications that link against OpenAFS libraries it is required that a separate 32-bit OpenAFS Tools set be installed. For example, the 32-bit version of Kerberos for Windows can be used with the 32-bit OpenAFS Tools to manage AFS tokens. OpenAFS on 64-bit Windows benefits from the lifting of the 2GB process memory restriction that is present in 32-bit Windows.   Without this restriction the AFS Cache File can become arbitrarily large limited only by available disk space.
+ 3.43. Known Issues with Microsoft Windows Vista, Windows 7, and Server 2008 [R2] windows vista windows 2008 windows 7 - 3.43. Known Issues with Microsoft Windows Vista, Windows 7, and Server 2008 [R2] OpenAFS for Windows works with Microsoft Windows Vista, Windows 7 and Server 2008 [R2] from both the command prompt and the Explorer Shell. When performing an upgrade from earlier versions of Microsoft Windows the Microsoft Loopback Adapter (MSLA) will be uninstalled. OpenAFS should be re-installed after the Windows Upgrade installation to restore the MSLA configuration. @@ -915,9 +924,9 @@
+ 3.44. New AFS Share Name Syntax Provides Direct Access to Volumes share names afs volumes - direct access - 3.44. New AFS Share Name Syntax Provides Direct Access to Volumes Starting with the 1.5.21 release of OpenAFS for Windows, the following syntax can be used to access any volume in any cell without requiring the creation of a mount point. \\AFS\<cell><mount point type><volume>\ Where <cell> can be either a full cell name or an unambiguous prefix, the <mount point type> is ‘#’ for a normal mount point or ‘%’ to force the use of a read-write volume, and <volume> is either a volume name or its ID number. @@ -927,12 +936,12 @@ \\AFS\athena.mit.edu# 537235559\
+ 3.45. Differences between Windows and UNIX <emphasis>fs examine</emphasis> fs examine fs chown fs chgrp owner information group information - 3.45. Differences between Windows and UNIX <emphasis>fs examine</emphasis> The OpenAFS for Windows version of "fs examine" provide two additional lines of output when compared to the UNIX implementation. These lines include the owner and group information for the file as well as the volume status. The Windows output will also indicate the type of object {File, Directory, Mountpoint, Symlink, ...} that was examined. @@ -952,12 +961,12 @@ To set the group use fs chgrp -group <user name or id> [-path <dir/file path>+] [-literal]
+ 3.46. Literal evaluation of AFS objects via fs commands -literal fs examine fs flush fs whereis fs whichcell - 3.46. Literal evaluation of AFS objects via fs commands Beginning with the 1.5.31 release, the fs commands examine, flush, @@ -967,18 +976,18 @@
+ 3.47. Out of Quota errors out of quota quotas - 3.47. Out of Quota errors Prior to the 1.5.31 release, out of quota errors were reported to the calling application as an out of space error. As of 1.5.31, an out of space error will indicate that the partition on which the volume is located is in fact out of space. Whereas an out of quota error indicates that the user does not have permission to allocate additional space.
+ 3.48. Linked Cells linked cells cell renaming cell splitting cell merging CellServDB - 3.48. Linked Cells The 1.5.55 release adds support for linked cells as implemented in the Unix OpenAFS client. When two cells are linked, a volume lookup in one cell that fails is retried in the linked cell. This functionality can be used to implement: @@ -1007,23 +1016,23 @@
+ 3.49 Registry Configuration for AFS Volume Database Servers vldb server locations CellServDB - 3.49 Registry Configuration for AFS Volume Database Servers Beginning with the 1.5.60 release, the [HKLM\SOFTWARE\OpenAFS\Client\CellServDB] registry key can be used to distribute Volume Database Server location information either as a supplement to the CellServDB file or as a substitute for it. The precedence order for lookups is: Registry, File, and then DNS.
- HTMLHelp 3.50 Documentation Converted to Windows HTML Help + HTMLHelp Starting with the 1.5.60 release, this document, the OpenAFS Administrator Guide and the OpenAFS User Guide are provided in HTML Help format instead of raw HTML pages.
+ 3.51. Support for Microsoft RPC Services: WKSSVC and SRVSVC Explorer Shell Microsoft Office - 3.51. Support for Microsoft RPC Services: WKSSVC and SRVSVC Beginning with the 1.5.62 release, the OpenAFS SMB Server supports named pipes and the Microsoft RPC Services WKSSVC and SRVSVC. This permits a significantly improved Netbios Server browsing experience with both the NET VIEW \\AFS command and the Explorer Shell. No longer will Windows display truncated @@ -1031,8 +1040,8 @@ and the target of symlinks and mount points.
- fs newcell 3.52. Differences between Windows and UNIX <emphasis>fs newcell</emphasis> + fs newcell The OpenAFS for Windows version of "fs newcell" prior to 1.5.74 behaved quite differently than its UNIX counterpart. Instead of adding cell server information for a new cell, the command simply caused the cache manager to destroy all of its @@ -1065,17 +1074,17 @@
- debugging How to Debug Problems with OpenAFS for Windows + debugging OpenAFS for Windows provides a wide range of tools to assist you in debugging problems.  The techniques available to you are varied because of the wide range of issues that have been discovered over the years.
+ 4.1. pioctl debugging ( + <link linkend='Value_IoctlDebug'>IoctlDebug</link> registry key) + IoctlDebug tokens.exe aklog.exe afscreds.exe - 4.1. pioctl debugging ( - <link linkend='Value_IoctlDebug'>IoctlDebug</link> registry key) - pioctl (path-based ioctl) calls are used by various tools to communicate with the AFS Client Service.  Some of the operations performed include: @@ -1110,19 +1119,19 @@ should be set.  Then any of the commands that perform pioctl calls should be executed from the command prompt.  With this key set the pioctl library will generate debugging output to stderr.  The output will contain the Win32 API calls executed along with their most important parameters and their return code.   The MSDN Library and the Microsoft KnowledgeBase can be used as a reference to help you determine the configuration probem with your system.
+ 4.2. afsd_service initialization log (%WinDir%\TEMP\afsd_init.log) afsd_init.log MaxLogSize - 4.2. afsd_service initialization log (%WinDir%\TEMP\afsd_init.log) Every time the AFS Client Service starts it appends data about its progress and configuration to a file.  This file provides information crucial to determining why the service cannot start when there are problems.  When the process terminates due to a panic condition it will write to this file the source code file and line number of the error.  In many cases the panic condition is due to a misconfiguration of the machine.  In other cases it might be due to a programming error in the software.  A quick review of the location in the source code will quickly reveal the reason for the termination. The MaxLogSize registry value determines the maximum size of the %WINDIR%\TEMP\afsd_init.log file.  If the file is larger than this value when OpenAFS Client Service starts, the file will be reset to 0 bytes.  If value is set to 0, the file will be allowed to grow indefinitely.
+ 4.3. afsd_service debug logs (fs trace {-on, -off, -dump} ->%WinDir%\TEMP\afsd.log) afsd.log fs trace TraceBufferSize - 4.3. afsd_service debug logs (fs trace {-on, -off, -dump} ->%WinDir%\TEMP\afsd.log) When attempting to debug the behavior of the SMB/CIFS Server and the Cache Manager it is often useful to examine a log of the operations being performed.  While running the AFS Client Service keeps an in memory log of many of its actions.   The default number of actions preserved at any one time is 5000.  This can be adjusted with the TraceBufferSize registry value: @@ -1131,11 +1140,11 @@ A restart of the service is necessary when adjusting this value.   Execute "fs trace -on" to clear to the log and "fs trace -dump" to output the contents of the log to the file.
+ 4.4. Using SysInternal’s Debug Viewer, Process Monitor and Process Explorer Tools SysInternals dbgview.exe procmon.exe TraceOption - 4.4. Using SysInternal’s Debug Viewer, Process Monitor and Process Explorer Tools An alternatve option to the use of "fs trace -dump" to capture internal OpenAFS Client Service events is to use a tool such as Sysinternal's Debug Viewer to capture real-time debugging output.  When the OpenAFS Client Service starts and Bit 2 of the TraceOption value in the registry is set, all trace log events are output using the Windows Debug Monitor interface (OutputDebugString).  @@ -1158,12 +1167,12 @@
+ 4.5. Creating Microsoft MiniDumps +(fs minidump -> %WinDir%\TEMP\afsd.dmp) minidumps fs minidump MiniDumpType afsd.dmp - 4.5. Creating Microsoft MiniDumps -(fs minidump -> %WinDir%\TEMP\afsd.dmp) If the AFS Client Service become unresponsive to any form of communication there may be a serious error that can only be debugged by someone with access to the source code and a debugger.   The "fs minidump" command can be used to force the generation of a MiniDump file containing the state of all of the threads in the AFS Client Service process.  The most accurate MiniDump files will be produced after installing " Microsoft Debugging Tools for Windows". @@ -1172,9 +1181,9 @@
+ 4.6. Single Sign-on (Integrated Logon) debugging integrated logon TraceOption - 4.6. Single Sign-on (Integrated Logon) debugging If you are having trouble with the Integrated Logon operations it is often useful to be able to obtain a log of what it is attempting to do.   Setting Bit 0 of the TraceOption registry value: @@ -1183,8 +1192,8 @@ will instruct the Integrated Logon Network Provider and Event Handlers to log information to the Windows Event Log: Application under the name "AFS Logon".
- rxdebug.exe 4.7. RX (AFS RPC) debugging (rxdebug) + rxdebug.exe The rxdebug.exe tool can be used to query a variety of information about the AFS services installed on a given machine.  The port for the AFS Cache Manager is 7001.  @@ -1206,8 +1215,8 @@
- cmdebug.exe 4.8. Cache Manager debugging (cmdebug) + cmdebug.exe The cmdebug.exe tool can be used to query the state of the AFS Cache Manager on a given machine. @@ -1224,18 +1233,18 @@
+ 4.9. Persistent Cache consistency check AFSCache validate cache file - 4.9. Persistent Cache consistency check The persistent cache is stored in a Hidden System file at %WinDir%\TEMP\AFSCache.  If there is a problem with the persistent cache that prevent the AFS Client Service from being able to start a validation check on the file can be performed.   afsd_service.exe --validate-cache <cache-path>
+ 4.10. Token Acquisition Debugging tokens klog.exe kinit.exe aklog.exe - 4.10. Token Acquisition Debugging If you are having trouble obtaining tokens with the Network Identity Manager AFS credential provider, it is recommended that you verify your ability to obtain tokens using the command-line tools klog.exe (if you are using kaserver) or kinit.exe and @@ -1245,8 +1254,8 @@
- bug reports Reporting Bugs + bug reports Bug reports should be sent to openafs-bugs@openafs.org.  Please include as much information as possible about the issue.  If you are reporting a crash, please install the debugging symbols by re-running the installer.  If a dump file is available for the problem, %WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file  %WINDIR%\TEMP\afsd.log.  The AFS Client startup log is %WINDIR%\TEMP\afsd_init.log.  Send the last continuous block of  log information from this file. @@ -1294,12 +1303,12 @@ - contributing to OpenAFS How to Contribute to the Development of OpenAFS for Windows + contributing to OpenAFS Contributions to the development of OpenAFS for Windows are continuously needed.  Contributions may take many forms including cash donations, support contracts, donated developer time, and even donated tech writer time.
- USENIX OpenAFS Fund 6.1. The USENIX OpenAFS Fund + USENIX OpenAFS Fund USENIX, a 501c3 non-profit corporation, has formed the USENIX OpenAFS Fund in order to accept tax deductible donations on behalf of the OpenAFS Elders. The donated funds will be allocated by the OpenAFS Elders to fund OpenAFS development, documentation, project management, and maintaining openafs.org. @@ -1327,8 +1336,8 @@
- Secure Endpoints Inc. 6.2. Secure Endpoints Inc. + Secure Endpoints Inc. Secure Endpoints Inc. provides development and support services for OpenAFS for Windows and MIT Kerberos for Windows.  Donations provided to Secure Endpoints Inc. for the development of OpenAFS are used to cover the OpenAFS gatekeeper responsibilities; providing support to the OpenAFS community via the OpenAFS mailing lists; and furthering development of desired features that are either too small to be financed by development contracts. @@ -1343,10 +1352,10 @@ Organizations that use OpenAFS in house and have development staffs are encouraged to contribute any code modifications they make to OpenAFS.org via openafs-bugs@openafs.org.  Contributions of documentation are highly desired.
+ 6.4. OpenAFS for Windows Mailing Lists mailing lists openafs-win32-devel openafs-info - 6.4. OpenAFS for Windows Mailing Lists If you wish to participate in OpenAFS for Windows development please join the openafs-win32-devel@openafs.org mailing list. @@ -1363,9 +1372,9 @@
+ MSI Deployment Guide msi deployment msi transforms - MSI Deployment Guide
7.1. Introduction A MSI installer option is available for those who wish to use Windows Installer for installing OpenAFS and for organizations that wish to deploy OpenAFS through Group Policy.  The first version of OpenAFS for Windows available as an MSI was 1.3.65. @@ -2418,8 +2427,8 @@
Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
- LANadapter Value: LanAdapter + LANadapter Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD Default: -1 @@ -2427,8 +2436,8 @@ LAN adapter number to use.  This is the lana number of the LAN adapter that the SMB server should bind to.  If unspecified or set to -1, a LAN adapter with named 'AFS' or a loopback adapter will be selected.  If neither are present, then all available adapters will be bound to.  When binding to a non-loopback adapter, the NetBIOS name hostname%-AFS' will be used (where %hostname% is the NetBIOS name of the host truncated to 11 characters). Otherwise, the NetBIOS name will be 'AFS'.
- CacheSize <anchor id='Value_CacheSize' />Value: CacheSize + CacheSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD Default: 98304 (CM_CONFIGDEFAULT_CACHESIZE) @@ -2436,8 +2445,8 @@ Size of the AFS cache in 1k blocks.
- ChunkSize Value: ChunkSize + ChunkSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD Default: 20 (CM_CONFIGDEFAULT_CHUNKSIZE) @@ -2457,8 +2466,8 @@
- ServerThreads Value: ServerThreads + ServerThreads Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD Default: 25 (CM_CONFIGDEFAULT_SVTHREADS) @@ -2468,8 +2477,8 @@
- Stats Value: Stats + Stats Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2480,8 +2489,8 @@
- Volumes Value: Volumes + Volumes Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2498,8 +2507,8 @@ Variable: cm_initParams.nVolumes
- Cells Value: Cells + Cells Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2515,8 +2524,8 @@ Variable: cm_initParams.nCells
- LogoffPreserveTokens Value: LogoffPreserveTokens + LogoffPreserveTokens Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2528,9 +2537,9 @@ Default : 0
+ Value: RootVolume RootVolume root.afs - Value: RootVolume Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -2544,9 +2553,9 @@ Variable: cm_rootVolumeName
+ Value: MountRoot MountRoot /afs - Value: MountRoot Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -2561,9 +2570,9 @@ Variable: cm_mountRoot
+ Value: CachePath CachePath AFSCache - Value: CachePath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ or REG_EXPAND_SZ @@ -2578,8 +2587,8 @@ Variable: cm_CachePath
- NonPersistentCaching Value: NonPersistentCaching + NonPersistentCaching Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD [0..1] @@ -2594,8 +2603,8 @@ Variable: buf_CacheType
- ValidateCache Value: ValidateCache + ValidateCache Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD [0..2] @@ -2616,8 +2625,8 @@ Variable: buf_CacheType
- TrapOnPanic Value: TrapOnPanic + TrapOnPanic Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2631,10 +2640,10 @@ Variable: traceOnPanic
+ Value: NetbiosName NetbiosName SMB Server Name \\AFS - Value: NetbiosName Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_EXPAND_SZ @@ -2649,8 +2658,8 @@ Variable: cm_NetbiosName
- IsGateway Value: IsGateway + IsGateway Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2665,8 +2674,8 @@ Variable: isGateway
- ReportSessionStartups Value: ReportSessionStartups + ReportSessionStartups Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2680,8 +2689,8 @@ Variable: reportSessionStartups
- TraceBufferSize Value: TraceBufferSize + TraceBufferSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2696,8 +2705,8 @@ Variable: traceBufSize
- SysName Value: SysName + SysName Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -2715,9 +2724,9 @@ Variable: cm_sysName
+ Value: SecurityLevel SecurityLevel fs setcrypt - Value: SecurityLevel Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2732,10 +2741,10 @@ Variable: cryptall
+ Value: UseDNS UseDNS AFSDB DNS records SRV DNS records - Value: UseDNS Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2750,9 +2759,9 @@ Variable: cm_dnsEnabled
+ Value: FreelanceClient FreelanceClient dynroot - Value: FreelanceClient Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2767,8 +2776,8 @@ Variable: cm_freelanceEnabled
- HideDotFiles Value: HideDotFiles + HideDotFiles Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1,0} @@ -2783,8 +2792,8 @@ Variable: smb_hideDotFiles
- MaxMpxRequests Value: MaxMpxRequests + MaxMpxRequests Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2798,8 +2807,8 @@ Variable: smb_maxMpxRequests
- MaxVCPerServer Value: MaxVCPerServer + MaxVCPerServer Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2813,9 +2822,9 @@ Variable: smb_maxVCPerServer
+ Value: Cell Cell workstation cell name - Value: Cell Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -2830,8 +2839,8 @@ Variable: rootCellName
- RxEnablePeerStats Value: RxEnablePeerStats + RxEnablePeerStats Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2846,8 +2855,8 @@ Variable: rx_enable_peer_stats
- RxEnableProcessStats Value: RxEnableProcessStats + RxEnableProcessStats Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -2862,8 +2871,8 @@ Variable: rx_extra_process_stats
- RxExtraPackets Value: RxExtraPackets + RxExtraPackets Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2877,8 +2886,8 @@ Variable: rx_extraPackets
- RxMaxMTU Value: RxMaxMTU + RxMaxMTU Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2894,8 +2903,8 @@ Variable: rx_mtu
- RxNoJumbo Value: RxNoJumbo + RxNoJumbo Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0,1} @@ -2909,8 +2918,8 @@ Variable: rx_nojumbo
- ConnDeadTimeout Value: ConnDeadTimeout + ConnDeadTimeout Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] @@ -2926,8 +2935,8 @@ Variable: rx_nojumbo
- HardDeadTimeout Value: HardDeadTimeout + HardDeadTimeout Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2949,8 +2958,8 @@ Variable: rx_nojumbo
- IdleDeadTimeout Value: IdleDeadTimeout + IdleDeadTimeout Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2968,8 +2977,8 @@ Variable: rx_nojumbo
- NATPingInterval Value: NATPingInterval + NATPingInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -2994,8 +3003,8 @@ Variable: rx_nojumbo
- TraceOption Value: TraceOption + TraceOption Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0-15} @@ -3011,8 +3020,8 @@ Default: 0
- AllSubmount Value: AllSubmount + AllSubmount Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3024,8 +3033,8 @@ Default: 1
- NoFindLanaByName Value: NoFindLanaByName + NoFindLanaByName Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3037,8 +3046,8 @@ Default: 0
- MaxCPUs Value: MaxCPUs + MaxCPUs Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {1..32} or {1..64} depending on the architecture @@ -3049,8 +3058,8 @@ Default: <no default>
- SMBAuthType Value: SmbAuthType + SMBAuthType Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0..2} @@ -3076,8 +3085,8 @@ The default is Extended authentication
- MaxLogSize Value: MaxLogSize + MaxLogSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0 .. MAXDWORD} @@ -3089,8 +3098,8 @@ Default: 100K
- FlushOnHibernate Value: FlushOnHibernate + FlushOnHibernate Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0,1} @@ -3101,8 +3110,8 @@ Default: 1
- DaemonCheckDownInterval Value: DaemonCheckDownInterval + DaemonCheckDownInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3113,8 +3122,8 @@ Default: 180
- DaemonCheckUpInterval Value: DaemonCheckUpInterval + DaemonCheckUpInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3125,8 +3134,8 @@ Default: 600
- DaemonCheckVolInterval Value: DaemonCheckVolInterval + DaemonCheckVolInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3137,8 +3146,8 @@ Default: 3600
- DaemonCheckCBInterval Value: DaemonCheckCBInterval + DaemonCheckCBInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3149,8 +3158,8 @@ Default: 60
- DaemonCheckLockInterval Value: DaemonCheckLockInterval + DaemonCheckLockInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3161,8 +3170,8 @@ Default: 60
- DaemonCheckTokenInterval Value: DaemonCheckTokenInterval + DaemonCheckTokenInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3173,8 +3182,8 @@ Default: 180
- DaemonCheckOfflineVolInterval Value: DaemonCheckOfflineVolInterval + DaemonCheckOfflineVolInterval Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD (seconds) @@ -3185,9 +3194,9 @@ Default: 600
+ Value: CallBackPort CallBackPort port 7001/udp - Value: CallBackPort Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -3198,8 +3207,8 @@ Default: 7001
- EnableServerLocks Value: EnableServerLocks + EnableServerLocks Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1, 2} @@ -3214,8 +3223,8 @@ Default: 1
- DeleteReadOnly Value: DeleteReadOnly + DeleteReadOnly Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3228,8 +3237,8 @@ Default: 0
- BPlusTrees Value: BPlusTrees + BPlusTrees Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3242,8 +3251,8 @@ Default: 1
- PrefetchExecutableExtensions Value: PrefetchExecutableExtensions + PrefetchExecutableExtensions Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: MULTI_SZ @@ -3254,8 +3263,8 @@ Default: none specified
- OfflineReadOnlyIsValid Value: OfflineReadOnlyIsValid + OfflineReadOnlyIsValid Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3268,8 +3277,8 @@ Default: 0
- GiveUpAllCallBacks Value: GiveUpAllCallBacks + GiveUpAllCallBacks Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3282,8 +3291,8 @@ Default: 0
- ReadOnlyVolumeVersioning Value: ReadOnlyVolumeVersioning + ReadOnlyVolumeVersioning Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3302,8 +3311,8 @@ Default: 0
- FollowBackupPath Value: FollowBackupPath + FollowBackupPath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {0, 1} @@ -3316,8 +3325,8 @@ Default: 0
- RxUdpBufSize Value: RxUdpBufSize + RxUdpBufSize Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD {bytes} @@ -3327,9 +3336,9 @@ Default: 262144
- GlobalAutoMapper Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper] + GlobalAutoMapper
Value: <DriveLetter> Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper] @@ -3343,9 +3352,9 @@ Default: 262144
Regkey: [HKLM\SOFTWARE\OpenAFS\Client]
+ Value: CellServDBDir CellServDB CellServDBDir - Value: CellServDBDir Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_SZ @@ -3357,8 +3366,8 @@ Default: <not defined>
- VerifyServiceSignature Value: VerifyServiceSignature + VerifyServiceSignature Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_DWORD @@ -3370,9 +3379,9 @@ Default: 0x1
+ Value: IoctlDebug IoctlDebug path ioctl debugging - Value: IoctlDebug Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_DWORD @@ -3384,9 +3393,9 @@ Default: 0x0
+ Value: MiniDumpType minidumps MiniDumpType - Value: MiniDumpType Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_DWORD @@ -3397,7 +3406,7 @@ Default: 0x0 (MiniDumpNormal) Valid values are dependent on the version of DbgHelp.dll installed on the machine.  The best version to use is not the version that comes with the operating system but the version that is included in the most recent release of " Microsoft Debugging Tools for Windows".  See the Microsoft Developer Library for further information. - + MiniDumpNormal = 0x00000000 @@ -3448,8 +3457,8 @@ MiniDumpWithCodeSegs = 0x00002000
- EnableSMBAsyncStore Value: EnableSMBAsyncStore + EnableSMBAsyncStore Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_DWORD @@ -3461,8 +3470,8 @@ Default: 0x1
- SMBAsyncStoreSize Value: SMBAsyncStoreSize + SMBAsyncStoreSize Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_DWORD @@ -3474,10 +3483,10 @@ Default: 32
+ Value: StoreAnsiFilenames StoreAnsiFilenames Unicode character sets - Value: StoreAnsiFilenames Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Type: REG_DWORD @@ -3491,8 +3500,8 @@ Default: 0x0
- CSCPolicy Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy] + CSCPolicy
Value: <smb share name> Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy] @@ -3506,8 +3515,8 @@ Default: <none>
- CellServDB Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CellServDB] + CellServDB The CellServDB key is an alternative to the CellServDB file that can be used either to supplement or override its contents. This registry entry is meant to provide organizations that centrally manage their client configurations using Active Directory Group Policy a means of updating records for individual cells or servers without pushing out a new file. @@ -3563,9 +3572,8 @@ Default: <none>
Value: HostName - Type: REG_SZ Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CellServDB\<Cell Name>\<Server>] - + Type: REG_SZ Default: <none> This value is used to specify a fully qualified domain name appropriate that matches either a DNS A or DNS CNAME record. If provided, this value supercedes the name of the <server> key. It is recommended that the value of this field be terminated with a period in order to avoid the use of domain substitution @@ -3605,9 +3613,9 @@ Default: <none>
+ Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance] Freelance Freelance Mount Points - Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
Value: <numeric value> Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance] @@ -3622,8 +3630,8 @@ Default: <none>
- Freelance Symlinks Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks] + Freelance Symlinks
Value: <numeric value> Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks] @@ -3639,9 +3647,9 @@ Default: <none>
+ Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Realms] Realms network identity manager - Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Realms] The Realms key is used to provide initialization data to be used when new identities are added to the Network Identity Manager. The AFS Provider will search for a subkey that matches the realm of the identity. If such a key exists, its values will be used to populate the AFS configuration for the identity.
@@ -3684,9 +3692,9 @@ Default: <none>
- Submounts Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Submounts] + Submounts
Value: <Submount Name> Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Submounts] @@ -3701,9 +3709,9 @@ Default: <none>
- Server Preferences Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\VLDB] + Server Preferences
Value: <hostname or ip address> Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\VLDB] @@ -3729,14 +3737,14 @@ Default: <none>
- integrated logon A.2. Integrated Logon Network Provider Parameters + integrated logon Affects the network provider (afslogon.dll).
Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
- FailLoginsSilently Value: FailLoginsSilently + FailLoginsSilently Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: DWORD @@ -3749,8 +3757,8 @@ Default: 0 Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
- NoWarnings Value: NoWarnings + NoWarnings Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: DWORD @@ -3759,11 +3767,10 @@ Default: 0 Disables visible warnings during logon.
-
+ Value: AuthentProviderPath AuthentProviderPath afslogon.dll - Value: AuthentProviderPath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_SZ @@ -3774,8 +3781,8 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll
- Class Value: Class + Class Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: DWORD @@ -3786,8 +3793,8 @@ NSIS: 0x02
- DependOnGroup Value: DependOnGroup + DependOnGroup Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_MULTI_SZ @@ -3798,8 +3805,8 @@ NSIS: PNP_TDI
- DependOnService Value: DependOnService + DependOnService Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_MULTI_SZ @@ -3810,8 +3817,8 @@ NSIS: Tcpip NETBIOS RpcSs
- Name - network provider Value: Name + Name - network provider Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_SZ @@ -3822,9 +3829,9 @@ NSIS: "OpenAFSDaemon"
+ Value: ProviderPath ProviderPath afslogon.dll - Value: ProviderPath Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] Type: REG_SZ @@ -3836,8 +3843,8 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll
- domain logon configuration A.2.1 Domain specific configuration keys for the Network Provider + domain logon configuration The network provider can be configured to have different behavior depending on the domain that the user logs into.  These settings are only relevant when using integrated login.  A domain refers to an Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the local machine (i.e. local account logins).  The domain name that is used for selecting the domain would be the domain that is passed into the NPLogonNotify function of the network provider. Domain specific registry keys are:
@@ -3874,8 +3881,8 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
- LogonOptions Value: LogonOptions + LogonOptions [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -3906,8 +3913,8 @@ Default: 0x01
- FailLoginsSilently Value: FailLoginsSilently + FailLoginsSilently [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST] @@ -3923,8 +3930,8 @@ NSIS/WiX: (not set)
- LogonScript Value: LogonScript + LogonScript [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST] @@ -3940,8 +3947,8 @@ NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a
- LoginRetryInterval Value: LoginRetryInterval + LoginRetryInterval [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST] @@ -3957,8 +3964,8 @@ NSIS/WiX: (not set)
- LoginSleepInterval Value: LoginSleepInterval + LoginSleepInterval [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST] @@ -3974,8 +3981,8 @@ NSIS/WiX: (not set)
- Realm Value: Realm + Realm [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -3989,8 +3996,8 @@ NSIS: <not set>
- TheseCells Value: TheseCells + TheseCells [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain] [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>] @@ -4017,28 +4024,28 @@ NSIS: <not set> A.2.1.3 Exceptions to A.2.1.2 To retain backwards compatibility, the following exceptions are made to A.2.1.2.
- FailLoginsSilently 2.1.3.1 'FailLoginsSilently' + FailLoginsSilently Historically, the 'FailLoginsSilently' value was in HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters key and not in the NP key.  Therefore, for backwards compatibility, the value in the Parameters key will supercede all instances of this value in other keys.  In the absence of this value in the Parameters key, normal scope rules apply.
- LogonScript 2.1.3.2 'LogonScript' + LogonScript If a 'LogonScript' is not specified in the specific domain key nor in the domains key, the value in the NP key will only be checked if the effective 'LogonOptions' specify a high security integrated login.  If a logon script is specified in the specific domain key or the domains key, it will be used regardless of the high security setting.  Please be aware of this when setting this value.
+ A.3. AFS Credentials System Tray Tool parameters afscreds.exe System Tray Tool - A.3. AFS Credentials System Tray Tool parameters Affects the behavior of afscreds.exe
Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
- Gateway Value: Gateway + Gateway Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -4052,8 +4059,8 @@ Function: GetGatewayName()
- Cell Value: Cell + Cell Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Type: REG_SZ @@ -4070,8 +4077,8 @@ Variable: IsServiceConfigured() [HKLM\SOFTWARE\OpenAFS\Client] [HKCU\SOFTWARE\OpenAFS\Client]
- ShowTrayIcon Value: ShowTrayIcon + ShowTrayIcon Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] Type: DWORD {0, 1} @@ -4088,8 +4095,8 @@ Function: InitApp(), Main_OnCheckTerminate()
- EnableKFW Value: EnableKFW + EnableKFW Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] @@ -4105,8 +4112,8 @@ Function: KFW_is_available()
- AcceptDottedPrincipalName Value: AcceptDottedPrincipalNames + AcceptDottedPrincipalName Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] Type: DWORD {0, 1} @@ -4121,8 +4128,8 @@ Function: KFW_accept_dotted_usernames()
- Use524 Value: Use524 + Use524 Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] @@ -4138,8 +4145,8 @@ Function: KFW_use_krb524()
- AfscredsShortcutParams Value: AfscredsShortcutParams + AfscredsShortcutParams Regkey: [HKLM\SOFTWARE\OpenAFS\Client] Regkey: [HKCU\SOFTWARE\OpenAFS\Client] @@ -4179,8 +4186,8 @@ Function: Shortcut_FixStartup Regkey: [HKCU\SOFTWARE\OpenAFS\Client]
- Authentication Cell Value: Authentication Cell + Authentication Cell Regkey: [HKCU\SOFTWARE\OpenAFS\Client] Type: REG_SZ @@ -4194,9 +4201,9 @@ Function: Afscreds.exe GetDefaultCell()
- Reminders Regkey: [HKCU\SOFTWARE\OpenAFS\Client\Reminders] + Reminders
Value: <afs cell name> Regkey: [HKCU\SOFTWARE\OpenAFS\Client\Reminders] @@ -4212,9 +4219,9 @@ Function: LoadRemind(), SaveRemind()
- ActiveMaps Regkey: [HKCU\SOFTWARE\OpenAFS\Client\Active Maps] + ActiveMaps
Value: <upper case drive letter> Regkey: [HKCU\SOFTWARE\OpenAFS\Client\ActiveMaps] @@ -4247,8 +4254,8 @@ Default: <none>
A.4 OpenAFS Client Service Environment Variables
- AFS_RPC_ENCRYPT Value: AFS_RPC_ENCRYPT + AFS_RPC_ENCRYPT Values: "OFF" disables the use of RPC encryption @@ -4262,8 +4269,8 @@ Default: RPC encryption is on
- AFS_RPC_PROTSEQ Value: AFS_RPC_PROTSEQ + AFS_RPC_PROTSEQ Values: @@ -4281,10 +4288,9 @@ Default: RPC encryption is on Default: local RPC
-  
- Name Index +