1# 2# CONFIGURATION FOR AFPD 3# 4# Each single line defines a virtual server that should be available. 5# Though, using "\" character, newline escaping is supported. 6# Empty lines and lines beginning with `#' are ignored. 7# Options in this file will override both compiled-in defaults 8# and command line options. 9# 10 11 12# 13# Format: 14# - [options] to specify options for the default server 15# "Server name" [options] to specify an additional server 16# 17 18 19# 20# The following options are available: 21# Transport Protocols: 22# -[no]tcp Make "AFP over TCP" [not] available 23# -[no]ddp Make "AFP over AppleTalk" [not] available. 24# If you have -proxy specified, specify -uamlist "" to 25# prevent ddp connections from working. 26# 27# -transall Make both available 28# 29# Transport Options: 30# -ipaddr <ipaddress> Specifies the IP address that the server should 31# advertise and listens to. The default is advertise 32# the first IP address of the system, but to listen 33# for any incoming request. The network address may 34# be specified either in dotted-decimal format for 35# IPv4 or in hexadecimal format for IPv6. 36# This option also allows to use one machine to 37# advertise the AFP-over-TCP/IP settings of another 38# machine via NBP when used together with the -proxy 39# option. 40# -server_quantum <number> 41# Specifies the DSI server quantum. The minimum 42# value is 1MB. The max value is 0xFFFFFFFF. If you 43# specify a value that is out of range, you'll get 44# the default value (currently the minimum). 45# -admingroup <groupname> 46# Specifies the group of administrators who should 47# all be seen as the superuser when they log in. 48# Default is disabled. 49# -ddpaddr x.y Specifies the DDP address of the server. 50# the default is to auto-assign an address (0.0). 51# this is only useful if you're running on 52# a multihomed host. 53# -port <number> Specifies the TCP port the server should respond 54# to (default is 548) 55# -fqdn <name:port> specify a fully-qualified domain name (+optional 56# port). this gets discarded if the server can't 57# resolve it. this is not honored by appleshare 58# clients <= 3.8.3 (default: none) 59# -hostname <name> Use this instead of the result from calling 60# hostname for dertermening which IP address to 61# advertise, therfore the hostname is resolved to 62# an IP which is the advertised. This is NOT used for 63# listening and it is also overwritten by -ipaddr. 64# -proxy Run an AppleTalk proxy server for specified 65# AFP/TCP server (if address/port aren't given, 66# then first IP address of the system/548 will 67# be used). 68# if you don't want the proxy server to act as 69# a ddp server as well, set -uamlist to an empty 70# string. 71# -slp Register this server with the Service Location 72# Protocol (if SLP support was compiled in). 73# -nozeroconf Don't register this server with the Multicats 74# DNS Protocol. 75# -advertise_ssh Allows Mac OS X clients (10.3.3-10.4) to 76# automagically establish a tunneled AFP connection 77# through SSH. This option is not so significant 78# for the recent Mac OS X. See the Netatalk Manual 79# in detail. 80# 81# 82# Authentication Methods: 83# -uampath <path> Use this path to look for User Authentication Modules. 84# (default: :UAMS_PATH:) 85# -uamlist <a,b,c> Comma-separated list of UAMs. 86# (default: uams_dhx.so,uams_dhx2.so) 87# 88# some commonly available UAMs: 89# uams_guest.so: Allow guest logins 90# 91# uams_clrtxt.so: (uams_pam.so or uams_passwd.so) 92# Allow logins with passwords 93# transmitted in the clear. 94# 95# uams_randnum.so: Allow Random Number and Two-Way 96# Random Number exchange for 97# authentication. 98# 99# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so) 100# Allow Diffie-Hellman eXchange 101# (DHX) for authentication. 102# 103# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so) 104# Allow Diffie-Hellman eXchange 2 105# (DHX2) for authentication. 106# 107# Password Options: 108# -[no]savepassword [Don't] Allow clients to save password locally 109# -passwdfile <path> Use this path to store Randnum passwords. 110# (Default: :ETCDIR:/afppasswd. The only other 111# useful value is ~/.passwd. See 'man afppasswd' 112# for details.) 113# -passwdminlen <#> minimum password length. may be ignored. 114# -[no]setpassword [Don't] Allow clients to change their passwords. 115# -loginmaxfail <#> maximum number of failed logins. this may be 116# ignored if the uam can't handle it. 117# 118# AppleVolumes files: 119# -defaultvol <path> Specifies path to AppleVolumes.default file 120# (default :ETCDIR:/AppleVolumes.default, 121# same as -f on command line) 122# -systemvol <path> Specifies path to AppleVolumes.system file 123# (default :ETCDIR:/AppleVolumes.system, 124# same as -s on command line) 125# -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or 126# ~/.AppleVolumes before reading 127# :ETCDIR:/AppleVolumes.default 128# (same as -u on command line) 129# -[no]uservol [Don't] Read the user's volume file 130# -closevol Immediately unmount volumes removed from 131# AppleVolumes files on SIGHUP sent to the afp 132# master process. 133# 134# Miscellaneous: 135# -authprintdir <path> Specifies the path to be used (per server) to 136# store the files required to do CAP-style 137# print authentication which papd will examine 138# to determine if a print job should be allowed. 139# These files are created at login and if they 140# are to be properly removed, this directory 141# probably needs to be umode 1777 142# -guestname "user" Specifies the user name for the guest login 143# (default "nobody", same as -g on command line) 144# -loginmesg "Message" Client will display "Message" upon logging in 145# (no default, same as -l "Message" on commandline) 146# -nodebug Switch off debugging 147# -client_polling With this switch enabled, afpd won't advertise 148# that it is capable of server notifications, so that 149# connected clients poll the server every 10 seconds 150# to detect changes in opened server windows. 151# Note: Depending on the number of simultaneously 152# connected clients and the network's speed, this can 153# lead to a significant higher load on your network! 154# -sleep <number> AFP 3.x wait number hours before disconnecting 155# clients in sleep mode. Default 10 hours 156# -tickleval <number> Specify the tickle timeout interval (in seconds). 157# Note, this defaults to 30 seconds, and really 158# shouldn't be changed. If you want to control 159# the server idle timeout, use the -timeout option. 160# -timeout <number> Specify the number of tickles to send before 161# timing out a connection. 162# The default is 4, therefore a connection will 163# timeout in 2 minutes. 164# -[no]icon [Don't] Use the platform-specific icon. Recent 165# Mac OS don't display it any longer. 166# -volnamelen <number> 167# Max length of UTF8-MAC volume name for Mac OS X. 168# Note that Hangul is especially sensitive to this. 169# 255: limit of spec 170# 80: limit of generic Mac OS X (default) 171# 73: limit of Mac OS X 10.1, if >= 74 172# Finder crashed and restart repeatedly. 173# Mac OS 9 and earlier is not influenced by this, 174# Maccharset volume names are always limitted to 27. 175# -[un]setuplog "<logtype> <loglevel> [<filename>]" 176# Specify that any message of a loglevel up to the 177# given loglevel should be logged to the given file. 178# If the filename is ommited the loglevel applies to 179# messages passed to syslog. 180# 181# By default (no explicit -setuplog and no buildtime 182# configure flag --with-logfile) afpd logs to syslog 183# with a default logging setup equivalent to 184# "-setuplog default log_info". 185# 186# If build with --with-logfile[=somefile] 187# (default logfile /var/log/netatalk.log) afpd 188# defaults to a setup that is equivalent to 189# "-setuplog default log_info [netatalk.log|somefile]" 190# 191# logtypes: Default, AFPDaemon, Logger, UAMSDaemon 192# loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, 193# LOG_NOTE, LOG_INFO, LOG_DEBUG, 194# LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, 195# LOG_DEBUG9, LOG_MAXDEBUG 196# 197# Example: Useful default config 198# -setuplog "default log_info /var/log/afpd.log" 199# 200# Debugging config 201# -setuplog "default log_maxdebug /var/log/afpd.log" 202# 203# -signature { user:<text> | auto } 204# Specify a server signature. This option is useful 205# while running multiple independent instances of 206# afpd on one machine (eg. in clustered environments, 207# to provide fault isolation etc.). 208# Default is "auto". 209# "auto" signature type allows afpd generating 210# signature and saving it to afp_signature.conf 211# automatically (based on random number). 212# "host" signature type switches back to "auto" 213# because it is obsoleted. 214# "user" signature type allows administrator to 215# set up a signature string manually. 216# Examples: three servers running on one machine: 217# first -signature user:USERS 218# second -signature user:USERS 219# third -signature user:ADMINS 220# First two servers will act as one logical AFP 221# service. If user logs in to first one and then 222# connects to second one, session will be 223# automatically redirected to the first one. But if 224# client connects to first and then to third, 225# will be asked for password twice and will see 226# resources of both servers. 227# Traditional method of signature generation causes 228# two independent afpd instances to have the same 229# signature and thus cause clients to be redirected 230# automatically to server (s)he logged in first. 231# -k5keytab <path> 232# -k5service <service> 233# -k5realm <realm> 234# These are required if the server supports 235# Kerberos 5 authentication 236# -ntdomain 237# -ntseparator 238# Use for eg. winbind authentication, prepends 239# both strings before the username from login and 240# then tries to authenticate with the result 241# through the availabel and active UAM authentication 242# modules. 243# 244# Codepage Options: 245# -unixcodepage <CODEPAGE> Specifies the servers unix codepage, 246# e.g. "ISO-8859-15" or "UTF8". 247# This is used to convert strings to/from 248# the systems locale, e.g. for authenthication. 249# Defaults to LOCALE if your system supports it, 250# otherwise ASCII will be used. 251# 252# -maccodepage <CODEPAGE> Specifies the mac clients codepage, 253# e.g. "MAC_ROMAN". 254# This is used to convert strings to the 255# systems locale, e.g. for authenthication 256# and SIGUSR2 messaging. This will also be 257# the default for volumes maccharset. 258# 259# CNID related options: 260# -cnidserver <ipaddress:port> 261# Specifies the IP address and port of a 262# cnid_metad server, required for CNID dbd 263# backend. Defaults to localhost:4700. 264# The network address may be specified either 265# in dotted-decimal format for IPv4 or in 266# hexadecimal format for IPv6. 267# 268# Avahi (Bonjour) related options: 269# -mimicmodel <model> 270# Specifies the icon model that appears on 271# clients. Defaults to off. Examples: RackMac 272# (same as Xserve), PowerBook, PowerMac, Macmini, 273# iMac, MacBook, MacBookPro, MacBookAir, MacPro, 274# AppleTV1,1, AirPort 275# 276 277 278# 279# Some examples: 280# 281# The simplest case is to not have an afpd.conf. 282# 283# 4 servers w/ names server1-3 and one w/ the hostname. servers 284# 1-3 get routed to different ports with server 3 being bound 285# specifically to address 192.168.1.3 286# 287# - 288# server1 -port 12000 289# server2 -port 12001 290# server3 -port 12002 -ipaddr 192.168.1.3 291# 292# a dedicated guest server, a user server, and a special 293# AppleTalk-only server: 294# 295# "Guest Server" -uamlist uams_guest.so \ 296# -loginmesg "Welcome guest! I'm a public server." 297# "User Server" -uamlist uams_dhx2.so -port 12000 298# "special" -ddp -notcp -defaultvol <path> -systemvol <path> 299# 300 301 302# default: 303# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword 304