1# 2# CONFIGURATION FOR AFPD (Netatalk 2.x) 3# 4# Each single line defines a virtual server that should be available. 5# Though, using "\" character, newline escaping is supported. 6# Empty lines and lines beginning with `#' are ignored. 7# Options in this file will override both compiled-in defaults 8# and command line options. 9# 10 11 12# 13# Format: 14# - [options] to specify options for the default server 15# "Server name" [options] to specify an additional server 16# 17 18 19# 20# The following options are available: 21# Transport Protocols: 22# -[no]tcp Make "AFP over TCP" [not] available 23# -[no]ddp Make "AFP over AppleTalk" [not] available. 24# If you have -proxy specified, specify -uamlist "" to 25# prevent ddp connections from working. 26# 27# -transall Make both available 28# 29# Transport Options: 30# -ipaddr <ipaddress> Specifies the IP address that the server should 31# advertise and listens to. The default is advertise 32# the first IP address of the system, but to listen 33# for any incoming request. The network address may 34# be specified either in dotted-decimal format for 35# IPv4 or in hexadecimal format for IPv6. 36# This option also allows to use one machine to 37# advertise the AFP-over-TCP/IP settings of another 38# machine via NBP when used together with the -proxy 39# option. 40# -server_quantum <number> 41# Specifies the DSI server quantum. The minimum 42# value is 1MB. The max value is 0xFFFFFFFF. If you 43# specify a value that is out of range, you'll get 44# the default value (currently the minimum). 45# -admingroup <groupname> 46# Specifies the group of administrators who should 47# all be seen as the superuser when they log in. 48# Default is disabled. 49# -ddpaddr x.y Specifies the DDP address of the server. 50# the default is to auto-assign an address (0.0). 51# this is only useful if you're running on 52# a multihomed host. 53# -port <number> Specifies the TCP port the server should respond 54# to (default is 548) 55# -fqdn <name:port> specify a fully-qualified domain name (+optional 56# port). this gets discarded if the server can't 57# resolve it. this is not honored by appleshare 58# clients <= 3.8.3 (default: none) 59# -hostname <name> Use this instead of the result from calling 60# hostname for dertermening which IP address to 61# advertise, therfore the hostname is resolved to 62# an IP which is the advertised. This is NOT used for 63# listening and it is also overwritten by -ipaddr. 64# -proxy Run an AppleTalk proxy server for specified 65# AFP/TCP server (if address/port aren't given, 66# then first IP address of the system/548 will 67# be used). 68# if you don't want the proxy server to act as 69# a ddp server as well, set -uamlist to an empty 70# string. 71# -dsireadbuf [number] 72# Scale factor that determines the size of the 73# DSI/TCP readahead buffer, default is 12. This is 74# multiplies with the DSI server quantum (default 75# ~300k) to give the size of the buffer. Increasing 76# this value might increase throughput in fast local 77# networks for volume to volume copies. Note: This 78# buffer is allocated per afpd child process, so 79# specifying large values will eat up large amount of 80# memory (buffer size * number of clients). 81# -tcprcvbuf [number] 82# Try to set TCP receive buffer using setsockpt(). 83# Often OSes impose restrictions on the applications 84# ability to set this value. 85# -tcpsndbuf [number] 86# Try to set TCP send buffer using setsockpt(). 87# Often OSes impose restrictions on the applications 88# ability to set this value. 89# -slp Register this server with the Service Location 90# Protocol (if SLP support was compiled in). 91# -nozeroconf Don't register this server with the Multicats 92# DNS Protocol. 93# -advertise_ssh Allows Mac OS X clients (10.3.3-10.4) to 94# automagically establish a tunneled AFP connection 95# through SSH. This option is not so significant 96# for the recent Mac OS X. See the Netatalk Manual 97# in detail. 98# 99# 100# Authentication Methods: 101# -uampath <path> Use this path to look for User Authentication Modules. 102# (default: /usr/local/etc/netatalk/uams) 103# -uamlist <a,b,c> Comma-separated list of UAMs. 104# (default: uams_dhx.so,uams_dhx2.so) 105# 106# some commonly available UAMs: 107# uams_guest.so: Allow guest logins 108# 109# uams_clrtxt.so: (uams_pam.so or uams_passwd.so) 110# Allow logins with passwords 111# transmitted in the clear. 112# 113# uams_randnum.so: Allow Random Number and Two-Way 114# Random Number exchange for 115# authentication. 116# 117# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so) 118# Allow Diffie-Hellman eXchange 119# (DHX) for authentication. 120# 121# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so) 122# Allow Diffie-Hellman eXchange 2 123# (DHX2) for authentication. 124# 125# Password Options: 126# -[no]savepassword [Don't] Allow clients to save password locally 127# -passwdfile <path> Use this path to store Randnum passwords. 128# (Default: /usr/local/etc/netatalk/afppasswd. The only other 129# useful value is ~/.passwd. See 'man afppasswd' 130# for details.) 131# -passwdminlen <#> minimum password length. may be ignored. 132# -[no]setpassword [Don't] Allow clients to change their passwords. 133# -loginmaxfail <#> maximum number of failed logins. this may be 134# ignored if the uam can't handle it. 135# 136# AppleVolumes files: 137# -defaultvol <path> Specifies path to AppleVolumes.default file 138# (default /usr/local/etc/netatalk/AppleVolumes.default, 139# same as -f on command line) 140# -systemvol <path> Specifies path to AppleVolumes.system file 141# (default /usr/local/etc/netatalk/AppleVolumes.system, 142# same as -s on command line) 143# -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or 144# ~/.AppleVolumes before reading 145# /usr/local/etc/netatalk/AppleVolumes.default 146# (same as -u on command line) 147# -[no]uservol [Don't] Read the user's volume file 148# -closevol Immediately unmount volumes removed from 149# AppleVolumes files on SIGHUP sent to the afp 150# master process. 151# 152# Miscellaneous: 153# -authprintdir <path> Specifies the path to be used (per server) to 154# store the files required to do CAP-style 155# print authentication which papd will examine 156# to determine if a print job should be allowed. 157# These files are created at login and if they 158# are to be properly removed, this directory 159# probably needs to be umode 1777 160# -guestname "user" Specifies the user name for the guest login 161# (default "nobody", same as -g on command line) 162# -loginmesg "Message" Client will display "Message" upon logging in 163# (no default, same as -l "Message" on commandline) 164# -nodebug Switch off debugging 165# -client_polling With this switch enabled, afpd won't advertise 166# that it is capable of server notifications, so that 167# connected clients poll the server every 10 seconds 168# to detect changes in opened server windows. 169# Note: Depending on the number of simultaneously 170# connected clients and the network's speed, this can 171# lead to a significant higher load on your network! 172# -sleep <number> AFP 3.x wait number hours before disconnecting 173# clients in sleep mode. Default 10 hours 174# -tickleval <number> Specify the tickle timeout interval (in seconds). 175# Note, this defaults to 30 seconds, and really 176# shouldn't be changed. If you want to control 177# the server idle timeout, use the -timeout option. 178# -timeout <number> Specify the number of tickles to send before 179# timing out a connection. 180# The default is 4, therefore a connection will 181# timeout in 2 minutes. 182# -[no]icon [Don't] Use the platform-specific icon. Recent 183# Mac OS don't display it any longer. 184# -volnamelen <number> 185# Max length of UTF8-MAC volume name for Mac OS X. 186# Note that Hangul is especially sensitive to this. 187# 255: limit of spec 188# 80: limit of generic Mac OS X (default) 189# 73: limit of Mac OS X 10.1, if >= 74 190# Finder crashed and restart repeatedly. 191# Mac OS 9 and earlier is not influenced by this, 192# Maccharset volume names are always limitted to 27. 193# -[un]setuplog "<logtype> <loglevel> [<filename>]" 194# Specify that any message of a loglevel up to the 195# given loglevel should be logged to the given file. 196# If the filename is ommited the loglevel applies to 197# messages passed to syslog. 198# 199# By default (no explicit -setuplog and no buildtime 200# configure flag --with-logfile) afpd logs to syslog 201# with a default logging setup equivalent to 202# "-setuplog default log_info". 203# 204# If build with --with-logfile[=somefile] 205# (default logfile /var/log/netatalk.log) afpd 206# defaults to a setup that is equivalent to 207# "-setuplog default log_info [netatalk.log|somefile]" 208# 209# logtypes: Default, AFPDaemon, Logger, UAMSDaemon 210# loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, 211# LOG_NOTE, LOG_INFO, LOG_DEBUG, 212# LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, 213# LOG_DEBUG9, LOG_MAXDEBUG 214# 215# Example: Useful default config 216# -setuplog "default log_info /var/log/afpd.log" 217# 218# Debugging config 219# -setuplog "default log_maxdebug /var/log/afpd.log" 220# 221# -signature { user:<text> | auto } 222# Specify a server signature. This option is useful 223# while running multiple independent instances of 224# afpd on one machine (eg. in clustered environments, 225# to provide fault isolation etc.). 226# Default is "auto". 227# "auto" signature type allows afpd generating 228# signature and saving it to afp_signature.conf 229# automatically (based on random number). 230# "host" signature type switches back to "auto" 231# because it is obsoleted. 232# "user" signature type allows administrator to 233# set up a signature string manually. 234# Examples: three servers running on one machine: 235# first -signature user:USERS 236# second -signature user:USERS 237# third -signature user:ADMINS 238# First two servers will act as one logical AFP 239# service. If user logs in to first one and then 240# connects to second one, session will be 241# automatically redirected to the first one. But if 242# client connects to first and then to third, 243# will be asked for password twice and will see 244# resources of both servers. 245# Traditional method of signature generation causes 246# two independent afpd instances to have the same 247# signature and thus cause clients to be redirected 248# automatically to server (s)he logged in first. 249# -k5keytab <path> 250# -k5service <service> 251# -k5realm <realm> 252# These are required if the server supports 253# Kerberos 5 authentication 254# -ntdomain 255# -ntseparator 256# Use for eg. winbind authentication, prepends 257# both strings before the username from login and 258# then tries to authenticate with the result 259# through the availabel and active UAM authentication 260# modules. 261# -dircachesize entries 262# Maximum possible entries in the directory cache. 263# The cache stores directories and files. It is used 264# to cache the full path to directories and CNIDs 265# which considerably speeds up directory enumeration. 266# Default size is 8192, maximum size is 131072. Given 267# value is rounded up to nearest power of 2. Each 268# entry takes about 100 bytes, which is not much, but 269# remember that every afpd child process for every 270# connected user has its cache. 271# -fcelistener host[:port] 272# Enables sending FCE events to the specified host, 273# default port is 12250 if not specified. Specifying 274# mutliple listeners is done by having this option 275# once for each of them. 276# -fceevents fmod,fdel,ddel,fcre,dcre,tmsz 277# Speficies which FCE events are active, default is 278# fmod,fdel,ddel,fcre,dcre. 279# -fcecoalesce all|delete|create 280# Coalesce FCE events. 281# -fceholdfmod seconds 282# This determines the time delay in seconds which is 283# always waited if another file modification for the 284# same file is done by a client before sending an FCE 285# file modification event (fmod). For example saving 286# a file in Photoshop would generate multiple events 287# by itself because the application is opening, 288# modifying and closing a file mutliple times for 289# every "save". Defautl: 60 seconds. 290# -keepsessions Enable "Continuous AFP Service". This means the 291# ability to stop the master afpd process with a 292# SIGQUIT signal, possibly install an afpd update and 293# start the afpd process. Existing AFP sessions afpd 294# processes will remain unaffected. Technically they 295# will be notified of the master afpd shutdown, sleep 296# 15-20 seconds and then try to reconnect their IPC 297# channel to the master afpd process. If this 298# reconnect fails, the sessions are in an undefined 299# state. Therefor it's absolutely critical to restart 300# the master process in time! 301# -noacl2maccess Don't map filesystem ACLs to effective permissions. 302# 303# Codepage Options: 304# -unixcodepage <CODEPAGE> Specifies the servers unix codepage, 305# e.g. "ISO-8859-15" or "UTF8". 306# This is used to convert strings to/from 307# the systems locale, e.g. for authenthication. 308# Defaults to LOCALE if your system supports it, 309# otherwise ASCII will be used. 310# 311# -maccodepage <CODEPAGE> Specifies the legacy clients (<= Mac OS 9) 312# codepage, e.g. "MAC_ROMAN". 313# This is used to convert strings to the 314# systems locale, e.g. for authenthication 315# and SIGUSR2 messaging. This will also be 316# the default for volumes maccharset. 317# 318# CNID related options: 319# -cnidserver <ipaddress:port> 320# Specifies the IP address and port of a 321# cnid_metad server, required for CNID dbd 322# backend. Defaults to localhost:4700. 323# The network address may be specified either 324# in dotted-decimal format for IPv4 or in 325# hexadecimal format for IPv6. 326# 327# Avahi (Bonjour) related options: 328# -mimicmodel <model> 329# Specifies the icon model that appears on 330# clients. Defaults to off. Examples: RackMac 331# (same as Xserve), PowerBook, PowerMac, Macmini, 332# iMac, MacBook, MacBookPro, MacBookAir, MacPro, 333# AppleTV1,1, AirPort 334# 335 336 337# 338# Some examples: 339# 340# The simplest case is to not have an afpd.conf. 341# 342# 4 servers w/ names server1-3 and one w/ the hostname. servers 343# 1-3 get routed to different ports with server 3 being bound 344# specifically to address 192.168.1.3 345# 346# - 347# server1 -port 12000 348# server2 -port 12001 349# server3 -port 12002 -ipaddr 192.168.1.3 350# 351# a dedicated guest server, a user server, and a special 352# AppleTalk-only server: 353# 354# "Guest Server" -uamlist uams_guest.so \ 355# -loginmesg "Welcome guest! I'm a public server." 356# "User Server" -uamlist uams_dhx2.so -port 12000 357# "special" -ddp -notcp -defaultvol <path> -systemvol <path> 358# 359 360 361# default: 362# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so 363