1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211
|
#
# CONFIGURATION FOR AFPD
#
# Each line defines a virtual server that should be available.
# Empty lines and lines beginning with `#' are ignored.
# Options in this file will override both compiled-in defaults
# and command line options.
#
# Format:
# - [options] to specify options for the default server
# "Server name" [options] to specify an additional server
#
# The following options are available:
# Transport Protocols:
# -[no]tcp Make AFP-over-TCP [not] available
# -[no]ddp Make AFP over AppleTalk [not] available. if you
# have -proxy specified, specify -uamlist "" to
# prevent ddp connections from working.
#
# -transall Make both available (default)
#
# Transport Options:
# -ipaddr <w.x.y.z> Specifies the IP address the server should respond
# to (default is the first IP address of the system)
# This option also allows one machine to advertise
# TCP/IP for another machine.
# -server_quantum <number>
# Specifies the DSI server quantum. The minimum
# value is 1MB. The max value is 0xFFFFFFFF. If you
# specify a value that is out of range, you'll get
# the default value (currently the minimum).
# -admingroup <groupname>
# Specifies the group of administrators who should all
# be seen as the superuser when they log in. Default
# is disabled.
# -ddpaddr x.y Specifies the DDP address of the server. the
# default is to auto-assign an address
# (0.0). this is only useful if you're running
# on a multihomed host.
# -port <number> Specifies the TCP port the server should respond
# to (default is 548)
# -fqdn <name:port> specify a fully-qualified domain name (+
# optional port). this gets discarded if the
# server can't resolve it. this is not honored
# by appleshare clients <= 3.8.3 (default: none)
# -proxy Run an AppleTalk proxy server for specified AFP/TCP
# server (if address/port aren't given, then
# first IP address of the system/548 will be used).
# if you don't want the proxy server to act as
# a ddp server as well, set -uamlist to an
# empty string.
# -noslp Don't register this server with the Service
# Location Protocol.
#
#
# Authentication Methods:
# -uampath <path> Use this path to look for User Authentication Modules.
# (default: :UAMS_PATH:)
# -uamlist <a,b,c> Comma-separated list of UAMs. (default:
# uams_guest.so,uams_clrtxt.so,uams_dhx.so)
#
# some commonly available UAMs:
# uams_guest.so: Allow guest logins
#
# uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
# Allow logins with passwords
# transmitted in the clear.
#
# uams_randnum.so: Allow Random Number and Two-Way
# Random Number exchange for
# authentication.
#
# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
# Allow Diffie-Hellman eXchange
# (DHX) for authentication.
#
# Password Options:
# -[no]savepassword [Don't] Allow clients to save password locally
# -passwdfile <path> Use this path to store Randnum
# passwords. (Default: :ETCDIR:/afppasswd. The only
# other useful value is ~/.passwd. See 'man afppasswd'
# for details.)
# -passwdminlen <#> minimum password length. may be ignored.
# -[no]setpassword [Don't] Allow clients to change their passwords.
# -loginmaxfail <#> maximum number of failed logins. this may be
# ignored if the uam can't handle it.
#
# AppleVolumes files:
# -defaultvol <path> Specifies path to AppleVolumes.default file
# (default :ETCDIR:/AppleVolumes.default,
# same as -f on command line)
# -systemvol <path> Specifies path to AppleVolumes.system file
# (default :ETCDIR:/AppleVolumes.system,
# same as -s on command line)
# -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
# ~/.AppleVolumes before reading
# :ETCDIR:/AppleVolumes.default
# (same as -u on command line)
# -[no]uservol [Don't] Read the user's volume file
#
#
# Miscellaneous:
# -authprintdir <path> Specifies the path to be used (per server) to
# store the files required to do CAP-style
# print authentication which papd will examine
# to determine if a print job should be allowed.
# These files are created at login and if they
# are to be properly removed, this directory
# probably needs to be umode 1777
# -guestname "user" Specifies the user name for the guest login
# (default "nobody", same as -g on command line)
# -loginmesg "Message" Client will display "Message" upon logging in
# (no default, same as -l "Message" on commandline)
# -nodebug Switch off debugging
# -client_polling With this switch enabled, afpd won't advertise
# that it is capable of server notifications, so that
# connected clients poll the server every 10 seconds
# to detect changes in opened server windows.
# Note: Depending on the number of simultaneously
# connected clients and the network's speed, this can
# lead to a significant higher load on your network!
# -sleep <number> AFP 3.x wait number hours before disconnecting
# clients in sleep mode. Default 10 hours
# -tickleval <number> Specify the tickle timeout interval (in seconds).
# Note, this defaults to 30 seconds, and really
# shouldn't be changed. If you want to control
# the server idle timeout, use the -timeout option.
# -timeout <number> Specify the number of tickles to send before
# timing out a connection. The default is 4, therefore
# a connection will timeout in 2 minutes.
# -icon Use the platform-specific icon.
# -[un]setuplog "<logtype> <loglevel> [<filename>]"
# Specify that the given loglevel should be applied
# to log messages of the given logtype and that
# these messages should be logged to the given file.
# If the filename is ommited the loglevel applies to
# messages passed to syslog.
# Each logtype may have a loglevel applied to syslog
# and a loglevel applied to a single file. Latter
# -setuplog settings will override earlier ones of
# the same logtype (file or syslog).
# logtypes: Default, Core, Logger, CNID, AFPDaemon
# loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, LOG_NOTE,
# LOG_INFO, LOG_DEBUG, LOG_DEBUG6, LOG_DEBUG7,
# LOG_DEBUG8, LOG_DEBUG9, LOG_MAXDEBUG
#
# for example:
# -setuplog "logger log_maxdebug /var/log/netatalk-logger.log"
# -setuplog "afpdaemon log_maxdebug /var/log/netatalk-afp.log"
# -unsetuplog "default level file"
# -setuplog "default log_maxdebug"
#
# -signature { user:<text> | host }
# Specify a server signature. This option is useful while
# running multiple independent instances of afpd on one
# machine (eg. in clustered environments, to provide fault
# isolation etc.). "host" signature type allows afpd generating
# signature automatically (based on machine primary IP address).
# "user" signature type allows administrator to set up a signature
# string manually. Examples: three servers running on one machine:
# first -signature user:USERS
# second -signature user:USERS
# third -signature user:ADMINS
# First two servers will act as one logical AFP service - if user logs in to
# first one and then connects to second one, session will be automatically
# redirected to the first one. But if client connects to first and then to third,
# will be asked for password twice and will see resources of both servers.
# Traditional method of signature generation causes two independent afpd instances
# to have the same signature and thus cause clients to be redirected automatically
# to server (s)he logged in first.
# -k5service <service>
# -k5realm <realm>
# These are required if the server supports Kerberos 5 authentication
#
# Codepage Options:
# -unixcodepage <CODEPAGE> Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8".
# This is used to convert strings to/from the systems locale, e.g.
# for authenthication. Defaults to LOCALE if your system supports it,
# otherwise ASCII will be used.
#
# -maccodepage <CODEPAGE> Specifies the mac clients codepage, e.g. "MAC_ROMAN".
# This is used to convert strings to the systems locale, e.g.
# for authenthication and SIGUSR2 messaging. This will also be
# the default for volumes maccharset.
#
# CNID related options:
# -cnidserver ipaddress:port Specifies the IP address and port of a cnid_metad server.
#
#
# Some examples:
#
# The simplest case is to not have an afpd.conf.
#
# 4 servers w/ names server1-3 and one w/ the hostname. servers
# 1-3 get routed to different ports with server 3 being bound
# specifically to address 192.168.1.3
# -
# server1 -port 12000
# server2 -port 12001
# server3 -port 12002 -ipaddr 192.168.1.3
#
# a dedicated guest server, a user server, and a special
# ddp-only server:
# "Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!"
# "User Volume" -uamlist uams_clrtxt.so -port 12000
# "special" -notcp -defaultvol <path> -systemvol <path>
#
# default:
# - -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword
|