Novell Doc: OES 2 SP3: Novell AFP For Linux Administration Guide

5.2 Configuring General Parameters

The general parameters help you define the security and rights features of the AFP server.

Start your browser (Internet Explorer 5 or later, Firefox, etc.) and specify the URL for iManager.

The URL is https:// server_ip_address/nps/imanager.html. Replace server_ip_address with the IP address or DNS name of the Linux server running AFP.
Enter your username and password.
In the left column, select File Protocols, then click AFP.
Select the General tab.

The following details are displayed:

5.2.1 Security and Rights

The Security and Rights parameters let you define and set access permissions for the AFP server.

Table 5-2 Security and Rights Configuration Parameters

Setting	Description
Allow Guest Login	Select this option to allow users to log in as a guest.
World No Rights Management	Select this option to let users set permissions and give access to network directories and their contents to everyone (world). If this option is not selected, the AFP server ignores the Set Rights' requests coming from Macintosh clients, so the users cannot set permissions to give access to others.
Sharing Rights	Select this option to turn off fetching rights for the owner, groups, and everyone. Returns a set of default rights when queried.
Authentication Mode	Indicates the authentication mechanism to use. The supported methods are: Two-Way Random Key Exchange Cleartext Random Exchange Diffie Hellman

5.2.2 Threads and Connections

These parameters help you define the processing capabilities of the AFP server.

Table 5-3 Threads and Connections Configuration Parameters

Setting	Description
Minimum Threads	Indicates the minimum number of threads that should be set for the afptcpd daemon to start. The default value is 3. This value is set during installation.
Maximum Threads	Indicates the maximum number of threads that the AFP server can support. The maximum number of threads that can be supported is 32768.
Reconnect Period	Indicates the number of minutes the AFP server waits before attempting to reconnect. The minimum waiting time is 2 minutes and can extend up to 24 hours.

Setting

Description

Minimum Threads

Indicates the minimum number of threads that should be set for the afptcpd daemon to start.

The default value is 3. This value is set during installation.

Maximum Threads

Indicates the maximum number of threads that the AFP server can support.

The maximum number of threads that can be supported is 32768.

Reconnect Period

Indicates the number of minutes the AFP server waits before attempting to reconnect.

The minimum waiting time is 2 minutes and can extend up to 24 hours.

5.2.3 Version and Logging

These parameters help you define the logging capabilities of the AFP server.

AFP makes use of syslog daemon for logging. This daemon keeps track of the log file that it writes to in the event of renaming the log file or changing the location of log file.

Table 5-4 Version and Logging Configuration Parameters

Setting	Description
AFP Version	Indicates the AFP versions that the AFP server can support. If you select All, AFP versions 2.2, 3.0 and 3.1 are supported.
Enable Log	Select this option to turn the logging feature on and add an entry to the log file. When logging is activated, AFP error messages are written to the /var/log/afptcpd/afptcp.log file.
Enable Status	Select this option if you want status messages to be recorded in the /var/log/afptcpd/afptcp.log file.
Enable Debug	Select this option if you want debug messages to be recorded in the /var/log/afptcpd/afptcp.log file.
Enable Error	Select this option if you want error messages to be recorded in the /var/log/afptcpd/afptcp.log file.
Auditing	Select this option, check the authentication process and any changes that occur to the configuration parameters of the AFP server. Details of any changes that occur are recorded in the /var/log/audit/audit.log file

5.2.4 Other

These parameters let you define the search parameters and unload behavior of the AFP server. Novell AFP supports only Novell Storage Services (NSS) volumes.

Table 5-5 Other Parameters

Setting	Description
Export All Volumes	When this option is selected, all the NSS volumes on the server are exported.When this option is deselected, only the volumes listed in the afpvols.conf file are exported. NOTE:When the Export All Volumes option is turned off, specifying the alternate name is not mandatory. The volume name is displayed for export. However, if the alternate name is specified, then the alternate name of the volume is displayed for export.

Setting

Description

Export All Volumes

When this option is selected, all the NSS volumes on the server are exported.When this option is deselected, only the volumes listed in the afpvols.conf file are exported.

NOTE:When the Export All Volumes option is turned off, specifying the alternate name is not mandatory. The volume name is displayed for export. However, if the alternate name is specified, then the alternate name of the volume is displayed for export.

IMPORTANT:When OES2 SP1 AFP iManager plugin tries to manage a OES2 SP2 AFP server, while configuration settings like CROSS_PROTOCOL_LOCKS, NO_UNLOAD_TIME_CHECK, and NO_COUNT_ON_OFFSPRING cannot be managed as these options are removed from OES2 SP2 AFP server onwards. Similarly, the new settings GUEST_USER and EXPORT_ALL_VOLUMES added in OES2 SP2 AFP server onwards cannot be managed by OES2 SP1 AFP iManager plugin.

Specifying alias names for volumes in afpvols.conf file is mandatory in OES2 SP1. However, it is optional in OES2 SP2 onwards. Hence when an OES2 SP1 AFP iManager plugin tries to use the volume management feature of an OES2 SP2 AFP Server onwards, it is mandatory to specify the alias name for the volumes.

5.2.5 Rights to a File or Folder

Returning rights to a file or a folder by AFP server is controlled through the rights configuration parameter. There are three options - All, Default, and No. If you do not wish to use the All parameter option, then set the option to Default or No option. The following lists the details for the configuration parameters:

By setting the Rights parameter to No, rights returned by AFP server is set to returning the owner id for files or folders. AFP server does not calculate group and other rights for files and folders when Rights is set to No. In this case, AFP server returns default server id 0 (that is mapped to the username Root) for group and other rights.
By setting Rights parameter to Default, AFP server turns off rights calculations for all the rights. AFP server returns AFP server id in this case which is set to 0 for owner, group, and other rights. This is because, after setting Rights configuration option to default, no rights calculations is performed for files and folders. Setting this option results in improved performance (compared to when Rights option is set to All) when files and folders have large number of trustees which requires more processing for calculating group rights.
By setting Rights parameter to All, AFP server returns correct owner id that is set on a file/folder. For other IDs, AFP server finds the group or user trustee which has maximum rights on the file/folder. This group or user is then returned to other ID parameter when Rights option is set to All. For finding a group or user name with maximum rights, AFP server scans all the trustees assigned to a file/folder. This calculation takes more time when trustees assigned to a file/folder are large in numbers.