Earlier, I wrote an article on enabling some of the settings in SMB that are now unavailable in the GUI, but were still available from the command line. I have now decided to go ahead an document some of the ones for AFP that have been removed during the transition to the Server app. The first to mention is maximum connections. There are a number of reasons that throttling maximum afp connections can be handy. The serveradmin afp setting for it is maxConnections, which by default is set to -1, indicating unlimited. To set this to 500, one would run:
serveradmin settings afp:maxConnections = 500
The second setting to mention is greetings. The default is to send a greeting each time a user connects if one is enabled. I find that just sending the greeting once satisfies the policy most environments would have around such things. I’ve also found that enough environments setup greetings that I’ve had to do this enough times that it’s fresh in my memory. Therefore, to configure, use Server.app to setup a greeting and then run the following command:
serveradmin settings afp:sendGreetingOnce = yes
Another thing that many environments are going to want is activity logs. By default these are disabled. To enable:
serveradmin settings afp:activityLog = yes
And the setting for how frequently to roll those activity logs is gone from the GUI as well. To edit that (let’s just set it to 2 weeks instead of the default of 1 week):
serveradmin settings afp:activityLogTime = 14
The checkboxes for each type of activity to log are gone, so to access each (by default these are all enabled, so enabling the activity log turns them all on, therefore we’ll just disable here, even though as it seems the server team is well aware of, if you use one most use all:
serveradmin settings afp:loggingAttributes:logOpenFork = no
serveradmin settings afp:loggingAttributes:logCreateDir = no
serveradmin settings afp:loggingAttributes:logLogin = no
serveradmin settings afp:loggingAttributes:logLogout = no
serveradmin settings afp:loggingAttributes:logDelete = no
serveradmin settings afp:loggingAttributes:logCreateFile = no
Note: Activity logs are still by IP address rather than userID
Error logs don’t roll (setting of 0), so to set them to do so (again using 14):
serveradmin settings afp:errorLogTime = 14
The disconnect idle users option is also now gone. To enable it:
serveradmin settings afp:idleDisconnectOnOff = yes
This doesn’t edit the tickle time, but then, that was never presented in the GUI anyway (it controls how frequently a client who’s connected via afp checks into the server). To customize the disconnect message:
serveradmin settings afp:idleDisconnectMsg = "Did you fall asleep there bub?"
And of course, you might need to customize the number of hours before a user is considered idle:
serveradmin settings afp:idleDisconnectTime = 1
To globally disable guest access:
serveradmin settings afp:guestAccess = no
And to allow the root user to log into afp:
serveradmin settings afp:allowRootLogin = yes
Finally, to access the masquerade as a user option for administrative accounts, which I’m not sure I like, but which some do:
serveradmin settings afp:attemptAdminAuth = yes
Similar Articles:
- Limiting The Number of Windows Users in Lion Server (aka How-to of hidden serveradmin settings)
- Enabling ARD, SSH & SNMP On Mountain Lion Server Using serveradmin
- Enable Server Side File Tracking in OS X Mountain Lion Server
- Mac OS X Server: CalDav Log Fun
- Logs, Scripts and OS X Mountain Lion Server
Archive
5 Comments
Hi!
Great post!
Do you know where I can find docs about all settings?
I’m trying to find what these do:
afp:fullServerMode
afp:idleDisconnectOnOff
The
afp:idleDisconnectOnOffenables and disables the ability for the server to kick users off who not had any afp traffic to or from the server within the period of time. These configure which users that setting applies to:afp:idleDisconnectFlag:adminUsers = yes
afp:idleDisconnectFlag:registeredUsers = yes
afp:idleDisconnectFlag:usersWithOpenFiles = yes
afp:idleDisconnectFlag:guestUsers = yes
And the
afp:idleDisconnectTimeconfigures how long before users get bumped. Finally,afp:idleDisconnectMsg = ""configures the message shown to users when they’re actually disconnected. This was all in the Server Admin configuration screen for AFP once upon a time but have since been removed.I don’t know of a comprehensive list of what each does. I’ll see if I can find one. If not, maybe I’ll write one up…
Awesome!
The problem I’m having is that I’ve got a mini server and if I connect to it through FileSharing then it does not go to sleep any more, even if I disconnect from it.
I get kernel[0]:
PM notification cancel (pid 286, AppleFileServer)
IOPMrootDomain: idle cancel
If however I set afp:fullServerMode=no then there the server goes to sleep without problems.
afp:idleDisconnectOnOff is off.
Thoughts?
Great post, thank you for sharing. Any idea how to regain the functionality of easily setting ACLs to control group access? I have a folder for our second-year Journalism students that I would like that group to have read and write for. I also like to prevent certain groups from accessing certain shares with a deny rule. I suppose I can dig through the chmod man page…
If you click on the name of the server and then go to Storage, you can set permissions there. All the ACL options should still work. Hope this helps!