Registration Server How To’s

This chapter covers a number of common tasks that you may want to or need to perform with the Regisration Server.

Configuring a Default License

A default license is generated for each user on registration. The features of this license are determined by the Provider setting LICENSE/DEFAULT_FREE_FEATURE (see DEFAULT_FREE_FEATURE). In this way, individual default licenses can be generate for users, each with the specified features.

Alternatively, it is possible to create a single license which is to be used as a default for multiple users. To do this, first create the license using the Admin Console (see Creating Licences).

Then set the Provider setting LICENSE/DEFAULT_LICENSEKEY to the key of the newly created license. Note that you will must ensure that the “License size” (number of users) is sufficiently high to cover the number of users that will register and use the license.

Changing the Default Depot Size

A default Depot for storage of Space data, may be created for a user on registration. For this purpose, a Hosting Service must be connected to the Registration Server. If this is the case, then you will be able to set the HOSTSERVER/HOST_SERVER_NAME Provider setting by selecting the Hosting Service from a popup menu.

The default size of the Depot is specified using the HOST_DEPOT_SIZE setting. By default, this value is 2 GB.

If you change this value then, for TeamDrive 3 users, you should also change the CLIENT/FREE_LIMIT_SIZE setting to the same value.

TeamDrive 3 clients limit the amount of data that will be processed by the Client when not using a Personal or Professional license. This means that if you do not increase FREE_LIMIT_SIZE in accordance with the HOST_DEPOT_SIZE value, users will not be able to use all the disk space available in the default Depot.

Setting up a Master User

A master user is a user that is automatically invited to all Spaces of users of a Provider. This has a number advantages, for example:

  • All Spaces keys used by users can be collected as a backup, in case the keys are lost.
  • It creates a central repository where an Administrator can enter any Space used by any of the users.

A disadvantage is that anyone with access to the Master User account has access to all Spaces.

You create a master user by setting the master-user client setting to the username of the master user. The value must be set in the CLIENT/CLIENT_SETTINGS Provider setting (see CLIENT_SETTINGS). This user will now be automatically invited to all Spaces with the “Master User” rights.

It is now possible to install a TeamDrive client, login as the master user and setup the client to automatically accept invitations sent to it. This can be done by setting the client setting auto-accept-invitation to true.

Do not set this setting in the CLIENT_SETTINGS Provider setting as this would mean that users, in general, will loose control of how they wish to handle Space invitations. Instead, it is possible to set this setting in a local configuration file, so that it only applies to the master user installation.

This is the “/Users/Shared/teamdrive.ini” file on Mac OS X, “/etc/teamdrive.ini” on Linux and “%ProgramData%/TeamDrive3/teamdrive.ini” (usually “C:\ProgramData\TeamDrive3\teamdrive.ini”) on Windows.

When run on a machine that is “always on” (i.e. a server) this will ensure that all invitations are received when sent to the master user from other clients.

The behaviour, whether files are downloaded directly after accepting the invitation, or just the “meta-data” of the Space, is determined by the auto-accept-invitation-mode client setting. This can be set to one of the following values: non-offline-available, offline-available or archived. The default is archived, which means the Space key is stored, and the Space will be marked as “Inactive”. The Space can then be activated manually at a later stage.

Using a “Restricted” Client License Model

The Restrict License Model is intended to provide users with a limited but free version of TeamDrive. For this reason a restricted license is usually set to be the default license which a user receives on first time registration.

Note

The Restricted Client License Model is only supported by TeamDrive 4 Clients.

A restricted license tells the TeamDrive Client that certain restrictions apply. Currently this may only be a restriction to the number of Space that may be active at any one time.

To setup a Restricted Client License Model, do the following:

Set the Provider setting DEFAULT_FREE_FEATURE to 24. See DEFAULT_FREE_FEATURE for details in this setting. Setting DEFAULT_FREE_FEATURE to 24 causes default licenses to be created with the “Professional” and “Restricted Client” feature bits.

Ensure that the setting DEFAULT_LICENSEKEY is blank.

Then add the client setting active-spaces-limit=1 to the CLIENT/CLIENT_SETTINGS Provider setting. You may set active-spaces-limit to a value greater than one to allow the free license user to have more current active Spaces.

The active-spaces-limit setting only has an effect if the “Restricted Client” feature bit is set on the user’s license. This means that users with a standard Professional License (that have just the “Professional” feature bit set) are not effected by this limitation.

In order to upgrade such a user to the a standard Professional License you can either remove the Restricted Client” feature bit manually in the Admin Console, or it can be done using the “downgradedefaultlicense” API call (see Downgrade default-license), which can be used to remove features from a license.

How to Restrict Device Registration

As a Provider you may wish to restrict the creation of new TeamDrive installations by your users. For example, the users of a certain Provider may be prevented from using private devices, in order to control the proliferation of company data.

In order to do this, you can configure the Registration Server require manual approval for every new device registration.

First set the AllowActivationWithoutEmail Registration Server setting to False. This will ensure that all new installations require activation before they can be used.

Now alter the “reg-activationlink” email template for your Provider. Remove the activation link in the email and replace it with a notification to contact the Registration Server Administrator. As Administrator it is then possible to perform manual activation for the users new device in the Admin Console.

Note

Since AllowActivationWithoutEmail is a global setting it effects all users of the Registration Server. Users of Providers that are not restricted are able to activated new devices themselves by clicking on the link in the “reg-activationlink” email.

How to Setup Two-Factor Authentication

The Reg Server version 3.6 supports two-factor authentication (2FA) using the Google Authenticator App (https://support.google.com/accounts/answer/1066447?hl=en).

You can enable the use of 2FA for a particular Provider by setting USE_AUTH_SERVICE to True. You must then add the following settings to CLIENT/PRE_LOGIN_SETTINGS:

enable-login=false
enable-web-login=true

This will ensure that the user is directed to the “external” (web-based) login page when logging in to the TeamDrive Client.

The external pages use templates stored by the Registration Server and can be modified for each Provider. Use the Admin Console to upload customised versions of the pages for your users as described in Manage HTML Templates

Two-factor authentication must be activated individually by each user by entering the following URL in a Web-browser:

https://regserver.yourdomain.com/pbas/td2as/int/setup-2fa.html

In the future, a link to this page will be made available directly in the client application. Follow the instructions for downloading the Google Authenticator App and activating the 2FA functionality.

Two-factor authentication can also be configured to work with the TeamDrive Web Portal. Following the instructions on how to do this provided by the Web Portal documentation.

Web-Portal users must use the /portal/setup-2fa.html page to setup two-factor authentication.

Note that, since the Register Server external authentication pages do not yet support LDAP or Active Directory, it is not possible to use two-factor authentication in combination with LDAP or any other external authentication service.