Registration Server How To’s¶
This chapter covers a number of common tasks that you may want to or need to perform with the Regisration Server.
Configuring a Default License¶
A default license is generated for each user on registration. The features
of this license are determined by the Provider setting
LICENSE/DEFAULT_FREE_FEATURE (see DEFAULT_FREE_FEATURE).
In this way, individual default licenses can be generate for users, each
with the specified features.
Alternatively, it is possible to create a single license which is to be used as a default for multiple users. To do this, first create the license using the Admin Console (see Creating Licences).
Then set the Provider setting LICENSE/DEFAULT_LICENSEKEY to the key of the
newly created license. Note that you will must ensure that the “License size”
(number of users) is sufficiently high to cover the number of users that will
register and use the license.
Changing the Default Depot Size¶
A default Depot for storage of Space data, may be created for a user
on registration. For this purpose, a Hosting Service must be
connected to the Registration Server. If this is the case, then you will
be able to set the  HOSTSERVER/HOST_SERVER_NAME Provider setting by
selecting the Hosting Service from a popup menu.
The default size of the Depot is specified using the HOST_DEPOT_SIZE
setting. By default, this value is 2 GB.
If you change this value then, for TeamDrive 3 users, you should also
change the CLIENT/FREE_LIMIT_SIZE setting to the same value.
TeamDrive 3 clients limit the amount of data that will be processed by the
Client when not using a Personal or Professional license. This means that
if you do not increase FREE_LIMIT_SIZE in accordance with the
HOST_DEPOT_SIZE value, users will not be able to use all the disk
space available in the default Depot.
Setting up a Master User¶
A master user is a user that is automatically invited to all Spaces of users of a Provider. This has a number advantages, for example:
- All Spaces keys used by users can be collected as a backup, in case the keys are lost.
- It creates a central repository where an Administrator can enter any Space used by any of the users.
A disadvantage is that anyone with access to the Master User account has access to all Spaces.
You create a master user by setting the master-user client setting to
the username of the master user. The value must be set in the
CLIENT/CLIENT_SETTINGS Provider setting (see CLIENT_SETTINGS).
This user will now be automatically invited to all Spaces with the
“Master User” rights.
It is now possible to install a TeamDrive client, login as the master user
and setup the client to automatically accept invitations
sent to it. This can be done by setting the client setting auto-accept-invitation
to true.
Do not set this setting in the CLIENT_SETTINGS Provider setting
as this would mean that users, in general, will loose control of how they wish
to handle Space invitations. Instead, it is possible to set this setting
in a local configuration file, so that it only applies to the master user
installation.
This is the “/Users/Shared/teamdrive.ini” file on Mac OS X, “/etc/teamdrive.ini” on Linux and “%ProgramData%/TeamDrive3/teamdrive.ini” (usually “C:\ProgramData\TeamDrive3\teamdrive.ini”) on Windows.
When run on a machine that is “always on” (i.e. a server) this will ensure that all invitations are received when sent to the master user from other clients.
The behaviour, whether files are downloaded directly after accepting the
invitation, or just the “meta-data” of the Space, is determined by the
auto-accept-invitation-mode client setting. This can be set to
one of the following values: non-offline-available, offline-available
or archived. The default is archived, which means the Space key
is stored, and the Space will be marked as “Inactive”. The Space can then be
activated manually at a later stage.
Using a “Restricted” Client License Model¶
The Restrict License Model is intended to provide users with a limited but free version of TeamDrive. For this reason a restricted license is usually set to be the default license which a user receives on first time registration.
Note
The Restricted Client License Model is only supported by TeamDrive 4 Clients.
A restricted license tells the TeamDrive Client that certain restrictions apply. Currently this may only be a restriction to the number of Space that may be active at any one time.
To setup a Restricted Client License Model, do the following:
Set the Provider setting DEFAULT_FREE_FEATURE to 24. See
DEFAULT_FREE_FEATURE for
details in this setting. Setting DEFAULT_FREE_FEATURE to 24
causes default licenses to be created with the “Professional” and
“Restricted Client” feature bits.
Ensure that the setting DEFAULT_LICENSEKEY is blank.
Then add the client setting active-spaces-limit=1 to the
CLIENT/CLIENT_SETTINGS Provider setting. You may set active-spaces-limit
to a value greater than one to allow the free license user to have
more current active Spaces.
The active-spaces-limit setting only has an effect if the
“Restricted Client” feature bit is set on the user’s license. This means
that users with a standard Professional License (that have just the
“Professional” feature bit set) are not effected by this limitation.
In order to upgrade such a user to the a standard Professional License you can either remove the Restricted Client” feature bit manually in the Admin Console, or it can be done using the “downgradedefaultlicense” API call (see downgradedefaultlicense), which can be used to remove features from a license.
How to Restrict Device Registration¶
As a Provider you may wish to restrict the creation of new TeamDrive installations by your users. For example, the users of a certain Provider may be prevented from using private devices, in order to control the proliferation of company data.
In order to do this, you can configure the Registration Server require manual approval for every new device registration.
First set the AllowActivationWithoutEmail Registration Server
setting to False. This will ensure that all new installations
require activation before they can be used.
Now alter the “reg-activationlink” email template for your Provider. Remove the activation link in the email and replace it with a notification to contact the Registration Server Administrator. As Administrator it is then possible to perform manual activation for the users new device in the Admin Console.
Note
Since AllowActivationWithoutEmail is a global setting it
effects all users of the Registration Server. Users of
Providers that are not restricted are able to activated
new devices themselves by clicking on the link in the
“reg-activationlink” email.
How to Setup Two-Factor Authentication¶
The Reg Server version 3.6 supports two-factor authentication (2FA) using the Google Authenticator App (https://support.google.com/accounts/answer/1066447?hl=en).
You can enable the use of 2FA for a particular Provider by
setting USE_AUTH_SERVICE to True. You must then add the following
settings to CLIENT/PRE_LOGIN_SETTINGS:
enable-login=false
enable-web-login=true
This will ensure that the user is directed to the “external” (web-based) login page when logging in to the TeamDrive Client.
The external pages use templates stored by the Registration Server and can be modified for each Provider. Use the Admin Console to upload customised versions of the pages for your users as described in Manage HTML Templates
Two-factor authentication must be activated individually by each user by entering the following URL in a Web-browser:
https://regserver.yourdomain.com/pbas/td2as/int/setup-2fa.html
In the future, a link to this page will be made available directly in the client application. Follow the instructions for downloading the Google Authenticator App and activating the 2FA functionality.
Two-factor authentication can also be configured to work with the TeamDrive Web Portal. Following the instructions on how to do this provided by the Web Portal documentation.
Web-Portal users must use the /portal/setup-2fa.html page to setup
two-factor authentication.
Note that, since the Register Server external authentication pages do not yet support LDAP or Active Directory, it is not possible to use two-factor authentication in combination with LDAP or any other external authentication service.