System Management Guide: Communications and Networks

Advanced AIX Fast Connect Features

This section discusses advanced AIX Fast Connect features used for customized configurations. See AIX Fast Connect Configuration and Administration for basic administrative procedures.

Note: Several of the features described in this section cannot be used simultaneously.

AIX Fast Connect supports the following advanced features:

User name mappings from client PC user names to AIX-server user names.
User-session management using net session
Resource management
Per-share options
Support for AIX JFS ACLs
Support for DOS (8.3) filenames (for Windows 3.11 clients, etc.)
Servername aliases for HACMP-support

Several performance considerations for AIX Fast Connect are also discussed in this section.

Many choices for the above features depend on the authentication method selected. Each type has its advantages and disadvantages. Which authentication method or methods you choose depends on your environment, your administration policy, and the ease of administration and use. The following methods for user authentication are described in detail in this section:

AIX-based user authentication using plain text CIFS passwords.
CIFS password encryption protocols
NT Passthrough authentication
Network Logon to AIX Fast Connect (using IBM Network Client for NT-clients)
DCE/DFS authentication (using plain text passwords)
Guest Logon
Share-level security

AIX-based User Authentication (Plain Text Passwords)

AIX-based authentication uses AIX user definitions and passwords. All AIX authentication grammars are supported, including DCE and LDAP. Following session setup, a AIX Fast Connect session gets the authenticated AIX user's credentials (UID, GID, and secondary groups).

The following requirements apply:

Clients must be able to negotiate plain text passwords. This might require updating registry entries on all Windows NT, 95, and 98 clients. (See Enabling Windows Clients for Plain Text Passwords.)
AIX Fast Connect must be enabled for plain text passwords. To do this type:
```
net config /encrypt_passwords:0
```

Plain text passwords have the following advantages:

Low administrative overhead. (It uses existing AIX user information.)
AIX tools for managing users can be used.

Plain text passwords have the following disadvantages:

Windows registry update might be required, on a per-client basis.
Windows might require user ID and passwords to be retyped, on a per-SMB-login basis.
Clear-text passwords are sent over the network.

Note: SMB networking does not support mixed case for plain text passwords. Every AIX user accessing AIX Fast Connect must have all uppercase or all lowercase AIX passwords.

CIFS Password Encryption Protocols

The CIFS password encryption protocol method uses AIX Fast Connect user definitions and encrypted passwords for user authentication. Each user must be defined under the same user name as an AIX user as well. AIX Fast Connect encrypts passwords and saves them in its user database (/etc/cifs/cifsPasswd) for use during session setup. (See Configuring Encrypted Passwords.) Following session setup, a AIX Fast Connect session gets the authenticated user's credentials (UID, GID and secondary groups).

CIFS password encryption protocol method has the following requirements:

Users must be defined to AIX Fast Connect using Web-based System Manager, SMIT, or the net user command.
(User passwords do not have to be the same on both systems.)
AIX Fast Connect must be enabled for encrypted passwords. To do this, type:
```
net config /encrypt_passwords:2
```
Changing AIX Fast Connect passwords requires root authority.

This method has the following advantages:

No additional logon, beyond logging into the Windows or OS/2 workstation, is required.
Clear text passwords are not sent over the network, which provides additional security.

This method has the following disadvantages:

Additional administrative tasks are needed for AIX Fast Connect users.
Root authority is needed to update passwords in AIX.

NT Passthrough Authentication

This authentication method uses AIX user definitions and NT server user authentication. In this mode, each AIX Fast Connect user must also be defined as an AIX user. Passthrough authentication is enabled using Web-based System Manager, SMIT, or the net command by specifying an IP address for the NT Passthrough Authentication Server. To configure this mode using the net command, type:

net config /passthrough_authentication_server:IPaddress

You can also designate a backup server for NT authentication by typing:

net config /backup_passthrough_authentication_server:IPaddress2

During session setup, AIX Fast Connect forwards the session setup request to the NT server. If the NT server authenticates the user, AIX Fast Connect grants access. Following session setup, a AIX Fast Connect session gets the authenticated user's credentials (UID, GID and secondary groups).

Passthrough authentication has the following requirements:

User must be defined on the passthrough authentication server.
AIX Fast Connect must be enabled for passthrough authentication.
NT user name must match AIX user name, although passwords can be different.

This method has the following advantages:

No additional logon, other than logging into the Windows or OS/2 workstation is required.
Clear text passwords are not sent over the network, which provides additional security.
Uses NT user definition, therefore less administrative overhead is needed.

This method has the following disadvantage:

Requires an NT authentication server, which must be a secure system.

Notes:
If passthrough authentication fails to authenticate a AIX Fast Connect user, user authentication continues with normal authentication on the AIX Fast Connect server. Depending on the value of the encrypt_passwords option, the server attempts to authenticate the PC client using either plain text or encrypted passwords.
When passthrough authentication is enabled, guest logon support cannot work. These options are mutually exclusive. Disable guest logon by typing:
net config /guestlogon:0
When passthrough authentication is enabled, AIX Fast Connect's network logon feature cannot work. These options are mutually exclusive. (Frequently, the external NT authentication server is also acting as a Network Logon server, or even a Primary Domain Controller for NT-domains.)
Disable AIX Fast Connect's network logon feature by typing:
net config /networklogon:0

Network Logon to AIX Fast Connect

AIX Fast Connect can be configured to act as a Network Logon server. In this mode, Windows-based PCs are configured for Network-Logon, rather than Local-Logon, which provides the following benefits:

Network Password: Each PC user can log in to any network workstation using his network password, without having separate Local-Logon passwords per workstation.
Startup Scripts: During network login, startup scripts can be executed from the Network Logon server, based on user name and workstation name.
Roaming Profile: After network login, each PC user's desktop environment is automatically initialized to the correct network settings, regardless of which workstation that user is using.
Home Directories: After network login, each PC user's "home directory" is available, regardless of which workstation that user is using.

The following restrictions apply to AIX Fast Connect's network logon feature:

Windows 95 and Windows 98 clients can use either:
- Microsoft Client for Microsoft Networks, or
- IBM Client for IBM Networks
Windows NT clients must use the IBM Primary Logon Client for Windows NT.
Windows 2000 clients are not supported by this method.
Passthrough-authentication to NT must be disabled.

AIX Fast Connect's Network Logon feature is enabled (or disabled) using the networklogon parameter. This feature has multiple configuration settings, many of which are rarely used. For more information, see Configuring Network Logon for AIX Fast Connect.

DCE/DFS Support

AIX Fast Connect can be configured to provide access to DFS for Windows clients. Each AIX Fast Connect user name is used as a DCE principal name. Mixed case user names or passwords are only supported in encrypted passwords are used..

DCE support is automatically installed if the DCE filesets are installed before installing AIX Fast Connect. (cifsUserProc is then linked to cifsPrintServerDCE rather than cifsPrintServer.)

DCE support is controlled through the dce_auth configuration option, which can be set to 0 or 1. A value of 1 indicates that DCE authentication option is enabled. When dce_auth=1 (and cifsPrintServerDCE is being used), all incoming PC client logins are sent to DCE for authentication. This requires plain text passwords, and all PC-client user names and passwords must also be valid DCE user names and passwords. (UID, GID, and groupset are defined by the DCE authentication.)

When dce_auth=0, AIX Fast Connect can still provide some access to DFS files:

If AIX-based authentication is being used (plain text passwords), then all AIX accounts configured for Integrated Login to DCE are allowed DCE-authenticated access to DFS when connecting to AIX Fast Connect.
In all other cases, AIX Fast Connect users are allowed non-authenticated access to DFS, using the any_other ACL.

Notes:

When DCE integration is enabled and the user's AIX UID is different from DCE UID, the user might not have the same access rights as an AIX login shell.
Older versions of AIX Fast Connect (prior to 2.1.1.20) required that the root user be logged in as the cell administrator when loading the cifsServer daemon, for access to certain files. This is not a restriction in the current version of AIX Fast Connect.
DCE/DFS authentication (dce_auth=1) is mutually exclusive with NT Passthrough authentication.
DCE/DFS authentication (dce_auth=1) is mutually exclusive with the guest logon feature.

Guest Logon

AIX Fast Connect can support guest-mode logins when configured for either plain text or encrypted passwords. To enable guest-mode logins, two parameters must be configured:

net config /guestlogonsupport:1 (enables guest logons)
net config /guestname:GuestID (AIX guestid with null password)

When guest logon support is enabled (guestlogonsupport=1), and the guestname field is set, non-AIX users can connect to the AIX Fast Connect Server. The credentials for guest clients is set to those of the guestname attribute.

The AIX account specified by guestname must have a null AIX password -- it is being used for guest-mode access to the AIX file-system. This guest account can access all of the file system directories exported by AIX Fast Connect (as File Shares); therefore, this guest account should probably be in its own unique AIX group, to simplify access control.

Guest access is only given to user names that are not defined AIX Fast Connect users with passwords that are not null.

Incoming login requests are authenticated as follows:

If the incoming user name is recognized as a valid user, then the password is checked. If the password is correct, then standard user-mode access is granted; otherwise, the login attempt fails.
If the incoming user name is not recognized as a valid user, then the password is checked. If the password is not null, then guest-mode access is granted; otherwise, the login attempt fails.

To disable guest logon support, type:

net config /guestlogonsupport:0

Note:

When guest logon support and encrypted passwords are both enabled, the guestname user does not have to be added to the AIX Fast Connect user database (/etc/cifs/cifsPasswd), but still must have a null AIX password.
Guest logon support does cooperate with Network Logon support (networklogon=1). Whenever guest-mode access is granted, then the profile, startup scripts, and home directory of the guestname user are used for the network logon.
If dce_auth=1, guest logon support does not work.
If NT-passthrough authentication is configured, guest logon support does not work.
If share_level_security=1, guest logon support does not work.

Share-Level Security

When the AIX Fast Connect server is configured for share-level security, then passwords are associated with individual file and print shares, not with PC client user names. In this mode, AIX Fast Connect provides access rights to PC clients based on a share-mode user name specified as the share_level_security_username parameter, similar to the guest logon access mode.

Note: When share-level security is enabled, all user-level authentication mechanisms are disabled.

To enable share-level security, type:

net config /share_level_security:1 (enable share-level security)
net config /share_level_security_username:AIXuser (configure share user)

In share-level security mode, AIX Fast Connect supports both ReadWrite passwords and ReadOnly passwords. When a PC client tries to connect to a share, the following can occur:

If that client provides the ReadWrite password for a share (or if that share's ReadWrite password is null or undefined), then that client is granted ReadWrite access to the share.
If that client fails to get ReadWrite access, but provides the ReadOnly password for a share (or if that share's ReadOnly password is null or undefined), then that client is granted ReadOnly access to the share.

Note: These access modes are also affected by the access credentials of the share_level_security_username for that share, and by the mode share option, both of which can effectively change ReadWrite access to ReadOnly access.

To create a NETTEMP share with a ReadWrite password of write-is-okay, type:

net share /add /netname:NETTEMP /path:/tmp /rw_password:"write-is-okay"

To create a USERS share with both ReadWrite and ReadOnly passwords, type:
```
net share /add /netname:USERS /path:/home /rw_password:writeme /ro_password:readme
```
Note: Specifying a ReadOnly password without specifying a ReadWrite password normally allows all clients to get ReadWrite access (if the ReadWrite password is null).
To disable share-level security (to use other user-authentication mechanisms), type:
```
net config /share_level_security:0
```
If Windows Terminal services is used with Share Level Security, (multiuserlogin=1 AND share_level_security=1), then only the first user that connects to a share will prompt for the share's password -- all successive users that connect to that share will not be prompted for a password (and no password will be sent to the server, even if specified). This is a problem with Windows Terminal Services. See Microsoft KnowledgeBase article Q260853 for more information.

User Name Mappings

This feature allows AIX Fast Connect to map PC client user names (or sets of PC client user names) to server (AIX) user names, for purposes of user-mode authentication and file access. When enabled, AIX Fast Connect tries to map every incoming client user name to a server user name, and then uses that server user name for further user authentication and AIX credentials. (All user-authentication mechanisms are supported: AIX-based, encrypted passwords, NT-passthrough, DCE, ...)

This feature is controlled by the usernamemapping parameter, and mappings are configured by the net user /map command.

To enable the user name mappings feature, type:
```
   net config /usernamemapping:1
```
To define a mapping from longclientname to aixname, type:
```
   net user /map longclientname aixname
```
To define a second mapping to that same AIX user, type:
```
   net user /map secondclientname aixname
```
To delete a mapping, use the client user name, like:
```
   net user /delete longclientname
```
To disable this feature, type:
```
   net config /usernamemapping:0
```

Notes:

PC client usernames are restricted to 20 characters.
When username mapping is enabled, the username root is mapped to the username nobody by default. This mapping can be changed.
After mapping a client username XXXX to an AIX server username, then that client username cannot be defined as a server username (with its own unique encrypted password) until that username mapping is deleted by net user/delete.
When username mapping is enabled, the username root is mapped to the username nobody by default. This mapping can be changed. If it is desired to allow the username root to map to itself (as a server user name), then this default mapping must be deleted with net user/delete root.

AIX Fast Connect User Management and File Access

AIX Fast Connect provides several additional features for file access and user management, which are described in the following sections.

User-Session Management Using net session

AIX Fast Connect supports the net session command, for displaying and managing logged-in user sessions.

To display all connected user sessions, type:
```
net session
```
To display all share resources currently mapped by a specific session, type:
```
net session /user:username /workstation:IPaddress /shareinfo
```

To display all open files for a specific session, type:

net session /user:username /workstation:IPaddress /fileinfo

To abort a user's session, type:

net session /user:username /workstation:IPaddress /close

To close a user's share-mapping, type:

net session /user:username /workstation:IPaddress /close /netname:sharename

To close a user's file, type:

net session /user:username /workstation:IPaddress /close /file:filename

Note: The workstation parameter works with NetBIOS names, also.

Establishing Resource Limits

AIX Fast Connect provides several parameters to specify limits on resource use:

maxusers	Maximum number of user-sessions (logins), at any given time
maxconnections	Maximum number of connections to a single share-resource
maxopens	Maximum number of open files allowed
maxsearches	Maximum number of open file-searches
autodisconnect	Autodisconnect time for idle sessions (in minutes)

See the net config command, or the Table of Configurable Parametersfor the net Command, for more details.

Changing the umask

AIX Fast Connect provides a global parameter umask to control permission bits on all files created by all AIX Fast Connect users. The umask parameter is specified as an octal number (with a leading zero), and defaults to 022.

To change the umask to 002, type:

net config /umask:002

Specifying Per-Share Options

Several advanced features of AIX Fast Connect are available as per-share options. These options are encoded as bit fields within the sh_options parameter of each share definition. These options must be defined when the share is created with the net share /add command.

Per-share options currently allowed by net share /add are:

parameter	values	default	description
sh_oplockfiles	(0,1)	1	Enables oplocks on this share, if oplockfiles=1
sh_searchcache	(0,1)	0	Enables search caching on this share, if cache_searches=1
sh_sendfile	(0,1)	0	Enables SendFile API on this share, if send_file_api=1
mode	(0,1)	1	Allows ReadWrite access to this share. (0 implies ReadOnly mode.)

Example: To create a ReadOnly share that has SendFile enabled, type:

   net share /add /netname:ROSHARE /path:/usr/etc /mode:0 /sh_sendfile:1

Support for AIX JFS ACLs

AIX Access Control Lists allows extended control of files and directories of AIX Journaled File System. AIX Fast Connect exploits this features by honoring AIX ACLs. AIX 4.3.3 adds graphical manipulation of ACLs using CDE dtfile application.

AIX Fast Connect extends this support by implementing ACL inheritance for AIX Fast Connect file shares. This feature can be used to implement default ACLs for created file objects. When acl_inheritance is enabled, the umask parameter is not effective.

ACL inheritance is enabled by setting the acl_inheritance option to 1. This option can be viewed and changed using the net config command. Once enabled, it applies to all the AIX Fast Connect file shares.

ACLs are inherited from the ACL defined on the base directory of the share. For example, if you have a share named TEMP mapped to the AIX directory /tmp (assuming a valid ACL is defined for this directory and acl_inheritance=1), all files created in this share now inherit the ACLs defined for /tmp.

To enable ACL inheritance for all AIX Fast Connect file shares, type:
```
net config /acl_inheritance:1
```
To disable ACL inheritance for all AIX Fast Connect file shares, type:
```
net config /acl_inheritance:0 
```
To view the current setting of the acl_inheritance flag, type:
```
net config /parm:acl_inheritance
```

Sending Messages to Clients

When necessary, the AIX Fast Connect administrator can use the cifsClient command to send messages to individual workstations, or to all user-sessions connected to AIX Fast Connect.

To send a message to all users connected to AIX Fast Connect, type:
```
cifsClient send -a -m "message"
```
To send a message to a specific computer, type:
```
cifsClient send -c computer -m "message"
```
To send a message to a specific connected user, type:
```
cifsClient send -u username -m "message"
```

To send a message to a NetBIOS domain, type:

cifsClient send -d domainname -m "message"

Notes:
A file may be sent as the message using the -f filename option, or the message can be read from standard input.
The domainname is optional. The default domain is the AIX Fast Connect server's domain.
The target computer must be enabled to receive messages, using messaging software. On Windows NT clients, the messaging service is started by default. To start the messaging service on Windows 95, 98, or 3.11, run:
WIN95> winpopup
When share-level security is enabled (share_level_security=1), then the user-specified messaging command "cifsClient send --u username" is not supported.

Mapping Long AIX File Names to 8.3 DOS File Names

Older PC client operating systems, such as Windows for Workgroups 3.11, do not support long filenames. Also, this restriction is true for many older (16-bit) applications running under Windows 95, Windows 98, and Windows NT. This restriction requires mapping long names of AIX files to DOS file name format. (The DOS format is also called 8.3 format because file names are limited to a maximum of eight characters followed by a period and a three-character extension.)

Simply truncating a long name to a shorter name is not the solution, because multiple files could get mapped to the same name whenever the first eight characters are same. AIX Fast Connect maps AIX file names (AFN) to DOS File Names (DFN) ensuring file name uniqueness. It maps AFNs to DFNs using Microsoft Windows NT method for mapping names (that is, name conflicts are handled by using a delimiting character in the short name followed by a unique numeric to make the name unique).

For example, consider two files in the root directory of an exported SMB share: LongFileName1.txt and LongFileName2.txt. Assume a Windows 3.11 client mounts this share and searches the directory. The resulting filenames are:

LONGFI~1.TXT for LongFileName1.txt

LONGFI~2.TXT for LongFileName2.txt

AIX Fast Connect generates a mapped name whenever the AFN needs to be passed back to a DOS client. DFNs generated by AIX Fast Connect are not remembered across server restarts. Filename mappings remain consistent until the AIX Fast Connect server is restarted.

AIX Fast Connect has a configuration option to turn off the mapping. When the mapping is turned off, no mapping is attempted. When disabled, any mapping of long names must be done by the PC client software.

To enable filename mapping (default), type:
```
net config /dosfilenamemapping:1
```
To disable filename mapping), type:
```
net config /dosfilenamemapping:0
```

Notes:

AFN-to-DFN mapping might not map correctly if the server restarts. Given the previous example, assume a user on a Windows 3.11 client opens LONGFI~1.TXT, edits it, and saves the changes. Then the server shuts down. Someone then removes LongFileName1.txt from the server file system. Once the server is up and running, the user on the client again edits LONGFI~1.TXT. This time, however, the same file maps to LongFileName2.txt, not the previously deleted file name, and the client ends up editing the wrong file. To prevent this situation, after the network drive is reconnected following server restart, new file lists must be obtained before accessing any mapped names.
If your site does not need this feature, turn dosfilenamemapping off (0) to reduce memory and CPU usage and thereby improve performance.

Support for DOS File Attributes

AIX Fast Connect provides optional support for the ReadOnly, Archive, System, and Hidden file attribute bits of DOS files. These bits are encoded by AIX Fast Connect into the AIX file permission bits of the AIX file system.

The ReadOnly attribute is encoded by turning off the AIX User/Group/Other Write bits. (chmod a-w filename)
The Archive attribute is encoded by turning on the AIX User Execute bit. (chmod u+x filename)
The System attribute is encoded by turning on the AIX Group Execute bit. (chmod g+x filename)
The Hidden attribute is encoded by turning on the AIX Other Execute bit. (chmod o+x filename)
For directories, AIX Fast Connect does not support the Archive, System, or Hidden attributes -- only the ReadOnly attribute is supported. (AIX directories use the Execute bits to allow "change directory" permission, so AIX Fast Connect does not use these bits on exported directories.)

AIX Fast Connect automatically handles these bits in the AIX file system; the examples listed above simply show how AIX Fast Connect interprets these AIX-permission bits, when reporting DOS file attributes to a PC client. If you have AIX Fast Connect configured to support DOS file attributes (the default), then you might need to manually turn off the Execute bits in your AIX directories that are being exported as AIX Fast Connect file shares.

To clear the Execute bits on files (in an entire dirname tree), so that these files are not listed as "System" or "Hidden", type:
```
   find dirname -type f -exec chmod a-x "{}" ";" -print
```
To disable support for Archive, System, and Hidden bits, type:
```
net config /dosattrmapping:0
 
```

Specifying NetBIOS Aliases for HACMP support

AIX Fast Connect supports server name aliases, which allows a AIX Fast Connect server to respond to multiple NetBIOS server names. This feature is helpful in HACMP mutual takeover. Server aliases can be configured using the net name command, as described below.

To show the primary AIX Fast Connect servername, type:
```
net config /parm:servername
```
To list alias servernames, type:
```
net name /list
```
To add an alias servername (for example, sname2), type:
```
net name /add sname2
```
To delete an alias servername (for example, sname2), type:
```
net name /delete sname2
```

Server aliases normally use NetBIOS subcodes 0x00 and 0x20, but other subcodes can be specified, for example:

   net name /add test3 /sub:03
   net name /delete sname2 /sub:2f

Notes:

Whenever adding or deleting an alias name without specifying a subcode, or if subcode 0x00 or 0x20 is specified, the alias name is added or deleted with subcodes 0x00 and 0x20.
net name /list uses angle-brackets ("<",">") to show subcodes other than 0x00 and 0x20.

To register alias name(s) to WINS or NBNS (including the local NBNS), the IP address of the WINS or NBNS server needs to be specified in parameters primary_wins_ipaddr or secondary_wins_ipaddr.
When adding an alias name:

If someone on the same subnet is currently holding the name, adding fails.
If no one on the same subnet is holding the name, but it exists in name table of the NBNS, then the name cannot be registered to the NBNS, but is still added to the local name table.

Performance Considerations

This section discusses several issues affecting AIX Fast Connect performance.

Large Directories

Directory enumerations are frequent network operations on Windows clients. Whenever Network Neighborhood (or Windows Explorer) opens a network directory, that entire directory is enumerated over the network, for display in a Explorer-window. Usually, Windows Explorer waits to display the contents of the window until the entire network directory has been listed. For large directories containing many files, this delay is noticable to the PC user, and can be frustrating. Remote file accesses from AIX (such as DCE/DFS or NFS) tend to aggravate this situation.

Try shielding your AIX Fast Connect users from having to access large directories to get to the network files they need. One possible solution is to define smaller-sized AIX directories to be exported by AIX Fast Connect. These directories can contain links to files in the large directories.

If large directories are needed but rarely change (for example, CD-ROM), then you might find the search caching features useful.

Search Caching

Directory searches are very frequent network operations on Windows clients. Every time a network file is opened, or renamed, or deleted, or listed, a directory search for that filename is performed. (For example, simply opening a document in Microsoft Word can cause multiple directory searches for that filename.)

AIX Fast Connect has a search-caching feature that allows directory searches to be temporarily cached to improve the performance of multiple-search scenarios like opening documents, as mentioned above. Also, for directories that change infrequently, but are accessed often, this feature enhances performance.

Search-caching is implemented in AIX Fast Connect by taking snapshots of directories and their modification times.

When AIX Fast Connect needs to perform a directory search, AIX Fast Connect first checks its search cache (if enabled).
If a search-cache entry is found, it is first validated. If that directory's current modification time is different than the cached time, the the feature determines the cache entry is invalid.
Whenever the search-cache table gets full, older entries are deleted, to make space for new entries.

Search caching is configured on AIX Fast Connect by several parameters:

parameter	default	description
cache_searches	0 (disabled)	Globally disable the search-caching feature. (Set to 1 to enable.)
sh_searchcache	0 (disabled)	Disable search caching on a per-share basis. (Set to 1 to enable.)

Note: To enable search caching on any file shares, the cache_searches parameter must be enabled (set to 1), and sh_searchcache must be enabled for every file share for which search caching is desired.

SendFile API support

For file transfers to clients, AIX Fast Connect can use the SendFile API for performance enhancement. The SendFile API is an AIX kernel extension that provides efficient file transfers and can do data caching.

SendFile API is configured on AIX Fast Connect by several parameters:

parameter	default	description
send_file_api	1 (enabled)	Flag to enable/disable the SendFile API to be used by AIX Fast Connect. Default is enable. To disable SendFile, set to 0.
send_file_cache_size	0 (disabled)	Maximum Read-Request size that is cached by the SendFile API.
send_file_size	4096	Minimum Read-Request size, before SendFile API is used.
sh_sendfile	0 (disabled)	Flag to enable/disable per-share option. Default is disable. To enable SendFile for that file share, set to 1.

Notes:

To enable SendFile API on any file shares, the send_file_api must be enabled, and sh_sendfile must be enabled for every file share for which the SendFile API is desired.
See the no command for system-wide SendFile configuration parameters.