Verify enabled ONTAP SMB versions
Suggest changes
PDFs
Your ONTAP 9 release determines which SMB versions are enabled by default for connections with clients and domain controllers. You should verify that the SMB server supports the clients and functionality required in your environment.
For connections with both clients and domain controllers, you should enable SMB 2.0 and later whenever possible. For security reasons, you should avoid using SMB 1.0, and you should disable it if you have verified that it is not required in your environment.
Beginning with ONTAP 9.3, it is disabled by default on new SVMs.
|
If |
SMB management contains details about supported SMB versions and functionality.
-
Set the privilege level to advanced:
set -privilege advanced -
Verify which SMB versions are enabled:
vserver cifs options showYou can scroll down the list to view the SMB versions enabled for client connections, and if you are configuring an SMB server in an AD domain, for AD domain connections.
-
Enable or disable the SMB protocol for client connections as required:
-
To enable an SMB version:
vserver cifs options modify -vserver <vserver_name> -<smb_version> truePossible values for
smb_version:-
-smb1-enabled -
-smb2-enabled -
-smb3-enabled -
-smb31-enabledThe following command enables SMB 3.1 on SVM vs1.example.com:
cluster1::*> vserver cifs options modify -vserver vs1.example.com -smb31-enabled true
-
-
To disable an SMB version:
vserver cifs options modify -vserver <vserver_name> -<smb_version> false
-
-
If your SMB server is in an Active Directory domain, enable or disable the SMB protocol for DC connections as required:
-
To enable an SMB version:
vserver cifs security modify -vserver <vserver_name> -smb2-enabled-for-dc-connections true -
To disable an SMB version:
vserver cifs security modify -vserver <vserver_name> -smb2-enabled-for-dc-connections false
-
-
Return to the admin privilege level:
set -privilege admin