Enabling encrypted connections to domain controllers

Beginning with ONTAP 9.8, you can specify that connections to domain controllers be encrypted.

About this task

ONTAP requires encryption for domain controller (DC) communications when the -encryption-required-for-dc-connection option is set to true; the default is false. When the option is set, only the SMB3 protocol will be used for ONTAP-DC connections, because encryption is only supported by SMB3.

When encrypted DC communications are required, the -smb2-enabled-for-dc-connections option is ignored, because ONTAP only negotiates SMB3 connections. If a DC doesn't support SMB3 and encryption, ONTAP will not connect with it.

Procedure

Enable encrypted communication with the DC: vserver cifs security modify -vserver svm_name -encryption-required-for-dc-connection true