Skip to main content
A newer release of this product is available.

vserver cifs security show

Contributors
Suggest changes

Display CIFS security settings

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver cifs security show command displays information about CIFS server security settings.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields parameter, the command only displays the fields that you specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver

This parameter specifies the name of the Vserver whose CIFS security settings you want to display.

[-kerberos-clock-skew <integer>] - Maximum Allowed Kerberos Clock Skew

If this parameter is specified, the command displays information only about the security settings that match the specified Kerberos ticket clock skew.

[-kerberos-ticket-age <integer>] - Kerberos Ticket Lifetime

If this parameter is specified, the command displays information only about the security settings that match the specified Kerberos ticket age.

[-kerberos-renew-age <integer>] - Maximum Kerberos Ticket Renewal Days

If this parameter is specified, the command displays information only about the security settings that match the specified Kerberos renewal age.

[-kerberos-kdc-timeout <integer>] - Timeout for Kerberos KDC Connections (Secs)

If this parameter is specified, the command displays information only about the security settings that match the specified Kerberos KDC timeout.

[-realm <text>] - Kerberos Realm

If this parameter is specified, the command displays information only about the security settings that match the specified Kerberos realm.

[-kdc-ip <text>,…​] - KDC IP Address

If this parameter is specified, the command displays information only about the security settings that match the specified KDC IP address.

[-kdc-name <text>,…​] - KDC Name

If this parameter is specified, the command displays information only about the security settings that match the specified KDC name.

[-site <text>,…​] - KDC Site

If this parameter is specified, the command displays information only about the security settings that match the specified Windows site.

[-is-signing-required {true|false}] - Require Signing for Incoming CIFS Traffic

This parameter specifies whether signing is required for incoming CIFS traffic. If this parameter is specified, the command displays information only about the security settings that match the specified value for is-signing-required.

[-is-password-complexity-required {true|false}] - Require Password Complexity for Local User Accounts

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where password complexity for local user accounts is required. If set to false , the command displays security configuration information for CIFS servers where password complexity for local user accounts is not required.

[-use-start-tls-for-ad-ldap {true|false}] - Use start_tls for AD LDAP Connections

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where Start TLS is used for communication with the AD LDAP Server. If set to false , the command displays CIFS security configuration information only for CIFS servers where Start TLS is not used for communication with the AD LDAP Server.

[-is-aes-encryption-enabled {true|false}] - Is AES-128 and AES-256 Encryption for Kerberos Enabled

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where AES-128 and AES-256 encryption types for Kerberos are enabled. If set to false , the command displays security configuration information for CIFS servers where AES-128 and AES-256 encryption types for Kerberos are disabled.

[-lm-compatibility-level {lm-ntlm-ntlmv2-krb|ntlm-ntlmv2-krb|ntlmv2-krb|krb}] - LM Compatibility Level

If this parameter is specified, the command displays information only about the security settings that match the specified LM compatibility level.

[-is-smb-encryption-required {true|false}] - Require SMB Encryption for Incoming CIFS Traffic

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where SMB encryption is required. If set to false , the command displays security configuration information for CIFS servers where SMB encryption is not required.

[-session-security-for-ad-ldap {none|sign|seal}] - Client Session Security

If this parameter is set to seal , the command displays CIFS security configuration information only for CIFS servers where both signing and sealing are required for LDAP communications. If set to sign , the command displays security configuration information for CIFS servers where only signing is required for LDAP communications. If set to none , the command displays security configuration information for CIFS servers where no security is required for LDAP communications.

[-smb1-enabled-for-dc-connections {false|true|system-default}] - SMB1 Enabled for DC Connections

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where SMB1 is enabled for use with connections to domain controllers. If set to false , the command displays security configuration information for CIFS servers where SMB1 is not enabled for use with connections to domain controllers. If set to system-default , the command displays security configuration information for CIFS servers where the system-default setting (SMB1 enabled) is used for connections to domain controllers.

[-smb2-enabled-for-dc-connections {false|true|system-default}] - SMB2 Enabled for DC Connections

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where SMB2 is enabled for use with connections to domain controllers. If set to false , the command displays security configuration information for CIFS servers where SMB2 is not enabled for use with connections to domain controllers. If set to system-default , the command displays security configuration information for CIFS servers where the system-default setting (SMB2 enabled) is used for connections to domain controllers.

[-referral-enabled-for-ad-ldap {true|false}] - LDAP Referral Chasing Enabled For AD LDAP Connections

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where LDAP referral is enabled for AD LDAP connections. If set to false , the command displays security configuration information for CIFS servers where LDAP referral is not enabled for AD LDAP connections.

[-use-ldaps-for-ad-ldap {true|false}] - Use LDAPS for Secure Active Directory LDAP Connections

If this parameter is set to true , the command displays CIFS security configuration information only for CIFS servers where LDAPS is used for communication with the AD LDAP Server. If set to false , the command displays CIFS security configuration information only for CIFS servers where LDAPS is not used for communication with the AD LDAP Server.

Examples

The following example displays CIFS server security settings.

cluster1::> vserver cifs security show
Vserver: vs1
Kerberos Clock Skew:               3 minutes
                                  Kerberos Ticket Age:               8 hours
                                 Kerberos Renewal Age:               7 days
                                 Kerberos KDC Timeout:               3 seconds
                                  Is Signing Required:            true
                      Is Password Complexity Required:            true
                 Use start_tls For AD LDAP connection:           false
                            Is AES Encryption Enabled:           false
                               LM Compatibility Level:             krb
                           Is SMB Encryption Required:           false
                              Client Session Security:            none
                      SMB1 Enabled For DC Connections:  system-default
                      SMB2 Enabled For DC Connections:  system-default
LDAP Referral Chasing Enabled For AD LDAP Connections: false
                    Use LDAPS for AD LDAP Connections: true

The following example displays the Kerberos clock skew for all Vservers.

cluster1::> vserver cifs security show -fields kerberos-clock-skew
vserver kerberos-clock-skew
            ------- -------------------
            vs1     5