Determine whether clients are connected using encrypted ONTAP SMB sessions
Suggest changes
PDFs
You can display information about connected SMB sessions to determine whether clients are using encrypted SMB connections. This can be helpful in determining whether SMB client sessions are connecting with the desired security settings.
SMB clients sessions can have one of three encryption levels:
-
unencryptedThe SMB session is not encrypted. Neither storage virtual machine (SVM)-level or share-level encryption is configured.
-
partially-encryptedEncryption is initiated when the tree-connect occurs. Share-level encryption is configured. SVM-level encryption is not enabled.
-
encryptedThe SMB session is fully encrypted. SVM-level encryption is enabled. Share level encryption might or might not be enabled. The SVM-level encryption setting supersedes the share-level encryption setting.
-
Perform one of the following actions:
If you want display information about… Enter the command… Sessions with a specified encryption setting for sessions on a specified SVM
vserver cifs session show -vserver vserver_name {unencrypted|partially-encrypted|encrypted} -instanceThe encryption setting for a specific session ID on a specified SVM
vserver cifs session show -vserver vserver_name -session-id integer -instance
The following command displays detailed session information, including the encryption setting, on an SMB session with a session ID of 2:
cluster1::> vserver cifs session show -vserver vs1 -session-id 2 -instance
Node: node1
Vserver: vs1
Session ID: 2
Connection ID: 3151274158
Incoming Data LIF IP Address: 10.2.1.1
Workstation: 10.1.1.2
Authentication Mechanism: Kerberos
Windows User: DOMAIN\joe
UNIX User: pcuser
Open Shares: 1
Open Files: 1
Open Other: 0
Connected Time: 10m 43s
Idle Time: 1m 19s
Protocol Version: SMB3
Continuously Available: No
Is Session Signed: true
User Authenticated as: domain-user
NetBIOS Name: CIFS_ALIAS1
SMB Encryption Status: Unencrypted