Determine whether clients are connected using encrypted SMB sessions

Contributors

You can display information about connected SMB sessions to determine whether clients are using encrypted SMB connections. This can be helpful in determining whether SMB client sessions are connecting with the desired security settings.

About this task

SMB clients sessions can have one of three encryption levels:

  • unencrypted

    The SMB session is not encrypted. Neither storage virtual machine (SVM)-level or share-level encryption is configured.

  • partially-encrypted

    Encryption is initiated when the tree-connect occurs. Share-level encryption is configured. SVM-level encryption is not enabled.

  • encrypted

    The SMB session is fully encrypted. SVM-level encryption is enabled. Share level encryption might or might not be enabled. The SVM-level encryption setting supersedes the share-level encryption setting.

Steps
  1. Perform one of the following actions:

    If you want display information about…​ Enter the command…​

    Sessions with a specified encryption setting for sessions on a specified SVM

    vserver cifs session show -vserver vserver_name {unencrypted|partially-encrypted|encrypted} -instance

    The encryption setting for a specific session ID on a specified SVM

    vserver cifs session show -vserver vserver_name -session-id integer -instance

Examples

The following command displays detailed session information, including the encryption setting, on an SMB session with a session ID of 2:

cluster1::> vserver cifs session show -vserver vs1 -session-id 2 -instance
                        Node: node1
                     Vserver: vs1
                  Session ID: 2
               Connection ID: 3151274158
Incoming Data LIF IP Address: 10.2.1.1
                 Workstation: 10.1.1.2
    Authentication Mechanism: Kerberos
                Windows User: DOMAIN\joe
                   UNIX User: pcuser
                 Open Shares: 1
                  Open Files: 1
                  Open Other: 0
              Connected Time: 10m 43s
                   Idle Time: 1m 19s
            Protocol Version: SMB3
      Continuously Available: No
           Is Session Signed: true
       User Authenticated as: domain-user
                NetBIOS Name: CIFS_ALIAS1
       SMB Encryption Status: Unencrypted