Display SMB session information

Contributors

You can display information about established SMB sessions, including the SMB connection and session ID and the IP address of the workstation using the session. You can display information about the session’s SMB protocol version and continuously available protection level, which helps you identify whether the session supports nondisruptive operations.

About this task

You can display information for all of the sessions on your SVM in summary form. However, in many cases, the amount of output that is returned is large. You can customize what information is displayed in the output by specifying optional parameters:

  • You can use the optional -fields parameter to display output about the fields you choose.

    You can enter -fields ? to determine what fields you can use.

  • You can use the -instance parameter to display detailed information about established SMB sessions.

  • You can use the -fields parameter or the -instance parameter either alone or in combination with other optional parameters.

Step
  1. Perform one of the following actions:

    If you want to display SMB session information…​ Enter the following command…​

    For all sessions on the SVM in summary form

    vserver cifs session show -vserver vserver_name

    On a specified connection ID

    vserver cifs session show -vserver vserver_name -connection-id integer

    From a specified workstation IP address

    vserver cifs session show -vserver vserver_name -address workstation_IP_address

    On a specified LIF IP address

    vserver cifs session show -vserver vserver_name -lif-address LIF_IP_address

    On a specified node

    vserver cifs session show -vserver vserver_name -node {node_name|local}

    From a specified Windows user

    vserver cifs session show -vserver vserver_name -windows-user domain_name\\user_name

    With a specified authentication mechanism

    vserver cifs session show -vserver vserver_name -auth-mechanism {NTLMv1|NTLMv2|Kerberos|Anonymous}

    With a specified protocol version

    vserver cifs session show -vserver vserver_name -protocol-version {SMB1|SMB2|SMB2_1|SMB3|SMB3_1}

    Note

    Continuously available protection and SMB Multichannel are available only on SMB 3.0 and later sessions. To view their status on all qualifying sessions, you should specify this parameter with the value set to SMB3 or later.

    With a specified level of continuously available protection

    vserver cifs session show -vserver vserver_name -continuously-available {No|Yes|Partial}

    Note

    If the continuously available status is Partial, this means that the session contains at least one open continuously available file, but the session has some files that are not open with continuously available protection. You can use the vserver cifs sessions file show command to determine which files on the established session are not open with continuously available protection.

    With a specified SMB signing session status

    vserver cifs session show -vserver vserver_name -is-session-signed {true|false}

Examples

The following command displays session information for the sessions on SVM vs1 established from a workstation with IP address 10.1.1.1:

cluster1::> vserver cifs session show -address 10.1.1.1
Node:    node1
Vserver: vs1
Connection Session                                    Open         Idle
ID          ID      Workstation      Windows User    Files         Time
----------  ------- ---------------- ------------- ------- ------------
3151272279,
3151272280,
3151272281  1       10.1.1.1         DOMAIN\joe          2          23s

The following command displays detailed session information for sessions with continuously available protection on SVM vs1. The connection was made by using the domain account.

cluster1::> vserver cifs session show -instance -continuously-available Yes

                        Node: node1
                     Vserver: vs1
                  Session ID: 1
               Connection ID: 3151274158
Incoming Data LIF IP Address: 10.2.1.1
      Workstation IP address: 10.1.1.2
    Authentication Mechanism: Kerberos
                Windows User: DOMAIN\SERVER1$
                   UNIX User: pcuser
                 Open Shares: 1
                  Open Files: 1
                  Open Other: 0
              Connected Time: 10m 43s
                   Idle Time: 1m 19s
            Protocol Version: SMB3
      Continuously Available: Yes
           Is Session Signed: false
       User Authenticated as: domain-user
                NetBIOS Name: -
       SMB Encryption Status: Unencrypted

The following command displays session information on a session using SMB 3.0 and SMB Multichannel on SVM vs1. In the example, the user connected to this share from an SMB 3.0 capable client by using the LIF IP address; therefore, the authentication mechanism defaulted to NTLMv2. The connection must be made by using Kerberos authentication to connect with continuously available protection.

cluster1::> vserver cifs session show -instance -protocol-version SMB3

                        Node: node1
                     Vserver: vs1
                  Session ID: 1
              **Connection IDs: 3151272607,31512726078,3151272609
            Connection Count: 3**
Incoming Data LIF IP Address: 10.2.1.2
      Workstation IP address: 10.1.1.3
    Authentication Mechanism: NTLMv2
                Windows User: DOMAIN\administrator
                   UNIX User: pcuser
                 Open Shares: 1
                  Open Files: 0
                  Open Other: 0
              Connected Time: 6m 22s
                   Idle Time: 5m 42s
            Protocol Version: SMB3
      Continuously Available: No
           Is Session Signed: false
       User Authenticated as: domain-user
                NetBIOS Name: -
       SMB Encryption Status: Unencrypted

Related information