Enable or disable required SMB encryption for incoming SMB traffic
If you want to require SMB encryption for incoming SMB traffic you can enable it on the CIFS server or at the share level. By default, SMB encryption is not required.
You can enable SMB encryption on the CIFS server, which applies to all shares on the CIFS server. If you do not want required SMB encryption for all shares on the CIFS server or if you want to enable required SMB encryption for incoming SMB traffic on a share-by-share basis, you can disable required SMB encryption on the CIFS server.
When you set up a storage virtual machine (SVM) disaster recovery relationship, the value you select for the -identity-preserve
option of the snapmirror create
command determines the configuration details that are replicated in the destination SVM.
If you set the -identity-preserve
option to true
(ID-preserve), the SMB encryption security setting is replicated to the destination.
If you set the -identity-preserve
option to false
(non-ID-preserve), the SMB encryption security setting is not replicated to the destination. In this case, the CIFS server security settings on the destination are set to the default values. If you have enabled SMB encryption on the source SVM, you must manually enable CIFS server SMB encryption on the destination.
-
Perform one of the following actions:
If you want required SMB encryption for incoming SMB traffic on the CIFS server to be… Enter the command… Enabled
vserver cifs security modify -vserver vserver_name -is-smb-encryption-required true
Disabled
vserver cifs security modify -vserver vserver_name -is-smb-encryption-required false
-
Verify that required SMB encryption on the CIFS server is enabled or disabled as desired:
vserver cifs security show -vserver vserver_name -fields is-smb-encryption-required
The
is-smb-encryption-required
field displaystrue
if required SMB encryption is enabled on the CIFS server andfalse
if it is disabled.
The following example enables required SMB encryption for incoming SMB traffic for the CIFS server on SVM vs1:
cluster1::> vserver cifs security modify -vserver vs1 -is-smb-encryption-required true cluster1::> vserver cifs security show -vserver vs1 -fields is-smb-encryption-required vserver is-smb-encryption-required -------- ------------------------- vs1 true