Enable encrypted connections to domain controllers
Suggest changes
Beginning with ONTAP 9.8, you can specify that connections to domain controllers be encrypted.
About this task
ONTAP requires encryption for domain controller (DC) communications when the -encryption-required-for-dc-connection
option is set to true
; the default is false
. When the option is set, only the SMB3 protocol will be used for ONTAP-DC connections, because encryption is only supported by SMB3.
When encrypted DC communications are required, the -smb2-enabled-for-dc-connections
option is ignored, because ONTAP only negotiates SMB3 connections. If a DC doesn't support SMB3 and encryption, ONTAP will not connect with it.
Step
-
Enable encrypted communication with the DC:
vserver cifs security modify -vserver svm_name -encryption-required-for-dc-connection true