Skip to main content

Enable encrypted connections to domain controllers

Contributors netapp-ahibbard netapp-aherbin

Beginning with ONTAP 9.8, you can specify that connections to domain controllers be encrypted.

About this task

ONTAP requires encryption for domain controller (DC) communications when the -encryption-required-for-dc-connection option is set to true; the default is false. When the option is set, only the SMB3 protocol will be used for ONTAP-DC connections, because encryption is only supported by SMB3.

When encrypted DC communications are required, the -smb2-enabled-for-dc-connections option is ignored, because ONTAP only negotiates SMB3 connections. If a DC doesn't support SMB3 and encryption, ONTAP will not connect with it.

Step
  1. Enable encrypted communication with the DC: vserver cifs security modify -vserver svm_name -encryption-required-for-dc-connection true