Enable encrypted connections to domain controllers
Beginning with ONTAP 9.8, you can specify that connections to domain controllers be encrypted.
ONTAP requires encryption for domain controller (DC) communications when the
-encryption-required-for-dc-connection option is set to
true; the default is
false. When the option is set, only the SMB3 protocol will be used for ONTAP-DC connections, because encryption is only supported by SMB3.
When encrypted DC communications are required, the
-smb2-enabled-for-dc-connections option is ignored, because ONTAP only negotiates SMB3 connections. If a DC doesn’t support SMB3 and encryption, ONTAP will not connect with it.
Enable encrypted communication with the DC:
vserver cifs security modify -vserver svm_name -encryption-required-for-dc-connection true