Enable encrypted connections to domain controllers
Suggest changes
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
Beginning with ONTAP 9.8, you can specify that connections to domain controllers be encrypted.
About this task
ONTAP requires encryption for domain controller (DC) communications when the -encryption-required-for-dc-connection
option is set to true
; the default is false
. When the option is set, only the SMB3 protocol will be used for ONTAP-DC connections, because encryption is only supported by SMB3.
When encrypted DC communications are required, the -smb2-enabled-for-dc-connections
option is ignored, because ONTAP only negotiates SMB3 connections. If a DC doesn't support SMB3 and encryption, ONTAP will not connect with it.
Step
-
Enable encrypted communication with the DC:
vserver cifs security modify -vserver svm_name -encryption-required-for-dc-connection true