Enable LDAP signing and sealing on the CIFS server
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- Security and data encryption
- Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
Before your CIFS server can use signing and sealing for secure communication with an Active Directory LDAP server, you must modify the CIFS server security settings to enable LDAP signing and sealing.
You must consult with your AD server administrator to determine the appropriate security configuration values.
-
Configure the CIFS server security setting that enables signed and sealed traffic with Active Directory LDAP servers:
vserver cifs security modify -vserver vserver_name -session-security-for-ad-ldap {none|sign|seal}
You can enable signing (
sign
, data integrity), signing and sealing (seal
, data integrity and encryption), or neither (none
, no signing or sealing). The default value isnone
. -
Verify that the LDAP signing and sealing security setting is set correctly:
vserver cifs security show -vserver vserver_name
If the SVM uses the same LDAP server for querying name-mapping or other UNIX information, such as users, groups, and netgroups, then you must enable the corresponding setting with the
-session-security
option of thevserver services name-service ldap client modify
command.