Enable LDAP signing and sealing on the CIFS server

Contributors

Before your CIFS server can use signing and sealing for secure communication with an Active Directory LDAP server, you must modify the CIFS server security settings to enable LDAP signing and sealing.

Before you begin

You must consult with your AD server administrator to determine the appropriate security configuration values.

Steps
  1. Configure the CIFS server security setting that enables signed and sealed traffic with Active Directory LDAP servers: vserver cifs security modify -vserver vserver_name -session-security-for-ad-ldap {none|sign|seal}

    You can enable signing (sign, data integrity), signing and sealing (seal, data integrity and encryption), or neither (none, no signing or sealing). The default value is none.

  2. Verify that the LDAP signing and sealing security setting is set correctly: vserver cifs security show -vserver vserver_name

    Note

    If the SVM uses the same LDAP server for querying name-mapping or other UNIX information, such as users, groups, and netgroups, then you must enable the corresponding setting with the -session-security option of the vserver services name-service ldap client modify command.