Enable SMB2 connections to domain controllers
Beginning with ONTAP 9.1, you can enable SMB version 2.0 to connect to a domain controller. Doing so is necessary if you have disabled SMB 1.0 on domain controllers. Beginning with ONTAP 9.2, SMB2 is enabled by default.
The smb2-enabled-for-dc-connections
command option enables the system default for the release of ONTAP you are using. The system default for ONTAP 9.1 is enabled for SMB 1.0 and disabled for SMB 2.0. The system default for ONTAP 9.2 is enabled for SMB 1.0 and enabled for SMB 2.0. If the domain controller cannot negotiate SMB 2.0 initially, it uses SMB 1.0.
SMB 1.0 can be disabled from ONTAP to a domain controller. In ONTAP 9.1, if SMB 1.0 has been disabled, SMB 2.0 must be enabled in order to communicate with a domain controller.
Learn more about:
If |
-
Before changing SMB security settings, verify which SMB versions are enabled:
vserver cifs security show
-
Scroll down the list to see the SMB versions.
-
Perform the appropriate command, using the
smb2-enabled-for-dc-connections
option.If you want SMB2 to be… Enter the command… Enabled
vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections true
Disabled
vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections false