Enable SMB2 connections to domain controllers
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- Security and data encryption
- Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.1, you can enable SMB version 2.0 to connect to a domain controller. Doing so is necessary if you have disabled SMB 1.0 on domain controllers. Beginning with ONTAP 9.2, SMB2 is enabled by default.
The smb2-enabled-for-dc-connections
command option enables the system default for the release of ONTAP you are using. The system default for ONTAP 9.1 is enabled for SMB 1.0 and disabled for SMB 2.0. The system default for ONTAP 9.2 is enabled for SMB 1.0 and enabled for SMB 2.0. If the domain controller cannot negotiate SMB 2.0 initially, it uses SMB 1.0.
SMB 1.0 can be disabled from ONTAP to a domain controller. In ONTAP 9.1, if SMB 1.0 has been disabled, SMB 2.0 must be enabled in order to communicate with a domain controller.
Learn more about:
If |
-
Before changing SMB security settings, verify which SMB versions are enabled:
vserver cifs security show
-
Scroll down the list to see the SMB versions.
-
Perform the appropriate command, using the
smb2-enabled-for-dc-connections
option.If you want SMB2 to be… Enter the command… Enabled
vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections true
Disabled
vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections false