Skip to main content

Set the SMB server minimum authentication security level

Contributors netapp-thomi netapp-forry netapp-ahibbard

You can set the SMB server minimum security level, also known as the LMCompatibilityLevel, on your SMB server to meet your business security requirements for SMB client access. The minimum security level is the minimum level of the security tokens that the SMB server accepts from SMB clients.

Note
About this task
  • SMB servers in workgroup mode support only NTLM authentication. Kerberos authentication is not supported.

  • LMCompatibilityLevel applies only to SMB client authentication, not admin authentication.

You can set the minimum authentication security level to one of four supported security levels.

Value Description

lm-ntlm-ntlmv2-krb (default)

The storage virtual machine (SVM) accepts LM, NTLM, NTLMv2, and Kerberos authentication security.

ntlm-ntlmv2-krb

The SVM accepts NTLM, NTLMv2, and Kerberos authentication security. The SVM denies LM authentication.

ntlmv2-krb

The SVM accepts NTLMv2 and Kerberos authentication security. The SVM denies LM and NTLM authentication.

krb

The SVM accepts Kerberos authentication security only. The SVM denies LM, NTLM, and NTLMv2 authentication.

Steps
  1. Set the minimum authentication security level: vserver cifs security modify -vserver vserver_name -lm-compatibility-level {lm-ntlm-ntlmv2-krb|ntlm-ntlmv2-krb|ntlmv2-krb|krb}

  2. Verify that the authentication security level is set to the desired level: vserver cifs security show -vserver vserver_name