Skip to main content
NetApp Knowledge Base

How to set ONTAP to use LDAP Signing or Sealing for CIFS/NFS

Views:
3,808
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

 

Applies to

  • ONTAP 9 CIFS/NFS
  • Data ONTAP 8 CIFS/NFS

Description

Beginning in ONTAP 9, you can configure signing and sealing to enable LDAP session security on queries to an Active Directory (AD) server. You must configure the CIFS server security settings on the storage virtual machine (SVM) to correspond to those on the LDAP server.

Signing confirms the integrity of the LDAP payload data using secret key technology. Sealing encrypts the LDAP payload data to avoid transmitting sensitive information in clear text. An LDAP Security Level option indicates whether the LDAP traffic needs to be signed, signed and sealed, or neither. The default is none.

Microsoft will be providing patch due to Windows Security Advisory ADV190023 (Patch expected in March 2020). This will change the default for LDAP to use signing:

For more information on Windows Security Advisory ADV190023, see:
Microsoft Security Advisory: ADV190023 impact on NetApp appliance running CIFS\NFS utilizing Microsoft Active Directory LDAP servers

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support