What version of SMB that will be used for communication between ONTAP and a DC?
Applies to
- ONTAP 9
- CIFS/SMB
- DC Connections
Answer
The version of SMB that will be negotiated for communication between ONTAP and the DC will depend on the values for the following parameters to the vserver cifs security
settings
- If the value of
is-smb1-enabled-for-dc-connections
is true or system-default then SMB1 will be available for negotiation - If the value of
is-smb2-enabled-for-dc-connections
is true or system-default then SMB2 will be available for negotiation - If the value of
encryption-required-for-dc-connections
is true then only SMB3 will be available for the session- This value overrides the previous two
- Encryption is only supported with SMB3
Additional Information
- The option encryption-required-for-dc-connections has been introduced in ONTAP 9.8
- The default value for each of this options depends on the release of ONTAP, as of 9.8, SMB1 is false, SMB2 is system-default (true), and encryption is false
- An ONTAP upgrade may change the default setting for a newly created SVM but will not change these options for existing SVMs
- SMB1 use is deprecated and may be removed in future releases
- For further information about the vserver cifs security commands refer to the ONTAP 9 Documentation