Why are CIFS sessions not signed when encryption and smb signing are both enabled on the SVM?
Applies to
- ONTAP 9
- CIFS
- SMB Signing
- SMB Encryption
Answer
- If a CIFS session is marked for both Signing and Encryption then SMB Encryption includes SMB signing.
- Therefore in such a case where either share-level or server-level encryption is enabled, "is-session-signed" in Cifs Session should not return true
Example:
Cluster01::> cifs security show -vserver SVM1 -fields is-signing-required,is-smb-encryption-required
vserver is-signing-required is-smb-encryption-required
----------- ------------------- --------------------------
SVM1 true true
Cluster01::> cifs session show -vserver SVM1 -fields is-session-signed,smb-encryption-status
node vserver session-id connection-id is-session-signed smb-encryption-status
------------ ---------- ------------------- ------------- ----------------- ---------------------
Cluster01-02 SVM1 5783747821497729909 952531972 false encrypted
Cluster01-02 SVM1 5783747821497731202 952532894 false encrypted
Cluster01-02 SVM1 5783747821497731343 952532985 false encrypted
3 entries were displayed.
Additional Information
Fo more information see, Microsoft documentation SMB security Enhancements.