Skip to main content
NetApp Knowledgebase

Why are CIFS sessions not signed when encryption and smb signing are both enabled on the SVM?

  1. Last updated
  2. Save as PDF
Views:
183
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • SMB Signing
  • SMB Encryption

Answer

  • If a CIFS session is marked for both Signing and Encryption then SMB Encryption supersedes SMB signing.
  • Therefore in such a case where either share-level or server-level encryption is enabled, "is-session-signed" in Cifs Session should not return true

Example:

Cluster01::> cifs security show -vserver SVM1 -fields is-signing-required,is-smb-encryption-required
vserver     is-signing-required is-smb-encryption-required
----------- ------------------- --------------------------
SVM1        true                true

Cluster01::> cifs session show -vserver SVM1 -fields is-session-signed,smb-encryption-status
node         vserver    session-id          connection-id is-session-signed smb-encryption-status
------------ ---------- ------------------- ------------- ----------------- ---------------------
Cluster01-02 SVM1         5783747821497729909 952531972     false             encrypted
Cluster01-02 SVM1         5783747821497731202 952532894     false             encrypted
Cluster01-02 SVM1         5783747821497731343 952532985     false             encrypted
3 entries were displayed.

Additional Information

Fo more information see, Microsoft documentation SMB security Enhancements.