Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

Why are CIFS sessions not signed when encryption and smb signing are both enabled on the SVM?

Views:
113
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • SMB Signing
  • SMB Encryption

Answer

  • If a CIFS session is marked for both Signing and Encryption then SMB Encryption supersedes SMB signing.
  • Therefore in such a case where either share-level or server-level encryption is enabled, "is-session-signed" in Cifs Session should not return true

Example:

Cluster01::> cifs security show -vserver SVM1 -fields is-signing-required,is-smb-encryption-required
vserver     is-signing-required is-smb-encryption-required
----------- ------------------- --------------------------
SVM1        true                true

Cluster01::> cifs session show -vserver SVM1 -fields is-session-signed,smb-encryption-status
node         vserver    session-id          connection-id is-session-signed smb-encryption-status
------------ ---------- ------------------- ------------- ----------------- ---------------------
Cluster01-02 SVM1         5783747821497729909 952531972     false             encrypted
Cluster01-02 SVM1         5783747821497731202 952532894     false             encrypted
Cluster01-02 SVM1         5783747821497731343 952532985     false             encrypted
3 entries were displayed.

Additional Information

Fo more information see, Microsoft documentation SMB security Enhancements.