Is it possible to enable encryption for one CIFS particular share
Applies to
- ONTAP 9
- CIFS
- AES Encryption
Answer
Yes, we can enable encryption for a particular share with the help of below steps.
- Step1: Run following command to enable encryption for the desired share.
cluster1::> vserver cifs share properties add -vserver <VSERVERNAME> -share-name <SHARENAME> -share-properties encrypt-data
- Step2: Have the users disconnect and reconnect to the shares manually in order to apply the changes.
Please note that the encryption won't be in effect unless the client reconnect to the shares as the existing sessions are unencrypted.
- Step3: Run the below command to confirm that encryption is working for all CIFS sessions.
Cluster01::> vserver cifs session show -vserver <VSERVERNAME> -fields smb-encryption-status
NOTE: SMB encryption is supported with SMB3 and above