Is it possible to configure AES on an SVM before creating the CIFS server
Applies to
- ONTAP 9
- CIFS / SMB
- Advanced Encyption Standard (AES)
Answer
Yes, you can modify the security options before creating the CIFS server on the vserver
Note: This will save time while creating multiple CIFS servers. If you create the CIFS server first, and then enable AES encryption, you will need to enter credentials again
Example:
cluster1::> cifs show -vserver <vserver_name>
There are no entries matching your query
cluster1::> cifs security modify -vserver <vserver_name> -is-aes-encryption-enabled true
cluster1::> cifs security show -vserver <vserver_name>
Vserver: <vserver_name>
Kerberos Clock Skew: - minutes
Kerberos Ticket Age: - hours
Kerberos Renewal Age: - days
Kerberos KDC Timeout: - seconds
Is Signing Required: -
Is Password Complexity Required: -
Use start_tls for AD LDAP connection: false
Is AES Encryption Enabled: true
LM Compatibility Level: lm-ntlm-ntlmv2-krb
Is SMB Encryption Required: -
Client Session Security: none
SMB1 Enabled for DC Connections: false
SMB2 Enabled for DC Connections: system-default
LDAP Referral Enabled For AD LDAP connections: false
Use LDAPS for AD LDAP connection: false
Encryption is required for DC Connections: false
AES session key enabled for NetLogon channel: false
Try Channel Binding For AD LDAP Connections: true