Is it possible to enable encryption for one CIFS particular share
Applies to
- ONTAP 9
- CIFS
- AES Encryption
Answer
Yes, we can enable encryption for a particular share with the help of below steps.
- Run following command to enable encryption for the desired share.
cluster1::> vserver cifs share properties add -vserver <VSERVERNAME> -share-name <SHARENAME> -share-properties encrypt-data
- Have the users disconnect and reconnect to the shares manually in order to apply the changes.
- Run the below command to confirm that encryption is working for all CIFS sessions.
Cluster01::> vserver cifs session show -vserver <VSERVERNAME> -fields smb-encryption-status
Note:
- Encryption won't be in effect unless the client reconnect to the shares as the existing sessions are unencrypted.
- SMB encryption is supported with SMB3 and above
- As encryption is enforced at the share-level rather than the server-level, the sessions will be partially encrypted