Skip to main content

Verifying enabled SMB versions

Your ONTAP release determines which SMB versions are enabled by default for connections with clients and domain controllers. You should verify that the SMB server supports the clients and functionality required in your environment.

About this task

For connections with both clients and domain controllers, you should enable SMB 2.0 and later whenever possible.

  • On all versions of Lenovo Data ONTAP, SMB 1.0 is disabled by default with new SVMs.

    To enable it use the following option:

    The -smb1-enabled option to the vserver cifs options modify command enables or disables SMB 1.0.

In Lenovo Data ONTAP, SMB 2.0 is enabled by default for DC (domain controller) connections.

Note

If -smb1-enabled-for-dc-connections is set to false while -smb1-enabled is set to true , ONTAP denies SMB 1.0 connections as the client, but continues to accept inbound SMB 1.0 connections as the server.

The SMB/CIFS Reference contains details about supported SMB versions and functionality.

  1. Set the privilege level to advanced: set -privilege advanced
  2. Verify which SMB versions are enabled: vserver cifs options show

    You can scroll down the list to view the SMB versions enabled for client connections, and if you are configuring an SMB server in an AD domain, for AD domain connections.

  3. Enable or disable the SMB protocol for client connections as required:
    • To enable an SMB version: vserver cifs options modify -vserver vserver_name smb_version true
    • To disable an SMB version: vserver cifs options modify -vserver vserver_name smb_version false

    Possible values for smb_version:

    • -smb1-enabled
    • -smb2-enabled
    • -smb3-enabled
    • -smb31-enabled

    Example

    The following command enables SMB 3.1 on SVM vs1.example.com:

    cluster1::*> vserver cifs options modify -vserver vs1.example.com -smb31-enabled true

  4. If your SMB server is in an Advanced Directory domain, enable or disable the SMB protocol for DC connections as required:
    • To enable an SMB version: vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections true
    • To disable an SMB version: vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections false
  5. Return to the admin privilege level: set -privilege admin