Setting the CIFS server minimum authentication security level
You can set the CIFS server minimum security level, also known as the LMCompatibilityLevel, on your CIFS server to meet your business security requirements for SMB access. The minimum security level is the minimum level of the security tokens that the CIFS server accepts from SMB clients.
About this task
Note
CIFS servers in workgroup mode support only NTLM authentication. Kerberos authentication is not supported.
You can set the minimum authentication security level to one of four supported security levels.
| Value | Description |
|---|---|
| lm-ntlm-ntlmv2-krb (default) | The storage virtual machine (SVM) accepts LM, NTLM, NTLMv2, and Kerberos authentication security. |
| ntlm-ntlmv2-krb | The SVM accepts NTLM, NTLMv2, and Kerberos authentication security. The SVM denies LM authentication. |
| ntlmv2-krb | The SVM accepts NTLMv2 and Kerberos authentication security. The SVM denies LM and NTLM authentication. |
| krb | The SVM accepts Kerberos authentication security only. The SVM denies LM, NTLM, and NTLMv2 authentication. |
- Set the minimum authentication security level: vserver cifs security modify -vserver vserver_name -lm-compatibility-level {lm-ntlm-ntlmv2-krb|ntlm-ntlmv2-krb|ntlmv2-krb|krb}
- Verify that the authentication security level is set to the desired level: vserver cifs security show -vserver vserver_name
Give documentation feedback