Enabling SMB2 connections to domain controllers
Beginning in ONTAP 9.4, you can enable SMB version 2.0 to connect to a domain controller. Doing so is necessary if you have disabled SMB 1.0 on domain controllers. Beginning in ONTAP 9.4, SMB2 is enabled by default.
About this task
The smb2-enabled-for-dc-connections command option enables the system default for the release of ONTAP you are using. The system default for ONTAP 9.4 and higher is disabled for SMB 1.0 and enabled for SMB 2.0. If the domain controller cannot negotiate SMB 2.0 initially, it uses SMB 1.0.
SMB 1.0 can be disabled from ONTAP to a domain controller.
Note
If -smb1-enabled-for-dc-connections is set to false while -smb1-enabled is set to true, ONTAP denies SMB 1.0 connections as the client, but continues to accept inbound SMB 1.0 connections as the server. See the topic, Enabling and disabling SMB versions in this guide.
- Before changing SMB security settings, verify which SMB versions are enabled: vserver cifs security show
- Scroll down the list to see the SMB versions.
- Perform the appropriate command, using the smb2-enabled-for-dc-connections option.
If you want SMB2 to be... Enter the command... Enabled vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections true Disabled vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections false
Give documentation feedback