Skip to main content

How ONTAP handles SMB client authentication

Before users can create SMB connections to access data contained on the SVM, they must be authenticated by the domain to which the CIFS server belongs. The CIFS server supports two authentication methods, Kerberos and NTLM (NTLMv1 or NTLMv2). Kerberos is the default method used to authenticate domain users.

  • Kerberos authentication
    ONTAP supports Kerberos authentication when creating authenticated SMB sessions.
  • NTLM authentication
    NTLM client authentication is done using a challenge response protocol based on shared knowledge of a user-specific secret based on a password.