ONTAP 9 Manuals ( CA08871-402 )

Enable SMB2 connections to domain controllers

You can enable SMB version 2.0 to connect to a domain controller. Doing so is necessary if you have disabled SMB 1.0 on domain controllers. SMB2 is enabled by default.

About this task

The smb2-enabled-for-dc-connections command option enables the system default for the release of ONTAP you are using.

SMB 1.0 can be disabled from ONTAP to a domain controller.

Learn more about:

If -smb1-enabled-for-dc-connections is set to false while -smb1-enabled is set to true, ONTAP denies SMB 1.0 connections as the client, but continues to accept inbound SMB 1.0 connections as the server.

Steps
  1. Before changing SMB security settings, verify which SMB versions are enabled: vserver cifs security show

  2. Scroll down the list to see the SMB versions.

  3. Perform the appropriate command, using the smb2-enabled-for-dc-connections option.

    If you want SMB2 to be…​ Enter the command…​

    Enabled

    vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections true

    Disabled

    vserver cifs security modify -vserver vserver_name -smb2-enabled-for-dc-connections false

Top of Page