Subscribe

enabling SMB2 dont work

Hello anyone,

 

Today I enabled SMB2 (options cifs.smb.enable on) on our FAS3070 but it don't work.

Wireshark tells me that only SMB1 is used.

 

On the partner node I enabled SMB2, too. Here it works.

There, Wireshark tells me SMB2 is used.

 

The options of filer1 are:

Filer1> options cifs
cifs.LMCompatibilityLevel    1
cifs.audit.account_mgmt_events.enable off
cifs.audit.autosave.file.extension
cifs.audit.autosave.file.limit 0
cifs.audit.autosave.onsize.enable off
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable off
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable            off
cifs.audit.file_access_events.enable on
cifs.audit.liveview.allowed_users
cifs.audit.liveview.enable   off
cifs.audit.logon_events.enable on
cifs.audit.logsize           524288
cifs.audit.nfs.enable        off
cifs.audit.nfs.filter.filename
cifs.audit.saveas            /etc/log/adtlog.evt
cifs.bypass_traverse_checking on
cifs.client.dup-detection    ip-address
cifs.comment
cifs.enable_share_browsing   on
cifs.gpo.enable              off
cifs.gpo.trace.enable        off
cifs.grant_implicit_exe_perms off
cifs.guest_account
cifs.home_dir_namestyle
cifs.home_dirs_public_for_admin on
cifs.idle_timeout            1800
cifs.ipv6.enable             off
cifs.max_mpx                 1124
cifs.ms_snapshot_mode        xp
cifs.neg_buf_size            65340
cifs.netbios_aliases         <OUR NETBIOS NAMES>
cifs.netbios_over_tcp.enable on
cifs.nfs_root_ignore_acl     off
cifs.oplocks.enable          on
cifs.oplocks.opendelta       0
cifs.per_client_stats.enable on
cifs.perfmon.allowed_users
cifs.perm_check_ro_del_ok    off
cifs.perm_check_use_gid      off
cifs.preserve_unix_security  off
cifs.restrict_anonymous      0
cifs.restrict_anonymous.enable off
cifs.save_case               on
cifs.scopeid
cifs.search_domains          <our domains>
cifs.show_dotfiles           on
cifs.show_snapshot           off
cifs.shutdown_msg_level      2
cifs.sidcache.enable         on
cifs.sidcache.lifetime       1440
cifs.signing.enable          off
cifs.smb2.client.enable      off
cifs.smb2.durable_handle.enable on
cifs.smb2.durable_handle.timeout 16m
cifs.smb2.enable             on
cifs.smb2.signing.required   off
cifs.snapshot_file_folding.enable off
cifs.symlinks.cycleguard     on
cifs.symlinks.enable         on
cifs.trace_dc_connection     off
cifs.trace_login             off
cifs.universal_nested_groups.enable on
cifs.weekly_W2K_password_change off
cifs.widelink.ttl            10m

and the options of filer2

 

Filer2> options cifs
cifs.LMCompatibilityLevel    1
cifs.audit.account_mgmt_events.enable off
cifs.audit.autosave.file.extension
cifs.audit.autosave.file.limit 0
cifs.audit.autosave.onsize.enable off
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable off
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable            off
cifs.audit.file_access_events.enable on
cifs.audit.liveview.allowed_users
cifs.audit.liveview.enable   off
cifs.audit.logon_events.enable on
cifs.audit.logsize           524288
cifs.audit.nfs.enable        off
cifs.audit.nfs.filter.filename
cifs.audit.saveas            /etc/log/adtlog.evt
cifs.bypass_traverse_checking on
cifs.client.dup-detection    ip-address
cifs.comment                 Netapp Filer
cifs.enable_share_browsing   on
cifs.gpo.enable              off
cifs.gpo.trace.enable        off
cifs.grant_implicit_exe_perms off
cifs.guest_account
cifs.home_dir_namestyle
cifs.home_dirs_public_for_admin on
cifs.idle_timeout            1800
cifs.ipv6.enable             off
cifs.max_mpx                 1124
cifs.ms_snapshot_mode        xp
cifs.netbios_aliases         <OUR NETBIOS NAMES>
cifs.netbios_over_tcp.enable on
cifs.nfs_root_ignore_acl     off
cifs.oplocks.enable          on
cifs.oplocks.opendelta       0
cifs.per_client_stats.enable off
cifs.perfmon.allowed_users
cifs.perm_check_ro_del_ok    off
cifs.perm_check_use_gid      off
cifs.preserve_unix_security  off
cifs.restrict_anonymous      0
cifs.restrict_anonymous.enable off
cifs.save_case               on
cifs.scopeid
cifs.search_domains          <OUR DOMAINS>
cifs.show_dotfiles           on
cifs.show_snapshot           off
cifs.shutdown_msg_level      2
cifs.sidcache.enable         on
cifs.sidcache.lifetime       1440
cifs.signing.enable          off
cifs.smb2.client.enable      off
cifs.smb2.durable_handle.enable on
cifs.smb2.durable_handle.timeout 16m
cifs.smb2.enable             on
cifs.smb2.signing.required   off
cifs.snapshot_file_folding.enable off
cifs.symlinks.cycleguard     on
cifs.symlinks.enable         on
cifs.tcp_window_size         64240
cifs.trace_dc_connection     off
cifs.trace_login             off
cifs.universal_nested_groups.enable on
cifs.weekly_W2K_password_change off
cifs.widelink.ttl            10m
Filer2>

So why SMB2 is only available at filer2 and not on filer1?

 

What have to be done to enable SMB2 correctly?

 

 

System Specs:

FAS3070

Data Ontap 7.3.7P1

 

 

Tanks for any help,

 

jenoptik

Re: enabling SMB2 dont work

[ Edited ]

additional info:

 

on filer1:

Filer1> cifs domaininfo

Type:                     NT4

on filer2:

Filer2> cifs domaininfo

Type:                     Windows 2003

 

Is perhaps the fact that both domains have different domain types the problem?

 

Re: enabling SMB2 dont work

All you have to from the filer side is enable it. That's it.

 

The client will negotiate SMB2 if it's supported on the client and if SMB1 connections aren't already established to the filer.

 

Win2k3 and XP, for example, do not support SMB2. Win2K8 and later does.

 

If you have a supported client, it's possible the client has already negotiated SMB1 to the filer. If that's the case, reboot the client and try again.

Re: enabling SMB2 dont work

Hi Sir,

 

One doubt I have,

 

According the article, user enabled SMB2 on single controller and some how forgot to enable it on partner node.

 

Why it blocked node01 to server SMB2 request?

 

As per my understanding, client request will come to node01 and it may not verify settings on partner node.  Will it verify in any scenario?

 

I think, as per HA recommendataions, we need to have same settings on both the controller. But some how it was missed.

 

 

Why I am discussing on this is,  I have seen similar situation after enabling smb2 on both the controllers and just because, cifs netbios over tcp option is not have equal values in both the controllers.

 

Later it was fixed after making it equal.

 

So, Kindly need your help to understand the behavior, how the DIFFERENCE IN THE OPTIONS causing the issue.