FAS and V-Series Storage Systems Discussions

CIFS authentication security level

SVHO

Hello,

 

Our security team wants to turn off NTLM  on our NetApp NAS.  From reading the KB below and verifying, our setting is set at the default which accepts everything listed from the article.  We want to allow NTLMv2 and Kerberos.  My question is by changing the setting, does it disconnect all current connections that are not reflective of the new security level?  Do I have to stop the SVM to disconnect all connections? 

 

I just want to make sure the security team no longer see any logs pertaining to NTLM.

 

Example: Device1 connected on NTLM.  Once the new security level is updated, does that connection get disconnected?

 

https://library.netapp.com/ecmdocs/ECMP1610207/html/GUID-861C90E9-A8B2-405C-9020-0C38679BD72B.html

 

We are on 9.3p18

Thanks,

TT

1 ACCEPTED SOLUTION

Ontapforrum

Stopping SVM Service will stop data access on this SVM through all allowed protocols. Instead you can just stop the CIFS server and restart it. Of course this means, all the sessions currently active will drop off. However, when they re-connect they will be using new auth-mechanism.

View solution in original post

5 REPLIES 5

Ontapforrum

Only new sessions will have the latest update (i.e changed -lm-compatibility-level). Rest of the sessions which are already logged in using NTLM will continue to stay up. In order to have them negotiate new security update, they need to be closed their session first.

 

You should be able to filter those users using NTLM via this cmd:
::> vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism

 

You should then be able to close those session-id, once this is done, next time when they login they will use the updated security (auth-mechanism)

 

This article may help in closing sessions for those using NTLM security.
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_terminate_a_CIFS_sessions_in_ONTAP_9_for_specific_Windows_users

Ontapforrum

For filtering specific users using NTLMv1:

 vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism  -auth-mechanism NTMLv1

SVHO

Thank you for the response.  Lets say if I stop the SVM service, would that also terminate the sessions? 

Ontapforrum

Stopping SVM Service will stop data access on this SVM through all allowed protocols. Instead you can just stop the CIFS server and restart it. Of course this means, all the sessions currently active will drop off. However, when they re-connect they will be using new auth-mechanism.

View solution in original post

Thank you so much!  I probably will terminate the sessions after the security update since we have less than 10 connections with NTLMv1.

 

TT

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public