Solved: Disable SMBv1 DC connectivity issue

Marcymarc24 · ‎2021-03-26

We have v8.2.5P1 version of 7Mode, and (nervously) decided to disable SMBv1 options recently.

smb1.enable no no
smb1.client.enable no no

Everything seemed OK for a while until the NetApp lost connectivity to the DC and CIFS access was lost.

Any idea why we saw the delayed connectivity issues and is there a setting we missed to resolve this?

Mjizzini · ‎2021-03-30

Microsoft deprecated SMBv1 in 2013. Newer operating systems will have SMBv1 disabled by default.

The filer will use SMB1 as default. The below option will enable smb2 connection with the DC.

options cifs.smb2.client.enabled

TMACMD · ‎2021-03-26

Sure. Those options do not take effect until the CIFS/SMB server is restarted.

Probably should upgrade to 8.2.5P5 for the CIFS/SMB NetLogon Secure channel fixes.

Marcymarc24 · ‎2021-03-26

To clarify we re-enabled SMBv1 which reinitiated the connections and everything was back as before.

To ask a slightly separate question I see there is the ability to control what SMB version is used with domain controllers for authentication.

cifs.smb2.client.enable

However I can't see that option on our version of NetApp (8.2.5P1), is this a privileged set option does anyone know?

Thanks .

TMACMD · ‎2021-03-28

there are a number of cifs security fixes in the LATEST patch release. Upgrade to 8.2.5P5

That option I mentioned is not available until at least 8.2.5P4. Upgrade and read the link I sent in the last post.

Mjizzini · ‎2021-03-30

Microsoft deprecated SMBv1 in 2013. Newer operating systems will have SMBv1 disabled by default.

The filer will use SMB1 as default. The below option will enable smb2 connection with the DC.

options cifs.smb2.client.enabled