ONTAP Discussions

Disable SMBv1 DC connectivity issue

Marcymarc24

 

We have v8.2.5P1 version of 7Mode, and (nervously) decided to disable SMBv1 options recently.

 

smb1.enable no no
smb1.client.enable no no

 

Everything seemed OK for a while until the NetApp lost connectivity to the DC and CIFS access was lost.

 

Any idea why we saw the delayed connectivity issues and is there a setting we missed to resolve this?

 

4 REPLIES 4

Re: Disable SMBv1 DC connectivity issue

TMAC_CTG

Sure. Those options do not take effect until the CIFS/SMB server is restarted.

 

Probably should upgrade to 8.2.5P5 for the CIFS/SMB NetLogon Secure channel fixes.

 

 

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Microsoft_Security_Advisory%3A_CVE-2020-1472_impact_on_NetApp_applianc...

Re: Disable SMBv1 DC connectivity issue

Marcymarc24

To clarify we re-enabled SMBv1 which reinitiated the connections and everything was back as before.

To ask a slightly separate question I see there is the ability to control what SMB version is used with domain controllers for authentication. 

 

cifs.smb2.client.enable

 

However I can't see that option on our version of NetApp (8.2.5P1), is this a privileged set option does anyone know?

 

Thanks .

 

Re: Disable SMBv1 DC connectivity issue

TMAC_CTG

there are a number of cifs security fixes in the LATEST patch release. Upgrade to 8.2.5P5

 

That option I mentioned is not available until at least 8.2.5P4. Upgrade and read the link I sent in the last post.

Re: Disable SMBv1 DC connectivity issue

Mjizzini

Microsoft deprecated SMBv1 in 2013. Newer operating systems will have SMBv1 disabled by default. 

The filer will use SMB1 as default.  The below option will enable smb2 connection with the DC.

options cifs.smb2.client.enabled

CIFS fails after upgrade to domain controllers for Data ONTAP 8 7-Mode

View solution in original post

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public