ONTAP Discussions

Having some trouble with Ontap 9 SMB configuration

Sycraft

We have a FAS that is showing up on the support site as having an SMB signing issue. It says "Clustered Data ONTAP has been determined to have a version or configuration exposed to a vulnerability when SMB signing is disabled. NTAP-20160412-0001."

 

The suggested remediation is simple: Turn on signing, and they give you the command:

 

"vserver cifs security modify -vserverme -is-signing-required true".

 

No problem, our Vserver that does CIFS has had it enabled since we created it. However the one it is mad about is another Vserver that doesn't do CIFS, just NFS. It is joined to our active directory, but CIFS is not enabled on it. I tried to enable signing anyhow because it isn't like it would hurt but then it says:

 

"Error: command failed: This operation is not supported for the Active Directory server created using the "vserver active-directory create" command."

 

So what do I need to do to clear the error? I know it isn't a big deal, but we prefer to have the system in a configuration where there aren't any alerts, keeps the security auditors happy.

1 ACCEPTED SOLUTION

kryan

Hi - I have alerted the team that manages those AIQ advisory rules so that they can take the necessary corrective action.

View solution in original post

4 REPLIES 4

paul_stejskal

You can provide feedback on the AIQ site. That may be an error. Another option would be to update to a version of ONTAP where the issue is fixed. That is from 2016 so that tells me you're on Clustered Data ONTAP 8. I would upgrade to ONTAP 9 if you're not already.

 

If you are on 9.x, then it is a false positive and really needs to be fixed. Either way it would be good to contact the Support site folks (by pushing feedback). It may take a day but they will open a ticket and get back with you. I do this from time to time even as a NetApp employee, and get good traction.

 

kryan

Hi - I have alerted the team that manages those AIQ advisory rules so that they can take the necessary corrective action.

View solution in original post

Sycraft

Thanks, and yes, this until is running OnTAP 9.7P8 so it is almost completely current (I've not yet had time to research and do the 9.8 update).

kryan

If you PM me the system serial or name I'll share it with the team as well. 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public