NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

RC4 kerberos, i can disable ?

mulbzh
1,394 Views

hello and sorry for my english,

 

I have ONTAP 9.15 and domain controlers windows 2025.

i did audit on my controlers and i see that my SVM (all) use RC4 kerberos encryption. On ontap, i used command : 
"vserver cifs security show -vserver vserver_name -fields advertised-enc-types"

and i can see response : rc4,des


So i think is not good because Microsoft wil disable RC4

on my SVM, can i pass this command without troubles : vserver cifs security modify -vserver vserver_name -advertised-enc-types aes-128,aes-256

what is the impact ? my SVM is use for SMB share

thanks

 

1 ACCEPTED SOLUTION
2 REPLIES 2

mulbzh
1,374 Views

i pasted the command, no impact for the moment.

 

But, after pasted the command, for somes SVM account in active directory, the attribute msDS-SupportedEncryptionTypes change to 24 (AES128 + AES256) but for others SupportedEncryptionTypes stay on 6 (RC4). In ONTAP all are in aes-128,aes-256.
what i have to do for account in active directiry didn't change ? 

vserver cifs domain password reset -vserver svm-name ?


Public