ONTAP Discussions

Vserver LDAP signing - what is the impact for clients?

kombayn
1,803 Views

Hello

I need to enable LDAP signing on my CIFS vservers ("Client Session Security" set to "Sign"), but I'm not sure what will be the impact for current users using CIFS shares. Will they be disconnected? Should I also turn on the option "Is Signing Required" to True?

I'm using ONTAP 9.10.1P2

1 ACCEPTED SOLUTION

pedro_rocha
1,766 Views

I did not find specific answers for your questions.

 

I found this: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Does_LDAP_signing_affect_applications_which_are_not_secure_LDAP_signin...

 

I understand that this setting does not affect SMB sessions, since it is between CIFS server and LDAP server. You can confirm this with NetApp support.

 

This can help you further also: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_set_ONTAP_to_use_LDAP_Signing_or_Sealing_for_CIFS%2F%2FNFS

 

 

That setting "is signing required" is regarding SMB signing, not LDAP signing.

View solution in original post

4 REPLIES 4

pedro_rocha
1,776 Views

Hi,

 

just to make it clear. We are talking abou LDAP signing right? not SMB signing.

kombayn
1,775 Views

Correct - LDAP signing

pedro_rocha
1,767 Views

I did not find specific answers for your questions.

 

I found this: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Does_LDAP_signing_affect_applications_which_are_not_secure_LDAP_signin...

 

I understand that this setting does not affect SMB sessions, since it is between CIFS server and LDAP server. You can confirm this with NetApp support.

 

This can help you further also: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_set_ONTAP_to_use_LDAP_Signing_or_Sealing_for_CIFS%2F%2FNFS

 

 

That setting "is signing required" is regarding SMB signing, not LDAP signing.

kombayn
1,640 Views

Thanks for your advice. I've enabled LDAP signing and no user called me that he lost connection to his share - so I can confirm that there is no impact for existing CIFS sessions.

Public