ONTAP Hardware

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Hardware

Ask a Question

CIFS authentication security level

SVHO
‎2021-08-24 09:52 AM
11,261 Views

Hello,

 

Our security team wants to turn off NTLM  on our NetApp NAS.  From reading the KB below and verifying, our setting is set at the default which accepts everything listed from the article.  We want to allow NTLMv2 and Kerberos.  My question is by changing the setting, does it disconnect all current connections that are not reflective of the new security level?  Do I have to stop the SVM to disconnect all connections? 

 

I just want to make sure the security team no longer see any logs pertaining to NTLM.

 

Example: Device1 connected on NTLM.  Once the new security level is updated, does that connection get disconnected?

 

https://library.netapp.com/ecmdocs/ECMP1610207/html/GUID-861C90E9-A8B2-405C-9020-0C38679BD72B.html

 

We are on 9.3p18

Thanks,

TT

1 ACCEPTED SOLUTION
SVHO has accepted the solution

Ontapforrum
‎2021-08-24 02:37 PM
11,207 Views

Stopping SVM Service will stop data access on this SVM through all allowed protocols. Instead you can just stop the CIFS server and restart it. Of course this means, all the sessions currently active will drop off. However, when they re-connect they will be using new auth-mechanism.

View solution in original post

0 Kudos
6 REPLIES 6

Ontapforrum
‎2021-08-24 01:32 PM
11,220 Views

Only new sessions will have the latest update (i.e changed -lm-compatibility-level). Rest of the sessions which are already logged in using NTLM will continue to stay up. In order to have them negotiate new security update, they need to be closed their session first.

 

You should be able to filter those users using NTLM via this cmd:
::> vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism

 

You should then be able to close those session-id, once this is done, next time when they login they will use the updated security (auth-mechanism)

 

This article may help in closing sessions for those using NTLM security.
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_terminate_a_CIFS_sessions_in_ONTAP_9_for_specific_Windows_users

0 Kudos

Ontapforrum
‎2021-08-24 01:35 PM
11,219 Views

For filtering specific users using NTLMv1:

 vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism  -auth-mechanism NTMLv1

0 Kudos

SVHO
‎2021-08-24 01:45 PM
11,214 Views

Thank you for the response.  Lets say if I stop the SVM service, would that also terminate the sessions? 

0 Kudos
SVHO has accepted the solution

Ontapforrum
‎2021-08-24 02:37 PM
11,208 Views

Stopping SVM Service will stop data access on this SVM through all allowed protocols. Instead you can just stop the CIFS server and restart it. Of course this means, all the sessions currently active will drop off. However, when they re-connect they will be using new auth-mechanism.

0 Kudos

SVHO
‎2021-08-25 11:10 AM
In response to Ontapforrum
11,116 Views

Thank you so much!  I probably will terminate the sessions after the security update since we have less than 10 connections with NTLMv1.

 

TT

harikapabba
‎2023-06-23 11:04 AM
7,759 Views

HI,

 

Can someone please guide me on how to set both the authentication methods(NTLMv2 & Kerberos) on cifs, any command reference is appreciated for ONTAP cluster.

NetApp Release 9.1P14

0 Kudos
Announcements
All Community Forums
Public