Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Our security team wants to turn off NTLM on our NetApp NAS. From reading the KB below and verifying, our setting is set at the default which accepts everything listed from the article. We want to allow NTLMv2 and Kerberos. My question is by changing the setting, does it disconnect all current connections that are not reflective of the new security level? Do I have to stop the SVM to disconnect all connections?
I just want to make sure the security team no longer see any logs pertaining to NTLM.
Example: Device1 connected on NTLM. Once the new security level is updated, does that connection get disconnected?
https://library.netapp.com/ecmdocs/ECMP1610207/html/GUID-861C90E9-A8B2-405C-9020-0C38679BD72B.html
We are on 9.3p18
Thanks,
TT
Solved! See The Solution
1 ACCEPTED SOLUTION
SVHO has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stopping SVM Service will stop data access on this SVM through all allowed protocols. Instead you can just stop the CIFS server and restart it. Of course this means, all the sessions currently active will drop off. However, when they re-connect they will be using new auth-mechanism.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only new sessions will have the latest update (i.e changed -lm-compatibility-level). Rest of the sessions which are already logged in using NTLM will continue to stay up. In order to have them negotiate new security update, they need to be closed their session first.
You should be able to filter those users using NTLM via this cmd:
::> vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism
You should then be able to close those session-id, once this is done, next time when they login they will use the updated security (auth-mechanism)
This article may help in closing sessions for those using NTLM security.
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_terminate_a_CIFS_sessions_in_ONTAP_9_for_specific_Windows_users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For filtering specific users using NTLMv1:
vserver cifs session show -vserver <vserver> -fields session-id,auth-mechanism -auth-mechanism NTMLv1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the response. Lets say if I stop the SVM service, would that also terminate the sessions?
SVHO has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stopping SVM Service will stop data access on this SVM through all allowed protocols. Instead you can just stop the CIFS server and restart it. Of course this means, all the sessions currently active will drop off. However, when they re-connect they will be using new auth-mechanism.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much! I probably will terminate the sessions after the security update since we have less than 10 connections with NTLMv1.
TT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI,
Can someone please guide me on how to set both the authentication methods(NTLMv2 & Kerberos) on cifs, any command reference is appreciated for ONTAP cluster.
NetApp Release 9.1P14
