Module netapp_ontap.models.cifs_service_security

Copyright © 2021 NetApp Inc. All rights reserved.


class CifsServiceSecuritySchema (*, only: typing.Union = None, exclude: typing.Union = (), many: bool = False, context: typing.Dict = None, load_only: typing.Union = (), dump_only: typing.Union = (), partial: typing.Union = False, unknown: str = None)

The fields of the CifsServiceSecurity object


  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.base.SchemaABC

Class variables

encrypt_dc_connection GET POST PATCH

Specifies whether encryption is required for domain controller connections.

kdc_encryption GET POST PATCH

Specifies whether AES-128 and AES-256 encryption is enabled for all Kerberos-based communication with the Active Directory KDC. To take advantage of the strongest security with Kerberos-based communication, AES-256 and AES-128 encryption can be enabled on the CIFS server. Kerberos-related communication for CIFS is used during CIFS server creation on the SVM, as well as during the SMB session setup phase. The CIFS server supports the following encryption types for Kerberos communication:


When the CIFS server is created, the domain controller creates a computer machine account in Active Directory. After a newly created machine account authenticates, the KDC and the CIFS server negotiates encryption types. At this time, the KDC becomes aware of the encryption capabilities of the particular machine account and uses those capabilities in subsequent communication with the CIFS server. In addition to negotiating encryption types during CIFS server creation, the encryption types are renegotiated when a machine account password is reset.

lm_compatibility_level GET

It is CIFS server minimum security level, also known as the LMCompatibilityLevel. The minimum security level is the minimum level of the security tokens that the CIFS server accepts from SMB clients. The available values are:

  • lm_ntlm_ntlmv2_krb Accepts LM, NTLM, NTLMv2 and Kerberos
  • ntlm_ntlmv2_krb Accepts NTLM, NTLMv2 and Kerberos
  • ntlmv2_krb Accepts NTLMv2 and Kerberos
  • krb Accepts Kerberos only

Valid choices:

  • lm_ntlm_ntlmv2_krb
  • ntlm_ntlmv2_krb
  • ntlmv2_krb
  • krb
restrict_anonymous GET POST PATCH

Specifies what level of access an anonymous user is granted. An anonymous user (also known as a "null user") can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. Access for the anonymous user can be controlled by specifying one of three access restriction settings. The available values are:

  • no_restriction - No access restriction for an anonymous user.
  • no_enumeration - Enumeration is restricted for an anonymous user.
  • no_access - All access is restricted for an anonymous user.

Valid choices:

  • no_restriction
  • no_enumeration
  • no_access
smb_encryption GET POST PATCH

Specifies whether encryption is required for incoming CIFS traffic.

smb_signing GET POST PATCH

Specifies whether signing is required for incoming CIFS traffic. SMB signing helps to ensure that network traffic between the CIFS server and the client is not compromised.