Table of ContentsView in Frames

Enabling SMB signing

Data ONTAP supports Server Message Block (SMB) signing when requested by the client. You can enable SMB signing on the storage system. By default, SMB signing is disabled.

About this task

SMB signing helps to ensure that network traffic between the storage system and the client has not been compromised by ensuring that all SMB messages have valid signatures. When SMB signing is enabled on the storage system, it is the equivalent of the Microsoft Network server policy "Digitally sign communications (if client agrees)".

If this option is enabled, then the storage system does the following:

Note: You must terminate CIFS services by using the cifs terminate command to ensure that all existing CIFS connections are terminated prior to enabling SMB signing. After you have enabled SMB signing, you can restart CIFS services.

Steps

  1. Terminate CIFS services by using the cifs terminate command.

    See the cifs terminate man page for more information.

  2. Enter the following command:
    options cifs.signing.enable on
  3. Restart CIFS services by using the cifs restart command.

Result

All new connections use SMB signing if requested by the client.