Displaying SMB session information

You can display information about established SMB sessions, including the SMB connection and session ID and the IP address of the workstation using the session. You can display information about the session's SMB protocol version and continuously available protection level, which helps you identify whether the session supports nondisruptive operations.

About this task

You can display information for all sessions on your Storage Virtual Machine (SVM) in summary form. However, in many cases, the amount of output returned is large. You can customize what information is displayed in the output by specifying optional parameters:

You can use the optional -fields parameter to display output on the fields you choose.
You can enter -fields ? to determine what fields you can use.
You can use the -instance parameter to display detailed information about established SMB sessions.
You can use the -fields parameter or the -instance parameter either alone or in combination with other optional parameters.

Step

Perform one of the following actions:

If you want to display SMB session information for established sessions...	Enter the following command...
For all sessions on the SVM in summary form	`vserver cifs session show -vserver vserver_name`
On a specified connection ID	`vserver cifs session show -vserver vserver_name -connection-id integer`
From a specified workstation IP address	`vserver cifs session show -vserver vserver_name -address workstation_IP_address`
On the specified LIF IP address	`vserver cifs session show -vserver vserver_name -lif-address LIF_IP_address`
On a specified node	`vserver cifs session show -vserver vserver_name -node {node_name\|local}`
From a specified Windows user	`vserver cifs session show -vserver vserver_name -windows-user user_name` The format for `user_name` is [domain]\user.
With a specified authentication mechanism	`vserver cifs session show -vserver vserver_name -auth-mechanism authentication_mechanism` The value for -auth-mechanism can be one of the following: NTLMv1 NTLMv2 Kerberos Anonymous
With the specified protocol version	`vserver cifs session show -vserver vserver_name -protocol-version protocol_version` The value for -protocol-version can be one of the following: SMB1 SMB2 SMB2_1 SMB3 Note: Continuously available protection is available only on SMB 3.0 sessions. To see continuously available protection status on all qualifying sessions, specify this parameter with the value set to SMB3.
With the specified level of continuously available protection	`vserver cifs session show -vserver vserver_name -continuously-available continuously_available_protection_level` The value for -continuously-available can be one of the following: No Yes Partial Note: If the continuously available status is Partial, this means that the session contains at least one open continuously available file, but the session has some files that are not open with continuously available protection. You can use the vserver cifs sessions file show command to determine which files on the established session are not open with continuously available protection.
With the specified SMB signing session status	`vserver cifs session show -vserver vserver_name -is-session-signed {true\|false}`

There are additional optional parameters. See the man page for more information.

Examples

The following command displays session information on SVM sessions vs1 established from a workstation with the IP address of 10.1.1.1:

cluster1::> vserver cifs session show -address 10.1.1.1 
Node:    node1
Vserver: vs1
Connection Session                                    Open         Idle
ID          ID      Workstation      Windows User    Files         Time
----------  ------- ---------------- ------------- ------- ------------
3151272279  1       10.1.1.1         DOMAIN\joe          2          23s

The following command displays detailed session information on sessions with continuously available protection on SVM vs1. The connection was made by using the domain computer-machine account.

cluster1::> vserver cifs session show -instance -continuously-available Yes
                        Node: node1
                     Vserver: vs1
                  Session ID: 1
               Connection ID: 3151274158
Incoming Data LIF IP Address: 10.2.1.1
      Workstation IP address: 10.1.1.2
    Authentication Mechanism: Kerberos
                Windows User: DOMAIN\SERVER1$
                   UNIX User: pcuser
                 Open Shares: 1
                  Open Files: 1
                  Open Other: 0
              Connected Time: 10m 43s
                   Idle Time: 1m 19s
            Protocol Version: SMB3
      Continuously Available: Yes
           Is Session Signed: false

The following command displays session information on sessions using SMB 3.0 on SVM vs1. The user connected to this share from an SMB 3.0 capable client by using the LIF IP address; therefore, the authentication mechanism defaulted to NTLMv2. The connection must be made using Kerberos authentication to connect with continuously available protection.

cluster1::> vserver cifs session show -instance -protocol-version SMB3

                        Node: node1
                     Vserver: vs1
                  Session ID: 1
               Connection ID: 3151272607
Incoming Data LIF IP Address: 10.2.1.2
      Workstation IP address: 10.1.1.3
    Authentication Mechanism: NTLMv2
                Windows User: DOMAIN\administrator
                   UNIX User: pcuser
                 Open Shares: 1
                  Open Files: 0
                  Open Other: 0
              Connected Time: 6m 22s
                   Idle Time: 5m 42s
            Protocol Version: SMB3
      Continuously Available: No
           Is Session Signed: false