Table of ContentsView in Frames

Setting the CIFS server minimum authentication security level

You can set the CIFS server minimum security level, also known as the LMCompatibilityLevel, on your CIFS server to meet your business security requirements for SMB access. The minimum security level is the minimum level of the security tokens that the CIFS server accepts from SMB clients.

About this task

You can set the minimum authentication security level to one of four supported security levels:

Value Description
lm-ntlm-ntlmv2-krb (default) The SVM accepts LM, NTLM, NTLMv2, and Kerberos authentication security.
ntlm-ntlmv2-krb The SVM accepts NTLM, NTLMv2, and Kerberos authentication security. The SVM denies LM authentication.
ntlmv2-krb The SVM accepts NTLMv2 and Kerberos authentication security. The SVM denies LM and NTLM authentication.
krb The SVM accepts Kerberos authentication security only. The SVM denies LM, NTLM, and NTLMv2 authentication.

Steps

  1. Set the minimum authentication security level: vserver cifs security modify -vserver vserver_name -lm-compatibility-level {lm-ntlm-ntlmv2-krb|ntlm-ntlmv2-krb|ntlmv2-krb|krb}
  2. Verify that the authentication security level is set to the desired level: vserver cifs security show -vserver vserver_name