Symptoms
Cifs option shows SMBv1 is disabled by default.
To verify SMBv1 is disabled, execute below command
# cifs option show all Verify if SMBv1 is disabled
All Options:
Option Value
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support-smb1 disabled (*) <<<<<< Note: SMB1 is disabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value
Cause
SMB v1 and SMBv2 are enabled by default until DDOS 7.5. However, starting from DDOS 7.6 SMBv1 will be disabled by default. This applies to fresh install as well as upgrade. SMBv1 is insecure, vulnerable, and isn't efficient,with SMBv1, performance and productivity optimizations will be impacted for end-users.
Resolution
SMBv1 is not recommended for security reasons, But SMBv1 can be enabled based on requirement. # cifs option set support-smb1 enabled Restart CIFS by using the below commands # cifs restart force To verify SMBv1 is enabled, execute below command # cifs option show all All Options: Option Value Note:
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support smb1 enabled <<<<< smb1 is enabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value
- If option is set before upgrade then upgrade will not disable SMBv1.
- Option can be set post-upgrade to enable SMBv1 via CLI.
- Check the following link to disable SMBv1.
https://www.dell.com/support/kbdoc/en-in/000055372/disabling-smbv1-on-data-domain
Affected Products
Data Domain