Data Domain: SMBv1 is disabled by default (2024)

Symptoms

Cifs option shows SMBv1 is disabled by default.

To verify SMBv1 is disabled, execute below command

# cifs option show all

Verify if SMBv1 is disabled

Cause

SMB v1 and SMBv2 are enabled by default until DDOS 7.5. However, starting from DDOS 7.6 SMBv1 will be disabled by default.

This applies to fresh install as well as upgrade.

SMBv1 is insecure, vulnerable, and isn't efficient,with SMBv1, performance and productivity optimizations will be impacted for end-users.

Resolution

SMBv1 is not recommended for security reasons, But SMBv1 can be enabled based on requirement.

# cifs option set support-smb1 enabled

Restart CIFS by using the below commands

# cifs restart force

To verify SMBv1 is enabled, execute below command

# cifs option show all

All Options:

Option Value
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support smb1 enabled <<<<< smb1 is enabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value

Note:
- If option is set before upgrade then upgrade will not disable SMBv1.
- Option can be set post-upgrade to enable SMBv1 via CLI.
- Check the following link to disable SMBv1.
https://www.dell.com/support/kbdoc/en-in/000055372/disabling-smbv1-on-data-domain

Data Domain: SMBv1 is disabled by default (2024)

Symptoms

Cause

Resolution

Affected Products