跳转到主内容

SMB客户端如何识别要使用的身份验证模式?

Views:
63
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用场景

  • ONTAP 9
  • SMB/CIFS身份验证

问题解答

SMB客户端根据客户端和服务器功能、域成员资格、服务主体名称(Service Principal Name、SPN)注册、网络配置和显式设置在Kerberos和NTLM身份验证之间进行选择。

现代系统倾向于使用Kerberos、这是一种更安全的协议。在以下情况下使用Kerberos:

  • 客户端和服务器均支持此功能。
  • 它们是同一个或受信任的Active Directory (AD)域的成员。
  • 已为目标服务器注册有效的SPN。

总之、SMB客户端在支持Kerberos且配置正确时更倾向于Kerberos;否则、它将使用NTLM身份验证。

追加信息

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.