是否可以在创建CIFS服务器之前在SVM上配置AES
适用场景
- ONTAP 9
- CIFS\ SMB
- 高级加密标准(Advanced Encyp象 限)(AES)
问题解答
可以、您可以 在 Vserver上创建CIFS服务器之前修改安全选项
注意: 这将节省创建多个CIFS服务器的时间。如果先创建CIFS服务器、然后启用AES加密、则需要重新输入凭据
示例:
cluster1::> cifs show -vserver <vserver_name>
There are no entries matching your query
cluster1::> cifs security modify -vserver <vserver_name> -is-aes-encryption-enabled true
cluster1::> cifs security show -vserver <vserver_name>
Vserver: <vserver_name>
Kerberos Clock Skew: - minutes
Kerberos Ticket Age: - hours
Kerberos Renewal Age: - days
Kerberos KDC Timeout: - seconds
Is Signing Required: -
Is Password Complexity Required: -
Use start_tls for AD LDAP connection: false
Is AES Encryption Enabled: true
LM Compatibility Level: lm-ntlm-ntlmv2-krb
Is SMB Encryption Required: -
Client Session Security: none
SMB1 Enabled for DC Connections: false
SMB2 Enabled for DC Connections: system-default
LDAP Referral Enabled For AD LDAP connections: false
Use LDAPS for AD LDAP connection: false
Encryption is required for DC Connections: false
AES session key enabled for NetLogon channel: false
Try Channel Binding For AD LDAP Connections: true