Data Domain: How to Disable SMBv1

           

   Article Number:     529084                                   Article Version: 2     Article Type:    Break Fix 
   

 


Product:

 

Data Domain

 

Issue:

 

 

   

      SMB1 isn’t modern or efficient   

   

      When you use SMB1, you lose key performance and productivity optimizations for end users and its also a security vulnerability.    

                                                             

 

 

Cause:

 

 

SMB Signing on Data Domain                                                           

 

 

Resolution:

 

 

Execute the following steps in the CLI as sysadmin (or a user with equal rights):   
   
    # cifs option show all     
     
      Verify if SMBv1 is enabled     
     
      All Options:     
     
      Option Value     
      ----------------------------------- -------------     
      idmap-type rid     
      domain-account-mmc-share-management enabled (*)     
      idle-timeout 1800 (*)     
      loglevel 1 (*)     
      max-global-open-files 30000 (*)     
      max-mpx-count 50 (*)     
      max-tcp-connections 600 (*)     
      organizational-unit Computers (*)     
      restrict-anonymous disabled (*)     
      server-signing disabled (*)     
      tcp-window-size 1048576 (*)     
      support-smb1 enabled (*)                         <<<<<<
Note: SMB1 is enabled.   
    support-smb2 enabled (*)     
      ----------------------------------- -------------     
      (*) default value
   
   
    Use the following command to disable SMBv1:   
   
    # cifs option set "support-smb1" "disabled"   
   
   
    To verify SMBv1 is disabled, execute below command   
   
    # cifs option show all   
   
    All Options:     
     
      Option Value     
      ----------------------------------- -------------     
      idmap-type rid     
      domain-account-mmc-share-management enabled (*)     
      idle-timeout 1800 (*)     
      loglevel 1 (*)     
      max-global-open-files 30000 (*)     
      max-mpx-count 50 (*)     
      max-tcp-connections 600 (*)     
      organizational-unit Computers (*)     
      restrict-anonymous disabled (*)     
      server-signing disabled (*)     
      tcp-window-size 1048576 (*)     
      support smb1 disabled                 
  <<<<< smb1 is disabled, but cifs needs to be restarted to take effect.   
    support-smb2 enabled (*)     
      ----------------------------------- -------------     
      (*) default value
   
   
    Restart CIFS by using below commands   
   
    # cifs disable     
      # cifs enable
                                                           

 

 

Notes:

 

 

SMB2 must remain enabled.