Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

jsmith841

7 Posts

5544

May 15th, 2017 12:00

VNX5300 and SMBv1

Is there any truth to this statement?

"VNX5300 needs SMB 1.0 enabled on the DC or kerberos fails between the VNX and the DC to authenticate all user access to the CIFS shares."


If I'm on code levels: Block-05.32.000.5.219 and File-7.1.79-8, does it use SMBv3 by default?

The output of command "server_cifs server_2" shows Max protocol = SMB3.0.

Rainer_EMC

8.6K Posts

May 16th, 2017 06:00

yes that is correct.

there are two different SMB communication paths and code

For the SMB clients talking to the VNX data mover it acts as a server and supports the SMB protocols listed with server_cifs.

A client connecting to the VNX will usually negotiate the highest available SMB version that both sides speak (depending on client settings and GPOs) - so yes by default SMB3 capable Windows client will use that.

If you are curious you can verify using server_cifs -o audit

For some administrative work like resolving SID's the VNX data mover talks to the domain controller and uses SMB secure channel. There it acts as a client and currently needs SMB1 available on the DC to work.

This will change with an upcoming patch.

Note that in both cases the VNX is NOT vulnerable to WannaCry since we dont use the Microsoft SMB code that has the remote execution vulnerability and it doesnt run Windows OS so the executable wouldnt run there.

coey

3 Posts

May 17th, 2017 01:00

Hi,

Is there an official response from EMC on the VNX (clarion CX5300) vulnerability?

Regards,

Paul

Rainer_EMC

8.6K Posts

May 17th, 2017 07:00

coey wrote:

Hi,

Is there an official response from EMC on the VNX (clarion CX5300) vulnerability?

Regards,

Paul

yes - see knowledgebase article 499808 on support.emc.com

SMBv1 protocol is blocked by design and not accessible from external communications in the VNX Block system.

coey

3 Posts

May 17th, 2017 08:00

Thanks, I don't think I can access the nkb article? have you got a link?

Regards,

coey

3 Posts

May 17th, 2017 08:00

Hi,

Do you have a link to article? Can locate ☹

Rainer_EMC

8.6K Posts

May 17th, 2017 16:00

I cant right now either - I guess its being changed or re-published

I would suggest a KB search

Rainer_EMC

8.6K Posts

May 17th, 2017 16:00

if that doesnt work then please open a service request to ask for a statement

jsmith841

7 Posts

May 18th, 2017 06:00

Here you go. It was last updated this morning.

KBA_499808.png

View More

View All

No Events found!

Top