This post is more than 5 years old
7 Posts
0
5606
VNX5300 and SMBv1
Is there any truth to this statement?
"VNX5300 needs SMB 1.0 enabled on the DC or kerberos fails between the VNX and the DC to authenticate all user access to the CIFS shares."
If I'm on code levels: Block-05.32.000.5.219 and File-7.1.79-8, does it use SMBv3 by default?
The output of command "server_cifs server_2" shows Max protocol = SMB3.0.
Rainer_EMC
8.6K Posts
1
May 16th, 2017 06:00
yes that is correct.
there are two different SMB communication paths and code
For the SMB clients talking to the VNX data mover it acts as a server and supports the SMB protocols listed with server_cifs.
A client connecting to the VNX will usually negotiate the highest available SMB version that both sides speak (depending on client settings and GPOs) - so yes by default SMB3 capable Windows client will use that.
If you are curious you can verify using server_cifs -o audit
For some administrative work like resolving SID's the VNX data mover talks to the domain controller and uses SMB secure channel. There it acts as a client and currently needs SMB1 available on the DC to work.
This will change with an upcoming patch.
Note that in both cases the VNX is NOT vulnerable to WannaCry since we dont use the Microsoft SMB code that has the remote execution vulnerability and it doesnt run Windows OS so the executable wouldnt run there.
coey
3 Posts
0
May 17th, 2017 01:00
Hi,
Is there an official response from EMC on the VNX (clarion CX5300) vulnerability?
Regards,
Paul
Rainer_EMC
8.6K Posts
0
May 17th, 2017 07:00
yes - see knowledgebase article 499808 on support.emc.com
SMBv1 protocol is blocked by design and not accessible from external communications in the VNX Block system.
coey
3 Posts
0
May 17th, 2017 08:00
Thanks, I don't think I can access the nkb article? have you got a link?
Regards,
coey
3 Posts
0
May 17th, 2017 08:00
Hi,
Do you have a link to article? Can locate ☹
Rainer_EMC
8.6K Posts
0
May 17th, 2017 16:00
I cant right now either - I guess its being changed or re-published
I would suggest a KB search
Rainer_EMC
8.6K Posts
0
May 17th, 2017 16:00
if that doesnt work then please open a service request to ask for a statement
jsmith841
7 Posts
0
May 18th, 2017 06:00
Here you go. It was last updated this morning.