Data Domain: SMBv1 is disabled by default
Summary: SMBv1 is disabled by default starting DDOS 7.6
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Cifs option shows SMBv1 is disabled by default.
To verify SMBv1 is disabled, execute below command
# cifs option show all
Verify if SMBv1 is disabled
All Options:
Option Value
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support-smb1 disabled (*) <<<<<< Note: SMB1 is disabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value
To verify SMBv1 is disabled, execute below command
# cifs option show all
Verify if SMBv1 is disabled
All Options:
Option Value
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support-smb1 disabled (*) <<<<<< Note: SMB1 is disabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value
Cause
SMB v1 and SMBv2 are enabled by default until DDOS 7.5. However, starting from DDOS 7.6 SMBv1 will be disabled by default.
This applies to fresh install as well as upgrade.
SMBv1 is insecure, vulnerable, and isn't efficient, with SMBv1, performance and productivity optimizations will be impacted for end-users.
This applies to fresh install as well as upgrade.
SMBv1 is insecure, vulnerable, and isn't efficient, with SMBv1, performance and productivity optimizations will be impacted for end-users.
Resolution
SMBv1 is not recommended for security reasons, But SMBv1 can be enabled based on requirement.
# cifs option set support-smb1 enabled
Restart CIFS by using the below commands
# cifs restart force
To verify SMBv1 is enabled, execute below command
# cifs option show all
All Options:
Option Value
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support smb1 enabled <<<<< smb1 is enabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value
Note:
- If option is set before upgrade then upgrade will not disable SMBv1.
- Option can be set post-upgrade to enable SMBv1 via CLI.
- Check the following link to disable SMBv1.
https://www.dell.com/support/kbdoc/en-in/000055372/disabling-smbv1-on-data-domain
# cifs option set support-smb1 enabled
Restart CIFS by using the below commands
# cifs restart force
To verify SMBv1 is enabled, execute below command
# cifs option show all
All Options:
Option Value
----------------------------------- -------------
idmap-type rid
domain-account-mmc-share-management enabled (*)
idle-timeout 1800 (*)
loglevel 1 (*)
max-global-open-files 30000 (*)
max-mpx-count 50 (*)
max-tcp-connections 600 (*)
organizational-unit Computers (*)
restrict-anonymous disabled (*)
server-signing disabled (*)
tcp-window-size 1048576 (*)
support smb1 enabled <<<<< smb1 is enabled.
support-smb2 enabled (*)
----------------------------------- -------------
(*) default value
Note:
- If option is set before upgrade then upgrade will not disable SMBv1.
- Option can be set post-upgrade to enable SMBv1 via CLI.
- Check the following link to disable SMBv1.
https://www.dell.com/support/kbdoc/en-in/000055372/disabling-smbv1-on-data-domain
Affected Products
Data DomainArticle Properties
Article Number: 000186193
Article Type: Solution
Last Modified: 27 Aug 2022
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.