Supported SMB versions

File Service Administration Guide for Hitachi NAS Platform

Version
14.9.x
Audience
anonymous
Part Number
MK-92HNAS006-31

The NAS server supports the SMB file sharing protocols with the following versions: SMB1, SMB2.0, SMB2.1, SMB3.

Server version Default max supported SMB version
11.2 and earlier SMB1
11.3 and later SMB2

The maximum supported SMB version advertised by the NAS server can be configured using the smb-max-supported-version CLI command (see below). The maximum supported SMB dialect is not server or cluster-wide - it is set on a per-EVS basis.

The NAS server supports UCS-2 character encoding when using the SMB protocols (the character set is not negotiable when using the SMB2 protocol).

Notes:
  • A valid CIFS license is required in order to enable SMB2 or SMB3 support (CIFS is a dialect of SMB). For more information about license keys, refer to the Server and Cluster Administration Guide.
  • One of the features of SMB is the ability to assign rights to machine (computer) accounts. The feature acts the same way as authentication of a normal user for an SMB session and can be used for authentication using machine accounts (SessionSetup SMB requests), and for management (add, delete, list) of rights for machine accounts. A machine account is generated automatically by the operating system and registered in Active Directory. It can be used for authentication within a domain. Machine account authentication can be only done by an application which has built-in support. For example, Hyper-V server allows storing virtual machines on remote shares. Such shares should allow full access for the machine account of a computer running Hyper-V server. Authenticated connections using machine accounts will show up in "connection" command output as if it was a normal user connection. The man pages for cifs-saa and cacls-add include an example of computer account use.

Specifying the SMB version for use by the EVS

To specify a version of the SMB protocol for use by the EVS, use the following commands:

  • smb-max-supported-version - sets or displays the maximum supported version for both the NAS server and the client. The default is SMB2.
  • smb-min-supported-version - limits the minimum supported version for both the NAS server and the client. The default is SMB1.
Note: SMB2 cannot be enabled if there are NT4 names and no ADS names configured on the server.

Disabling SMB1

To disable SMB1 on the NAS server, use the following command:

smb-min-supported-version 2

This command sets the minimum SMB version on the NAS server to SMB2, therefore preventing any new clients connecting using SMB1.

Notes:
  • When a client initiates an SMB connection it advertises support for several versions/dialects. The server will choose the maximum version/dialect the client provides that is within its configured maximum/minimum. For example, a client that supports SMB1, SMB2 and SMB2.1 can establish an SMB2 connection if the max-supported version on the server is set to SMB2.
  • Some SMB clients cache the connection type they last used with a server. If they last used SMB2/2.1/3, they may not offer SMB1 as an option until they are restarted.
  • Existing SMB/SMB2/SMB3 client connections will continue to function after the minimum supported version has been raised.