Hi All, Is it possible to see which encryption algorithms are being used by the CIFS sessions? With "vserver cifs session show ..." I can see the protocol versions and whether or not the session is encrypted, but I'd like to know which algo has been selected/negotiated ...
#CIFS Session encryption algorithms?
drowsy kestrel
granite barn
Cluster::*> cifs security show -vserver vs3 -fields advertised-enc-types
vserver advertised-enc-types
vs3 rc4,des
Does that work?
fierce fjord
that only shows what encryption types are advertised, not which ones are actually used for the session
versed plume
Our AD guy gave us this PowerShell command to check it from Active Directory. Maybe this will work for you, because I think AD is what really decides which type it's using:
Get-ADComputer -Filter * -SearchBase "OU=Computers,DC=domain,DC=com" -Server Domain -Properties KerberosEncryptionType, msDS-SupportedEncryptionTypes | sort -prop KerberosEncryptiontype | ogv
drowsy kestrel
To be honest I don't know how that gets decided, but I'll certainly give the command a try - Thanks guys!
fierce fjord
well that also only shows you the encryption types that are allowed/enabled on the AD object, not which ones are actually in use
drowsy kestrel
@fierce fjord I think that you are correct, that command doesn't really address the question. I also looked through the various ONTAP statistics objects / counters, but didn't find anything there and IMHO, using something like tcpdump + tshark doesn't seem as if it would be practical; probably too much data
versed oasis
that only shows what encryption types are advertised, not which ones are actuall...
You can change the advertised enc type on SVM, and set only one type, so now you will know which type is used. Problem solved ! 🙃
