Monitor CIFS session authentication mechanism | NetApp | Page 1

limber herald Dec 4, 2025, 10:15 AM

#

Hello,

We're trying to harden our CIFS security by only allowing Kerberos as authentication mechanism (cifs security modify -lm-compatibility-level)

But first, we would like to monitor if any sessions are still created that do not use Kerberos.

We can check it for current sessions via cifs session show -fields auth-mechanism -auth-mechanism !Kerberos. However, we would like to log it for a longer time.

I went through all the options in statistics catalog counter show -object cifs hoping that there would maybe be a counter for the type of authentication mechanism. Unfortunately, I could find any.

Anyone have any idea on how we could monitor this, preferably via ONTAP itself?

Thanks in advance.

carmine bramble Dec 5, 2025, 7:57 AM

#

add the public key from a linux server to the netapp filer for passwordless access, create a script on a linux server, let it run all X-minutes and write the output to a file on the linux server for X-weeks

austere edge Dec 8, 2025, 2:37 AM

#

I do it vis cifs session show (api) version.

austere edge Dec 8, 2025, 3:03 AM

#

I poll just inside of the cifs session timeout value so that I can try and get everyone.

limber herald Dec 13, 2025, 10:56 AM

#

That's a good suggestion, we'll see to get that set up. Thanks!

polar quail Dec 17, 2025, 7:48 AM

#

NetApp Harvest has a working collector for cifs sessions. With NAbox you can get a quick setup solution.

#Monitor CIFS session authentication mechanism