[NetApp] restrictions for anonymous users (IPC$)

有時弱掃NetApp IPC$ (PS: 禁止null session作訪問時) 或異常IPC$數值造成了Storage 歸類在處理Other JOBs進而造成CPU過高
Or

Solution
** Clustered-mode **

step01.
::>set -privilege advanced

step02.
> vserver cifs options modify -vserver {SVM} -restrict-anonymous no-access

no-restriction (Default) / 0 (7-mode)
no-enumeration / 1 (7-mode)
no-access (完全限制) / 2 (7-mode)

step03.
::*> vserver cifs options show -vserver {SVM}

step04.
::*> set -privilege admin
::>

(PS:改完會立即套用生效)

** 7-mode **

options cifs.restrict_anonymous 2

(註) Windows如何建立Null Session
C:\> net use \\IP_ADDRESS\ipc$ “" /user:""

 

Reference:

IPC$ 為共享"命名管道"的資源,它是為了讓進程間通信而開放的命名管道,可以通過驗證用戶名與密碼獲得相應的權限,在遠程管理計算機與查看計算機的共享資源時使用.

1. Configuring access restrictions for anonymous users (Clustered-mode)

2. Configuring access restrictions for anonymous users (7-mode)

[NetApp] 7-mode 8.2.4 disable SMB 2.1

確認目前SMB2.1是否開啟

> priv set diag; printflag smb_enable_2_1 (0=disabled, 1=enabled)

 

關閉SMB2.1

>priv set diag; setflag smb_enable_2_1 0; priv set

 

省事開關機都自動帶起的話就寫入/etc/rc

wrfile -a /etc/rc “priv set diag; setflag smb_enable_2_1 0; priv set"

PS:也適合8.1.1 / 8.1.3 / 8.1.4

 

Reference:

1. How to upgrade from Data ONTAP 8.2.1 to Data ONTAP 8.2.2 while keeping SMB 2.1 enabled (NetApp Article Number:000028057 )

2. Tracking down SMB 2.1 support in 8.1.x 7-Mode

 

 

 

[NetApp] 7-mode disable SMB 1.0

Beginning with Data ONTAP 8.2.5, you can disable the storage system’s SMB 1.0 server and client capabilities, if desired. It is enabled by default.

cifs control set smb1.enable off  // Server capability

cifs control set smb1.client.enable off // Client capability

 

Reference : NetApp Disable or Reenable SMB 1.0 // http://nt-ap.com/2qkRu5l