Module netapp_ontap.models.cifs_service_security

Copyright © 2023 NetApp Inc. All rights reserved.

This file has been automatically generated based on the ONTAP REST API documentation.

Classes

class CifsServiceSecuritySchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

The fields of the CifsServiceSecurity object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.base.SchemaABC

Class variables

advertised_kdc_encryptions: List[str] GET POST PATCH

The advertised_kdc_encryptions field of the cifs_service_security.

aes_netlogon_enabled: bool GET POST PATCH

Specifies whether or not an AES session key is enabled for the Netlogon channel.

encrypt_dc_connection: bool GET POST PATCH

Specifies whether encryption is required for domain controller connections.

kdc_encryption: bool GET POST PATCH

Important: This attribute has been deprecated. Use "security.advertised_kdc_encryptions" to specify the encryption type to use. Specifies whether AES-128 and AES-256 encryption is enabled for all Kerberos-based communication with the Active Directory KDC. To take advantage of the strongest security with Kerberos-based communication, AES-256 and AES-128 encryption can be enabled on the CIFS server. Kerberos-related communication for CIFS is used during CIFS server creation on the SVM, as well as during the SMB session setup phase. The CIFS server supports the following encryption types for Kerberos communication:

* RC4-HMAC
* DES
* AES

When the CIFS server is created, the domain controller creates a computer machine account in Active Directory. After a newly created machine account authenticates, the KDC and the CIFS server negotiates encryption types. At this time, the KDC becomes aware of the encryption capabilities of the particular machine account and uses those capabilities in subsequent communication with the CIFS server. In addition to negotiating encryption types during CIFS server creation, the encryption types are renegotiated when a machine account password is reset.

ldap_referral_enabled: bool GET POST PATCH

Specifies whether or not LDAP referral chasing is enabled for AD LDAP connections.

lm_compatibility_level: str GET PATCH

It is CIFS server minimum security level, also known as the LMCompatibilityLevel. The minimum security level is the minimum level of the security tokens that the CIFS server accepts from SMB clients. The available values are:

  • lm_ntlm_ntlmv2_krb Accepts LM, NTLM, NTLMv2 and Kerberos
  • ntlm_ntlmv2_krb Accepts NTLM, NTLMv2 and Kerberos
  • ntlmv2_krb Accepts NTLMv2 and Kerberos
  • krb Accepts Kerberos only

Valid choices:

  • lm_ntlm_ntlmv2_krb
  • ntlm_ntlmv2_krb
  • ntlmv2_krb
  • krb
restrict_anonymous: str GET POST PATCH

Specifies what level of access an anonymous user is granted. An anonymous user (also known as a "null user") can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. Access for the anonymous user can be controlled by specifying one of three access restriction settings. The available values are:

  • no_restriction - No access restriction for an anonymous user.
  • no_enumeration - Enumeration is restricted for an anonymous user.
  • no_access - All access is restricted for an anonymous user.

Valid choices:

  • no_restriction
  • no_enumeration
  • no_access
session_security: str GET POST PATCH

Specifies client session security for AD LDAP connections. The available values are:

  • none - No Signing or Sealing.
  • sign - Sign LDAP traffic.
  • seal - Seal and Sign LDAP traffic

Valid choices:

  • none
  • sign
  • seal
smb_encryption: bool GET POST PATCH

Specifies whether encryption is required for incoming CIFS traffic.

smb_signing: bool GET POST PATCH

Specifies whether signing is required for incoming CIFS traffic. SMB signing helps to ensure that network traffic between the CIFS server and the client is not compromised.

try_ldap_channel_binding: bool GET POST PATCH

Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.

use_ldaps: bool GET POST PATCH

Specifies whether or not to use use LDAPS for secure Active Directory LDAP connections by using the TLS/SSL protocols.

use_start_tls: bool GET POST PATCH

Specifies whether or not to use SSL/TLS for allowing secure LDAP communication with Active Directory LDAP servers.