Media Pack

FormaServe Training

Informing the IBM Community

SMBv3 support in IBM i 7.4

by

Steve Bradshaw
in ,
0
(0)

Those of you that spotted my article on what’s new in 7.4 back in April (if you missed it, click here to read it now) may well remember I was quite excited at the prospect of SMBv3 in 7.4.  And yes, I realise just how sad that makes me sound and yet it is AWESOME news.

Why you ask?  Well there are two reasons, firstly the improved stability / performance that both Mac and Windows users alike have been after for a while now and secondly, we can now encrypt the NetServer Mapped Network Drive connections from end to end (something that up until now has not been possible).

Now the good news is that you get the SMBv3 performance and stability improvements by default but if you want to enable Encryption you are going to have to jump through an extra hoop, at least for now.

Introduction to creating a NetServer File Share

If I take a step back for a moment to explain how most users create a share that NetServer would make available to users to map to.  Typically, you would do this in one of four ways, If you know these already, skip down to the next section entitled how to create an Encrypted Share.

  • Open iNavigator (DeadNav) Windows client
    Open the NetServer Manager and create a new Share based on an existing IFS directory
    Authors Note: I was going to include an image of this, then I realised I did not have a single computer in the building that still used it, so I’ll let that speak for itself. #UseNav4i.
  • Open Navigator for i (Browser based) client
    Open the NetServer Manager and create a new Share based on an existing IFS directory

Use the 5250 Command line Go Nets Menu

ProTip: If you don’t have the Go Nets Menu, click the link below which will take you to an IBM site that shows you how to get it for free: https://www-01.ibm.com/support/docview.wss?uid=nas8N1021773       

ProTip: You do not need to load or configure the IBM i DCM (Digital Certificate Manager) to enable encryption on SMBv3 NetServer shares. This begs the question what sort of encryption do they use?
I’ll leave that question for someone else to answer.

How to check you are using SMB V3 and Encryption

From an IBM i point of view this is not an easy or quick task, in fact the only way I’m aware of right now is to run a communications trace.  (If only someone would create an RFE to ask IBM to show this more easily).

But from a Windows Powershell terminal, it’s not too difficult, use the following command

Get-SmbConnection | Select-Object -Property *

The Dialect entry tells you which version of SMB this share is using and whether Encryption was enabled or not.

  • Use the IBM i API interface
    Example API to create a share below:
    CALL QZLSADFS PARM(Rotunda ‘/Rotunda’ x’00000008′ x’00000000′ ‘Rotunda File Share’ x’00000002′ x’ffffffff’ x’00000000′)

How to create an Encrypted Share

It should not surprise you to learn that you cannot create an Encrypted Share using the old DeavNav client, this software is no longer supported so is not likely to get an update to handle Encrypting shares.

It is more than a little frustrating that as of today, neither of IBM i strategic clients, ACS or Navigator for i can create a share that is encrypted. I hope this is just a PTF away but if you would like to add your vote to the RFE I have created to ask for this, then please click here.

Bottom line here is that you can do it the easy way with the Go Nets Menu or the hard way with the APIs, for the sadists amongst you here is the link to the IBM i 7.4 NetServer APIs:  https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_74/apis/ss1a.htm 

Using Go Nets Enable and Encrypted Share

OK, so assuming you are running IBM I 7.4, with PTF SI70518 loaded and you have created the Go Nets Menu, then you just need to enable Encrypted file shares for NetServer, you only need do this once per system:

  • Go Nets, Option 9 Change Attributes, set the Encryption to*OPTIONAL
    (you can specify *REQUIRED meaning all shares must be encrypted but you will need to change all existing shares)

  • Go Nets, Option 3 Add a File Share, specify parameters as you normally would and change the Encryption Required to *YES.

 

Nice to see you

It was great to see you all in Milton Keynes at the i-UG iPower event in June, it was our biggest event yet and personally I thought one of the best.

Our next user group meeting will be at The Mount Hotel, in my home town of Wolverhampton on Thursday 7th November.

More details and a registration are available at our website www.i-ug.co.uk.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Comments

4 responses to “SMBv3 support in IBM i 7.4”

  1. Mike Ryan avatar
    Mike Ryan

    It wouldn’t let me put just ‘Ace!’ so I’m wondering what to put…

    I know, ‘It was an Ace article!’ Is that OK? 🙂

    Reply
  2. Christian Massé avatar
    Christian Massé

    nice article !

    i made a share (7.4) encrypted. I can see it with windows 10 , Mac, Linux, but impossible withe seven. Do you have the same problem ?

    Reply
  3. Robert Berendt avatar
    Robert Berendt

    How do you run a communications trace so that you can see the SMB version?

    Reply
    1. Nick Braker avatar
      Nick Braker

      Open Windows Powershell.
      1. Hit Alt-Windows Key.
      2. Type powershell and Press Enter.
      3. A window will open.
      4. Type Get-SmbConnection and press Enter.
      5. You will be looking for the ShareName and the version is under Dialect.
      a. Version 2 is so-so.
      b. Version 3 is GREAT!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *