IBM Support

IBM i NetServer SMB protocol version control guide

How To


Summary

This document is designed to help IBM i administrators view and manage their IBM i NetServer SMB protocol version

Steps

Display the current NetServer SMB protocol version with command:

  ===> CALL QZLSMAINT PARM('40' '0')

This program call creates a QPCSMPRT spooled file. In the spooled file, view OLD FLAGS and NEW FLAGS. The OLD FLAGS values are what NetServer is presently using and the NEW FLAGS value is what NetServer uses the next time it is started.  For example,

image-20191030125208-1

There are 6 possible values related to SMB usage:

0000000000000000 -  Protocol version is negotiated and defaults for the OS version will be used (See "Default versions" below)
0000000000000080 -  Disables SMBv2
0000000000000100 -  Disables SMBv1
0000000000000400 -  Enables SMBv2 for 7.2 (7.3 and later do this by default)
0000000000000500 -  Combination of x100 and x400.  Allow SMBv2 and higher only
0000000000001000 -  Disables SMBv3 (specific to IBM i 7.4 and 7.5).
0000000000001080 -  Disables SMBv2 and SMBv3 (specific to IBM i 7.4 and 7.5).

Note:  7.2 provides support for SMBv1 and SMBv2. 7.3 provides support for SMBv1 and SMBv2.  7.4 provides support for SMBv1, SMBv2, and SMBv3.  7.1 and earlier versions support SMBv1 only (so these flags have no impact or meaning for those releases).
**SMB3 only is possible at V7R4 and above.  See note 
Default versions for each release:
7.2 = SMBv1 
7.3 = SMBv2
7.4 and 7.5 = SMBv3
Change SMB version settings by using CALL QZLSMAINT:

It is recommended to make the configuration change while NetServer is not active.
Whenever NetServer SMB protocol level changes are made, it might be necessary to remap drives or reboot client PCs for the client to use the new settings.
Considering the following example command:  CALL QZLSMAINT PARM('40' '1' '0x400')
The second parameter values can be any of the following:
‘1’ sets the bits on that are defined by the following value
‘2’ sets the bits off that are defined by following value
‘3’ reinitializes the flags to all zeros - Do not use unless directed by IBM i Support.

Commands are cumulative. For example, these two executions:

  ===> CALL QZLSMAINT PARM('40' '1' '0x400')  +  ===> CALL QZLSMAINT PARM('40' '1' '0x100')

…leaves you with:

  NEW FLAGS        0000000000000500
  ===> CALL QZLSMAINT PARM('40' '2' '0x500')
…the ‘2’ sets the bits off for the value 500 (0101 0000 0000) and leaves you back at default settings (all 0’s).
  ===> CALL QZLSMAINT PARM('40' '3')
…re-initializes the flags to all zeros regardless of the existing value. Do not use unless directed by IBM i Support.
NOTE:  7.2 provides support for SMBv1 and SMBv2 (with PTFs). 7.3 provides support for SMBv1 and SMBv2.  7.4 provides support for SMBv1, SMBv2, and SMBv3.
NOTE: V7R4 and Newer releases can enable SMB3 only.
SMB3 will not work if you disable SMB2.  Right now on the IBM i SMB3 is a superset of SMB2.
SMB2 must stay enabled!
To make Clients negotiate with SMB3 only you must have SMB2 enabled and set the option Encrypt connections to *REQUIRED.
You can set this option through the GO NETS CL tool under option "9. Change Attributes" (Change NetServer Attributes).
New Navigator for i also allows setting that option:
image-20221206165044-3
Note:  Minimum Authority requirements for QZLSMAINT are:  *IOSYSCFG  *ALLOBJ  *SERVICE

Additional Information

If Windows 10 clients receive the following error mapping to IBM i 7.2 or later:
image-20190710103603-3
...set the NetServer SMB protocol version control flags to x500 so that SMBv1 protocol is disabled.  Note that IBM i NetServer will still accept an SMBv1 "Negotiate Protocol Request" frame, but the "Negotiate Protocol Response" (and the rest of the connection) will be SMB2.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CLSAA2","label":"Integrated File System-\u003ENetServer"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Document Information

Modified date:
04 March 2024

UID

ibm10958915

Page Feedback