About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
How To
Summary
This document is designed to help IBM i administrators view and manage their IBM i NetServer SMB protocol version
Steps
Display the current NetServer SMB protocol version with command:
===> CALL QZLSMAINT PARM('40' '0')
This program call creates a QPCSMPRT spooled file. In the spooled file, view OLD FLAGS and NEW FLAGS. The OLD FLAGS values are what NetServer is presently using and the NEW FLAGS value is what NetServer uses the next time it is started. For example,
There are 6 possible values related to SMB usage:
0000000000000000 - Protocol version is negotiated and defaults for the OS version will be used (See "Default versions" below)
0000000000000080 - Disables SMBv2
0000000000000100 - Disables SMBv1
0000000000000400 - Enables SMBv2 for 7.2 (7.3 and later do this by default)
0000000000000500 - Combination of x100 and x400. Allow SMBv2 and higher only
0000000000001000 - Disables SMBv3 (specific to IBM i 7.4 and 7.5).
0000000000001080 - Disables SMBv2 and SMBv3 (specific to IBM i 7.4 and 7.5).
Note: 7.2 provides support for SMBv1 and SMBv2. 7.3 provides support for SMBv1 and SMBv2. 7.4 provides support for SMBv1, SMBv2, and SMBv3. 7.1 and earlier versions support SMBv1 only (so these flags have no impact or meaning for those releases).
**SMB3 only is possible at V7R4 and above. See note
Default versions for each release:
7.2 = SMBv1
7.3 = SMBv2
7.4 and 7.5 = SMBv3
Change SMB version settings by using CALL QZLSMAINT:
It is recommended to make the configuration change while NetServer is not active.
Whenever NetServer SMB protocol level changes are made, it might be necessary to remap drives or reboot client PCs for the client to use the new settings.
Considering the following example command:
CALL QZLSMAINT PARM('40' '1' '0x400')The second parameter values can be any of the following:‘1’ sets the bits on that are defined by the following value
‘2’ sets the bits off that are defined by following value
‘3’ reinitializes the flags to all zeros - Do not use unless directed by IBM i Support.
Commands are cumulative. For example, these two executions:
===> CALL QZLSMAINT PARM('40' '1' '0x400') + ===> CALL QZLSMAINT PARM('40' '1' '0x100')
…leaves you with:
NEW FLAGS 0000000000000500
===> CALL QZLSMAINT PARM('40' '2' '0x500')
…the ‘2’ sets the bits off for the value 500 (0101 0000 0000) and leaves you back at default settings (all 0’s). ===> CALL QZLSMAINT PARM('40' '3')
…re-initializes the flags to all zeros regardless of the existing value. Do not use unless directed by IBM i Support.
NOTE: 7.2 provides support for SMBv1 and SMBv2 (with PTFs). 7.3 provides support for SMBv1 and SMBv2. 7.4 provides support for SMBv1, SMBv2, and SMBv3.
NOTE: V7R4 and Newer releases can enable SMB3 only.
SMB3 will not work if you disable SMB2. Right now on the IBM i SMB3 is a superset of SMB2.
SMB3 will not work if you disable SMB2. Right now on the IBM i SMB3 is a superset of SMB2.
SMB2 must stay enabled!
To make Clients negotiate with SMB3 only you must have SMB2 enabled and set the option Encrypt connections to *REQUIRED.
You can set this option through the GO NETS CL tool under option "9. Change Attributes" (Change NetServer Attributes).
New Navigator for i also allows setting that option:
Note: Minimum Authority requirements for QZLSMAINT are: *IOSYSCFG *ALLOBJ *SERVICE
Additional Information
If Windows 10 clients receive the following error mapping to IBM i 7.2 or later:
...set the NetServer SMB protocol version control flags to x500 so that SMBv1 protocol is disabled. Note that IBM i NetServer will still accept an SMBv1 "Negotiate Protocol Request" frame, but the "Negotiate Protocol Response" (and the rest of the connection) will be SMB2.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CLSAA2","label":"Integrated File System-\u003ENetServer"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
IBM i
Component:
Integrated File System->NetServer
Software version:
All Versions
Operating system(s):
IBM i
Document number:
958915
Modified date:
04 March 2024
UID
ibm10958915
Manage My Notification Subscriptions