IBM Support

SMB2 Support for IBM i 7.2

Question & Answer


Question

How do the SMB versions work on IBM i 7.2?

Answer

This technote pertains only to IBM i 7.2.
SMB2 support was added to IBM i 7.2 with PTFs in mid-2017.  SMB2 support was added for both NetServer (the server that handles drive mapping to the IBM i) and QNTC (the SMB client on the IBM i that provides access from the IBM i to other SMB servers like Windows). 
IBM i 7.1 and older OS versions are limited to SMB1 support.

SMB2 Support for 7.2 NetServer

The SMB versions NetServer supports are controlled by calling the NetServer QZLSMAINT utility to set the SMB flags.  Changing the SMB versions requires restarting NetServer in order to assure that all sessions are using the SMB version you want.  More details are included in the following information.

First, see what the flags are presently set to. 
To view the SMB flags, run the following command: CALL QZLSMAINT PARM('40' '0')
Running this command before you restart NetServer produces a spool file showing old flags (what the NetServer is presently using) and new flags (what the NetServer uses after it is restarted).

Here is an example of the result showing the default state of the SMB version flags:
    OLD FLAGS            
    0000000000000000    
    NEW FLAGS            
    0000000000000000    
When all the flags are set to zeros, NetServer is using the default SMB version for your operating system version. At 7.2 these values mean that SMB version 1 (SMB1) is being used exclusively with no support for SMB2.
Ending the NetServer before you change the flags, and restarting it afterward
Although the flags can be changed while NetServer is active, and the changes take effect immediately, changing SMB versions during active sessions can cause client errors to occur during those sessions. Therefore, IBM highly recommends ending the NetServer before you call QZLSMAINT to change the flags.  Do the following steps from the IBM i command line:

Before you call QZLSMAINT to change the SMB settings, run:
ENDTCPSVR *NETSVR
Ensure the NetServer jobs are no longer active with:
WRKACTJOB JOB(QZLS*)
After using CALL QZLSMAINT to set the flags, run the following command to start the NetServer:
STRTCPSVR *NETSVR
Changing the flags:

To allow both SMB1 and SMB2, run the following commands:
   // Clear the SMB version support flags
CALL QZLSMAINT PARM('40' '3')
   // Enable SMB2 negotiation
CALL QZLSMAINT PARM('40' '1' '0x400')
It produces a spool file with the following flags:
        OLD FLAGS            
        0000000000000000    
        NEW FLAGS            
        0000000000000400 
Restart NetServer and run the command CALL QZLSMAINT PARM('40' '0'), the flags in the spool file show:
        OLD FLAGS            
        0000000000000400    
        NEW FLAGS            
        0000000000000400 
With the flags set to 400, NetServer provides support for both SMB1 and SMB2.
If SMB1 and SMB2 are allowed and you want to allow SMB2 only, run the following commands:
   // Enable SMB2 negotiation and disable SMB1
CALL QZLSMAINT PARM('40' '1' '0X100')
Running this command produces a spool file with the following flags:
        OLD FLAGS       
        0000000000000400
        NEW FLAGS       
        0000000000000500
Restart the NetServer and run the command CALL QZLSMAINT PARM('40' '0'), the spool file shows the following flags:
        OLD FLAGS       
        0000000000000500
        NEW FLAGS       
        0000000000000500
With the flags set to 500, NetServer provides support for SMB2 only.
Setting the flags to any value other than the examples shown produces unpredictable results.

SMB2 support for QNTC

The original PTF to add QNTC SMB2 support is SI64984.  IBM support recommends applying the latest superseding PTF; it includes fixes for problems not included in the original PTF. This PTF requires an IPL to activate. After the PTF, or a superseding PTF, is applied and an IPL completed, SMB2 is the default dialect for QNTC connections. To set the SMB dialect used by QNTC, use the QIBM_ZLC_SMB_VERS environment variable.
The default behavior is for QNTC to request SMB2 and to fall back to using SMB1 when SMB2 is not available on the remote file server.  To use the default behavior, either do not create the environment variable or create it and set it to zero: 
ADDENVVAR ENVVAR(QIBM_ZLC_SMB_VERS) VALUE(0) LEVEL(*SYS)
To force QNTC to use only SMB1: 
ADDENVVAR ENVVAR(QIBM_ZLC_SMB_VERS) VALUE(1) LEVEL(*SYS)
To force QNTC to use only SMB2: 
ADDENVVAR ENVVAR(QIBM_ZLC_SMB_VERS) VALUE(2) LEVEL(*SYS)
If a particular job needs to use a specific SMB dialect, set the environment variable at the *JOB level in that job before it makes the connection through QNTC.  Because the SMB version is negotiated upon the initial connection, setting the environment variable after that connection is made would not have any effect.
Note:  The 7.2 PTFs that originally added the SMB2 support for NetServer were MF63692, MF64295, and MF64401.  IBM Support recommends applying the latest NetServer PTFs because there were many NetServer problems fixed by the latest supersede PTFs.

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CLSAA2","label":"Integrated File System->NetServer"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.2.0"}]

Document Information

Modified date:
09 September 2021

UID

nas8N1022198