This section explains how to use the
qq smb_modify_settings command.Examples
Hiding an SMB Share from Unauthorized Hosts
For more information, see Using SMB Host Restrictions in Qumulo Core in the Qumulo Administrator Guide.
To Hide an SMB Share from Unauthorized Hosts
Run the qq smb_modify_settings command and set the --hide-shares-from-unauthorized-hosts flag to true.
Configuring Cluster-Level SMB3 Encryption
For more information, see Managing SMB3 Encryption in Transit in Qumulo Core in the Qumulo Administrator Guide.
To Configure Cluster-Level SMB3 Encryption
Run the qq smb_modify_settings command and set the --encryption-mode flag to one of the following:
NONEPREFERREQUIRE
To Disable SMB3 Negotiation to Improve Workload Performance
Run the qq smb_modify_settings command and specify the supported SMB dialects. For example:
qq smb_modify_settings \
--supported-dialects SMB2_DIALECT_2_1
To Enable SMB3 Negotiation
Run the qq smb_modify_settings command and specify the supported SMB dialects. For example:
qq smb_modify_settings \
--supported-dialects SMB2_DIALECT_2_1 \
SMB2_DIALECT_3_0
Description
Set SMB server settings
Usage
qq smb_modify_settings [-h] [-e {none,preferred,required}] [-d dialect_1 [dialect_2 ...]] [--hide-shares-from-unauthorized-hosts {true,false}] [--hide-shares-from-unauthorized-users {true,false}]
[--snapshot-directory-mode {visible,hidden,disabled}] [--bypass-traverse-checking {true,false}] [--signing-required {true,false}]
Flags
| Flag Name | Required | Description |
|---|---|---|
-e
|
No | Server encryption mode to set |
-d
|
No | Specify a space-separated list of SMB dialects that clients are permitted to negotiate. To disable SMB, specify -d "". Available dialects: smb2_dialect_2_002, smb2_dialect_2_1, smb2_dialect_3_0, smb2_dialect_3_11. Alternatively, use -d ALL to allow all supported dialects. |
--hide-shares-from-unauthorized-hosts
|
No | Configure share listing to omit shares to which the requesting host isn't authorized to connect. |
--hide-shares-from-unauthorized-users
|
No | Configure share listing to omit shares to which the requesting user isn't authorized to connect. Important: Clients which don't have passwordless authentication typically list shares by using guest privileges. This flag typically hides all shares from this client type. |
--snapshot-directory-mode
|
No | When you set this flag to visible, the .snapshot directory appears at the root of shares during directory listing operations. The .snapshot directory is also accessible by name in any directory. When you set this flag to hidden, .snapshot directories do not appear in directory listings but remains accessible by name. When you set this flag to disabled, .snapshot directories are not accessible and snapshots are available only through the Restore Previous Versions dialog box on Windows. |
--bypass-traverse-checking
|
No | Enables bypass traverse checking for all users and directories. For example, a user who tries to access directory /x/y and has permissions to the /x directory but not to the /x/y directory can access the /x/y directory. A user still requires permissions to the /x directory to view its contents. |
--signing-required
|
No | If the user is not a guest, require all messages to be signed. This flag applies to all SMB shares. |