3.3.1.1 Global

  • Article

The following ADM elements are globally maintained for an individual server:

Server.Enabled: A Boolean that indicates whether the CIFS server is accepting incoming connections or requests.

Server.Paused: A Boolean that indicates whether the CIFS server is in a paused state.

Server.Statistics: Server statistical information. This contains all the members of the STAT_SERVER_0 ([MS-SRVS] section 2.2.4.39) structure.

Server.AutodisconnectTimeout: The idle session disconnect time-out in minutes.

Server.SupportDialects: A list of server-supported dialect identifiers in order of preference from least to most preferred.

Server.Capabilities: The set of Capabilities (as described in section 1.7 and defined in section 2.2.4.52.2) supported by the server.

Server.ConnectionTable: A list of SMB connections, as defined in section 3.3.1.3. The list MUST allow lookups based upon Server.Connection.ClientName.

Server.EnableOplock: A Boolean value that indicates whether a server supports OpLocks.

Server.GuestOkay: A Boolean value that indicates whether or not a guest authentication is allowed if user-level authentication fails. If Server.ShareLevelAuthentication is TRUE, Server.GuestOkay MUST be FALSE.

Server.LMAuthenticationPolicy: A state that determines the LAN Manager challenge/response authentication mechanism to be used. The following options are available:

  • Disabled: LAN Manager and LAN Manager v2 challenge/response authentication (LM & LMv2) are disabled.

    The server MUST NOT test the LM or LMv2 response, if any, sent by the client.

  • V1-Enabled: LAN Manager challenge/response authentication (LM) is enabled.

    The server MUST use the LM response algorithm to test the response sent in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX request received from the client.

  • V2-Enabled: LAN Manager v2 challenge/response authentication (LMv2) is enabled.

    The server MUST use the LMv2 algorithm to test the response sent in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX request received from the client.

  • Enabled: LAN Manager v1 and v2 challenge/response authentication is enabled.

    The server MUST use the LMv2 algorithm to test the response sent in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX Request (section 2.2.4.53.1) received from the client. If the LMv2 response does not match the client response, the server MUST use the LM response algorithm to test the response sent in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX Request received from the client.

Server.MaxBufferSize: The size, in bytes, of the largest SMB message that the server can receive.

Server.MaxMpxCount: The maximum number of outstanding commands that each client is allowed to have at any given time.

Server.MaxVcNumber: The maximum number of virtual circuits that can be established between the client and the server as part of the same session.

Server.MaxRawSize: The maximum raw buffer size, in bytes, available on the server.

Server.MessageSigningPolicy: A state that determines whether this node signs messages. This parameter has four possible values:

  • Required: Message signing is required. Any connection to a node that does not use signing MUST be disconnected.

  • Enabled: Message signing is enabled. If the other node enables or requires signing, it MUST be used.<213>

  • Optional: Message signing is disabled unless the other party requires it. If the other party requires message signing, it MUST be used. Otherwise, message signing MUST NOT be used.

  • Disabled: Message signing is disabled. Message signing MUST NOT be used.

Server.NTLMAuthenticationPolicy: A state that determines the NT LAN Manager challenge/response authentication mechanism to be used. The following options are available:

  • Disabled: NT LAN Manager and NT LAN Manager v2 challenge/response authentication (NTLM and NTLMv2) are disabled.

    The server MUST NOT test the NTLM or NTLMv2 response, if any, sent by the client.

  • V1-Enabled: NT LAN Manager challenge/response authentication (NTLM) is enabled.

    The server MUST use the NTLM response algorithm to test the response sent in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX request received from the client.

  • V2-Enabled: NT LAN Manager v2 challenge/response authentication (NTLMv2) is enabled.

    The server MUST use the NTLMv2 algorithm to test the response sent in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX Request received from the client.

  • Enabled: NT LAN Manager v1 and v2 challenge/response authentication is enabled.

    The server MUST use the NTLMv2 algorithm to test the response sent in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX request received from the client. If the NTLMv2 response does not match the client response, the server MUST use the NTLM response algorithm to test the response sent in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX request received from the client.

Server.OplockTimeout: The maximum OpLock break time-out in seconds.

If Server.PlaintextAuthenticationPolicy is set to Required, Server.LMAuthenticationPolicy and Server.NTLMAuthenticationPolicy MUST be Disabled.

If Server.LMAuthenticationPolicy, Server.NTLMAuthenticationPolicy, and Server.PlaintextAuthenticationPolicy are all Disabled, then no authentication is possible.

Server.PlaintextAuthenticationPolicy: A state that determines whether plaintext authentication is permitted or required. The following options are available:

  • Disabled: Plaintext authentication disabled.

    The server does support challenge/response authentication. Plaintext authentication from the client is denied.

  • Enabled: Plaintext authentication enabled.

    The server does support challenge/response authentication. Plaintext authentication from the client is permitted.

  • Required: Plaintext authentication required.

    The server does not support challenge/response authentication. The server MUST indicate support for challenge/response authentication using the 0x02 flag bit of the SecurityMode field sent in the SMB_COM_NEGOTIATE Response (section 2.2.4.52.2).

Server.ShareLevelAuthentication: A Boolean that indicates whether Share-level or User-level authentication is supported. If this is TRUE, Share-level authentication MUST be used.

Server.ShareTable: A list of available shares that are present on this server indexed by the share name, as specified in section 3.3.1.2.

Server.SrvMaxSessionTableSize: The maximum size of the session table that maintains the list of all SMB sessions per connection.

Server.SrvSearchMaxTimeout: The unused open search time-out in seconds.

Server.MaxSearches: The maximum number of outstanding open searches allowed on a connection.