In addition to the bug fixes, CIFS provides the following enhancements and changes in OES 2018:
SMB v3 (SMB 3.0) Verb Compliance: Clients can now communicate with OES using the SMB v3 (SMB 3.0) protocol.
SMB 3.0 has advantages of increased security achieved through using:
Secure Dialect Negotiation
AES-CMAC for signing
SMB 3.0 encryption
In OES 2018, the default SMB protocol dialect is set to SMB 3.0.
Beginning with OES 2018, CIFS server supports Alternate Data Streams. To add customized metadata as extended attributes to the file or directory, enable alternate data stream on the server. This provides better performance.
Beginning with OES 2018, the communication through SMB v2 is more secure with the implementation of dynamic re-authentication capability on the server. The session is expired based on the time out from the authentication protocol (Kerberos) and is re-authenticated from the client side.
On a Mac computer, if a customized color or icon is assigned to a file or folder on a volume mounted through AFP, then the customization is not visible when the same volume is mounted through CIFS. To enable the visibility of such customization, a new utility migafp2cifs is introduced that converts AFP specific metadata information to CIFS specific format. For more information on the options, see the migafp2cifs man page.
CIFS provides support for server-side copy operations. The CIFS clients can now off-load the copy operations to the OES CIFS file server using the Copy-Chunk requests. This request ensure improved file server performance as the network round-trip is avoided. By default, this feature is enabled on the OES CIFS file server.
The traditional Salvage and Purge operation can be done natively on Mac using NFARM (OES File Access Rights Management). For example, using NFARM installer for Mac, you can recover or permanently delete the files or folders that are already deleted. For more information, see Section 10.3.2, Salvage and Purge on Mac.
Beginning with OES 2018, the eDirectory users can change their password directly from the client device. A password expiry notification is displayed when you choose to map a network drive using CIFS, with the eDirectory credentials that is due to expire. It also provides the grace login information even after the password expires. For password expiry notification feature to be available on a workstation, the NFARM (OES File Access Rights Management) must be installed. For more information, see Section 10.3.3, Password Expiry Notification on Windows.
Alternate Data Stream: You can enable or disable the data streams on the server.
For more information, see Enabling or Disabling Alternate Data Stream.
SMB v1 Disablement: You can disable the SMB v1 sessions from the clients:
For more information, see Disabling SMB v1 sessions.
SMB 3.0 Encryption: You can encrypt the client server sessions established at both global and share levels to protect data from corruption due to man-in-the-middle attacks:
For more information, see Enabling or Disabling SMB 3.0 Encryption at Global Level, Enabling or Disabling SMB 3.0 Encryption at Share Level, and Enabling or Disabling Unencrypted Access to the Share.
DNS Suffix: You can set DNS suffix for the DFS referral target node server name.
For more information, see Setting DNS Suffix.
Display User Address: You can enable or disable the updation of client IP address details for the logged in user in the eDirectory user object.
For more information, see Updating Client IP Address Details.
Log Level: You can set the log level for the server to log messages.
For more information, see Setting the Log Level.
SMB Version Switching: You can switch between SMB protocol versions. (The default for OES 2018 is SMB v3.)
For more information, see Toggling between SMB Versions.
Deprecated Commands: Beginning with OES 2018, the following command options are not available.
novcifs [-b yes|no | --enable-debug=yes|no]
novcifs [-f yes|no | --enable-info=yes|no]
They are replaced by the new command novcifs --log-level error | debug | info.