SMB 2 (SMBv2) support needed in IBM i 7.1 and 7.2

IBM i NetServer and QNTC will not be enhanced to support for SMB2 on IBM i 7.1.

Support for SMB2 on IBM i 7.2 was made available on July 19, 2017.

Support for SMB2 on IBM i 7.2 is now available. The cover letters for the PTFs contain important information some of the
documentation has been included here. Much of the information is similar to the IBM i 7.3 documentation for SMB2.

The SMB2 support on IBM i 7.2 is available for IBM i NetServer as well as the QNTC file system.

QNTC file system - SI64984. This is a DELAYED PTF.
When this PTF is applied QNTC will immediately be able to use the SMB2 protocol if that is what is preferred by the
server. Details of how to disable SMB1 for QNTC are documented in the PTF cover letter or in the Knowledge Center for
IBM i 7.3.

IBM i NetServer - MF63692, MF63693, and MF63694. One is a DELAYED PTF so an IPL is required to apply these PTFs.
IBM i NetServer does not automatically support SMB2 when the PTFs are applied. Print sharing behaves differently
for the SMB2 protocol and changes must be made in your environment to enable print sharing to work.

Please read the following important information from the cover letter for MF63694 in its entirety for important
information.

This PTF adds SMB2 protocol support to IBM i NetServer. Clients
that use the SMB1 negotiate mechanism to choose the protocol
version that is used will continue to negotiate SMB1 until the
user takes steps in this cover letter to enable SMB2
negotiation. This is done to avoid unexpected behavior changes
for users until the impacts of switching to SMB2 can be
considered. Windows 8 and newer Windows clients with the "SMB
1.0/CIFS File Sharing Support" feature turned off will
automatically connect to NetServer shared directory paths with
the SMB2 protocol.

*** Important compatibility note ***
The SMB2 protocol requires use of enhanced security negotiation
when making a connection to the server. If clients have been
configured with the minimum NTLMSSP client session security
policy set to include 'Require NTLMv2 Session Security', those
clients will fail to connect to NetServer with SMB2. NetServer
does not support NTLMv2 Session Security, and the Windows SMB2
client will enforce the policy by preventing the connection.

To enable SMB2 negotiation via SMB1 (for Windows clients with
SMB1 installed), run the following command on the IBM i:
CALL QZLSMAINT PARM('40' '1' '0x400')

If SMB2 negotiation needs to be disabled to restore server
behavior to the default, run the following command:
CALL QZLSMAINT PARM('40' '2' '0x400')

*** SMB2 Shared Printer Differences ***
SMB Version 2 (SMB2) has been added and will become the default
SMB version used by clients that support it after SMB2
negotiation is enabled with the steps described above. The new
protocol handles printing differently, and printer functions
will no longer work as they did when using SMB1. Documents can
still be printed to shared printer queues from Windows clients,
but additional steps are required to configure the printer.

1. Open the Windows command prompt and use the NET USE command
to map the IBM i NetServer printer share to an unused local LPT
printer port.
Example: NET USE LPTx \\server\printer_share (where x is a valid
LPT port number)

2. Add the printer share as a local printer on the LPT port used
in step 1 with the correct printer driver for the shared
printer.

Printers added in this way will allow spooling output to the
network printer share, but advanced queue management for the
mapped printer is not supported at this time.

The headline states this may be developed for V7R1 as well.
Can you confirm if it will be the case or is it V7R2 only ?

Thank you for your recent comments. I would like to address them.

Regarding the target date for providing SMB 2 support in IBM i 7.2. Target dates at this time remain confidential, but be assured we are working hard to make it available as soon as we can with quality. When it is made available this request will be updated with the PTF numbers. Microsoft has announced that new installs of Windows 10 starting this fall will have SMBv1 'disabled/removed'. As of today there is no indication this update will affect existing installs. We are aware of this announcement and are working to have our update of SMBv2 in IBM i 7.2 available before that happens.

Regarding the comment requesting SMB 3. For new requests, a new RFE should be submitted. This request is specifically for providing SMBv2 in a release prior to IBM i 7.3. Please open a new RFE for this request and provide what features of SMBv3 are required. Thank you.

Is there any target date for SMBv2 in IBM i 7.2?
It is reported that Microsoft will remove SMBv1 from Windows 10 starting with the upcoming Redstone 3 update in September 2017.
https://threatpost.com/say-goodbye-to-smbv1-in-windows-fall-creators-update/126387/

Hi,
we need SMBV3 on IBM i V7.3 Netserver

Attempting to add keywords NetServer SMB1 SMB2

We understand the concern. There is very little detail on the exact vulnerability (or vulnerabilities) and in fact mostly refers to Microsoft Windows systems and that operating system works very differently than the IBM i.

The security provided by the IBM i and supported servers is a top priority and we take every measure to protect the system and the data stored on it, and the report of this vulnerability is no exception.

While working toward a plan to continue providing a highly secure system we continue to monitor any additional information for all potential vulnerabilities.