How do I enable SMB 3 and manage SMB encryption in QNAP NAS?
Last modified date:
2025-11-13
Applicable Products
- NAS running QTS or QuTS hero
Overview
SMB encryption enhances file sharing security by encrypting data transmitted between your QNAP NAS and SMB clients. This protects sensitive information from unauthorized access during network transmission. SMB encryption is available for SMB 3.0 and later, and requires both the NAS and the client to support SMB 3.0 or above.
Procedure
- Open Control Panel in QTS or QuTS hero.
- Navigate to Network & File Services > Win/Mac/NFS > Microsoft Networking.
- Select Advanced Options.
- Set Highest SMB Version to SMB 3.0.
- Click Apply to save changes.
Note: Only clients with SMB 3.0 or later can connect using encrypted sessions. If the client does not support SMB 3.0, it may connect without encryption or may not be able to connect, based on your configuration.
Procedure for QTS 4.3.3 or earlier
In QTS 4.3.3 and earlier, the graphical user interface may lack SMB encryption settings. You can enable SMB 3.0 (with encryption support) via SSH.
- Reminder: If you are not comfortable using SSH or command-line operations, please consult your system administrator.
- Tip: Back up your system settings before making changes.
- Log in to your NAS via SSH with an administrator account.
- Run:
/etc/init.d/smb2_protocol.sh enable 3
- Wait for the SMB services to restart. You should see output confirming SMB 3.0 is enabled.
- SMB encryption can now be negotiated with compatible clients.
Limitations
- SMB encryption only works with SMB 3.0 or higher. Clients with SMB 1.0 or 2.0 will not be able to use encryption.
- Enabling encryption may reduce file transfer performance due to additional CPU usage.
