OES CIFS can be configured to use an OES MFA service to enforce multi-factor authentication when users access the CIFS share. MFA server service is supported on OES 24.4 or later versions.
By default, MFA agent is installed and active on all the CIFS servers which is required for OES MFA service. MFA is enforced and triggered from the CIFS server and no configuration is needed on the CIFS client.
With MFA enabled, the first-factor authentication continues to be the existing password-based authentication using NTLMSSP for eDirectory users and Kerberos for Active Directory users. OES MFA service is used to perform the second factor authentication. For second-factor authentication, CIFS supports only the smart phone push method.
MFA can be enabled at the server level or share level. When enabled at the server level, MFA is enforced for all the shares on the server. By default, MFA is disabled on the CIFS server.
Server level
novcifs--mfa=yes|no
Share level
novcifs -s --mfa=yes|no -n SHARENAME, --share --mfa=yes|no --name SHARENAME