Data Domain: Active Directory authentication stops working when upgrading to DDOS 5.7 or higher if the Global Catalog is unreachable
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Upon upgrading the DDOS to version 5.7 or higher, Active Directory authentication stops working if the Global Catalog is unreachable.
This issue causes login, CIFS share access and CIFS backup failures if an Active Directory user is used for these tasks.
Cause
This is due to a change in DDOS from version 5.7 and higher which requires a Global Catalog query at each authentication.
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:
If the Global Catalog is unreachable, the above output will contain the following line:
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:
# cifs troubleshooting domaininfo
If the Global Catalog is unreachable, the above output will contain the following line:
[0x0020 - GC offline]
Resolution
- The DataDomain will attempt to reach the Global Catalog on TCP port 3268. Make sure that there is no firewall rule to block this port.
- Additionally, from DDOS 5.7.4.0 and DDOS 6.0.1, a new option to avoid global catalog queries during user authentication has been added to DDOS:
- The new option is named global-catalog-query-disable. The default value for the option will be 0 or false. It can be set to 1 or true to skip the ldap query to the global catalog to fetch Universal groups info.
For example, the following command:
Check that the option is indeed set:
#cifs option set global-catalog-query-disable true
This will disable GC queries.
To apply the changes, restart the CIFS service: #cifs restart force
Check that the option is indeed set:
#cifs option show Currently Set Options: Option Value -------------------------------- ------- global-catalog-query-disable 1 -------------------------------- -------
If the issue persists, please contact EMC Dell support.
Affected Products
Data DomainProducts
Data DomainArticle Properties
Article Number: 000064171
Article Type: Solution
Last Modified: 13 Jun 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.