Data Domain: Active Directory authentication stops working when upgrading to DDOS 5.7 or higher if the Global Catalog is unreachable
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Symptómy
Upon upgrading the DDOS to version 5.7 or higher, Active Directory authentication stops working if the Global Catalog is unreachable.
This issue causes login, CIFS share access and CIFS backup failures if an Active Directory user is used for these tasks.
Príčina
This is due to a change in DDOS from version 5.7 and higher which requires a Global Catalog query at each authentication.
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:
If the Global Catalog is unreachable, the above output will contain the following line:
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:
# cifs troubleshooting domaininfo
If the Global Catalog is unreachable, the above output will contain the following line:
[0x0020 - GC offline]
Riešenie
- The DataDomain will attempt to reach the Global Catalog on TCP port 3268. Make sure that there is no firewall rule to block this port.
- Additionally, from DDOS 5.7.4.0 and DDOS 6.0.1, a new option to avoid global catalog queries during user authentication has been added to DDOS:
- The new option is named global-catalog-query-disable. The default value for the option will be 0 or false. It can be set to 1 or true to skip the ldap query to the global catalog to fetch Universal groups info.
For example, the following command:
Check that the option is indeed set:
#cifs option set global-catalog-query-disable true
This will disable GC queries.
To apply the changes, restart the CIFS service: #cifs restart force
Check that the option is indeed set:
#cifs option show Currently Set Options: Option Value -------------------------------- ------- global-catalog-query-disable 1 -------------------------------- -------
If the issue persists, please contact EMC Dell support.
Dotknuté produkty
Data DomainProdukty
Data DomainVlastnosti článku
Číslo článku: 000064171
Typ článku: Solution
Dátum poslednej úpravy: 13 jún 2025
Verzia: 3
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.