Data Domain: Active Directory authentication stops working when upgrading to DDOS 5.7 or higher if the Global Catalog is unreachable

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

症状



Upon upgrading the DDOS to version 5.7 or higher, Active Directory authentication stops working if the Global Catalog is unreachable.
This issue causes login, CIFS share access and CIFS backup failures if an Active Directory user is used for these tasks.

原因

This is due to a change in DDOS from version 5.7 and higher which requires a Global Catalog query at each authentication.
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:

# cifs troubleshooting domaininfo


If the Global Catalog is unreachable, the above output will contain the following line:

[0x0020 - GC offline]



解决方案

  • The DataDomain will attempt to reach the Global Catalog on TCP port 3268. Make sure that there is no firewall rule to block this port.
  • Additionally, from DDOS 5.7.4.0 and DDOS 6.0.1, a new option to avoid global catalog queries during user authentication has been added to DDOS:
  • The new option is named global-catalog-query-disable. The default value for the option will be 0 or false. It can be set to 1 or true to skip the ldap query to the global catalog to fetch Universal groups info.
For example, the following command: 
#cifs option set global-catalog-query-disable true
This will disable GC queries.
 
To apply the changes, restart the CIFS service: #cifs restart force

Check that the option is indeed set:

#cifs option show Currently Set Options: Option                             Value --------------------------------   ------- global-catalog-query-disable       1 --------------------------------   -------


If the issue persists, please contact EMC Dell support.

受影响的产品

Data Domain

产品

Data Domain
文章属性
文章编号: 000064171
文章类型: Solution
上次修改时间: 13 6月 2025
版本:  3
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。