Data Domain: Active Directory authentication stops working when upgrading to DDOS 5.7 or higher if the Global Catalog is unreachable

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

症狀



Upon upgrading the DDOS to version 5.7 or higher, Active Directory authentication stops working if the Global Catalog is unreachable.
This issue causes login, CIFS share access and CIFS backup failures if an Active Directory user is used for these tasks.

原因

This is due to a change in DDOS from version 5.7 and higher which requires a Global Catalog query at each authentication.
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:

# cifs troubleshooting domaininfo


If the Global Catalog is unreachable, the above output will contain the following line:

[0x0020 - GC offline]



解析度

  • The DataDomain will attempt to reach the Global Catalog on TCP port 3268. Make sure that there is no firewall rule to block this port.
  • Additionally, from DDOS 5.7.4.0 and DDOS 6.0.1, a new option to avoid global catalog queries during user authentication has been added to DDOS:
  • The new option is named global-catalog-query-disable. The default value for the option will be 0 or false. It can be set to 1 or true to skip the ldap query to the global catalog to fetch Universal groups info.
For example, the following command: 
#cifs option set global-catalog-query-disable true
This will disable GC queries.
 
To apply the changes, restart the CIFS service: #cifs restart force

Check that the option is indeed set:

#cifs option show Currently Set Options: Option                             Value --------------------------------   ------- global-catalog-query-disable       1 --------------------------------   -------


If the issue persists, please contact EMC Dell support.

受影響的產品

Data Domain

產品

Data Domain
文章屬性
文章編號: 000064171
文章類型: Solution
上次修改時間: 13 6月 2025
版本:  3
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。