Alfonso Conner
2019-Jul-19 10:13 UTC
[Samba] Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
Hi Samba Team,
Have recently followed Samba guide and successfully migrate from PDC to AD
and from BDC to join AD forest.
Need some advice here as I encountered global catalog (GC) cannot be
contacted issue when using RSAT.
This message pops up when I click "member of" tab while viewing user
properties although it will display correctly after I acknowledged the
error.
Another similar message related to GC will also pop up when I click to the
next step while creating new user account, whereby I am aware my newly
created user might encounter login issues.
After done some research and with reference to previous posts, i noticed it
has to do with port 3268/tcp and 3269/tcp to be enabled and available.
After tried various methods to verify but no avail.
Below are the outputs of commands:
Appreciate for the advice.
# ps axf | egrep "samba|smbd|winbindd"
15163 pts/1 S+ 0:00 \_ egrep samba|smbd|winbindd
2571 ? Ss 0:00 samba
2572 ? S 0:00 \_ samba
2574 ? S 0:00 | \_ samba
2576 ? Ss 0:14 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
2596 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
2597 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
2598 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
9886 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
15160 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
15161 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D
--option=server role check:inhibit=yes --foreground
2573 ? S 0:35 \_ samba
8972 ? S 0:00 | \_ samba
8973 ? S 0:00 | \_ samba
2575 ? S 0:06 \_ samba
2577 ? S 0:00 \_ samba
2578 ? S 0:07 \_ samba
9411 ? S 0:00 | \_ samba
9412 ? S 0:00 | \_ samba
2579 ? S 0:02 \_ samba
2580 ? S 0:09 \_ samba
2581 ? S 0:05 \_ samba
2582 ? S 0:00 \_ samba
2584 ? S 0:00 | \_ samba
2586 ? Ss 0:02 | \_ /usr/local/samba/sbin/winbindd -D
--option=server role check:inhibit=yes --foreground
2652 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd
-D --option=server role check:inhibit=yes --foreground
2653 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd
-D --option=server role check:inhibit=yes --foreground
2583 ? S 0:00 \_ samba
2585 ? S 0:00 \_ samba
2587 ? S 0:00 \_ samba
2588 ? S 0:15 \_ samba
netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
tcp 0 0 0.0.0.0:53 0.0.0.0:*
LISTEN 2588/samba
tcp 0 0 0.0.0.0:88 0.0.0.0:*
LISTEN 2580/samba
tcp 0 0 0.0.0.0:445 0.0.0.0:*
LISTEN 2576/smbd
tcp 0 0 0.0.0.0:49152 0.0.0.0:*
LISTEN 2573/samba
tcp 0 0 0.0.0.0:49153 0.0.0.0:*
LISTEN 2573/samba
tcp 0 0 0.0.0.0:49154 0.0.0.0:*
LISTEN 2573/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN 2578/samba
tcp 0 0 0.0.0.0:135 0.0.0.0:*
LISTEN 2573/samba
tcp 0 0 0.0.0.0:139 0.0.0.0:*
LISTEN 2576/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 976/rpcbind
tcp 0 0 0.0.0.0:464 0.0.0.0:*
LISTEN 2580/samba
tcp 0 0 DC1_IP:49153 Other_IP:49182
ESTABLISHED 8972/samba
tcp 0 0 DC1_IP:49152 Other_IP:54906
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:389 Other_IP:63555
ESTABLISHED 9412/samba
tcp 0 0 DC1_IP:445 Other_IP:54486
ESTABLISHED 15410/smbd
tcp 0 0 DC1_IP:135 Other_IP:50476
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:135 Other_IP:61388
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:62660
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:65500
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:41854 DC2_IP:49152
ESTABLISHED 2581/samba
tcp 0 0 DC1_IP:49152 Other_IP:63554
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:60790
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 DC2_IP:49612
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:58881
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:445 Other_IP:61391
ESTABLISHED 15409/smbd
tcp 0 0 DC1_IP:49152 Other_IP:64459
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:63481
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:49174
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:50477
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:53405
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49153 Other_IP:49183
ESTABLISHED 8973/samba
tcp 0 0 DC1_IP:135 Other_IP:49180
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:389 Other_IP:63551
ESTABLISHED 9411/samba
tcp 0 0 DC1_IP:135 Other_IP:58880
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:135 Other_IP:49173
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:135 Other_IP:53404
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:445 Other_IP:49195
ESTABLISHED 9886/smbd
tcp 0 0 DC1_IP:135 Other_IP:54903
ESTABLISHED 2573/samba
tcp 0 0 DC1_IP:49152 Other_IP:63553
ESTABLISHED 2573/samba
tcp 0 0 :::53 :::*
LISTEN 2588/samba
tcp 0 0 :::88 :::*
LISTEN 2580/samba
tcp 0 0 :::636 :::*
LISTEN 2578/samba
tcp 0 0 :::445 :::*
LISTEN 2576/smbd
tcp 0 0 :::49152 :::*
LISTEN 2573/samba
tcp 0 0 :::49153 :::*
LISTEN 2573/samba
tcp 0 0 :::49154 :::*
LISTEN 2573/samba
tcp 0 0 :::3268 :::*
LISTEN 2578/samba
tcp 0 0 :::3269 :::*
LISTEN 2578/samba
tcp 0 0 :::389 :::*
LISTEN 2578/samba
tcp 0 0 :::135 :::*
LISTEN 2573/samba
tcp 0 0 :::139 :::*
LISTEN 2576/smbd
tcp 0 0 :::111 :::*
LISTEN 976/rpcbind
tcp 0 0 :::464 :::*
LISTEN 2580/samba
udp 0 0 0.0.0.0:53 0.0.0.0:*
2588/samba
udp 0 0 DC1_IP:464 0.0.0.0:*
2580/samba
udp 0 0 0.0.0.0:464 0.0.0.0:*
2580/samba
udp 0 0 0.0.0.0:727 0.0.0.0:*
976/rpcbind
udp 0 0 DC1_IP:88 0.0.0.0:*
2580/samba
udp 0 0 0.0.0.0:88 0.0.0.0:*
2580/samba
udp 0 0 0.0.0.0:111 0.0.0.0:*
976/rpcbind
udp 0 0 DC1_IP:123 0.0.0.0:*
8210/./ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
8210/./ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
8210/./ntpd
udp 0 0 DC1_IP:389 0.0.0.0:*
2579/samba
udp 0 0 0.0.0.0:389 0.0.0.0:*
2579/samba
udp 0 0 DC1_IP:137 0.0.0.0:*
2575/samba
udp 0 0 Broadcast_IP:137 0.0.0.0:*
2575/samba
udp 0 0 0.0.0.0:137 0.0.0.0:*
2575/samba
udp 0 0 DC1_IP:138 0.0.0.0:*
2575/samba
udp 0 0 Broadcast_IP:138 0.0.0.0:*
2575/samba
udp 0 0 0.0.0.0:138 0.0.0.0:*
2575/samba
udp 0 0 :::53 :::*
2588/samba
udp 0 0 :::464 :::*
2580/samba
udp 0 0 :::727 :::*
976/rpcbind
udp 0 0 :::88 :::*
2580/samba
udp 0 0 :::111 :::*
976/rpcbind
udp 0 0 IP_V6:123 :::*
8210/./ntpd
udp 0 0 ::1:123 :::*
8210/./ntpd
udp 0 0 :::123 :::*
8210/./ntpd
udp 0 0 :::389 :::*
2579/samba
# host -t SRV _ldap._tcp.gc._msdcs.sandom.example.com.
_ldap._tcp.gc._msdcs.sandom.example.com has SRV record 0 100 3268
dc1.sandom.example.com.
_ldap._tcp.gc._msdcs.sandom.example.com has SRV record 0 100 3268
dc2.sandom.example.com.
# host -t SRV _gc._tcp.sandom.example.com.
_gc._tcp.sandom.example.com has SRV record 0 100 3268 dc1.sandom.example.com
.
_gc._tcp.sandom.example.com has SRV record 0 100 3268 dc2.sandom.example.com
.
My DC smb.conf as below:
# Global parameters
[global]
netbios name = DC1
realm = SANDOM.EXAMPLE.COM
server role = active directory domain controller
workgroup = SANDOM
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
template shell = /bin/bash
template homedir = /home/%U
dns forwarder = FORWARDER_IP
ntlm auth = yes
Thanks and Regards
AC
Rowland penny
2019-Jul-19 11:06 UTC
[Samba] Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
On 19/07/2019 11:13, Alfonso Conner via samba wrote:> Hi Samba Team, > > Have recently followed Samba guide and successfully migrate from PDC to AD > and from BDC to join AD forest. > Need some advice here as I encountered global catalog (GC) cannot be > contacted issue when using RSAT. > This message pops up when I click "member of" tab while viewing user > properties although it will display correctly after I acknowledged the > error. > Another similar message related to GC will also pop up when I click to the > next step while creating new user account, whereby I am aware my newly > created user might encounter login issues. > > After done some research and with reference to previous posts, i noticed it > has to do with port 3268/tcp and 3269/tcp to be enabled and available. > After tried various methods to verify but no avail. >What OS is the DC running on ? What version of Samba ? Things like this used to happen, but they do not occur for myself using Win10 against Samba 4.9.6 on Devuan 2 (aka Debian 9) Rowland
Alfonso Conner
2019-Jul-22 00:21 UTC
[Samba] Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
Hi Rowland, Currently using Samba 4.8.5 2 x DCs running on CentOS 6.10 (Final) Configured 1 DC via classic upgrade, and the latter DC join AD forest. Would it be alright if I were to redo the classic upgrade? Hope to hear from you soon. Thanks and Regards On Fri, Jul 19, 2019 at 7:06 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 19/07/2019 11:13, Alfonso Conner via samba wrote: > > Hi Samba Team, > > > > Have recently followed Samba guide and successfully migrate from PDC to > AD > > and from BDC to join AD forest. > > Need some advice here as I encountered global catalog (GC) cannot be > > contacted issue when using RSAT. > > This message pops up when I click "member of" tab while viewing user > > properties although it will display correctly after I acknowledged the > > error. > > Another similar message related to GC will also pop up when I click to > the > > next step while creating new user account, whereby I am aware my newly > > created user might encounter login issues. > > > > After done some research and with reference to previous posts, i noticed > it > > has to do with port 3268/tcp and 3269/tcp to be enabled and available. > > After tried various methods to verify but no avail. > > > What OS is the DC running on ? > > What version of Samba ? > > Things like this used to happen, but they do not occur for myself using > Win10 against Samba 4.9.6 on Devuan 2 (aka Debian 9) > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT