Alfonso Conner
2019-Jul-19 10:13 UTC
[Samba] Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
Hi Samba Team, Have recently followed Samba guide and successfully migrate from PDC to AD and from BDC to join AD forest. Need some advice here as I encountered global catalog (GC) cannot be contacted issue when using RSAT. This message pops up when I click "member of" tab while viewing user properties although it will display correctly after I acknowledged the error. Another similar message related to GC will also pop up when I click to the next step while creating new user account, whereby I am aware my newly created user might encounter login issues. After done some research and with reference to previous posts, i noticed it has to do with port 3268/tcp and 3269/tcp to be enabled and available. After tried various methods to verify but no avail. Below are the outputs of commands: Appreciate for the advice. # ps axf | egrep "samba|smbd|winbindd" 15163 pts/1 S+ 0:00 \_ egrep samba|smbd|winbindd 2571 ? Ss 0:00 samba 2572 ? S 0:00 \_ samba 2574 ? S 0:00 | \_ samba 2576 ? Ss 0:14 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2596 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2597 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2598 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 9886 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 15160 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 15161 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2573 ? S 0:35 \_ samba 8972 ? S 0:00 | \_ samba 8973 ? S 0:00 | \_ samba 2575 ? S 0:06 \_ samba 2577 ? S 0:00 \_ samba 2578 ? S 0:07 \_ samba 9411 ? S 0:00 | \_ samba 9412 ? S 0:00 | \_ samba 2579 ? S 0:02 \_ samba 2580 ? S 0:09 \_ samba 2581 ? S 0:05 \_ samba 2582 ? S 0:00 \_ samba 2584 ? S 0:00 | \_ samba 2586 ? Ss 0:02 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 2652 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 2653 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 2583 ? S 0:00 \_ samba 2585 ? S 0:00 \_ samba 2587 ? S 0:00 \_ samba 2588 ? S 0:15 \_ samba netstat -plaunt | egrep "ntp|bind|named|samba|?mbd" tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 2588/samba tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 2580/samba tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 2576/smbd tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 2573/samba tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 2573/samba tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 2573/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2578/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 2573/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2576/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 976/rpcbind tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 2580/samba tcp 0 0 DC1_IP:49153 Other_IP:49182 ESTABLISHED 8972/samba tcp 0 0 DC1_IP:49152 Other_IP:54906 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:389 Other_IP:63555 ESTABLISHED 9412/samba tcp 0 0 DC1_IP:445 Other_IP:54486 ESTABLISHED 15410/smbd tcp 0 0 DC1_IP:135 Other_IP:50476 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:135 Other_IP:61388 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:62660 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:65500 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:41854 DC2_IP:49152 ESTABLISHED 2581/samba tcp 0 0 DC1_IP:49152 Other_IP:63554 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:60790 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 DC2_IP:49612 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:58881 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:445 Other_IP:61391 ESTABLISHED 15409/smbd tcp 0 0 DC1_IP:49152 Other_IP:64459 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:63481 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:49174 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:50477 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:53405 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49153 Other_IP:49183 ESTABLISHED 8973/samba tcp 0 0 DC1_IP:135 Other_IP:49180 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:389 Other_IP:63551 ESTABLISHED 9411/samba tcp 0 0 DC1_IP:135 Other_IP:58880 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:135 Other_IP:49173 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:135 Other_IP:53404 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:445 Other_IP:49195 ESTABLISHED 9886/smbd tcp 0 0 DC1_IP:135 Other_IP:54903 ESTABLISHED 2573/samba tcp 0 0 DC1_IP:49152 Other_IP:63553 ESTABLISHED 2573/samba tcp 0 0 :::53 :::* LISTEN 2588/samba tcp 0 0 :::88 :::* LISTEN 2580/samba tcp 0 0 :::636 :::* LISTEN 2578/samba tcp 0 0 :::445 :::* LISTEN 2576/smbd tcp 0 0 :::49152 :::* LISTEN 2573/samba tcp 0 0 :::49153 :::* LISTEN 2573/samba tcp 0 0 :::49154 :::* LISTEN 2573/samba tcp 0 0 :::3268 :::* LISTEN 2578/samba tcp 0 0 :::3269 :::* LISTEN 2578/samba tcp 0 0 :::389 :::* LISTEN 2578/samba tcp 0 0 :::135 :::* LISTEN 2573/samba tcp 0 0 :::139 :::* LISTEN 2576/smbd tcp 0 0 :::111 :::* LISTEN 976/rpcbind tcp 0 0 :::464 :::* LISTEN 2580/samba udp 0 0 0.0.0.0:53 0.0.0.0:* 2588/samba udp 0 0 DC1_IP:464 0.0.0.0:* 2580/samba udp 0 0 0.0.0.0:464 0.0.0.0:* 2580/samba udp 0 0 0.0.0.0:727 0.0.0.0:* 976/rpcbind udp 0 0 DC1_IP:88 0.0.0.0:* 2580/samba udp 0 0 0.0.0.0:88 0.0.0.0:* 2580/samba udp 0 0 0.0.0.0:111 0.0.0.0:* 976/rpcbind udp 0 0 DC1_IP:123 0.0.0.0:* 8210/./ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 8210/./ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 8210/./ntpd udp 0 0 DC1_IP:389 0.0.0.0:* 2579/samba udp 0 0 0.0.0.0:389 0.0.0.0:* 2579/samba udp 0 0 DC1_IP:137 0.0.0.0:* 2575/samba udp 0 0 Broadcast_IP:137 0.0.0.0:* 2575/samba udp 0 0 0.0.0.0:137 0.0.0.0:* 2575/samba udp 0 0 DC1_IP:138 0.0.0.0:* 2575/samba udp 0 0 Broadcast_IP:138 0.0.0.0:* 2575/samba udp 0 0 0.0.0.0:138 0.0.0.0:* 2575/samba udp 0 0 :::53 :::* 2588/samba udp 0 0 :::464 :::* 2580/samba udp 0 0 :::727 :::* 976/rpcbind udp 0 0 :::88 :::* 2580/samba udp 0 0 :::111 :::* 976/rpcbind udp 0 0 IP_V6:123 :::* 8210/./ntpd udp 0 0 ::1:123 :::* 8210/./ntpd udp 0 0 :::123 :::* 8210/./ntpd udp 0 0 :::389 :::* 2579/samba # host -t SRV _ldap._tcp.gc._msdcs.sandom.example.com. _ldap._tcp.gc._msdcs.sandom.example.com has SRV record 0 100 3268 dc1.sandom.example.com. _ldap._tcp.gc._msdcs.sandom.example.com has SRV record 0 100 3268 dc2.sandom.example.com. # host -t SRV _gc._tcp.sandom.example.com. _gc._tcp.sandom.example.com has SRV record 0 100 3268 dc1.sandom.example.com . _gc._tcp.sandom.example.com has SRV record 0 100 3268 dc2.sandom.example.com . My DC smb.conf as below: # Global parameters [global] netbios name = DC1 realm = SANDOM.EXAMPLE.COM server role = active directory domain controller workgroup = SANDOM idmap_ldb:use rfc2307 = yes ldap server require strong auth = no template shell = /bin/bash template homedir = /home/%U dns forwarder = FORWARDER_IP ntlm auth = yes Thanks and Regards AC
Rowland penny
2019-Jul-19 11:06 UTC
[Samba] Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
On 19/07/2019 11:13, Alfonso Conner via samba wrote:> Hi Samba Team, > > Have recently followed Samba guide and successfully migrate from PDC to AD > and from BDC to join AD forest. > Need some advice here as I encountered global catalog (GC) cannot be > contacted issue when using RSAT. > This message pops up when I click "member of" tab while viewing user > properties although it will display correctly after I acknowledged the > error. > Another similar message related to GC will also pop up when I click to the > next step while creating new user account, whereby I am aware my newly > created user might encounter login issues. > > After done some research and with reference to previous posts, i noticed it > has to do with port 3268/tcp and 3269/tcp to be enabled and available. > After tried various methods to verify but no avail. >What OS is the DC running on ? What version of Samba ? Things like this used to happen, but they do not occur for myself using Win10 against Samba 4.9.6 on Devuan 2 (aka Debian 9) Rowland
Alfonso Conner
2019-Jul-22 00:21 UTC
[Samba] Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
Hi Rowland, Currently using Samba 4.8.5 2 x DCs running on CentOS 6.10 (Final) Configured 1 DC via classic upgrade, and the latter DC join AD forest. Would it be alright if I were to redo the classic upgrade? Hope to hear from you soon. Thanks and Regards On Fri, Jul 19, 2019 at 7:06 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 19/07/2019 11:13, Alfonso Conner via samba wrote: > > Hi Samba Team, > > > > Have recently followed Samba guide and successfully migrate from PDC to > AD > > and from BDC to join AD forest. > > Need some advice here as I encountered global catalog (GC) cannot be > > contacted issue when using RSAT. > > This message pops up when I click "member of" tab while viewing user > > properties although it will display correctly after I acknowledged the > > error. > > Another similar message related to GC will also pop up when I click to > the > > next step while creating new user account, whereby I am aware my newly > > created user might encounter login issues. > > > > After done some research and with reference to previous posts, i noticed > it > > has to do with port 3268/tcp and 3269/tcp to be enabled and available. > > After tried various methods to verify but no avail. > > > What OS is the DC running on ? > > What version of Samba ? > > Things like this used to happen, but they do not occur for myself using > Win10 against Samba 4.9.6 on Devuan 2 (aka Debian 9) > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Possibly Parallel Threads
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT
- Samba4 - global catalog (GC) cannot be contacted using Windows 7 RSAT