[Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
Todd E Thomas
todd_dsm at ssiresults.com
Fri Mar 27 19:37:51 GMT 2009
the answers follow the questions below:
did you run testparm -s and look for errors in smb.conf?
---
Yes, I ran this a 1000 times. The answer: run it 1,001 times-
There was a problem with wins
wins support = yes
wins server = 10.0.0.14
I kept wins server as that was in a sample at samba.org:
http://wiki.samba.org/index.php/1.0._Configuring_Samba#1.1._smb.conf_PDC
testparm -s now executes without error.
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
===
you don't need these two lines in smb.conf anymore:
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
since you are using ldap and have ldap passwd sync = yes
---
This I found in the walk-through for combining samba/zimbra. I'm a bit novice
so I ran with it:
http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI#Configuring_Samba
I'll try to create a few new users without these lines.
===
also, your ldap admin dn is wrong. what is it in your slapd.conf file?
it should be something like ldap admin dn =
cn=Manager,dc=zmail,dc=ptest,dc=us
---
Actually this is correct for the zimbra implementation of openldap. I don't
agree with getting so far away from a 'normal' OpenLDAP config but they must
have run into a snag along the way that necessitated this change.
===
did you do smbpasswd -w
---
Yes. It worked as expected.
===
The error still persists.
# service smb status
smbd dead but pid file exists
nmbd (pid 31030) is running...
It only stays on for a few minutes after you start it, then dies. There is
nothing dropped in any log. This makes me think that whatever it is - is fatal;
for the life of me I can't imagine what would cause that.
T
--- awilliam at mdah.state.ms.us wrote:
From: Adam Williams <awilliam at mdah.state.ms.us>
To: todd_dsm at ssiresults.com
CC: samba at lists.samba.org
Subject: Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
Date: Fri, 27 Mar 2009 08:43:24 -0500
did you run testparm -s and look for errors in smb.conf?
you don't need these two lines in smb.conf anymore:
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
since you are using ldap and have ldap passwd sync = yes
also, your ldap admin dn is wrong. what is it in your slapd.conf file?
it should be something like ldap admin dn =
cn=Manager,dc=zmail,dc=ptest,dc=us
did you do smbpasswd -w
Todd E Thomas wrote:
> When I run this command I am not prompted for a password, I just get the below error.
>
> # smbclient -U root //zmail/homes
> Error connecting to 10.0.0.14 (Connection refused)
> Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED)
> ---
> Now for the back story:
> CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware.
>
> I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch.
>
> Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication.
>
> Is there such a resource?
>
> As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below.
>
> # service smb status
> smbd dead but pid file exists
> nmbd (pid 9072) is running...
>
>
> Thanks in advance,
>
> Todd E Thomas
> ===
> The host is zmail = 10.0.0.14
> ---
> [global]
> netbios name = zmail
> workgroup = OFFICE
> security = user
> server string = Palladium %v
> wins support = yes
> dns proxy = no
> name resolve order = wins hosts lmhosts bcast
> wins server = 10.0.0.14
> log file = /var/log/samba/log.%m
> log level = 6
> max log size = 1000
> syslog only = no
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> enable privileges = yes
> encrypt passwords = yes
> ## Use ldap for auth
> ldap passwd sync = yes
> passdb backend = ldapsam:ldaps://zmail.ptest.us/
> # ldap port = 636
> ldap admin dn = "cn=config"
> ldap suffix = dc=ptest,dc=us
> ldap group suffix = ou=groups
> ldap user suffix = ou=people
> ldap machine suffix = ou=machines
> obey pam restrictions = no
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
> domain master = yes
> domain logons = yes
> os level = 33
> preferred master = yes
> local master = yes
> logon path = \\zmail.ptest.us\%U\profile
> logon home = \\zmail.ptest.us\%U
> add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
> add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
> socket options = TCP_NODELAY
> [homes]
> comment = Home Directories
> browseable = yes
> read only = No
> valid users = %S
> [netlogon]
> comment = Network Logon Service
> path = /export/netlogon
> read only = yes
> write list = +ntadmin
> locking = no
> ===
>
More information about the samba
mailing list