[Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED

Todd E Thomas todd_dsm at ssiresults.com
Fri Mar 27 19:37:51 GMT 2009 

the answers follow the questions below:

did you run testparm -s and look for errors in smb.conf?
---
  Yes, I ran this a 1000 times. The answer: run it 1,001 times-
  There was a problem with wins
wins support = yes
wins server = 10.0.0.14
I kept wins server as that was in a sample at samba.org:
http://wiki.samba.org/index.php/1.0._Configuring_Samba#1.1._smb.conf_PDC

testparm -s now executes without error.
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
===

you don't need these two lines in smb.conf anymore:
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

since you are using ldap and have ldap passwd sync = yes
---
This I found in the walk-through for combining samba/zimbra. I'm a bit novice
so I ran with it:
http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI#Configuring_Samba

I'll try to create a few new users without these lines.
===

also, your ldap admin dn is wrong.  what is it in your slapd.conf file? 
it should be something like  ldap admin dn = 
cn=Manager,dc=zmail,dc=ptest,dc=us
---
Actually this is correct for the zimbra implementation of openldap. I don't 
agree with getting so far away from a 'normal' OpenLDAP config but they must
have run into a snag along the way that necessitated this change.
===

did you do smbpasswd -w
---
Yes. It worked as expected. 
===

The error still persists.

# service smb status
smbd dead but pid file exists
nmbd (pid 31030) is running...

It only stays on for a few minutes after you start it, then dies. There is 
nothing dropped in any log. This makes me think that whatever it is - is fatal; 
for the life of me I can't imagine what would cause that.

T




--- awilliam at mdah.state.ms.us wrote:

From: Adam Williams <awilliam at mdah.state.ms.us>
To: todd_dsm at ssiresults.com
CC: samba at lists.samba.org
Subject: Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
Date: Fri, 27 Mar 2009 08:43:24 -0500

did you run testparm -s and look for errors in smb.conf? 

you don't need these two lines in smb.conf anymore:

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .


since you are using ldap and have ldap passwd sync = yes

also, your ldap admin dn is wrong.  what is it in your slapd.conf file? 
it should be something like  ldap admin dn = 
cn=Manager,dc=zmail,dc=ptest,dc=us

did you do smbpasswd -w

Todd E Thomas wrote:
> When I run this command I am not prompted for a password, I just get the below error.
>
> # smbclient -U root //zmail/homes
> Error connecting to 10.0.0.14 (Connection refused)
> Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED)
> ---
> Now for the back story:
>   CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware.
>
> I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch. 
>
> Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication.
>
> Is there such a resource?
>
> As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below.
>
> # service smb status
> smbd dead but pid file exists
> nmbd (pid 9072) is running...
>
>
> Thanks in advance,
>
> Todd E Thomas
> ===
> The host is zmail = 10.0.0.14
> ---
> [global]
>   netbios name = zmail
>   workgroup = OFFICE
>   security = user
>   server string = Palladium %v
>   wins support = yes
>   dns proxy = no
>   name resolve order = wins hosts lmhosts bcast
>   wins server = 10.0.0.14
>   log file = /var/log/samba/log.%m
>   log level = 6
>   max log size = 1000
>   syslog only = no
>   syslog = 0
>   panic action = /usr/share/samba/panic-action %d
>   enable privileges = yes
>   encrypt passwords = yes
> ## Use ldap for auth
>   ldap passwd sync = yes
>   passdb backend = ldapsam:ldaps://zmail.ptest.us/
> #  ldap port = 636
>   ldap admin dn = "cn=config"
>   ldap suffix = dc=ptest,dc=us
>   ldap group suffix = ou=groups
>   ldap user suffix = ou=people
>   ldap machine suffix = ou=machines
>   obey pam restrictions = no
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
>   domain master = yes
>   domain logons = yes
>   os level = 33
>   preferred master = yes
>   local master = yes
>   logon path = \\zmail.ptest.us\%U\profile
>   logon home = \\zmail.ptest.us\%U
>   add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
>   add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
>   socket options = TCP_NODELAY
> [homes]
>   comment = Home Directories
>   browseable = yes
>   read only = No
>   valid users = %S
> [netlogon]
>   comment = Network Logon Service
>   path = /export/netlogon
>   read only     = yes
>   write list = +ntadmin
>   locking = no
> ===
>

More information about the samba mailing list