Rowland Penny rowlandpenny at googlemail.com
Wed Feb 25 15:04:33 MST 2015

On 25/02/15 21:38, Bob of Donelson Trophy wrote:
> I had to go do something else and have returned. I discovered that I
> hadn't gone back far enough. This complaint first appears here:
> ==========Enable bind gssapi and bind9_DLZ
> ===============================
> [....] Stopping domain name service...: bind9rndc: connect failed:
> connection refused
> . ok
> [ ok ] Starting domain name service...: bind9.
> Notice the "refused" appearance. As there is no firewall on this
> machine, yet, port 953 is not blocked.
> This DC appears to operating correctly despite this. This may be a
> 'bind9' issue? Or?
Hi Bob, That is a bug in Louis's script (sorry Louis, but it is )

If you look at line 294:

service bind9 stop

Then at line 449:

service bind9 stop && service bind9 start

There is nothing between those lines that starts Bind, so when the 
second line tries to stop bind9, there is is nothing to stop, so of 
course it gets refused :-)

If you look a bit further, where resolv.conf gets set, there is this:

cat << EOF > /etc/resolv.conf
nameserver ${SETIPDC1}

Now, if you use both 'search' & 'domain' in resolv.conf, which ever is 
second wins, as they are mutually exclusive (see 'man resolv.conf)

Remove the domain line

Have you tried running the line that failed manually ?

echo ${SETNTPASSWD}| net rpc rights grant ${SETNTDOM}\\"Domain Admins" 
SeDiskOperatorPrivilege -UAdministrator


More information about the samba mailing list