[Samba] NT_STATUS_CONNECTION_REFUSED

Bob of Donelson Trophy bob at donelsontrophy.net
Wed Feb 25 15:32:23 MST 2015 

 

Thanks Rowland. 

I have modified Louis' script slightly. My /etc/resolv.conf looks like: 

root at dc01:~# cat /etc/resolv.conf
search dts***m.dt
nameserver 192.168.1xx.x51 

So, as you can see this is one little change I made because of what I
have learned here through the mailing list. (Haven't shared this fact
with Louis. Figured he was busy working on newer scripts so what would
be the point.) 

I found one of your older posts where there was discussion that
127.0.0.1 needs to be included in the /etc/resolv.conf file but the
reference was in a two DC situation. Where each DC is resolving against
the other. I do not think that applies in my situation. 

I will try the line (that failed) manually and report back and look into
the area of the script you mentioned. 

Good night. 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-02-25 16:04, Rowland Penny wrote: 

> On 25/02/15 21:38, Bob of Donelson Trophy wrote:
> 
>> I had to go do something else and have returned. I discovered that I hadn't gone back far enough. This complaint first appears here: ==========Enable bind gssapi and bind9_DLZ =============================== [....] Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused . ok [ ok ] Starting domain name service...: bind9. Notice the "refused" appearance. As there is no firewall on this machine, yet, port 953 is not blocked. This DC appears to operating correctly despite this. This may be a 'bind9' issue? Or?
> 
> Hi Bob, That is a bug in Louis's script (sorry Louis, but it is )
> 
> If you look at line 294:
> 
> service bind9 stop
> 
> Then at line 449:
> 
> service bind9 stop && service bind9 start
> 
> There is nothing between those lines that starts Bind, so when the second line tries to stop bind9, there is is nothing to stop, so of course it gets refused :-)
> 
> If you look a bit further, where resolv.conf gets set, there is this:
> 
> cat << EOF > /etc/resolv.conf
> search ${SETDNSDOMAIN}
> domain ${SETDNSDOMAIN}
> nameserver ${SETIPDC1}
> EOF
> 
> Now, if you use both 'search' & 'domain' in resolv.conf, which ever is second wins, as they are mutually exclusive (see 'man resolv.conf)
> 
> Remove the domain line
> 
> Have you tried running the line that failed manually ?
> 
> echo ${SETNTPASSWD}| net rpc rights grant ${SETNTDOM}\"Domain Admins" SeDiskOperatorPrivilege -UAdministrator
> 
> Rowland
 

Links:
------
[1] http://www.donelsontrophy.com

More information about the samba mailing list