Bob of Donelson Trophy bob at donelsontrophy.net
Wed Feb 25 20:03:20 MST 2015



It appears that you were "right on." 

I removed the "service bind9 stop &&" from line 449 (as bind9 was
already stopped, why stop it again) and ran the script on my VM. All the
"NT_STATUS_CONNECTION_REFUSED" warnings were gone. 




Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-02-25 16:04, Rowland Penny wrote: 

> On 25/02/15 21:38, Bob of Donelson Trophy wrote:
>> I had to go do something else and have returned. I discovered that I hadn't gone back far enough. This complaint first appears here: ==========Enable bind gssapi and bind9_DLZ =============================== [....] Stopping domain name service...: bind9rndc: connect failed: connection refused . ok [ ok ] Starting domain name service...: bind9. Notice the "refused" appearance. As there is no firewall on this machine, yet, port 953 is not blocked. This DC appears to operating correctly despite this. This may be a 'bind9' issue? Or?
> Hi Bob, That is a bug in Louis's script (sorry Louis, but it is )
> If you look at line 294:
> service bind9 stop
> Then at line 449:
> service bind9 stop && service bind9 start
> There is nothing between those lines that starts Bind, so when the second line tries to stop bind9, there is is nothing to stop, so of course it gets refused :-)
> If you look a bit further, where resolv.conf gets set, there is this:
> cat << EOF > /etc/resolv.conf
> search ${SETDNSDOMAIN}
> domain ${SETDNSDOMAIN}
> nameserver ${SETIPDC1}
> Now, if you use both 'search' & 'domain' in resolv.conf, which ever is second wins, as they are mutually exclusive (see 'man resolv.conf)
> Remove the domain line
> Have you tried running the line that failed manually ?
> echo ${SETNTPASSWD}| net rpc rights grant ${SETNTDOM}\"Domain Admins" SeDiskOperatorPrivilege -UAdministrator
> Rowland

[1] http://www.donelsontrophy.com

More information about the samba mailing list