[Samba] port 135 - NT_STATUS_CONNECTION_REFUSED
Bob of Donelson Trophy
bob at donelsontrophy.net
Sun Dec 4 17:01:33 UTC 2016
On 2016-12-04 10:25, Rowland Penny via samba wrote:
> On Sun, 04 Dec 2016 09:43:25 -0600
> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>
> On 2016-12-04 09:11, Rowland Penny via samba wrote:
>
> On Sun, 04 Dec 2016 08:01:09 -0600
> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>
> I have two DC's running Samba 4.5.0 and the "dtdc03" log.samba is
> showing the following:
>
> root at dtdc03:~# tail -f /usr/local/samba/var/log.samba
> [2016/12/01 10:14:39.167794, 0]
> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
> Failed to connect host 192.168.16.50
> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
> 135 - NT_STATUS_CONNECTION_REFUSED.
> [2016/12/01 10:14:39.212551, 0]
> ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
> Failed to connect host 192.168.16.50 on port 135 -
> NT_STATUS_CONNECTION_REFUSED
> [2016/12/01 10:14:39.212757, 0]
> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
> Failed to connect host 192.168.16.50
> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
> 135 - NT_STATUS_CONNECTION_REFUSED.
> [2016/12/01 10:14:39.258017, 0]
> ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
> Failed to connect host 192.168.16.50 on port 135 -
> NT_STATUS_CONNECTION_REFUSED
> [2016/12/01 10:14:39.258234, 0]
> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
> Failed to connect host 192.168.16.50
> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
> 135 - NT_STATUS_CONNECTION_REFUSED.
>
> So, I found the "Verifying_and_Creating_a_DC_DNS_Record" page of
> the wiki and ran:
>
> root at dtdc03:~# ldbsearch -H /usr/local/samba/private/sam.ldb
> '(invocationId=*)' --cross-ncs objectguid
> # record 1
> dn: CN=NTDS
> Settings,CN=DTDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dtshrm,DC=dt
> objectGUID: d3298cdc-aed1-48e6-b8fc-f3cdb80b1066
>
> # record 2
> dn: CN=NTDS
> Settings,CN=DTDC04,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dtshrm,DC=dt
> objectGUID: aa03011a-94c2-4c52-bc60-6fd2f75d35e5
>
> # returned 2 records
> # 2 entries
> # 0 referrals
>
> And then ran:
>
> root at dtdc03:~# host -t CNAME
> aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt.
> aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt is an alias
> for dtdc04.dtshrm.dt.
>
> The objectGUID string matches. How do I correct this log entry and
> resolve the "NT_STATUS_CONNECTION_REFUSED?
> OK, is your DC listening on port 135 ?
> Run this on the DC:
>
> netstat -plnt | grep 135
>
> It should return something like this:
>
> tcp 0 0 0.0.0.0:135 0.0.0.0:*
> LISTEN 2093/samba tcp6 0
> 0 :::135 :::* LISTEN
> 2093/samba
>
> What is the 'server services' line in smb.conf ?
>
> Rowland
Here is the output from "netstat -plnt | grep 135":
root at dtdc03:~# netstat -plnt | grep 135
tcp 0 0 192.168.16.49:135 0.0.0.0:*
LISTEN 1142/samba
tcp 0 0 127.0.0.1:135 0.0.0.0:*
LISTEN 1142/samba
Here are both DC's smb.conf files:
root at dtdc03:~# cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = DTDC03
realm = DTSHRM.DT
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = DTDOM
server role = active directory domain controller
time server = yes
## log level = 5
interfaces = 127.0.0.1 192.168.16.49
bind interfaces only = yes
allow dns updates = nonsecure and secure
dns forwarder = 192.168.16.49
# Thanks to Lars for this fix, it stops the syslog
# being spammed by the lack of a CUPS server.
printing = CUPS
printcap name = /dev/null
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dtshrm.dt/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
root at dtdc04:~# cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = DTDC04
realm = DTSHRM.DT
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = DTDOM
server role = active directory domain controller
time server = yes
### log level = 5
interfaces = 127.0.0.1 192.168.16.50
bind interfaces only = yes
allow dns updates = nonsecure and secure
dns forwarder = 192.168.16.50
# Thanks to Lars for this fix, it stops the syslog
# being spammed by the lack of a CUPS server.
printing = CUPS
printcap name = /dev/null
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dtshrm.dt/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Your thoughts?
You seem to be using Bind9, so you don't need the 'dns forwarder' lines
If you only have one network device installed in the DCs, I would also
loose the 'interfaces' & 'bind interfaces only' lines
I would add this line on each DC:
idmap_ldb:use rfc2307 = yes
Rowland
Thanks Rowland. Making those suggested adjustments has made both
"log.samba" files say the same:
root at dtdc03:~# tail -f /usr/local/samba/var/log.samba
samba: setproctitle not initialized, please either call
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call
setproctitle_init() or link against libbsd-ctor.
[2016/12/04 10:43:52.125952, 0]
../lib/util/become_daemon.c:124(daemon_ready)
samba: setproctitle not initialized, please either call
setproctitle_init() or link against libbsd-ctor.
STATUS=daemon 'samba' finished starting up and ready to serve
connections
The "NT_STATUS_CONNECTION_REFUSED" reference are gone.
In a previous post, I believe you suggested that this
"setproctitle_init()" log complaint could be ignored.
Once again, thanks for everyones help.
--
_______________________________
Bob Wooden of Donelson Trophy
More information about the samba
mailing list