[Samba] port 135 - NT_STATUS_CONNECTION_REFUSED

Bob of Donelson Trophy bob at donelsontrophy.net
Sun Dec 4 17:21:54 UTC 2016 

On 2016-12-04 11:01, Bob of Donelson Trophy via samba wrote:

> On 2016-12-04 10:25, Rowland Penny via samba wrote:
> 
>> On Sun, 04 Dec 2016 09:43:25 -0600
>> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>> 
>> On 2016-12-04 09:11, Rowland Penny via samba wrote:
>> 
>> On Sun, 04 Dec 2016 08:01:09 -0600
>> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>> 
>> I have two DC's running Samba 4.5.0 and the "dtdc03" log.samba is
>> showing the following: 
>> 
>> root at dtdc03:~# tail -f /usr/local/samba/var/log.samba
>> [2016/12/01 10:14:39.167794,  0]
>> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
>> Failed to connect host 192.168.16.50
>> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
>> 135 - NT_STATUS_CONNECTION_REFUSED.
>> [2016/12/01 10:14:39.212551,  0]
>> ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
>> Failed to connect host 192.168.16.50 on port 135 -
>> NT_STATUS_CONNECTION_REFUSED
>> [2016/12/01 10:14:39.212757,  0]
>> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
>> Failed to connect host 192.168.16.50
>> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
>> 135 - NT_STATUS_CONNECTION_REFUSED.
>> [2016/12/01 10:14:39.258017,  0]
>> ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
>> Failed to connect host 192.168.16.50 on port 135 -
>> NT_STATUS_CONNECTION_REFUSED
>> [2016/12/01 10:14:39.258234,  0]
>> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
>> Failed to connect host 192.168.16.50
>> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
>> 135 - NT_STATUS_CONNECTION_REFUSED. 
>> 
>> So, I found the "Verifying_and_Creating_a_DC_DNS_Record" page of
>> the wiki and ran: 
>> 
>> root at dtdc03:~# ldbsearch -H /usr/local/samba/private/sam.ldb
>> '(invocationId=*)' --cross-ncs objectguid
>> # record 1
>> dn: CN=NTDS
>> Settings,CN=DTDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dtshrm,DC=dt
>> objectGUID: d3298cdc-aed1-48e6-b8fc-f3cdb80b1066
>> 
>> # record 2
>> dn: CN=NTDS
>> Settings,CN=DTDC04,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dtshrm,DC=dt
>> objectGUID: aa03011a-94c2-4c52-bc60-6fd2f75d35e5
>> 
>> # returned 2 records
>> # 2 entries
>> # 0 referrals 
>> 
>> And then ran: 
>> 
>> root at dtdc03:~# host -t CNAME
>> aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt.
>> aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt is an alias
>> for dtdc04.dtshrm.dt. 
>> 
>> The objectGUID string matches. How do I correct this log entry and
>> resolve the "NT_STATUS_CONNECTION_REFUSED? 
>> OK, is your DC listening on port 135 ?
>> Run this on the DC:
>> 
>> netstat -plnt | grep 135
>> 
>> It should return something like this:
>> 
>> tcp        0      0 0.0.0.0:135             0.0.0.0:*
>> LISTEN      2093/samba tcp6       0
>> 0 :::135                  :::*                    LISTEN
>> 2093/samba      
>> 
>> What is the 'server services' line in smb.conf ?
>> 
>> Rowland
> 
> Here is the output from "netstat -plnt | grep 135": 
> 
> root at dtdc03:~# netstat -plnt | grep 135
> tcp        0      0 192.168.16.49:135       0.0.0.0:*              
> LISTEN      1142/samba      
> tcp        0      0 127.0.0.1:135           0.0.0.0:*              
> LISTEN      1142/samba 
> 
> Here are both DC's smb.conf files: 
> 
> root at dtdc03:~# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = DTDC03
> realm = DTSHRM.DT
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = DTDOM
> server role = active directory domain controller
> 
> time server = yes
> 
> ##    log level = 5
> 
> interfaces = 127.0.0.1    192.168.16.49
> bind interfaces only = yes
> 
> allow dns updates = nonsecure and secure 
> dns forwarder = 192.168.16.49
> 
> # Thanks to Lars for this fix, it stops the syslog
> # being spammed by the lack of a CUPS server.
> printing = CUPS
> printcap name = /dev/null
> 
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/dtshrm.dt/scripts
> read only = No
> 
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No 
> 
> root at dtdc04:~# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = DTDC04
> realm = DTSHRM.DT
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = DTDOM
> server role = active directory domain controller 
> 
> time server = yes 
> 
> ### log level = 5 
> 
> interfaces = 127.0.0.1 192.168.16.50
> bind interfaces only = yes 
> 
> allow dns updates = nonsecure and secure 
> dns forwarder = 192.168.16.50
> 
> # Thanks to Lars for this fix, it stops the syslog
> # being spammed by the lack of a CUPS server.
> printing = CUPS
> printcap name = /dev/null 
> 
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/dtshrm.dt/scripts
> read only = No 
> 
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No 
> 
> Your thoughts?
> 
> You seem to be using Bind9, so you don't need the 'dns forwarder' lines
> If you only have one network device installed in the DCs, I would also
> loose the 'interfaces' & 'bind interfaces only' lines
> 
> I would add this line on each DC:
> 
> idmap_ldb:use rfc2307 = yes
> 
> Rowland 
> 
>>>>>>>> My answer below 000000000000000000000000000000 
> 
> Thanks Rowland. Making those suggested adjustments has made both
> "log.samba" files say the same: 
> 
> root at dtdc03:~# tail -f /usr/local/samba/var/log.samba
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
> [2016/12/04 10:43:52.125952,  0]
> ../lib/util/become_daemon.c:124(daemon_ready)
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
> STATUS=daemon 'samba' finished starting up and ready to serve
> connections 
> 
> The "NT_STATUS_CONNECTION_REFUSED" reference are gone. 
> 
> In a previous post, I believe you suggested that this
> "setproctitle_init()" log complaint could be ignored. 
> 
> Once again, thanks for everyones help.
> 
> -- 
> _______________________________
> 
> Bob Wooden of Donelson Trophy

There went my email again. Sorry everybody. I know it makes replies
confusing.

-- 
_______________________________

Bob Wooden of Donelson Trophy

More information about the samba mailing list