[Samba] port 135 - NT_STATUS_CONNECTION_REFUSED
Bob of Donelson Trophy
bob at donelsontrophy.net
Sun Dec 4 17:21:54 UTC 2016
On 2016-12-04 11:01, Bob of Donelson Trophy via samba wrote:
> On 2016-12-04 10:25, Rowland Penny via samba wrote:
>
>> On Sun, 04 Dec 2016 09:43:25 -0600
>> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>>
>> On 2016-12-04 09:11, Rowland Penny via samba wrote:
>>
>> On Sun, 04 Dec 2016 08:01:09 -0600
>> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>>
>> I have two DC's running Samba 4.5.0 and the "dtdc03" log.samba is
>> showing the following:
>>
>> root at dtdc03:~# tail -f /usr/local/samba/var/log.samba
>> [2016/12/01 10:14:39.167794, 0]
>> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
>> Failed to connect host 192.168.16.50
>> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
>> 135 - NT_STATUS_CONNECTION_REFUSED.
>> [2016/12/01 10:14:39.212551, 0]
>> ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
>> Failed to connect host 192.168.16.50 on port 135 -
>> NT_STATUS_CONNECTION_REFUSED
>> [2016/12/01 10:14:39.212757, 0]
>> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
>> Failed to connect host 192.168.16.50
>> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
>> 135 - NT_STATUS_CONNECTION_REFUSED.
>> [2016/12/01 10:14:39.258017, 0]
>> ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
>> Failed to connect host 192.168.16.50 on port 135 -
>> NT_STATUS_CONNECTION_REFUSED
>> [2016/12/01 10:14:39.258234, 0]
>> ../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
>> Failed to connect host 192.168.16.50
>> (aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt) on port
>> 135 - NT_STATUS_CONNECTION_REFUSED.
>>
>> So, I found the "Verifying_and_Creating_a_DC_DNS_Record" page of
>> the wiki and ran:
>>
>> root at dtdc03:~# ldbsearch -H /usr/local/samba/private/sam.ldb
>> '(invocationId=*)' --cross-ncs objectguid
>> # record 1
>> dn: CN=NTDS
>> Settings,CN=DTDC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dtshrm,DC=dt
>> objectGUID: d3298cdc-aed1-48e6-b8fc-f3cdb80b1066
>>
>> # record 2
>> dn: CN=NTDS
>> Settings,CN=DTDC04,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dtshrm,DC=dt
>> objectGUID: aa03011a-94c2-4c52-bc60-6fd2f75d35e5
>>
>> # returned 2 records
>> # 2 entries
>> # 0 referrals
>>
>> And then ran:
>>
>> root at dtdc03:~# host -t CNAME
>> aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt.
>> aa03011a-94c2-4c52-bc60-6fd2f75d35e5._msdcs.dtshrm.dt is an alias
>> for dtdc04.dtshrm.dt.
>>
>> The objectGUID string matches. How do I correct this log entry and
>> resolve the "NT_STATUS_CONNECTION_REFUSED?
>> OK, is your DC listening on port 135 ?
>> Run this on the DC:
>>
>> netstat -plnt | grep 135
>>
>> It should return something like this:
>>
>> tcp 0 0 0.0.0.0:135 0.0.0.0:*
>> LISTEN 2093/samba tcp6 0
>> 0 :::135 :::* LISTEN
>> 2093/samba
>>
>> What is the 'server services' line in smb.conf ?
>>
>> Rowland
>
> Here is the output from "netstat -plnt | grep 135":
>
> root at dtdc03:~# netstat -plnt | grep 135
> tcp 0 0 192.168.16.49:135 0.0.0.0:*
> LISTEN 1142/samba
> tcp 0 0 127.0.0.1:135 0.0.0.0:*
> LISTEN 1142/samba
>
> Here are both DC's smb.conf files:
>
> root at dtdc03:~# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = DTDC03
> realm = DTSHRM.DT
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = DTDOM
> server role = active directory domain controller
>
> time server = yes
>
> ## log level = 5
>
> interfaces = 127.0.0.1 192.168.16.49
> bind interfaces only = yes
>
> allow dns updates = nonsecure and secure
> dns forwarder = 192.168.16.49
>
> # Thanks to Lars for this fix, it stops the syslog
> # being spammed by the lack of a CUPS server.
> printing = CUPS
> printcap name = /dev/null
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/dtshrm.dt/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> root at dtdc04:~# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = DTDC04
> realm = DTSHRM.DT
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = DTDOM
> server role = active directory domain controller
>
> time server = yes
>
> ### log level = 5
>
> interfaces = 127.0.0.1 192.168.16.50
> bind interfaces only = yes
>
> allow dns updates = nonsecure and secure
> dns forwarder = 192.168.16.50
>
> # Thanks to Lars for this fix, it stops the syslog
> # being spammed by the lack of a CUPS server.
> printing = CUPS
> printcap name = /dev/null
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/dtshrm.dt/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> Your thoughts?
>
> You seem to be using Bind9, so you don't need the 'dns forwarder' lines
> If you only have one network device installed in the DCs, I would also
> loose the 'interfaces' & 'bind interfaces only' lines
>
> I would add this line on each DC:
>
> idmap_ldb:use rfc2307 = yes
>
> Rowland
>
>>>>>>>> My answer below 000000000000000000000000000000
>
> Thanks Rowland. Making those suggested adjustments has made both
> "log.samba" files say the same:
>
> root at dtdc03:~# tail -f /usr/local/samba/var/log.samba
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
> [2016/12/04 10:43:52.125952, 0]
> ../lib/util/become_daemon.c:124(daemon_ready)
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
> STATUS=daemon 'samba' finished starting up and ready to serve
> connections
>
> The "NT_STATUS_CONNECTION_REFUSED" reference are gone.
>
> In a previous post, I believe you suggested that this
> "setproctitle_init()" log complaint could be ignored.
>
> Once again, thanks for everyones help.
>
> --
> _______________________________
>
> Bob Wooden of Donelson Trophy
There went my email again. Sorry everybody. I know it makes replies
confusing.
--
_______________________________
Bob Wooden of Donelson Trophy
More information about the samba
mailing list