[Samba] NT_STATUS_CONNECTION_REFUSED

Henry McLaughlin henry at incred.com.au
Wed Jan 27 10:07:48 UTC 2016 

On 27 January 2016 at 20:27, Rowland penny <rpenny at samba.org> wrote:

> On 27/01/16 01:03, Henry McLaughlin wrote:
>
>> On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote:
>>
>> On 26/01/16 20:54, Henry McLaughlin wrote:
>>>
>>> [root at centos7member ~]# net rpc rights list accounts
>>>> -U'TESTING\administrator'
>>>> Enter TESTING\administrator's password:
>>>> Could not connect to server 127.0.0.1
>>>> Connection failed: NT_STATUS_CONNECTION_REFUSED
>>>> [root at centos7member ~]#
>>>>
>>>>
>>>>
>>>> This looks like a dns problem, it is trying to connect to localhost
>>> instead of your DC, check /etc/resolv.conf and /etc/krb5.conf
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> [root at centos7pdc ~]# cat /etc/resolv.conf
>> search testing.domain.com.au
>> nameserver 192.168.1.10
>>
>> [root at centos7member ~]# cat /etc/krb5.conf
>> [logging]
>>   default = FILE:/var/log/krb5libs.log
>>   kdc = FILE:/var/log/krb5kdc.log
>>   admin_server = FILE:/var/log/kadmind.log
>>
>> [libdefaults]
>>   dns_lookup_realm = false
>>   ticket_lifetime = 24h
>>   renew_lifetime = 7d
>>   forwardable = true
>>   rdns = false
>> # default_realm = EXAMPLE.COM
>>   default_ccache_name = KEYRING:persistent:%{uid}
>>
>> [realms]
>> # EXAMPLE.COM = {
>> #  kdc = kerberos.example.com
>> #  admin_server = kerberos.example.com
>> # }
>>
>> [domain_realm]
>> # .example.com = EXAMPLE.COM
>> # example.com = EXAMPLE.COM
>>
>>
>> Looks like krb5.conf is unconfigured. Is there a Samba guide as to how
>> this
>> should be configured or a std template?
>>
>
> OK, I missed this before:
>
> you have in smb.conf:
>
>        username map = /etc/samba/user.map
>
> with the corresponding user.map
>
> !root = TESTING\Administrator TESTING\administrator
>
> you also posted:
>
> [root at centos7member ~]# getent passwd administrator
> administrator:*:10500:10513:Administrator:/home/administrator:/sbin/bash
>
> You are mapping Administrator to root, but have also given Administrator a
> uidNumber attribute (10500)
>
> I would suggest that you remove the uidNumber attribute (and any other
> rfc2307 attributes) from Administrators AD object and depend on the mapping
> instead. I am unsure if this will fix your problem, but it is a good place
> to start.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi Rowland, I understood that idmap rid did not need me to assign UIDs &
GIDs in ADUC as these were auto calculated based upon the sid. Accordingly
I have assigned NO unix attributes in ADUC.

More information about the samba mailing list