[Samba] ERROR:connection refused after provision

Felipe_G0NZÁLEZ_SANTIAG0 fgonzalez at uci.cu
Thu Nov 10 14:48:22 UTC 2016

See inline comments: 

----- Original Message -----

From: "Rowland Penny" <rpenny at samba.org> 
To: samba at lists.samba.org 
Sent: Tuesday, November 8, 2016 10:46:50 AM 
Subject: Re: [Samba] ERROR:connection refused after provision 

See inline comments: 

On Tue, 8 Nov 2016 09:08:34 -0500 (CST) 
Felipe_G0NZÁLEZ_SANTIAG0 via samba <samba at lists.samba.org> wrote: 

> Hello, I'm installing Samba4 AD from repo Ubuntu16.04. These are the 
> steps I've applied: 
> 1. editing fstab in EXT3 

Why are you using ext3 ? 

No, I'm not using EXT3, I'm using EXT4. I should've wrote edit fstab. So, I add 'defaults,barrier=1' in fstab. 

> 2. install dependencies ( acl attr quota fam libnet-ldap-perl ) 
> 3. install krb5-user, bind9, ntp, winbind, ldbtools and samba. 
> 4. remove smb.conf, if exists 
> 5. samba-tool provision 

How are provisioning ? 

#samba-tool domain provision --use-rfc2307 --realm=ejemplo.cu --domain=ejemplo --adminpass=free.2016 --server-role=dc --dns-backend=BIND9_DLZ --option="interfaces=lo enp0s3" --option="bind interfaces only=yes" 

> 6. Restart services bind9, ntp and samba 
> 7. config Bind9 (add 'include' in /etc/bind/named.conf.local ) 

Please post your bind9 conf files. 

This is my /etc/bind/named.conf content: 
include "/etc/bind/named.conf.options"; 
include "/etc/bind/named.conf.local"; 
include "/etc/bind/named.conf.default-zones"; 

This is my /etc/bind/named.conf.local content: 
include "/var/lib/samba/private/named.conf"; 

And This is my /etc/bind/named.conf.options content: 
options { 
directory "/var/cache/bind"; 

// If there is a firewall between you and nameservers you want 
// to talk to, you may need to fix the firewall to allow multiple 
// ports to talk. See http://www.kb.cert.org/vuls/id/800113 

// If your ISP provided one or more IP addresses for stable 
// nameservers, you probably want to use them as forwarders. 
// Uncomment the following block, and insert the addresses replacing 
// the all-0's placeholder. 

// forwarders { 
// }; 

// If BIND logs error messages about the root key being expired, 
// you will need to update your keys. See https://www.isc.org/bind-keys 
dnssec-validation auto; 

auth-nxdomain no; # conform to RFC1035 
listen-on-v6 { any; }; 


> 8. set permissions to bind9 
> 9. set nameserver in resolv.conf 

What are you setting the nameserver to ? 

The resolv.conf content is: 
domain ejemplo.cu 


> 10. edit apparmor profile 
> 11. config Kerberos ( ln 
> -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf ) 12. set ntp 
> permissions 13. config ntp.conf 
> THEN::: 
> add reverse zone 
> #samba-tool dns zonecreate 3.53.10.in-addr.arpa 
> -UAdministrator%free.2016 

Try it like this: 

samba-tool dns zonecreate 3.53.10.in-addr.arpa -UAdministrator 



Notice that after provisioning and configuring ntp, krb and bind9 services when I try to create the DNS reverse zone I got this 'connection refused' error. Then, I reboot the server I all work fine. My point is that I need this work fine without rebooting. 

The University of Informatics Sciences invites you to participate in the Scientific Conference UCIENCIA 2016, November 24-26.
Conferencia Científica UCIENCIA 2016, del 24 al 26 de noviembre.

More information about the samba mailing list