Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] NT_STATUS_CONNECTION_REFUSED
2,013 views
Skip to first unread message
Bob of Donelson Trophy
Feb 25, 2015, 1:20:04 PM2/25/15
to
Louis,
I ran your "1-setup-sernet-samba4-ADDC-wheezy.sh" script and noticed
this (during install:)
==========SE Privileges ===============================
Enter administrator's password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED
This is my /etc/resolv.conf:
root@dc01:~# cat /etc/resolv.conf
search dts***m.dt
nameserver 192.168.1xx.x51
Should "127.0.0.1" also be listed in the /etc/resolv.conf?
--
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
Links:
------
[1] http://www.donelsontrophy.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Tim
Feb 25, 2015, 2:50:04 PM2/25/15
to
Hey Bob,
DC or Memberserver?
Possibly this would help:
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
Regards
Tim
BTW: Louis has to get an award ;-)
DC or Memberserver?
Possibly this would help:
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
Regards
Tim
BTW: Louis has to get an award ;-)
Bob of Donelson Trophy
Feb 25, 2015, 3:10:03 PM2/25/15
to
DC
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
On 2015-02-25 13:45, Tim wrote:
> Hey Bob,
>
> DC or Memberserver?
>
> Possibly this would help:
> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting [3]
> Hey Bob,
>
> DC or Memberserver?
>
> Possibly this would help:
>
> Regards
> Tim
>
> BTW: Louis has to get an award ;-)
>
> Am 25. Februar 2015 19:09:46 MEZ, schrieb Bob of Donelson Trophy <b...@donelsontrophy.net>:
>
>> Louis, I ran your "1-setup-sernet-samba4-ADDC-wheezy.sh" script and noticed this (during install:) ==========SE Privileges =============================== Enter administrator's password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_CONNECTION_REFUSED This is my /etc/resolv.conf: root@dc01:~# cat /etc/resolv.conf search dts***m.dt nameserver 192.168.1xx.x51 Should "127.0.0.1" also be listed in the /etc/resolv.conf? -- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" Links: ------ [1] http://www.donelsontrophy.com [1] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [2]
> Regards
> Tim
>
> BTW: Louis has to get an award ;-)
>
> Am 25. Februar 2015 19:09:46 MEZ, schrieb Bob of Donelson Trophy <b...@donelsontrophy.net>:
>
[2] https://lists.samba.org/mailman/options/samba
[3] https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
Marc Muehlfeld
Feb 25, 2015, 3:30:04 PM2/25/15
to
Hello Bob,
Am 25.02.2015 um 19:09 schrieb Bob of Donelson Trophy:
> I ran your "1-setup-sernet-samba4-ADDC-wheezy.sh" script and noticed
> this (during install:)
>
> ==========SE Privileges ===============================
> Enter administrator's password:
> Could not connect to server 127.0.0.1
> Connection failed: NT_STATUS_CONNECTION_REFUSED
I don't know this script. But if it says connection refused, I'm sure, that
a) there's a firewall preventing connection
b) the service you try to connect to, isn't listening on localhost
To check b):
https://wiki.samba.org/index.php/Samba_port_usage#Identify_on_which_ports_and_interfaces_Samba_is_listening
Regards,
Marc
Am 25.02.2015 um 19:09 schrieb Bob of Donelson Trophy:
> I ran your "1-setup-sernet-samba4-ADDC-wheezy.sh" script and noticed
> this (during install:)
>
> ==========SE Privileges ===============================
> Enter administrator's password:
> Could not connect to server 127.0.0.1
> Connection failed: NT_STATUS_CONNECTION_REFUSED
a) there's a firewall preventing connection
b) the service you try to connect to, isn't listening on localhost
To check b):
https://wiki.samba.org/index.php/Samba_port_usage#Identify_on_which_ports_and_interfaces_Samba_is_listening
Regards,
Marc
Tim
Feb 25, 2015, 3:50:04 PM2/25/15
to
You can try to bind the interfaces including localhost.
That worked for me.
That worked for me.
Bob of Donelson Trophy
Feb 25, 2015, 4:40:06 PM2/25/15
to
I had to go do something else and have returned. I discovered that I
hadn't gone back far enough. This complaint first appears here:
==========Enable bind gssapi and bind9_DLZ
===============================
[....] Stopping domain name service...: bind9rndc: connect failed:
127.0.0.1#953: connection refused
. ok
[ ok ] Starting domain name service...: bind9.
Notice the "refused" appearance. As there is no firewall on this
machine, yet, port 953 is not blocked.
This DC appears to operating correctly despite this. This may be a
'bind9' issue? Or?
---
www.donelsontrophy.com [3]
"Everyone deserves an award!!"
On 2015-02-25 14:41, Tim wrote:
> You can try to bind the interfaces including localhost.
>
> That worked for me.
>
> Am 25. Februar 2015 21:20:05 MEZ, schrieb Marc Muehlfeld <mmueh...@samba.org>:
Links:
------
[1]
https://wiki.samba.org/index.php/Samba_port_usage#Identify_on_which_ports_and_interfaces_Samba_is_listening
[2] https://lists.samba.org/mailman/options/samba
[3] http://www.donelsontrophy.com
Marc Muehlfeld
Feb 25, 2015, 5:00:03 PM2/25/15
to
Am 25.02.2015 um 22:38 schrieb Bob of Donelson Trophy:
>
>
> I had to go do something else and have returned. I discovered that I
> hadn't gone back far enough. This complaint first appears here:
>
> ==========Enable bind gssapi and bind9_DLZ
> ===============================
> [....] Stopping domain name service...: bind9rndc: connect failed:
> 127.0.0.1#953: connection refused
> . ok
> [ ok ] Starting domain name service...: bind9.
>
> Notice the "refused" appearance. As there is no firewall on this
> machine, yet, port 953 is not blocked.
>
> This DC appears to operating correctly despite this. This may be a
> 'bind9' issue? Or?
You didn't answered my question. Have you checked via netstat, that port
>
>
> I had to go do something else and have returned. I discovered that I
> hadn't gone back far enough. This complaint first appears here:
>
> ==========Enable bind gssapi and bind9_DLZ
> ===============================
> [....] Stopping domain name service...: bind9rndc: connect failed:
> 127.0.0.1#953: connection refused
> . ok
> [ ok ] Starting domain name service...: bind9.
>
> Notice the "refused" appearance. As there is no firewall on this
> machine, yet, port 953 is not blocked.
>
> This DC appears to operating correctly despite this. This may be a
> 'bind9' issue? Or?
953 is listening on localhost?
Rowland Penny
Feb 25, 2015, 5:10:02 PM2/25/15
to
On 25/02/15 21:38, Bob of Donelson Trophy wrote:
>
>
> I had to go do something else and have returned. I discovered that I
> hadn't gone back far enough. This complaint first appears here:
>
> ==========Enable bind gssapi and bind9_DLZ
> ===============================
> [....] Stopping domain name service...: bind9rndc: connect failed:
> 127.0.0.1#953: connection refused
> . ok
> [ ok ] Starting domain name service...: bind9.
>
> Notice the "refused" appearance. As there is no firewall on this
> machine, yet, port 953 is not blocked.
>
> This DC appears to operating correctly despite this. This may be a
> 'bind9' issue? Or?
>
Hi Bob, That is a bug in Louis's script (sorry Louis, but it is )
>
>
> I had to go do something else and have returned. I discovered that I
> hadn't gone back far enough. This complaint first appears here:
>
> ==========Enable bind gssapi and bind9_DLZ
> ===============================
> [....] Stopping domain name service...: bind9rndc: connect failed:
> 127.0.0.1#953: connection refused
> . ok
> [ ok ] Starting domain name service...: bind9.
>
> Notice the "refused" appearance. As there is no firewall on this
> machine, yet, port 953 is not blocked.
>
> This DC appears to operating correctly despite this. This may be a
> 'bind9' issue? Or?
>
If you look at line 294:
service bind9 stop
Then at line 449:
service bind9 stop && service bind9 start
There is nothing between those lines that starts Bind, so when the
second line tries to stop bind9, there is is nothing to stop, so of
course it gets refused :-)
If you look a bit further, where resolv.conf gets set, there is this:
cat << EOF > /etc/resolv.conf
search ${SETDNSDOMAIN}
domain ${SETDNSDOMAIN}
nameserver ${SETIPDC1}
EOF
Now, if you use both 'search' & 'domain' in resolv.conf, which ever is
second wins, as they are mutually exclusive (see 'man resolv.conf)
Remove the domain line
Have you tried running the line that failed manually ?
echo ${SETNTPASSWD}| net rpc rights grant ${SETNTDOM}\\"Domain Admins"
SeDiskOperatorPrivilege -UAdministrator
Rowland
Bob of Donelson Trophy
Feb 25, 2015, 5:40:04 PM2/25/15
to
No, I haven't but, I will.
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
On 2015-02-25 15:50, Marc Muehlfeld wrote:
> Am 25.02.2015 um 22:38 schrieb Bob of Donelson Trophy:
>
>> I had to go do something else and have returned. I discovered that I hadn't gone back far enough. This complaint first appears here: ==========Enable bind gssapi and bind9_DLZ =============================== [....] Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused . ok [ ok ] Starting domain name service...: bind9. Notice the "refused" appearance. As there is no firewall on this machine, yet, port 953 is not blocked. This DC appears to operating correctly despite this. This may be a 'bind9' issue? Or?
>
> You didn't answered my question. Have you checked via netstat, that port
> 953 is listening on localhost?
>
> Regards,
> Marc
Bob of Donelson Trophy
Feb 25, 2015, 5:40:04 PM2/25/15
to
Thanks Rowland.
I have modified Louis' script slightly. My /etc/resolv.conf looks like:
root@dc01:~# cat /etc/resolv.conf
search dts***m.dt
nameserver 192.168.1xx.x51
have learned here through the mailing list. (Haven't shared this fact
with Louis. Figured he was busy working on newer scripts so what would
be the point.)
I found one of your older posts where there was discussion that
127.0.0.1 needs to be included in the /etc/resolv.conf file but the
reference was in a two DC situation. Where each DC is resolving against
the other. I do not think that applies in my situation.
I will try the line (that failed) manually and report back and look into
the area of the script you mentioned.
Good night.
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
Reindl Harald
Feb 25, 2015, 5:50:04 PM2/25/15
to
Am 25.02.2015 um 23:39 schrieb Bob of Donelson Trophy:
> No, I haven't but, I will
netstat --numeric-hosts --numeric-ports --programs -u -t -l
that's the first in case of connection troubles because until that
confirms a service is listening the firewall is not part of the game
Bob of Donelson Trophy
Feb 25, 2015, 6:50:03 PM2/25/15
to
I am sorry I did not have the netstat command in my head.
Here it is:
root@dc01:~# netstat --numeric-hosts --numeric-ports --programs -u -t -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
>>snip <<
tcp 0 0 192.168.1xx.x51:53 0.0.0.0:* LISTEN 5608/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5608/named
>>snip<<
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5608/named
>>big snip<<
udp 0 0 192.168.1xx.x51:53 0.0.0.0:* 5608/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 5608/named
>>snip<<
udp6 0 0 :::35107 :::* 1676/rpc.statd
udp6 0 0 :::972 :::* 1645/rpcbind
udp6 0 0 :::111 :::* 1645/rpcbind
I have not install ufw on this Debian machine, yet.
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
Bob of Donelson Trophy
Feb 25, 2015, 10:10:04 PM2/25/15
to
Rowland,
It appears that you were "right on."
I removed the "service bind9 stop &&" from line 449 (as bind9 was
already stopped, why stop it again) and ran the script on my VM. All the
"NT_STATUS_CONNECTION_REFUSED" warnings were gone.
Thanks!!
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
On 2015-02-25 16:04, Rowland Penny wrote:
L.P.H. van Belle
Feb 26, 2015, 3:20:05 AM2/26/15
to
aha ...
;-)
netstat --numeric-hosts --numeric-ports --programs -u -t -l
i didnt see samba running.. ;-)
>I removed the "service bind9 stop &&" from line 449 (as bind9 was
>already stopped, why stop it again) and ran the script on my
>VM. All the "NT_STATUS_CONNECTION_REFUSED" warnings were gone.
but.. the NT_STATUS_CONNECTION_REFUSED is a samba message not bind,
and does not involve any thing with bind, stopping it 2 x times does not do anything..
The service bind9 stop && service bind9 start was the problem yes,
I should have put these on 2 lines and dont use the &&
this wil be changed in the new version and improved.
Im stopping bind there 2 times yes, this is because i noticed that
a few times bind wasnt stopped correctly, and stopping it 2 times worked.
But good to know you nailed it.
;-)
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: b...@donelsontrophy.net
>[mailto:samba-...@lists.samba.org] Namens Bob of Donelson Trophy
>Verzonden: donderdag 26 februari 2015 4:03
>Aan: sa...@lists.samba.org
>Onderwerp: [Samba] SOLVED Re: NT_STATUS_CONNECTION_REFUSED
;-)
netstat --numeric-hosts --numeric-ports --programs -u -t -l
>I removed the "service bind9 stop &&" from line 449 (as bind9 was
>already stopped, why stop it again) and ran the script on my
>VM. All the "NT_STATUS_CONNECTION_REFUSED" warnings were gone.
and does not involve any thing with bind, stopping it 2 x times does not do anything..
The service bind9 stop && service bind9 start was the problem yes,
I should have put these on 2 lines and dont use the &&
this wil be changed in the new version and improved.
Im stopping bind there 2 times yes, this is because i noticed that
a few times bind wasnt stopped correctly, and stopping it 2 times worked.
But good to know you nailed it.
;-)
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: b...@donelsontrophy.net
>[mailto:samba-...@lists.samba.org] Namens Bob of Donelson Trophy
>Verzonden: donderdag 26 februari 2015 4:03
>Aan: sa...@lists.samba.org
>Onderwerp: [Samba] SOLVED Re: NT_STATUS_CONNECTION_REFUSED
Rowland Penny
Feb 26, 2015, 4:00:03 AM2/26/15
to
On 26/02/15 08:15, L.P.H. van Belle wrote:
> aha ...
>
> ;-)
>
> netstat --numeric-hosts --numeric-ports --programs -u -t -l
> i didnt see samba running.. ;-)
>
>
>> I removed the "service bind9 stop &&" from line 449 (as bind9 was
>> already stopped, why stop it again) and ran the script on my
>> VM. All the "NT_STATUS_CONNECTION_REFUSED" warnings were gone.
> but.. the NT_STATUS_CONNECTION_REFUSED is a samba message not bind,
> and does not involve any thing with bind, stopping it 2 x times does not do anything..
>
> The service bind9 stop && service bind9 start was the problem yes,
> I should have put these on 2 lines and dont use the &&
> this wil be changed in the new version and improved.
Ah, but the '&&' means that bind9 would only get started if the command
> aha ...
>
> ;-)
>
> netstat --numeric-hosts --numeric-ports --programs -u -t -l
> i didnt see samba running.. ;-)
>
>
>> I removed the "service bind9 stop &&" from line 449 (as bind9 was
>> already stopped, why stop it again) and ran the script on my
>> VM. All the "NT_STATUS_CONNECTION_REFUSED" warnings were gone.
> but.. the NT_STATUS_CONNECTION_REFUSED is a samba message not bind,
> and does not involve any thing with bind, stopping it 2 x times does not do anything..
>
> The service bind9 stop && service bind9 start was the problem yes,
> I should have put these on 2 lines and dont use the &&
> this wil be changed in the new version and improved.
on the left finished without an error and as it errored out because
there was nothing to stop.......
>
> Im stopping bind there 2 times yes, this is because i noticed that
> a few times bind wasnt stopped correctly, and stopping it 2 times worked.
required, do something, what about:
BINDTEST=$(ps ax | grep [n]amed)
if [ -n "${BINDTEST}" ]; then
# Bind9 is still running
service bind9 stop
sleep 2
service bind9 start
else
# Bind9 is not running
service bind9 start
fi
Rowland
> But good to know you nailed it.
>
>
> ;-)
>
> Greetz,
>
> Louis
>
>
>
Bob of Donelson Trophy
Feb 26, 2015, 7:30:03 AM2/26/15
to
I agree with both of you.
Louis,
Seemed logical that in some instances bind9 did (or does not) not
shutdown as instructed in line 190-whatever (don't remember exact line
number, but . . .)
And so,
My thinking (late last night) was an insertion into the script that
"asked" if bind9 is running and if so then "service bind9 stop" to stop
it. Rowland, you made your suggestion.
When I ran the modified script on the VM and there were no
"NT_STATUS_CONNECTION_REFUSED" warnings near the end of the script run.
My mods were simple but satisfied my need. Rowland script idea is wiser
and better covers the "what if" scenario if bind9 didn't stop as
instructed at line 190-ish.
It can be difficult to predict all the "what if" scenarios a script may
encounter.
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
0 new messages