osdc at mailbox.org
2017-Mar-28 14:22 UTC
[Samba] Failed to connect host xx on port 135 - NT_STATUS_CONNECTION_REFUSED
Hello there, I installed a dc1 using debian jessie-packages strictly following the samba-manual "Setting up Samba as an Active Directory Domain Controller". I installed a dc2 using debian jessie-packages, also strictly following the manual for "Joining a Samba DC to an Existing Active Directory". It worked for a few weeks but then it quit working without having changed the setup or making an update. I cannot demote it because it is quite an old samba: Version 4.2.14-Debian So I tried to repair it. The problem seems to be, that port 135 cannot be reached. my smb.conf on dc2 --- # Global parameters [global] workgroup = RUBENS realm = MUSEUM.RUBENS.WORLD netbios name = DC2 server role = active directory domain controller dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes printing = bsd printcap name = /etc/printcap username map = /etc/samba/user.map [netlogon] path = /var/lib/samba/sysvol/museum.rubens.world/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No --- The error message is: --- root at dc2:~# samba-tool drs showrepl Failed to connect host 192.168.0.123 on port 135 - NT_STATUS_CONNECTION_REFUSED Failed to connect host 192.168.0.123 (dc2.museum.rubens.world) on port 135 - NT_STATUS_CONNECTION_REFUSED. ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to dc2.museum.rubens.world failed - drsException: DRS connection to dc2.museum.rubens.world failed: (-1073741258, 'The connection was refused') File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 39, in drsuapi_connect (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds) File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54, in drsuapi_connect raise drsException("DRS connection to %s failed: %s" % (server, e)) --- It really does not listen: root at dc2:~# netstat -tulpan | grep "LISTEN" | grep "135" | wc -l 0 Why does Samba not listen on port 135 anymore? How can I teach it to start doing it again? Please help martin
Rowland Penny
2017-Mar-28 14:59 UTC
[Samba] Failed to connect host xx on port 135 - NT_STATUS_CONNECTION_REFUSED
On Tue, 28 Mar 2017 16:22:26 +0200 (CEST) martin via samba <samba at lists.samba.org> wrote:> Hello there, > > Version 4.2.14-Debian > > So I tried to repair it. The problem seems to be, that port 135 > cannot be reached. > > my smb.conf on dc2 > > --- > # Global parameters > [global] > > username map = /etc/samba/user.map >I am sure this has nothing to do with your problem, but you should remove the 'username map' line, it has no place on a DC.> > It really does not listen: > > root at dc2:~# netstat -tulpan | grep "LISTEN" | grep "135" | wc -l > 0 > > Why does Samba not listen on port 135 anymore? How can I teach it to > start doing it again?It should be listening on port 135, is there a firewall in the way ? What daemons are running ? What is in /etc/resolv.conf /etc/hosts /etc/krb5.conf ? Rowland
osdc at mailbox.org
2017-Mar-28 15:31 UTC
[Samba] Failed to connect host xx on port 135 - NT_STATUS_CONNECTION_REFUSED
Hello Rowland,>> --- >> # Global parameters >> [global] >> >> username map = /etc/samba/user.map >> > > I am sure this has nothing to do with your problem, but you should > remove the 'username map' line, it has no place on a DC. >ok, did so.>> >> It really does not listen: >> >> root at dc2:~# netstat -tulpan | grep "LISTEN" | grep "135" | wc -l >> 0 >> >> Why does Samba not listen on port 135 anymore? How can I teach it to >> start doing it again? > > It should be listening on port 135, is there a firewall in the way ?No: root at dc2:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination> What daemons are running ?root at dc2:~# pstree systemd─┬─acpid ├─agetty ├─atd ├─cron ├─dbus-daemon ├─exim4 ├─named───4*[{named}] ├─ntpd ├─rpc.idmapd ├─rpc.statd ├─rpcbind ├─rsyslogd─┬─{in:imklog} │ ├─{in:imuxsock} │ └─{rs:main Q:Reg} ├─samba───smbd───smbd ├─samba───winbindd───winbindd ├─sshd───sshd───sshd───bash───su───bash───pstree ├─systemd-journal ├─systemd-logind └─systemd-udevd> What is in /etc/resolv.confroot at dc2:~# cat /etc/resolv.conf domain museum.rubens.world nameserver 192.168.0.241 nameserver 192.168.0.242> /etc/hosts /etc/krb5.conf ?root at dc2:~# cat /etc/hosts 127.0.0.1 localhost 192.168.0.241 dc1.museum.rubens.world dc1 192.168.0.243 samba-fs.museum.rubens.world samba-fs # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters -- Thank you for your quick reply. martin
Rowland Penny
2017-Mar-28 15:45 UTC
[Samba] Failed to connect host xx on port 135 - NT_STATUS_CONNECTION_REFUSED
On Tue, 28 Mar 2017 17:12:33 +0200 (CEST) Martin Hauptmann <post at mailbox.org> wrote:> > > What daemons are running ? > > root at dc2:~# pstree > systemd─┬─acpid > ├─agetty > ├─atd > ├─cron > ├─dbus-daemon > ├─exim4 > ├─named───4*[{named}] > ├─ntpd > ├─rpc.idmapd > ├─rpc.statd > ├─rpcbind > ├─rsyslogd─┬─{in:imklog} > │ ├─{in:imuxsock} > │ └─{rs:main Q:Reg} > ├─samba───smbd───smbd > ├─samba───winbindd───winbindd > ├─sshd───sshd───sshd───bash───su───bash───pstree > ├─systemd-journal > ├─systemd-logind > └─systemd-udevd > >Why is Bind9 running ? You are not using it for Samba.> > What is in /etc/resolv.conf > > root at dc2:~# cat /etc/resolv.conf > domain museum.rubens.world > nameserver 192.168.0.241 > nameserver 192.168.0.242 >I would replace 'domain' with 'search'> > > /etc/hosts /etc/krb5.conf ? > > root at dc2:~# cat /etc/hosts > 127.0.0.1 localhost > 192.168.0.241 dc1.museum.rubens.world dc1 > 192.168.0.243 samba-fs.museum.rubens.world samba-fs >Apart from '127.0.0.1' the only thing that should be there, isn't 192.168.0.242 dc2.museum.rubens.world dc2 I take it '192.168.0.242' is the IP for dc2 /etc/krb5.conf ??? Try fixing the above and then restart Samba. Rowland
osdc at mailbox.org
2017-Mar-28 15:57 UTC
[Samba] Failed to connect host xx on port 135 - NT_STATUS_CONNECTION_REFUSED
> Rowland Penny via samba <samba at lists.samba.org> hat am 28. März 2017 um 17:45 geschrieben:> > > What daemons are running ? > > > > root at dc2:~# pstree > > systemd─┬─acpid > > ├─agetty > > ├─atd > > ├─cron > > ├─dbus-daemon > > ├─exim4 > > ├─named───4*[{named}] > > ├─ntpd > > ├─rpc.idmapd > > ├─rpc.statd > > ├─rpcbind > > ├─rsyslogd─┬─{in:imklog} > > │ ├─{in:imuxsock} > > │ └─{rs:main Q:Reg} > > ├─samba───smbd───smbd > > ├─samba───winbindd───winbindd > > ├─sshd───sshd───sshd───bash───su───bash───pstree > > ├─systemd-journal > > ├─systemd-logind > > └─systemd-udevd > > > > > > Why is Bind9 running ? > You are not using it for Samba. >That was it. Thank you. apt-get remove bind9, reboot --> works. I installed it when I tried to repair it after it quit working. I tried bind9 instead of builtin. Forgot to uninstall. Thank you, that went quick. martin
Reasonably Related Threads
- Failed to connect host xx on port 135 - NT_STATUS_CONNECTION_REFUSED
- Failed to enumerate objects in the container. Access is denied.
- Failed to enumerate objects in the container. Access is denied.
- Exists some problem with cronjobs under CentOS7
- Failed to connect host on port 135 - NT_STATUS_CONNECTION_REFUSED