Todd E Thomas
2009-Mar-27 02:48 UTC
[Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
When I run this command I am not prompted for a password, I just get the below error. # smbclient -U root //zmail/homes Error connecting to 10.0.0.14 (Connection refused) Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED) --- Now for the back story: CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware. I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch. Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication. Is there such a resource? As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below. # service smb status smbd dead but pid file exists nmbd (pid 9072) is running... Thanks in advance, Todd E Thomas ==The host is zmail = 10.0.0.14 --- [global] netbios name = zmail workgroup = OFFICE security = user server string = Palladium %v wins support = yes dns proxy = no name resolve order = wins hosts lmhosts bcast wins server = 10.0.0.14 log file = /var/log/samba/log.%m log level = 6 max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d enable privileges = yes encrypt passwords = yes ## Use ldap for auth ldap passwd sync = yes passdb backend = ldapsam:ldaps://zmail.ptest.us/ # ldap port = 636 ldap admin dn = "cn=config" ldap suffix = dc=ptest,dc=us ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . domain master = yes domain logons = yes os level = 33 preferred master = yes local master = yes logon path = \\zmail.ptest.us\%U\profile logon home = \\zmail.ptest.us\%U add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u socket options = TCP_NODELAY [homes] comment = Home Directories browseable = yes read only = No valid users = %S [netlogon] comment = Network Logon Service path = /export/netlogon read only = yes write list = +ntadmin locking = no ===
Adam Williams
2009-Mar-27 13:43 UTC
[Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
did you run testparm -s and look for errors in smb.conf? you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us did you do smbpasswd -w Todd E Thomas wrote:> When I run this command I am not prompted for a password, I just get the below error. > > # smbclient -U root //zmail/homes > Error connecting to 10.0.0.14 (Connection refused) > Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED) > --- > Now for the back story: > CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware. > > I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch. > > Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication. > > Is there such a resource? > > As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below. > > # service smb status > smbd dead but pid file exists > nmbd (pid 9072) is running... > > > Thanks in advance, > > Todd E Thomas > ==> The host is zmail = 10.0.0.14 > --- > [global] > netbios name = zmail > workgroup = OFFICE > security = user > server string = Palladium %v > wins support = yes > dns proxy = no > name resolve order = wins hosts lmhosts bcast > wins server = 10.0.0.14 > log file = /var/log/samba/log.%m > log level = 6 > max log size = 1000 > syslog only = no > syslog = 0 > panic action = /usr/share/samba/panic-action %d > enable privileges = yes > encrypt passwords = yes > ## Use ldap for auth > ldap passwd sync = yes > passdb backend = ldapsam:ldaps://zmail.ptest.us/ > # ldap port = 636 > ldap admin dn = "cn=config" > ldap suffix = dc=ptest,dc=us > ldap group suffix = ou=groups > ldap user suffix = ou=people > ldap machine suffix = ou=machines > obey pam restrictions = no > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . > domain master = yes > domain logons = yes > os level = 33 > preferred master = yes > local master = yes > logon path = \\zmail.ptest.us\%U\profile > logon home = \\zmail.ptest.us\%U > add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u > add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u > socket options = TCP_NODELAY > [homes] > comment = Home Directories > browseable = yes > read only = No > valid users = %S > [netlogon] > comment = Network Logon Service > path = /export/netlogon > read only = yes > write list = +ntadmin > locking = no > ==>
Todd E Thomas
2009-Mar-27 19:38 UTC
[Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
the answers follow the questions below: did you run testparm -s and look for errors in smb.conf? --- Yes, I ran this a 1000 times. The answer: run it 1,001 times- There was a problem with wins wins support = yes wins server = 10.0.0.14 I kept wins server as that was in a sample at samba.org: http://wiki.samba.org/index.php/1.0._Configuring_Samba#1.1._smb.conf_PDC testparm -s now executes without error. Loaded services file OK. Server role: ROLE_DOMAIN_PDC == you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes --- This I found in the walk-through for combining samba/zimbra. I'm a bit novice so I ran with it: http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI#Configuring_Samba I'll try to create a few new users without these lines. == also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us --- Actually this is correct for the zimbra implementation of openldap. I don't agree with getting so far away from a 'normal' OpenLDAP config but they must have run into a snag along the way that necessitated this change. == did you do smbpasswd -w --- Yes. It worked as expected. == The error still persists. # service smb status smbd dead but pid file exists nmbd (pid 31030) is running... It only stays on for a few minutes after you start it, then dies. There is nothing dropped in any log. This makes me think that whatever it is - is fatal; for the life of me I can't imagine what would cause that. T --- awilliam@mdah.state.ms.us wrote: From: Adam Williams <awilliam@mdah.state.ms.us> To: todd_dsm@ssiresults.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED Date: Fri, 27 Mar 2009 08:43:24 -0500 did you run testparm -s and look for errors in smb.conf? you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us did you do smbpasswd -w Todd E Thomas wrote:> When I run this command I am not prompted for a password, I just get the below error. > > # smbclient -U root //zmail/homes > Error connecting to 10.0.0.14 (Connection refused) > Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED) > --- > Now for the back story: > CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware. > > I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch. > > Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication. > > Is there such a resource? > > As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below. > > # service smb status > smbd dead but pid file exists > nmbd (pid 9072) is running... > > > Thanks in advance, > > Todd E Thomas > ==> The host is zmail = 10.0.0.14 > --- > [global] > netbios name = zmail > workgroup = OFFICE > security = user > server string = Palladium %v > wins support = yes > dns proxy = no > name resolve order = wins hosts lmhosts bcast > wins server = 10.0.0.14 > log file = /var/log/samba/log.%m > log level = 6 > max log size = 1000 > syslog only = no > syslog = 0 > panic action = /usr/share/samba/panic-action %d > enable privileges = yes > encrypt passwords = yes > ## Use ldap for auth > ldap passwd sync = yes > passdb backend = ldapsam:ldaps://zmail.ptest.us/ > # ldap port = 636 > ldap admin dn = "cn=config" > ldap suffix = dc=ptest,dc=us > ldap group suffix = ou=groups > ldap user suffix = ou=people > ldap machine suffix = ou=machines > obey pam restrictions = no > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . > domain master = yes > domain logons = yes > os level = 33 > preferred master = yes > local master = yes > logon path = \\zmail.ptest.us\%U\profile > logon home = \\zmail.ptest.us\%U > add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u > add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u > socket options = TCP_NODELAY > [homes] > comment = Home Directories > browseable = yes > read only = No > valid users = %S > [netlogon] > comment = Network Logon Service > path = /export/netlogon > read only = yes > write list = +ntadmin > locking = no > ==>