Quantcast

Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED

todd_dsm
When I run this command I am not prompted for a password, I just get the below error.

# smbclient -U root //zmail/homes
Error connecting to 10.0.0.14 (Connection refused)
Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED)
---
Now for the back story:
  CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware.

I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch.

Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication.

Is there such a resource?

As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below.

# service smb status
smbd dead but pid file exists
nmbd (pid 9072) is running...


Thanks in advance,

Todd E Thomas
===
The host is zmail = 10.0.0.14
---
[global]
  netbios name = zmail
  workgroup = OFFICE
  security = user
  server string = Palladium %v
  wins support = yes
  dns proxy = no
  name resolve order = wins hosts lmhosts bcast
  wins server = 10.0.0.14
  log file = /var/log/samba/log.%m
  log level = 6
  max log size = 1000
  syslog only = no
  syslog = 0
  panic action = /usr/share/samba/panic-action %d
  enable privileges = yes
  encrypt passwords = yes
## Use ldap for auth
  ldap passwd sync = yes
  passdb backend = ldapsam:ldaps://zmail.ptest.us/
#  ldap port = 636
  ldap admin dn = "cn=config"
  ldap suffix = dc=ptest,dc=us
  ldap group suffix = ou=groups
  ldap user suffix = ou=people
  ldap machine suffix = ou=machines
  obey pam restrictions = no
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  domain master = yes
  domain logons = yes
  os level = 33
  preferred master = yes
  local master = yes
  logon path = \\zmail.ptest.us\%U\profile
  logon home = \\zmail.ptest.us\%U
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
  add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
  socket options = TCP_NODELAY
[homes]
  comment = Home Directories
  browseable = yes
  read only = No
  valid users = %S
[netlogon]
  comment = Network Logon Service
  path = /export/netlogon
  read only     = yes
  write list = +ntadmin
  locking = no
===
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED

Squeezer99
did you run testparm -s and look for errors in smb.conf?

you don't need these two lines in smb.conf anymore:

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .


since you are using ldap and have ldap passwd sync = yes

also, your ldap admin dn is wrong.  what is it in your slapd.conf file?
it should be something like  ldap admin dn =
cn=Manager,dc=zmail,dc=ptest,dc=us

did you do smbpasswd -w

Todd E Thomas wrote:

> When I run this command I am not prompted for a password, I just get the below error.
>
> # smbclient -U root //zmail/homes
> Error connecting to 10.0.0.14 (Connection refused)
> Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED)
> ---
> Now for the back story:
>   CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware.
>
> I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch.
>
> Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication.
>
> Is there such a resource?
>
> As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below.
>
> # service smb status
> smbd dead but pid file exists
> nmbd (pid 9072) is running...
>
>
> Thanks in advance,
>
> Todd E Thomas
> ===
> The host is zmail = 10.0.0.14
> ---
> [global]
>   netbios name = zmail
>   workgroup = OFFICE
>   security = user
>   server string = Palladium %v
>   wins support = yes
>   dns proxy = no
>   name resolve order = wins hosts lmhosts bcast
>   wins server = 10.0.0.14
>   log file = /var/log/samba/log.%m
>   log level = 6
>   max log size = 1000
>   syslog only = no
>   syslog = 0
>   panic action = /usr/share/samba/panic-action %d
>   enable privileges = yes
>   encrypt passwords = yes
> ## Use ldap for auth
>   ldap passwd sync = yes
>   passdb backend = ldapsam:ldaps://zmail.ptest.us/
> #  ldap port = 636
>   ldap admin dn = "cn=config"
>   ldap suffix = dc=ptest,dc=us
>   ldap group suffix = ou=groups
>   ldap user suffix = ou=people
>   ldap machine suffix = ou=machines
>   obey pam restrictions = no
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
>   domain master = yes
>   domain logons = yes
>   os level = 33
>   preferred master = yes
>   local master = yes
>   logon path = \\zmail.ptest.us\%U\profile
>   logon home = \\zmail.ptest.us\%U
>   add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
>   add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
>   socket options = TCP_NODELAY
> [homes]
>   comment = Home Directories
>   browseable = yes
>   read only = No
>   valid users = %S
> [netlogon]
>   comment = Network Logon Service
>   path = /export/netlogon
>   read only     = yes
>   write list = +ntadmin
>   locking = no
> ===
>  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED

todd_dsm
In reply to this post by todd_dsm
the answers follow the questions below:

did you run testparm -s and look for errors in smb.conf?
---
  Yes, I ran this a 1000 times. The answer: run it 1,001 times-
  There was a problem with wins
wins support = yes
wins server = 10.0.0.14
I kept wins server as that was in a sample at samba.org:
http://wiki.samba.org/index.php/1.0._Configuring_Samba#1.1._smb.conf_PDC

testparm -s now executes without error.
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
===

you don't need these two lines in smb.conf anymore:
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

since you are using ldap and have ldap passwd sync = yes
---
This I found in the walk-through for combining samba/zimbra. I'm a bit novice
so I ran with it:
http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI#Configuring_Samba

I'll try to create a few new users without these lines.
===

also, your ldap admin dn is wrong.  what is it in your slapd.conf file?
it should be something like  ldap admin dn =
cn=Manager,dc=zmail,dc=ptest,dc=us
---
Actually this is correct for the zimbra implementation of openldap. I don't
agree with getting so far away from a 'normal' OpenLDAP config but they must
have run into a snag along the way that necessitated this change.
===

did you do smbpasswd -w
---
Yes. It worked as expected.
===

The error still persists.

# service smb status
smbd dead but pid file exists
nmbd (pid 31030) is running...

It only stays on for a few minutes after you start it, then dies. There is
nothing dropped in any log. This makes me think that whatever it is - is fatal;
for the life of me I can't imagine what would cause that.

T




--- [hidden email] wrote:

From: Adam Williams <[hidden email]>
To: [hidden email]
CC: [hidden email]
Subject: Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
Date: Fri, 27 Mar 2009 08:43:24 -0500

did you run testparm -s and look for errors in smb.conf?

you don't need these two lines in smb.conf anymore:

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .


since you are using ldap and have ldap passwd sync = yes

also, your ldap admin dn is wrong.  what is it in your slapd.conf file?
it should be something like  ldap admin dn =
cn=Manager,dc=zmail,dc=ptest,dc=us

did you do smbpasswd -w

Todd E Thomas wrote:

> When I run this command I am not prompted for a password, I just get the below error.
>
> # smbclient -U root //zmail/homes
> Error connecting to 10.0.0.14 (Connection refused)
> Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED)
> ---
> Now for the back story:
>   CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware.
>
> I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch.
>
> Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication.
>
> Is there such a resource?
>
> As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below.
>
> # service smb status
> smbd dead but pid file exists
> nmbd (pid 9072) is running...
>
>
> Thanks in advance,
>
> Todd E Thomas
> ===
> The host is zmail = 10.0.0.14
> ---
> [global]
>   netbios name = zmail
>   workgroup = OFFICE
>   security = user
>   server string = Palladium %v
>   wins support = yes
>   dns proxy = no
>   name resolve order = wins hosts lmhosts bcast
>   wins server = 10.0.0.14
>   log file = /var/log/samba/log.%m
>   log level = 6
>   max log size = 1000
>   syslog only = no
>   syslog = 0
>   panic action = /usr/share/samba/panic-action %d
>   enable privileges = yes
>   encrypt passwords = yes
> ## Use ldap for auth
>   ldap passwd sync = yes
>   passdb backend = ldapsam:ldaps://zmail.ptest.us/
> #  ldap port = 636
>   ldap admin dn = "cn=config"
>   ldap suffix = dc=ptest,dc=us
>   ldap group suffix = ou=groups
>   ldap user suffix = ou=people
>   ldap machine suffix = ou=machines
>   obey pam restrictions = no
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
>   domain master = yes
>   domain logons = yes
>   os level = 33
>   preferred master = yes
>   local master = yes
>   logon path = \\zmail.ptest.us\%U\profile
>   logon home = \\zmail.ptest.us\%U
>   add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
>   add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
>   socket options = TCP_NODELAY
> [homes]
>   comment = Home Directories
>   browseable = yes
>   read only = No
>   valid users = %S
> [netlogon]
>   comment = Network Logon Service
>   path = /export/netlogon
>   read only     = yes
>   write list = +ntadmin
>   locking = no
> ===
>  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...