Web lists-archives.com

[Samba] No ports 445/139 & smbclient shows NT_STATUS_CONNECTION_REFUSED




Hi all,

I'm maintaining a small AD system on a computer called "ad" in our small charity, and it has been working fine for a year or so. However, "ad" is very rickety so we got a proper server purchased and now I'm trying to move the AD system over.  I've set up the new server called "org-ad" with Debian 9 and followed the instructions here https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory. I have successfully joined both DCs and the AD structure has transferred to "org-ad" fine, as shown below:

root@org-ad:/var/log# wbinfo -u
org\name1
org\administrator
org\name2
org\kit
org\name4
org\visitor
org\name5
org\krbtgt
org\guest
root@org-ad:/var/log#

Also, "samba-tool drs showrepl" works perfectly fine as per the wiki.

However, smbclient doesn't work:

root@org-ad:/var/log# smbclient -L localhost -U%
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

Checking with netstat shows the necessary ports 445 & 139 aren't open:

kit@org-ad:/var/log$ netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:1024            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:3268            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:3269            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:135             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:88              0.0.0.0:*               LISTEN      -
tcp6       0      0 :::636                  :::*                    LISTEN      -
tcp6       0      0 :::1024                 :::*                    LISTEN      -
tcp6       0      0 :::3268                 :::*                    LISTEN      -
tcp6       0      0 :::3269                 :::*                    LISTEN      -
tcp6       0      0 :::389                  :::*                    LISTEN      -
tcp6       0      0 :::135                  :::*                    LISTEN      -
tcp6       0      0 :::464                  :::*                    LISTEN      -
tcp6       0      0 :::53                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 :::88                   :::*                    LISTEN      -
kit@cfd-ad:/var/log$

The original AD server shows:

piers@ad:/etc/samba$ netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:88              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:1024            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:3268            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:3269            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:135             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      -
tcp6       0      0 :::464                  :::*                    LISTEN      -
tcp6       0      0 :::53                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 :::631                  :::*                    LISTEN      -
tcp6       0      0 :::88                   :::*                    LISTEN      -
tcp6       0      0 :::636                  :::*                    LISTEN      -
tcp6       0      0 :::445                  :::*                    LISTEN      -
tcp6       0      0 :::1024                 :::*                    LISTEN      -
tcp6       0      0 :::3268                 :::*                    LISTEN      -
tcp6       0      0 :::3269                 :::*                    LISTEN      -
tcp6       0      0 :::389                  :::*                    LISTEN      -
tcp6       0      0 :::135                  :::*                    LISTEN      -
tcp6       0      0 :::139                  :::*                    LISTEN      -
piers@ad:/etc/samba$

I know I had the exact same problem with the original AD computer when I first set it up, but for the life of me I can't figure out what the solution was!  I've gone through all config files I can remember and both computers match.  I've tried this solution here - https://wiki.samba.org/index.php/Configure_Samba_to_Bind_to_Specific_Interfaces - but it doesn't work at all.  Am tearing my hair out trying to remember what I did originally, so any solutions would be greatly appreciated.

Many thanks!

With kind regards - Piers


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba