[SOLVED] samba is not listening on port 135 (Endpoint Mapper) centos7

miccze · 09-19-2018, 02:47 PM

I have installed samba DC with BIND9_dlz on Centos 7. However, when im trying to test dynamic dns and perform update:

Code:

samba_dnsupdate --verbose --all-names

it's failing for all names with below errors:

Code:

Failed to connect host 192.168.8.210 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 192.168.8.210 (rpicent1.mcnet.local) on port 135 - NT_STATUS_CONNECTION_REFUSED.
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to rpicent1.mcnet.local failed - drsException: DRS connection to rpicent1.mcnet.local failed: (3221226038L, 'The transport-connection attempt was refused by the remote system.')
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line 44, in drsuapi_connect
    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 58, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))

I have been looking for it online and i found that samba is supposed to listen on this port, to be more precise Endpoint Mapper (DCE/RPC Locator Service) should be listening on this port. But it's not:

Code:

[root@rpicent1 mcadmin]# netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      675/named
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      609/smbd
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      609/smbd
tcp        0      0 192.168.8.210:53        0.0.0.0:*               LISTEN      675/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      675/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      675/named
tcp6       0      0 :::445                  :::*                    LISTEN      609/smbd
tcp6       0      0 :::139                  :::*                    LISTEN      609/smbd
tcp6       0      0 ::1:53                  :::*                    LISTEN      675/named
udp        0      0 192.168.8.255:137       0.0.0.0:*                           638/nmbd
udp        0      0 192.168.8.210:137       0.0.0.0:*                           638/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           638/nmbd
udp        0      0 192.168.8.255:138       0.0.0.0:*                           638/nmbd
udp        0      0 192.168.8.210:138       0.0.0.0:*                           638/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           638/nmbd
udp        0      0 192.168.8.210:53        0.0.0.0:*                           675/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           675/named
udp6       0      0 ::1:53                  :::*                                675/named

I can't find anything that is related to Endpoint Mapper on the server.
Below some info that might be helpfull.

Code:

[root@rpicent1 mcadmin]# cat  /usr/local/samba/etc/smb.conf
# Global parameters
[global]
        netbios name = RPICENT1
        realm = MCNET.LOCAL
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = MCNET
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/mcnet.local/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

I noticed that there is another smb.conf file in /etc/samba/smb.conf which have default values, but when i was checking the smb.service, it's loading the one from /usr/local/samba... so seems okay.

Code:

root@rpicent1 mcadmin]# cat /etc/krb5.conf
[libdefaults]
        default_realm = MCNET.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true

I will appreciate any help

miccze · 09-21-2018, 04:05 AM

i've found the reason for that. It was due to no samba service running. I though that smbd and nmbd was enough, but apparently it's not. You need to have samba service. to set that up:

By systemd:
Create the*/etc/systemd/system/samba-ad-dc.service*file with the following content:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

Reload the*systemd*configuration:
# systemctl daemon-reload
#systemctl enable samba-ad-dc
#systemctl start samba-ad-dc

Samba service is controlling the smbd, nmbd and winbindd processes on its own, so these services shouldn't be started.

After it's installed, all the ports necessary are listening:

[root@rpicent1 mcadmin]# netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 638/samba
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 689/named
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 636/samba
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 634/smbd
tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 631/samba
tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 631/samba
tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 631/samba
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 636/samba
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 636/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 636/samba
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 631/samba
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 634/smbd
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 638/samba
tcp 0 0 192.168.8.210:53 0.0.0.0:* LISTEN 689/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 689/named
tcp6 0 0 :::88 :::* LISTEN 638/samba
tcp6 0 0 ::1:953 :::* LISTEN 689/named
tcp6 0 0 :::636 :::* LISTEN 636/samba
tcp6 0 0 :::445 :::* LISTEN 634/smbd
tcp6 0 0 :::49152 :::* LISTEN 631/samba
tcp6 0 0 :::49153 :::* LISTEN 631/samba
tcp6 0 0 :::49154 :::* LISTEN 631/samba
tcp6 0 0 :::3268 :::* LISTEN 636/samba
tcp6 0 0 :::3269 :::* LISTEN 636/samba
tcp6 0 0 :::389 :::* LISTEN 636/samba
tcp6 0 0 :::135 :::* LISTEN 631/samba
tcp6 0 0 :::139 :::* LISTEN 634/smbd
tcp6 0 0 :::464 :::* LISTEN 638/samba
tcp6 0 0 ::1:53 :::* LISTEN 689/named
udp 0 0 192.168.8.210:88 0.0.0.0:* 638/samba
udp 0 0 0.0.0.0:88 0.0.0.0:* 638/samba
udp 0 0 192.168.8.210:137 0.0.0.0:* 633/samba
udp 0 0 192.168.8.255:137 0.0.0.0:* 633/samba
udp 0 0 0.0.0.0:137 0.0.0.0:* 633/samba
udp 0 0 192.168.8.210:138 0.0.0.0:* 633/samba
udp 0 0 192.168.8.255:138 0.0.0.0:* 633/samba
udp 0 0 0.0.0.0:138 0.0.0.0:* 633/samba
udp 0 0 192.168.8.210:389 0.0.0.0:* 637/samba
udp 0 0 0.0.0.0:389 0.0.0.0:* 637/samba
udp 0 0 192.168.8.210:464 0.0.0.0:* 638/samba
udp 0 0 0.0.0.0:464 0.0.0.0:* 638/samba
udp 0 0 192.168.8.210:53 0.0.0.0:* 689/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 689/named
udp6 0 0 :::88 :::* 638/samba
udp6 0 0 :::389 :::* 637/samba
udp6 0 0 :::464 :::* 638/samba
udp6 0 0 ::1:53 :::* 689/named

Regards,