smbclient: Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

Question

until yesterday I had a functioning Active Directory Primary Domain Controller running on a raspberry pi. Now it seems I cannot get the 'samba' service to listen at all. This is since performing an upgrade.

root@r2d2:/etc#  /etc/init.d/samba start
[ ok ] Starting nmbd (via systemctl): nmbd.service.
[ ok ] Starting smbd (via systemctl): smbd.service.
[ ok ] Starting samba-ad-dc (via systemctl): samba-ad-dc.service.
root@r2d2:/etc#

That looks fine, I suppose but smbclient -L localhost -U% gives the error message quoted in the title.

I have been googling this for a while and am unsure what the issue is. I have imported a (replacement) startup script, but apart from that I have made no changes.

The underlying issue is, I think, in the startup/init.d procedures, but I do not know what to do next.

root@r2d2:/etc# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:5910          0.0.0.0:*               LISTEN      804/Xvnc
tcp        0      0 127.0.0.1:3350          0.0.0.0:*               LISTEN      734/xrdp-sesman
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      547/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      543/cupsd
tcp        0      0 0.0.0.0:3389            0.0.0.0:*               LISTEN      612/xrdp
tcp6       0      0 :::80                   :::*                    LISTEN      644/apache2
tcp6       0      0 :::22                   :::*                    LISTEN      547/sshd
tcp6       0      0 ::1:631                 :::*                    LISTEN      543/cupsd 
root@r2d2:/etc#

I am using internal DNS.

---

I notice the following, and this gets to the crux of my confusion - googling the issue did not make it easy to establish how one should start samba

log.smbd

[2016/05/17 09:56:52.566097,  2] ../source3/lib/interface.c:341(add_interface)
  added interface eth0 ip=169.254.144.46 bcast=169.254.255.255 netmask=255.255.0.0
[2016/05/17 09:56:52.566286,  2] ../source3/lib/interface.c:341(add_interface)
  added interface eth0 ip=10.10.10.32 bcast=10.10.10.255 netmask=255.255.255.0
[2016/05/17 09:56:52.566510,  0] ../source3/smbd/server.c:1297(main)
  server role = 'active directory domain controller' not compatible with running smbd standalone.
  You should start 'samba' instead, and it will control starting smbd if required

log.nmbd

root@r2d2:/var/log/samba# cat log.nmbd
[2016/05/17 09:56:19,  0] ../source3/nmbd/nmbd.c:908(main)
  nmbd version 4.2.10-Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/05/17 09:56:19,  0] ../lib/param/loadparm.c:743(lpcfg_map_parameter)
  Unknown parameter encountered: "password level"
[2016/05/17 09:56:19,  0] ../lib/param/loadparm.c:1626(lpcfg_do_global_parameter)
  Ignoring unknown parameter "password level"
[2016/05/17 09:56:19,  0] ../lib/param/loadparm.c:743(lpcfg_map_parameter)
  Unknown parameter encountered: "update encrypted"
[2016/05/17 09:56:19,  0] ../lib/param/loadparm.c:1626(lpcfg_do_global_parameter)
  Ignoring unknown parameter "update encrypted"
root@r2d2:/var/log/samba#

I am currently using this startup script (which I added after the problems began) and this seems to result in a new (note the timestamps do not overlap with the 2 previous snippets) log.samba file containing :

samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
[2016/05/17 13:18:22.069201,  0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
  /usr/sbin/winbindd: Failed to exec child - No such file or directory
[2016/05/17 13:18:22.070100,  0] ../source4/winbind/winbindd.c:49(winbindd_done)
  winbindd daemon exited normally
task_server_terminate: [winbindd child process exited]
[2016/05/17 13:18:22.074784,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.075325,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[CN=Schema,CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.075730,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.076810,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[DC=DomainDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.077271,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[DC=ForestDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.084895,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085188,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085368,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[CN=Schema,CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085508,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[DC=DomainDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085635,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[DC=ForestDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.088057,  0] ../lib/util/become_daemon.c:124(daemon_ready)
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
  STATUS=daemon 'samba' finished starting up and ready to serve connections
[2016/05/17 13:18:22.094641,  0] ../source4/smbd/server.c:211(samba_terminate)
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
  samba_terminate: winbindd child process exited

Answer 1

/usr/sbin/winbindd: Failed to exec child - No such file or directory

Her's a simmilar issue http://www.spinics.net/lists/samba/msg133552.html

solution was to install winbind http://www.spinics.net/lists/samba/msg133589.html

You need a separate winbind winh samba 4.2 + http://www.spinics.net/lists/samba/msg133595.html

Answer 2

I guess these issues are related to one of the updates that were released to fix the Badlock Bug. The full list of fixes are listed in Samba Security Releases and the announcements for each patch-set provides useful information on what has changed.

After upgrading my old CentOS 5 system, I had issues connecting Winbind to an AD domain controller and the clue to fixing them was in the announcement for CVE-2016-2115 – SMB client connections for IPC traffic are not integrity protected.

This documented the new smb.conf option, client ipc signing. While the documentation recommends explicitly setting this option to mandatory, I found that auto also solved those issues so I added the following line to my smb.conf (under the [global] section):

client ipc signing = auto

I’m running Samba 3.6.23 so I can’t say if this would help you but there should be relevant information in the various announcements already mentioned. Best of luck with it (I wasted over 3 hours figuring this stuff out).