# Samba NT_STATUS_CONNECTION_REFUSED error

## mindseyex2

I had a pretty basic samba PDC that was working correctly, and then I decided to test the latest build.  Big mistake.  After unmasking it, I managed to get it to install, but now it is not authenticating correctly.  I downgraded back to 3.0.37, ren revdep-rebuild, etc, but the problem is still here.

It would seem that I can authenticate and connect to shares on the server, but when I try to join another computer to the domain, or change a user password, I get this error:

```

mindseye@bobafett ~ $ smbpasswd

Old SMB password:

New SMB password:

Retype new SMB password:

Error connecting to 127.0.0.1 (Connection refused)

Unable to connect to SMB server on machine 127.0.0.1. Error was : NT_STATUS_CONNECTION_REFUSED.

Failed to change password for mindseye

```

If I try to run the same command as root, I it does sucessfully changes the password, as well as create accounts.  This leads me to believe that it is some sort of a permission or group membership issue.

Here is the output of testparm:

```

Load smb config files from /etc/samba/smb.conf

WARNING: The "printer admin" option is deprecated

Processing section "[homes]"

Processing section "[netlogon]"

Processing section "[printers]"

WARNING: The "printer admin" option is deprecated

Processing section "[print$]"

Processing section "[mp3]"

Processing section "[wii]"

Processing section "[root$]"

Processing section "[homedirs$]"

Processing section "[backup$]"

Loaded services file OK.

Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions

[global]

        workgroup = CORELLIA

        server string = BobaFett

        interfaces = br0

        bind interfaces only = Yes

        guest account = nut

        pam password change = Yes

        passwd program = /usr/bin/passwd %u

        passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n ;*passwd:*all*authentication*tokens*updated*successfully*

        username map = /etc/samba/smbusers

        unix password sync = Yes

        log level = 2

        log file = /var/log/samba/log.%m

        max log size = 50

        announce version = 5.0

        name resolve order = wins lmhosts bcast

        time server = Yes

        server signing = auto

        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

        printcap name = cups

        add user script = /usr/sbin/useradd -s /bin/false '%u'

        delete user script = /usr/sbin/userdel '%s'

        add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

        delete group script = /usr/sbin/groupdel '%g'

        add user to group script = /usr/bin/gpasswd -a '%u' '%g'

        delete user from group script = /usr/bin/gpasswd -d '%u' '%g'

        set primary group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

        add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u

        logon script = %U.bat

        logon drive = H:

        domain logons = Yes

        os level = 34

        preferred master = Yes

        domain master = Yes

        wins support = Yes

        remote announce = 10.1.1.255 10.1.0.255

        remote browse sync = 10.1.1.255 10.1.0.255

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        winbind use default domain = Yes

        printer admin = "@Domain Admins"

        hosts allow = 10.1.1.0/24, 10.1.0.0/24, 127.0.0.1

        hosts deny = 0.0.0.0/0

[homes]

        comment = Home Directories

        read only = No

        create mask = 0660

        directory mask = 0700

        browseable = No

[netlogon]

        comment = Network Logon Service

        path = /home/samba/logon

        write list = mindseye, @admin

        guest ok = Yes

[printers]

        comment = All Printers

        path = /var/spool/samba

        printer admin = mindseye, root

        read only = No

        guest ok = Yes

        printable = Yes

        lpq command = lpq -P %p

        browseable = No

[print$]

        comment = Printer Drivers

        path = /var/lib/samba/printers

        write list = @adm, root

[backup$]

        comment = Backup

        path = /home/backup

        username = mindseye

        valid users = mindseye, tech

        write list = mindseye, admin, @admin

        force user = root

        force group = root

        create mask = 0660

        directory mask = 0700

        volume = backup

```

I am not sure where to look next...

----------

## Hu

If you suspect a permissions issue, start by using dev-util/strace to trace the system calls of both the root and non-root versions to find differences.

----------

