[Samba] NT_STATUS_NONE_MAPPED in winbind logs

Rowland Penny rpenny at samba.org
Tue Oct 4 16:40:45 UTC 2022 


On 04/10/2022 17:02, mhbeyle--- via samba wrote:

> Forgive my lack of knowledge. From now on I will use the term AD DC. I 
> am not used to write in this list and there are terms that I confuse 
> easily.

Sorry for sounding pedantic in my previous replies, but if you are 
confused, can you see how people in the future will be ;-)
Lets just leave the NT4-style terms 'PDC' and 'BDC' in the past where 
they belong.

> 
> The domain topology that is set up consists of an old server with samba 
> (4.3.4) to which another server with samba (4.13) has been added. Role 
> transfer has been done between the old server and the new server with 
> the ultimate goal of shutting down the old server. The only difference 
> between the old server and the new server is the samba version and it 
> may have been possible to make a mistake when transferring the different 
> roles, I don't know. Is there any way to compare configurations? 
> Everything works correctly except for those warnings in the log file.

And that is just what they are, warnings, it is Samba just telling you 
that it cannot map Unix users to Unix users. Try reducing the log level 
or read the smb.conf manpage about 'log level', you can set up different 
levels for different classes, you can even send the output to different 
logfiles.

As I said, if you have multiple DC's, but only one is giving you 
troubles, this is usually because something on that one DC is set 
differently, so as I said, compare good with bad. Another way to fix 
this would be to demote the 'bad' DC and start again.

> 
> Sorry again for misusing different terms. When I refer to "windows 
> domain", I mean a domain with "Active Directory" where computers with 
> different versions of windows (W7, W10, etc.) are connected. There is no 
> Microsoft Windows DC in the domain. Only DCs with samba are running in 
> the domain.

No problem, we usually only refer to a Windows domain if there is an 
actual Windows DC, otherwise we would call it a Samba domain or just AD.

Rowland

More information about the samba mailing list