[Samba] can login to new dc

[basti]

Hello,
i have install a new DC on debian bookworm (samba 4.17.9+dfsg-0+deb12u3)
all seems to work fine but I cant list shares.


root at dc1:/var/log/samba# wbinfo -u
NET\administrator
NET\guest
NET\krbtgt
NET\dns-dc1

root at dc1:/var/log/samba# wbinfo --ping-dc
checking the NETLOGON for domain[NET] dc connection to 
"dc1.net.example.com" succeeded
root at dc1:/var/log/samba#

root at dc1:/var/log/samba# net getdomainsid
SID for domain NET is: S-1-5-21-3026428385-3353875275-5460633
root at dc1:/var/log/samba#


root at dc1:/var/log/samba# smbclient -L localhost -U%
session setup failed: NT_STATUS_INVALID_SID
root at dc1:/var/log/samba#

root at dc1:/var/log/samba# smbclient //localhost/netlogon -UAdministrator 
-c 'ls'
Password for [NET\Administrator]:
session setup failed: NT_STATUS_INVALID_SID
root at dc1:/var/log/samba#


I the logs I can see:

[2023/08/03 12:59:41.215865,  0] 
../../source4/auth/unix_token.c:123(security_token_to_unix_token)
   Unable to convert SID (S-1-5-64-10) at index 3 in user token to a 
GID.  Conversion was returned as type 0, full token:
[2023/08/03 12:59:41.215907,  0] 
../../libcli/security/security_token.c:51(security_token_debug)
   Security token SIDs (4):
     SID[  0]: S-1-5-7
     SID[  1]: S-1-1-0
     SID[  2]: S-1-5-2
     SID[  3]: S-1-5-64-10
    Privileges (0x               0):
    Rights (0x               0):
[2023/08/03 13:00:39.684728,  0] 
../../source4/auth/unix_token.c:95(security_token_to_unix_token)

or

[2023/08/03 13:00:39.684728,  0] 
../../source4/auth/unix_token.c:95(security_token_to_unix_token)
   Unable to convert first SID 
(S-1-5-21-3026428385-3353875275-5460633-500) in user token to a UID. 
Conversion was returned as type 0, full token:
[2023/08/03 13:00:39.684765,  0] 
../../libcli/security/security_token.c:51(security_token_debug)
   Security token SIDs (14):
     SID[  0]: S-1-5-21-3026428385-3353875275-5460633-500
     SID[  1]: S-1-5-21-3026428385-3353875275-5460633-513
     SID[  2]: S-1-5-21-3026428385-3353875275-5460633-512
     SID[  3]: S-1-5-21-3026428385-3353875275-5460633-572
     SID[  4]: S-1-5-21-3026428385-3353875275-5460633-518
     SID[  5]: S-1-5-21-3026428385-3353875275-5460633-519
     SID[  6]: S-1-5-21-3026428385-3353875275-5460633-520
     SID[  7]: S-1-1-0
     SID[  8]: S-1-5-2
     SID[  9]: S-1-5-11
     SID[ 10]: S-1-5-64-10
     SID[ 11]: S-1-5-32-544
     SID[ 12]: S-1-5-32-545
     SID[ 13]: S-1-5-32-554
    Privileges (0x        1FFFFF00):
     Privilege[  0]: SeTakeOwnershipPrivilege
     Privilege[  1]: SeBackupPrivilege
     Privilege[  2]: SeRestorePrivilege
     Privilege[  3]: SeRemoteShutdownPrivilege
     Privilege[  4]: SeSecurityPrivilege
     Privilege[  5]: SeSystemtimePrivilege
     Privilege[  6]: SeShutdownPrivilege
     Privilege[  7]: SeDebugPrivilege
     Privilege[  8]: SeSystemEnvironmentPrivilege
     Privilege[  9]: SeSystemProfilePrivilege
     Privilege[ 10]: SeProfileSingleProcessPrivilege
     Privilege[ 11]: SeIncreaseBasePriorityPrivilege
     Privilege[ 12]: SeLoadDriverPrivilege
     Privilege[ 13]: SeCreatePagefilePrivilege
     Privilege[ 14]: SeIncreaseQuotaPrivilege
     Privilege[ 15]: SeChangeNotifyPrivilege
     Privilege[ 16]: SeUndockPrivilege
     Privilege[ 17]: SeManageVolumePrivilege
     Privilege[ 18]: SeImpersonatePrivilege
     Privilege[ 19]: SeCreateGlobalPrivilege
     Privilege[ 20]: SeEnableDelegationPrivilege
    Rights (0x             403):
     Right[  0]: SeInteractiveLogonRight
     Right[  1]: SeNetworkLogonRight
     Right[  2]: SeRemoteInteractiveLogonRight