[Samba] Fwd: Domain member fails to map SID>*ID after DC migrated from Server 2022 to 2025
Rowland Penny
rpenny at samba.org
Wed Apr 23 07:49:12 UTC 2025
On Tue, 22 Apr 2025 21:09:26 -0500
Dustin Howett via samba <samba at lists.samba.org> wrote:
> Hey all,
> I have a samba (tested 4.17+debian, 4.22.1+debian) domain member of a
> very small domain.
> I recently upgraded the PDC from Windows Server 2022 to 2025, and
> began to observe widespread user mapping failures on the samba domain
> member.
> Given that my production environment ranges from "annoying" to "hard
> to turn into a lab," I reproduced the problem from first principles in
> an isolated lab environment.
>
> For this lab, I built a single DC on Server 2022 and a single member
> server running Debian 12.
> After verifying it worked, I cloned both of the nodes to a new
> isolated network and upgraded the DC to Server 2025. Hopefully this
> will clarify why the log snippets below contain the same machine names
> but interleaved/inconsistent timestamps (considering that the 2022
> snippet was taken after the 2025 one...)
>
> I'm not sure what I am looking at, or looking *for*, but I've made a
> few observations:
>
> - The proximal failing call seems to be sids2xids.
> - It does not have a cached domain controller, so it attempts to find
> one
> - It attempts to find one using DsGetDcName
> - On Server 2022, DsGetDcName returns a netr_DsRGetDCNameInfo
> - On Server 2025, it returns a failure instead:
> NT_STATUS_NO_SUCH_DOMAIN
>
It seems that your DC cannot be found, so for a start, can you post the
/etc/resolv.conf, /etc/krb5.conf and smb.conf from the client.
Rowland
More information about the samba
mailing list