[Samba] Fwd: Domain member fails to map SID>*ID after DC migrated from Server 2022 to 2025
Dustin L. Howett
dustin at howett.net
Thu Apr 24 01:08:00 UTC 2025
On Wed, Apr 23, 2025 at 05:57:04PM +0000, Dustin L. Howett via samba wrote:
> On Wed, Apr 23, 2025 at 07:49:12AM +0000, Rowland Penny via samba wrote:
> > On Tue, 22 Apr 2025 21:09:26 -0500
> > Dustin Howett via samba <samba at lists.samba.org> wrote:
> >
> > > - On Server 2025, it returns a failure instead:
> > > NT_STATUS_NO_SUCH_DOMAIN
> > >
FWIW, I think this is down to a difference in handling NetGetAnyDCName
on Windows Server 2025 compared to 2022.
On 2025, I see this in netlogon.log (nltest /dbflag:ffffffff):
+ 04/23 20:00:38 [CRITICAL] [2268] DOMTEST: NetrGetAnyDCName: domtest: No such trusted domain
... which matches up with a log entry in log.winbindd-DOMTEST
+ [2025/04/24 01:00:39.489494, 10, pid=694, effective(0, 0), real(0, 0), class=rpc_cli] ../../source3/rpc_client/cli_pipe.c:1028(rpc_api_pipe_got_pdu)
+ rpc_api_pipe: host WIN-NAFS39H19IE.domtest.howett.net returned 8 bytes.
+ [2025/04/24 01:00:39.489502, 1, pid=694, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_function_debug)
+ netr_GetAnyDCName: struct netr_GetAnyDCName
+ out: struct netr_GetAnyDCName
+ dcname : *
+ dcname : NULL
+ result : WERR_NO_SUCH_DOMAIN
Curiously, it looks like the MS-NRPC docs for NetGetAnyDCName say this:
+ If the server that receives this call is the PDC for the domain specified in DomainName,
+ the server MUST return ERROR_NO_SUCH_DOMAIN.
+
+ https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3db726ac-0d1b-43be-bd6f-923d97768436
I only have the one server, and it is the PDC.
A strict read suggests that NO_SUCH_DOMAIN is correct here.
Is Server 2025 acting as documented and causing Samba some heartburn?
More information about the samba
mailing list