when Samba is configured as BDC (for vampire for example) it doesn't write it's own machine SID into secrets.tdb when joining into the existing domain. One will have to join into the domain as member first (to make sambe write it's machine SID), then remove the machine from the domain and rejoin with BDC configuration. I can't provide logs/sniffs atm, but I can reproduce this later and provide log files...
That's why you run 'net rpc getsid' and the 'net setlocalsid'. if you have a patch to remove the net for setloaclsid, I'll be glad to take it.
I'm not talking about the domain sid, there is no own workstation account being written into secrets.tdb, you only get this in a domain member configuration.
That's what the 'net setlocasid' does. You get the domain SID (which sets itself in secrets.tdb) and then you set the local machine SID to match the domain SID. And then you join as a BDC.