At a site I have samba as DC, the users in LDAP (centrally managed) and the machine accounts in a local tdbsam like this: passdb backend = tdbsam:/etc/samba/smbpasswd ldapsam_compat:ldap://localhost guest There are quite a few clients joining and leaving the domain every week and now and then it sometimes happenes, that two or three machines end up with the same RID in the tdbsam. As you can imagine this is quite annoying since only one of those machines can log into the domain. Removing one of the affected clients from the domain doesn't help, as it removes the reverse RID mapping from the tdb, thus disabling all other clients with this RID. First level support already had their days running around and re-joining clients to the domain and circularily disabling clients. I know, that is quite sketchy, but I'll try to supply additional information as needed.
The initial rid should be based on the actual uid assigned to the machine's unix account. Please retest 3.0.11 and reopen if necessary.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.