[Samba] User Group SID behavior has changed from 21b to 23c

[Mike Cauble]

I am using LDAP as my backend. I have 6 PDC's running Samba 3.0.21b, 
each domain has a different SID. I store all user,groups,and machine 
accounts in one LDAP database. So that when I create a user once, all 
domains can see the user. This keeps me from having to create a user 
account on each domain for cross domain file sharing.

The behavior for Domains running Samba 3.0.21b is a follows.

DOMAIN1 has a SID of S-1-5-21-1629861336-2395076261-3235541152
DOMAIN2 has a SID of S-1-5-21-2781067772-1786132867-2942848841

In DOMAIN1 I type:
pdbedit -v -u mikec
I get:
Unix username:        mikec
NT username:          mikec
Account Flags:        [U          ]
User SID:             S-1-5-21-1629861336-2395076261-3235541152-3001
Primary Group SID:    *S-1-5-21-1629861336-2395076261-3235541152-513*

In DOMAIN2 I type:
pdbedit -v -u mikec
I get
Unix username:        mikec
NT username:          mikec
Account Flags:        [U          ]
User SID:             S-1-5-21-1629861336-2395076261-3235541152-3001
Primary Group SID:    *S-1-5-21-1629861336-2395076261-3235541152-513*

Which is correct.

I have setup a new PDC for DOMAIN2 using 3.0.23c
Now in DOMAIN2 when I type:
pdbedit -v -u mikec
I get:

NT username:          mikec
Account Flags:        [U          ]
User SID:             S-1-5-21-1629861336-2395076261-3235541152-3001
Primary Group SID:    *S-1-5-21-2781067772-1786132867-2942848841-513*

When try to conect to a Samba Server in DOMAIN2 from DOMAIN1 I get the 
error message
  _net_sam_logon: user DOMAIN2\mikec has user sid 
S-1-5-21-1629861336-2395076261-3235541152-3001
   but group sid S-1-5-21-2781067772-1786132867-2942848841-513.
  The conflicting domain portions are not supported for NETLOGON calls

The behavior in 3.0.23c has changed from 3.0.21b