samba - Sep 2013 - tdb idmap returns different GID's for the same SID from time to time

Greetings!

I have a samba 3.6.18 acts as a domain member.
I'm using a samba nss and creating local groups for a domain users.
Here part of my nsswitch.conf:

group: files winbind
passwd: files winbind

The problem is that the tdb unix GID mappings returns different ID from time to
time for the same SIDs.
Suppose we have a local group "samba_svn1", created with "NET SAM
CREATELOCALGROUP".
After creation, group "samba_svn1" has SID
S-1-5-21-3743722752-3344840800-2625497366-1074 and GID 30025. But, from time to
time this SID receives a
different GID mapping: 30027.
Following are the result of service commands, which demonstrates a real problem:

NSS is always works correctly:

[root at dynamo ~]# getfacl /zfsmount/svn/svn1
# file: /zfsmount/svn/svn1
# owner: www
# group: www
group:DYNAMO\samba_svn1:rwxpDdaARWcCos:fd----:allow
             owner@:rwxp--aARWcCos:------:allow
             group@:------a-R-c--s:------:allow
          everyone@:------a-R-c--s:------:allow
[root at dynamo ~]# getent group samba_svn1
DYNAMO\samba_svn1:x:30025
[root at dynamo ~]# wbinfo --sid-to-gid
S-1-5-21-3743722752-3344840800-2625497366-1074
30025

But, just after that, when i try to get info from idmap DB and the cache, i see
a very strange results. SID
S-1-5-21-3743722752-3344840800-2625497366-1074 is mapped to GID 30027:

[root at dynamo ~]# net idmap dump|grep
S-1-5-21-3743722752-3344840800-2625497366-1074
dumping id mapping from /var/db/samba/winbindd_idmap.tdb
GID 30027 S-1-5-21-3743722752-3344840800-2625497366-1074
[root at dynamo ~]# net cache list|grep
S-1-5-21-3743722752-3344840800-2625497366-1074
Key: IDMAP/SID2GID/S-1-5-21-3743722752-3344840800-2625497366-1074       
Timeout: Mon Sep 23 09:14:17 2013       Value: 30025
Key: IDMAP/GID2SID/30025         Timeout: Mon Sep 23 09:14:17 2013       Value:
S-1-5-21-3743722752-3344840800-2625497366-1074
Key: IDMAP/GID2SID/30027         Timeout: Thu Sep 19 13:44:48 2013       Value:
S-1-5-21-3743722752-3344840800-2625497366-1074

"net idmap check" doesn't resolve the problem, but gives an
additional info: 30027 is a highest GID from my DB (maybe it's a key to
problem):

[root at dynamo ~]# net idmap check
check database: /var/db/samba/winbindd_idmap.tdb
uid hwm: 30018
gid hwm: 30027
mappings: 39
other: 3
invalid records: 0
missing links: 0
invalid links: 0
0 changes:

Question: is my problem because of bug, or it's because of misconfigured
server. Here my config:

[global]
         dos charset = CP866
         workgroup = HTS
         realm = HTS.KH.UA
         server string          security = ADS
         map to guest = Bad Password
         local master = No
         wins server = 192.168.32.5
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind expand groups = 10
         winbind nss info = rfc2307
         winbind max domain connections = 50
         idmap config HTS : schema_mode = rfc2307
         idmap config HTS : range = 10000-29999
         idmap config HTS : backend = ad
         idmap config HTS : default = yes
         idmap config * : range = 30000-49999
         idmap config * : backend = tdb

[svn1]
         path = /zfsmount/svn/svn1
         valid users = @samba_svn1
         read only = No
         create mask = 0700
         force create mode = 0700
         inherit owner = Yes
         map archive = No
         map readonly = no
         vfs objects = zfsacl
         nfs4: chown = no
         nfs4:acedup = dontcare
         nfs4: mode = special

P.S. An upgrade to newer ver. 4.0 is undesirable for me, and i do it only if
ver. 4.0 really solve my problem.

Thanks in advance.
-- 
Best regards,
Pavel