It looks like the bug where previous versions of samba had issues treating local users with the same names as domain users, has been fixed in 4.17. Samba is not being confused anymore, "thinking" the same user "sometimes" has one SID and sometimes another (with this behavior being non-deterministic). Starting with 4.17, it correctly (or at least expectedly, or natively) uses uid from /etc/password for a user from domain if it is listed in local /etc/password, and maps the "two" into the same domain SID, effectively making it the same user. It's interesting to find out where this has been fixed. This is JFYI, it's not a question. Thanks, /mjt