ADS - Not recognizing Domain Admin group membership (from 1 workstation only)

I've been running a couple Centos5 and RHEL4/5 servers with samba for a
while now and everything has been working great with our Windows 2003 AD.

All of a sudden though I'm experience something really weird on one of the
RHEL5 boxes.  Whenever I try to connect as a Domain Admin from one
particular Vista client, I get access denied and repeated prompts for a
username/password - this has always worked in the past, and still does using
any domain admin account from any other computer (XP or Vista).

Looking at the log I see this when connecting as a Domain Admin from a good
client:
connect to service Reports initially as user XXXXX+yyyyyy (uid=0,
gid=16777220)
and when connecting as a the same Domain Admin from the bad vista client:
connect to service Reports initially as user XXXXX+yyyyyy (uid=16777222,
gid=16777220)

The other share, with a force user=localuser option set produces the
following:
connect to service htdocs initially as user XXXXX+yyyyyy (uid=501,
gid=16777220)
and when connecting as a the same Domain Admin from the bad vista client:
connect to service htdocs initially as user XXXXX+yyyyyy (uid=16777222,
gid=16777220)

So it appears that any connections coming from this one workstation are not
recognised as Domain Admin members.

This particular workstation can connect to any of our other samba servers
(same version 3.0.26a-SerNet-RedHat or older 3.0.21b-2) with