Comment 13 for bug 207791

   1. Check your idmap backend setup in /etc/samba/smb.conf

Checked - ok here.

   2. Check /var/log/samba/log.winbind* for relevant errors/warnings

No errors or warnings.

   3. If using rid or ads as the backend, try to find out if you can still query the domain controller with wbinfo -u and wbinfo -g. You may need to check klist, net ads status, net ads info to see if your kerberos key didn't get renewed. Some of this should be run under sudo with an Active Directory (AD) authenticated user.

Yes i can query - and after issuing wbinfo -u or wbinfo -g or getent my "name, uid mappings" are known again. But thats the problem - those infos should not be "lost" (see original report above) - my ticket was still valid >9 hours.

   4. Try re-logging in with an AD user and see if the problem is fixed. If so, it might be that a new key was issued.

Yeah of cause relogin does fix - but it will happen again after a short time - that won't fix the issue reported.