Comment 12 for bug 207791

uid/name gid/name mappings depend on the backend chosen. If the backend doesn't cache or calculate the uids and gids then it's likely trying to query a Domain Controller.

   1. Check your idmap backend setup in /etc/samba/smb.conf
   2. Check /var/log/samba/log.winbind* for relevant errors/warnings
   3. If using rid or ads as the backend, try to find out if you can still query the domain controller with wbinfo -u and wbinfo -g. You may need to check klist, net ads status, net ads info to see if your kerberos key didn't get renewed. Some of this should be run under sudo with an Active Directory (AD) authenticated user.
   4. Try re-logging in with an AD user and see if the problem is fixed. If so, it might be that a new key was issued.

I kind of wonder if the winbind refresh tickets option isn't working for some reason.

     Drew Daniels
Resume: http://www.boxheap.net/ddaniels/resume.html