After upgrading from 4.1.14 to 4.2.1 the resolution of some AD groups did not work properly. The domain had two DCs, one running on a 32 bit VM guest ubuntu server 10.04 and one running on a real host 64 bit with ubuntu server 12.04 wich acts also as file server. Both DCs use internal DNS. After upgrade, noticed that the access to shares owned by group "ufficio tecnico" by users part of that group where not permitted anymore. Noticed that winbindd resolved the group name to a SID/GID different than that stated in sam.ldb and than users did not have permissions to connect to the share. Trying to restart also the 32 bit VM I noticed that the problem appeared also there. Workaround suggested by Rowland Penny was to add the line ... server services = -winbindd + winbind ... in smb.conf After doing that both DCs resolved all groups correctly. Details on this thread http://samba.2283325.n4.nabble.com/gid-numbers-changed-after-upgrading-from-4-1-14-to-4-2-1-tp4684825.html