If only cached_login is in use without krb5_auth, then authentication always fail.
The problem seems to be around in winbind_auth_request() nsswitch/pam_winbind.c
Only if krb5_auth is specified then request.data.auth.uid is filled with something meaningful.
Later in the code if cached_login is selected there is a check for this not being -1 and if it is authentication simply fails completely.
Just rephrasing as Jeremy politely argued I was not clear enough (see IRC logs if you are curious :-)
Authentication fails when *only* cached_login is specified as a pam_winbind module option
When cached_login is selected a check is made to determine if request.data.auth.uid is the default value of -1.
In case it is -1 an error is returned and authentication fails
request.data.auth.uid is set to a non default value only when the krb5_auth option is selecetd. See nsswitch/pam_winbind.c:winbind_auth_request()
Should be fixed with -r21318.