From one of the users of the official Debian packages. This is confirmed in both 3.0.24 and 3.0.25a. I'll send a level 10 debug log for winbind as well

I have a setup with a win 2003 server, and I'm using ADS.  I have a few
Debian boxes with samba on it, most of them are running sarge (so
3.0.14a-3sarge6).  I don't have a problem with those running sarge.

They don't share any uid or somthing, they all have config that looks
like:
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes

Recently I had to replace one of them and installed etch on it.  It
started with version 3.0.24-6etch1, and is now running 3.0.24-6etch4.
All the versions have the same problem.

What I notice is big delay in looking up usernames and groups.  This is
ussually in the order of several minutes.  It could also be few seconds,
but even that is long compare to the sarge versions which return that
information directly.  It then works for some time (5 minutes, until the
cache expires?) and then needs to start over.  Sometimes it also just fails.
When looking it up, looking at the log file, it seems that getting the
uid/gid isn't a problem, it getting the list of groups that's a problem.
After it received lots of groups, it show the message:
Failed to enumerate domain local groups

"getent passwd" seems to keep working (as long as it doesn't need to get
the list of groups again), "getent group" gets a delay.

What I think is the problem is that the group it tried to look up has a
space in it.  After it showed the above message, looking up the name of
the last group it tried to look up has a space in it.  It's also not
showing any other group with a space in it, like some of the builtin
groups like "BUILTIN\system operators".