I just noticed this happening. Somebody rebooted our domain controller, then when a user went to log on, he got "log on failed". We are running winbind on RHEL 5.5. I looked through the secure log and see this:

Aug 23 09:17:26 hostname kdm: :0[8364]: pam_winbind(kdm:auth): getting password (0x00000210)
Aug 23 09:17:26 hostname kdm: :0[8364]: pam_winbind(kdm:auth): pam_get_item returned a password
Aug 23 09:17:26 hostname kdm: :0[8364]: pam_winbind(kdm:auth): user 'user id' granted access
Aug 23 09:17:26 hostname kdm: :0[8364]: pam_listfile(kdm:account): getgrgid(16777223) failed
Aug 23 09:17:26 hostname kdm: :0[8364]: pam_winbind(kdm:account): user 'user id' OK
Aug 23 09:17:26 hostname kdm: :0[8364]: pam_winbind(kdm:account): user 'user id' granted access


Then, a second user tried to log on to the same machine, and she was successful. After she logged out, the 1st person tried to log back in and was successful. Here is her log in:

Aug 23 09:21:50 hostname kdm: :0[8364]: pam_winbind(kdm:auth): getting password (0x00000210)
Aug 23 09:21:50 hostname kdm: :0[8364]: pam_winbind(kdm:auth): pam_get_item returned a password
Aug 23 09:21:50 hostname kdm: :0[8364]: pam_winbind(kdm:auth): user 'user 2' granted access
Aug 23 09:21:50 hostname kdm: :0[8364]: pam_winbind(kdm:account): user 'user 2' OK
Aug 23 09:21:50 hostname kdm: :0[8364]: pam_winbind(kdm:account): user 'user 2' granted access
Aug 23 09:21:50 hostname kdm: :0[8364]: pam_unix(kdm:session): session opened for user user 2 by (uid=0)
Aug 23 09:22:07 hostname kdm: :0[8364]: pam_unix(kdm:session): session closed for user 2

I notice in the failed log on attempt that getgrid failed because it was tied to pam_listfile and not pam_winbind. Then when user 1 tried to log on the 2nd time, after user 2 was successful, it was tied back to pam_winbind.

Any thoughts on what could be causing this?

This has happened to 3 different servers. If I reboot them, I no longer have this issue but I don't want to reboot the servers.