samba - Jan 2013 - Solaris 11.1 + Samba 3.6.6 + ads + getent group - a bug, perhaps?

Hi,

I posted a few days ago with some Samba + ADS integration problems.

I've since progressed to a point where I have a Solaris 11.1 host running
Samba 3.6.6 with ads as the security type, running winbind for my mapping needs.

I can now wbinfo ?u and wbinfo ?g just fine. Returns things as I'd expect
from the local and auth-sources (AD).

What I can also do is getent passwd, which returns domain users perfectly.

What I *can't* seem to do is getent group in any way, shape or form.

My /etc/nsswitch.conf is sane:

passwd: files winbind
group: files winbind
hosts: files dns
ipnodes: file

When I do try to getent group, I see:

[2013/01/14 20:03:36.835081,  1, pid=788]
libads/ldap_utils.c:134(ads_do_search_retry_internal)
  ads reopen failed after error Timelimit exceeded
[2013/01/14 20:03:36.835209,  1, pid=788]
libads/ldap_utils.c:315(ads_ranged_search_internal)
  ads_search: Timelimit exceeded
[2013/01/14 20:03:36.835261,  0, pid=788]
winbindd/winbindd_ads.c:1084(lookup_groupmem)
  ads_ranged_search failed with: Timelimit exceeded

Can't help but think after searching the lists that this might be a bug.
Apparently there was a bug in the 3.5.x series (I think?) where, if there were
> 1000 groups (or was it users in a group?) there were issues like this.

Can someone shed some light and help out? It's the last "bit"
I've got to get working. Currently I can chown files with a username that
getent can resolve, but I can't resolve AD group names unfortunately, as a
consequence of the above. I'd love to get my fileserver up and running :).

Thanks, all.

--JC