When you're using winbind you'll get users registered as themselves, without any domain information. But when you look at groups file, you may notice than all users are registered with domain name on it.
So, when you try to validate using an Active Directory name, you'll never find the user related to the group, because pw_name differs from the name on groups file. So, before checking if the user is in *members, we'll get the pwent, and compare using uid instead of name.
To do that you have to patch your copy of auth-sys-mod and activate the setting AuthGROUP_UIDComparison into your Apache configuration.