It is observed on one or more servers with Centrify-Enabled Samba installed that one or more group memberships for AD users are not being recognized when accessing shares. This is happening seemingly randomly to random users on a server that was working without issue previously.
After investigating with the AD team it was determined that one or more Windows 2012 DCs were recently deployed in the domain however your Domain Functional Level (DFL) was not modified so they should be compatible with all other DCs running older Windows OS versions.
Windows 2012 has a new feature called "SID compression" which is enabled by default regardless of the DFL level. SID compression is not supported in open source Samba version 3.6.x which Centrify-Enabled Samba is based on.
Request your AD team disable SID compression on all Windows 2012 DCs temporarily as per the Microsoft article below: