If you have configured idmap_ad, then we set the gid to (uid_t)-1 for groups we could not map. This is also returned in a getgroups() call. This results in an output like this: samba:~ # id DISCWORLD+joe1 uid=10001(DISCWORLD+joe1) gid=10001(DISCWORLD+domain users) groups=10001(DISCWORLD+domain users),4294967295 We should skip a -1 gid in the nss backend.
Created attachment 10300 [details] v4-1-test patch
Created attachment 10301 [details] v4-0-test patch
Karolin, please add the patches to the relevant branches. Thanks!
Pushed to autobuild-v4-[0|1]-test.
(In reply to comment #4) > Pushed to autobuild-v4-[0|1]-test. Pushed to v4-1-test, waiting for autobuild-v4-0-test
Pushed to both branches. Closing out bug report. Thanks!