The Samba-Bugzilla – Bug 13300
Group memberships are not expanded on trust boundaries
Last modified: 2018-09-12 09:22:24 UTC
If a user or group of a trusted domain is member of a group in the local
domain, we currently ignore that and don't include the required group sid
to the users security token.
This is fixed in master and 4.9