smbd calls initgroups() to set the unix group members of the existing process and then getgroups() to get the list back. This is truncated to the OS limit (NGROUPS_MAX). So the NT_USER_TOKEN (built by the net_sam_logon reply) can have more groups than those listed in unix_user token. 2.2. solved this by calling add_supplementary_nt_login_groups() in register_vuid()
See also bug 267
this is an OS limitation and not much we can do about it. Closing it.
originally reported against 3.0.0beta3. CLeaning out non-production release versions.