We are running Samba 3.0.24 paired with Windows 2003 R2 AD. Samba is used as file server, accessed by domain users. I've noticed wbinfo is showing only partial domain group info for particular user - user Alice is member of 15 Global Security groups (as verified running net user alice /domain command on Windows side), but 'wbinfo --user-domgroups' displays only 5 (five!) items: $ wbinfo -n DOMAIN+ALICE S-1-5-21-...-4604 User (1) $ wbinfo --user-domgroups S-1-5-21-...-4604 S-1-5-21-...-4604 S-1-5-21-...-1870 S-1-5-21-...-513 S-1-5-21-...-1397 S-1-5-21-...-1404 The same applies to 'net usersidlist': # net usersidlist ... alice S-1-5-21-...-4604 S-1-1-0 S-1-5-2 S-1-5-11 S-1-5-21-...-1870 S-1-5-21-...-513 S-1-5-21-...-1397 S-1-5-21-...-1404 ... log.winbind (log level = 10) shows following while running 'wbinfo --user-domgroups': ... [2007/08/02 12:13:40, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 17 [2007/08/02 12:13:40, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/08/02 12:13:40, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/08/02 12:13:40, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/08/02 12:13:40, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/08/02 12:13:40, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETUSERDOMGROUPS [2007/08/02 12:13:40, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 7620 [2007/08/02 12:13:40, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=225 ... Please note, that $ getent group | grep -i alice shows all expected groups but Domain Users (14 groups total!) To sum it all up, user Alice is shown as member of * 15 GS groups as reported by AD Users and Computers * 5 groups as reported by 'wbinfo --user-domgroups' * 5 groups as reported by 'net usersidlist' * 14 groups as reported by 'getent group'