It's typical that some file operations set a NTACL, which tries sid2uid() before sid2gid(), this will create a negative cache entry. Negative SID2UID entries cause that a valid SID2GID mapping is ignored and the group is ignored in the UNIX Token.
Created attachment 7661 [details] Patch for v3-6-test
Comment on attachment 7661 [details] Patch for v3-6-test I think the last patch is not complete or not even fully correct: we should at least set "map->status = ID_UNMAPPED" for gid / uid == -1. Also if gid cache entry is -1, shouldn't we try the uid cache?
Created attachment 7662 [details] Possible patches for v3-6-test
Created attachment 7663 [details] Possible patches for master
Created attachment 7667 [details] Patches for v3-6-test
Comment on attachment 7667 [details] Patches for v3-6-test ACK, as discussed and tested
==> Karolin for inclusion into 3.6.X
Pushed to v3-6-test. Closing out bug report. Thanks!