We have setup Samba Version 3.0.20b with "experimental" IDMAP_RID with Winbind support on FreeBSD 5.4 and followed the docs at http://us1.samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html#id2587670. The problem is that the id command (the FreeBSD equivalent to getent) does not return all the groups the user is a member of, however wbinfo does. Some output: # id MYDOMAIN\\adomainuser uid=16705(adomainuser) gid=1013(Domain Users) groups=1013(Domain Users) wbinfo -r adomainuser 1013 13137 44063 44067 83000 44139 42929 44187 82964 13136 82963 71079 44723 44186 44064 82998 44066 1020 42928 44176 75253 44138 44709 #cat /usr/local/etc/smb.conf [global] server string = testbox 3 netbios name = TESTBOX03 workgroup = MYDOMAIN realm = MY.DOMAIN security = ads password server = adserver1 adserver2 lanman auth = no ntlm auth = no client ntlmv2 auth = yes encrypt passwords = yes use spnego = yes use kerberos keytab = yes allow trusted domains = no idmap backend = idmap_rid:MYDOMAIN=500-100000000 idmap uid = 500-100000000 idmap gid = 500-100000000 template shell = /usr/sbin/nologin winbind use default domain = Yes winbind enum users = No winbind enum groups = No winbind nested groups = Yes [DATA] path = /tmp read only = yes Is it possible to setup samba/winbind/FreeBSD to return all groups a user is a member of, and not just the Domain Users group while using the (very handy) IDMAP_RID with Winbind facility? Thanks for any help.