# samba --version
Version 4.1.6-Ubuntu
# cat /proc/sys/kernel/ngroups_max
65536
# sysctl kernel.ngroups_max
kernel.ngroups_max = 65536
/etc/samba/smb.conf
   security = ads
   realm = MYDOMAIN.LOCAL
   workgroup = MYDOMAIN
   idmap config * : backend = tdb
   idmap config * : range = 2000-7999
   idmap config MYDOMAIN:backend = ad
   idmap config MYDOMAIN:schema_mode = rfc2307
   idmap config MYDOMAIN:range = 8000-9999999
   winbind nss info = rfc2307
   winbind use default domain = yes
   winbind nested groups=yes
   # so that the users show up in getent
   winbind enum users = Yes
   # doesn't seem to do the same for groups :-/
   winbind enum groups = Yes
   restrict anonymous = 2
65536 is fine, more than enough for me
but something else is limiting my active groups
if I login as a user and run
> id|sed "s/,/\n/g"|grep -v 4294967295|wc -l
28
> id $USER|sed "s/,/\n/g"|grep -v 4294967295|wc -l
143
what is blocking my other 115 groups?
As Mattias Zhabinskiy pointed out to me I can use other groups but I have
to set them like so
> newgrp myothergroup
then I am in the other group, but I'd like for them to show in
"id"