samba - Feb 2025 - Reported group membership is different between domain member and Samba ADC

On my Linux domain members, group membership for my domain login is 
reported as:

 ??? terra #? id SAMDOM\\jgraham
 ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) 
groups=10513(SAMDOM\domain 
users),11105(SAMDOM\jgraham),11120(SAMDOM\wheel),3001(BUILTIN\users)

(I filtered local groups to make the output less noisy.) But on the ADC 
the same command give different results:

 ??? dc1 # id SAMDOM\\jgraham
 ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) 
groups=10513(SAMDOM\domain users),3000020,3000006(BUILTIN\users)

The difference that's causing me an issue right now is the missing 
membership in the domain "wheel" group. How would I go about 
troubleshooting this?

- John

On Fri, 14 Feb 2025 10:03:33 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> On my Linux domain members, group membership for my domain login is 
> reported as:
> 
>  ??? terra #? id SAMDOM\\jgraham
>  ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) 
> groups=10513(SAMDOM\domain 
> users),11105(SAMDOM\jgraham),11120(SAMDOM\wheel),3001(BUILTIN\users)
> 
> (I filtered local groups to make the output less noisy.) But on the
> ADC the same command give different results:
> 
>  ??? dc1 # id SAMDOM\\jgraham
>  ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) 
> groups=10513(SAMDOM\domain users),3000020,3000006(BUILTIN\users)
> 
> The difference that's causing me an issue right now is the missing 
> membership in the domain "wheel" group. How would I go about 
> troubleshooting this?
> 
> - John
The real question here is:

Why do you need a group called wheel ?

There isn't one in AD by default, nor on Debian, but redhat uses it,
but it is a local group and shouldn't be in AD.

Rowland