[Samba] Local group auth not working for domain members with SECURITY=ADS

[Tom Noonan II]

	I have a Samba 3.5.10 (Cent 6) server succesfully joined to the
domain.  Domain logins and domain group control are working.  I have a share
configured with "valid users = +unixgroup" that my domain user cannot access
but my local unix user can.  The only group related error message is coming
from string_to_sid(), which I am confident is a red-herring.
	My goal in this experiment is to try and get NSS based group access
working, so that I can expand to non-AD group lists.  I have a rather
convoluted auth backend that I'm trying to glue Samba onto, and I don't control
the AD servers.  I have tried "net sam mapunixgroup unixgroup" but that did not
change the result.  I did not try adding users to the group via "net sam" as
that is not a workable solution for my end goal.
	 My question at this time is if this is behavior is expected. Will
Samba check the NSS groups for domain members?  Also, I see samba calls
getgrouplist() samba3/lib/from system_smbd.c.	Is this code executed for
domain member lookups?
	Thanks in advance.

-- 
Tom Noonan II
ESL Technician - Randstad