We hit the exact bug that was mentioned here. https://bugzilla.redhat.com/show_bug.cgi?id=1378557 The issue was happening only with multiple AD domains configured and trust established between them. libnfsidmap was stripping the domain name if a username is passed in fully-qualified domain name format. No-Strip option in idmapd.conf has to be set to "both" to stop nfsidmap from stripping the domain name. Even with this option set, I could not get it working with libnfsidmap-0.25/26. I could only get it working with libnfsidmap-0.27. I compiled it, replaced both libraries, libnfsidmap.so and nsswitch.so and username was properly being passed to the layer below (sssd/winbind). With this fix, id is properly being resolved with sssd and winbind. Thanks, Satya.