--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -239,10 +239,13 @@ bool push_sec_ctx(void)
 
 static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
 {
+	int max = groups_max();
+
 	/* Start context switch */
 	gain_root();
 #ifdef HAVE_SETGROUPS
-	if (sys_setgroups(gid, ngroups, groups) != 0 && !non_root_mode()) {
+	if (sys_setgroups(gid, (ngroups > max) ? max : ngroups, groups) 
+            != 0 && !non_root_mode()) {
 		smb_panic("sys_setgroups failed");
 	}
 #endif