diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -4163,8 +4163,8 @@
 	    M_NFSUSERGROUP, M_WAITOK | M_ZERO);
 	error = copyin(nidp->nid_name, newusrp->lug_name,
 	    nidp->nid_namelen);
-	if (error == 0 && nidp->nid_ngroup > 0 &&
-	    (nidp->nid_flag & NFSID_ADDUID) != 0) {
+	if (error == 0 && (nidp->nid_flag & NFSID_ADDUID) != 0 &&
+	    nidp->nid_gid != NFSD_VNET(nfsrv_defaultgid)) {
 		grps = malloc(sizeof(gid_t) * nidp->nid_ngroup, M_TEMP,
 		    M_WAITOK);
 		error = copyin(nidp->nid_grps, grps,
@@ -4176,9 +4176,8 @@
 			 */
 			cr = crget();
 			cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
-			crsetgroups_and_egid(cr, nidp->nid_ngroup, grps,
-			    GID_NOGROUP);
-			cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
+			cr->cr_gid = cr->cr_rgid = cr->cr_svgid = nidp->nid_gid;
+			crsetgroups(cr, nidp->nid_ngroup, grps);
 			cr->cr_prison = curthread->td_ucred->cr_prison;
 			prison_hold(cr->cr_prison);
 #ifdef MAC
diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c
--- a/usr.sbin/nfsuserd/nfsuserd.c
+++ b/usr.sbin/nfsuserd/nfsuserd.c
@@ -26,6 +26,7 @@
  */
 
 #include <sys/param.h>
+#include <sys/conf.h>
 #include <sys/errno.h>
 #include <sys/linker.h>
 #include <sys/module.h>
@@ -91,9 +92,9 @@
 
 u_char *dnsname = "default.domain";
 u_char *defaultuser = "nobody";
-uid_t defaultuid = 65534;
+uid_t defaultuid = UID_NOBODY;
 u_char *defaultgroup = "nogroup";
-gid_t defaultgid = 65533;
+gid_t defaultgid = GID_NOGROUP;
 int verbose = 0, im_a_server = 0, nfsuserdcnt = -1, forcestart = 0;
 int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0;
 pid_t servers[MAXNFSUSERD];
@@ -347,14 +348,14 @@
 
 	pwd = getpwnam(defaultuser);
 	if (pwd)
-		nid.nid_uid = pwd->pw_uid;
-	else
-		nid.nid_uid = defaultuid;
+		defaultuid = pwd->pw_uid;
+	nid.nid_uid = defaultuid;
+
 	grp = getgrnam(defaultgroup);
 	if (grp)
-		nid.nid_gid = grp->gr_gid;
-	else
-		nid.nid_gid = defaultgid;
+		defaultgid = grp->gr_gid;
+	nid.nid_gid = defaultgid;
+
 	nid.nid_name = dnsname;
 	nid.nid_namelen = strlen(nid.nid_name);
 	nid.nid_ngroup = 0;
@@ -375,9 +376,9 @@
 	 */
 	setgrent();
 	while (i < nid.nid_usermax && (grp = getgrent())) {
-		nid.nid_gid = grp->gr_gid;
 		nid.nid_name = grp->gr_name;
 		nid.nid_namelen = strlen(grp->gr_name);
+		nid.nid_gid = grp->gr_gid;
 		nid.nid_ngroup = 0;
 		nid.nid_grps = NULL;
 		nid.nid_flag = NFSID_ADDGID;
@@ -417,18 +418,25 @@
 		nid.nid_uid = pwd->pw_uid;
 		nid.nid_name = pwd->pw_name;
 		nid.nid_namelen = strlen(pwd->pw_name);
+		nid.nid_gid = defaultgid;
+		nid.nid_ngroup = 0;
+		nid.nid_grps = NULL;
+
 		if (manage_gids != 0) {
 			/* Get the group list for this user. */
 			ngroup = NGROUPS;
 			if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
-			    &ngroup) < 0)
+			    &ngroup) < 0) {
 				syslog(LOG_ERR, "Group list too small");
-			nid.nid_ngroup = ngroup;
-			nid.nid_grps = grps;
-		} else {
-			nid.nid_ngroup = 0;
-			nid.nid_grps = NULL;
+				ngroup = NGROUPS;
+			}
+			nid.nid_gid = pwd->pw_gid;
+			if (ngroup > 0) {
+				nid.nid_ngroup = ngroup - 1;
+				nid.nid_grps = grps + 1;
+			}
 		}
+
 		nid.nid_flag = NFSID_ADDUID;
 #ifdef DEBUG
 		printf("add uid=%d name=%s\n", nid.nid_uid, nid.nid_name);
@@ -617,22 +625,29 @@
 			nid.nid_usertimeout = defusertimeout;
 			nid.nid_uid = pwd->pw_uid;
 			nid.nid_name = pwd->pw_name;
+			nid.nid_gid = defaultgid;
+			nid.nid_ngroup = 0;
+			nid.nid_grps = NULL;
+
 			if (manage_gids != 0) {
 				/* Get the group list for this user. */
 				ngroup = NGROUPS;
 				if (getgrouplist(pwd->pw_name, pwd->pw_gid,
-				    grps, &ngroup) < 0)
+				    grps, &ngroup) < 0) {
 					syslog(LOG_ERR, "Group list too small");
-				nid.nid_ngroup = ngroup;
-				nid.nid_grps = grps;
-			} else {
-				nid.nid_ngroup = 0;
-				nid.nid_grps = NULL;
+					ngroup = NGROUPS;
+				}
+				nid.nid_gid = pwd->pw_gid;
+				if (ngroup > 0) {
+					nid.nid_ngroup = ngroup - 1;
+					nid.nid_grps = grps + 1;
+				}
 			}
 		} else {
 			nid.nid_usertimeout = 5;
 			nid.nid_uid = (uid_t)info.id;
 			nid.nid_name = defaultuser;
+			nid.nid_gid = defaultgid;
 			nid.nid_ngroup = 0;
 			nid.nid_grps = NULL;
 		}
@@ -660,12 +675,12 @@
 		info.retval = 0;
 		if (grp != NULL) {
 			nid.nid_usertimeout = defusertimeout;
-			nid.nid_gid = grp->gr_gid;
 			nid.nid_name = grp->gr_name;
+			nid.nid_gid = grp->gr_gid;
 		} else {
 			nid.nid_usertimeout = 5;
-			nid.nid_gid = (gid_t)info.id;
 			nid.nid_name = defaultgroup;
+			nid.nid_gid = (gid_t)info.id;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
 		nid.nid_ngroup = 0;
@@ -702,6 +717,12 @@
 			nid.nid_name = info.name;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
+		/*
+		 * Groups filled with default values as RPCNFSUSERD_GETUSER is
+		 * only used by the kernel to resolve a user name, by contrast
+		 * with RPCNFSUSERD_GETUID where getgrouplist() is called.
+		 */
+		nid.nid_gid = defaultgid;
 		nid.nid_ngroup = 0;
 		nid.nid_grps = NULL;
 		nid.nid_flag = NFSID_ADDUSERNAME;
@@ -727,12 +748,12 @@
 		info.retval = 0;
 		if (grp != NULL) {
 			nid.nid_usertimeout = defusertimeout;
-			nid.nid_gid = grp->gr_gid;
 			nid.nid_name = grp->gr_name;
+			nid.nid_gid = grp->gr_gid;
 		} else {
 			nid.nid_usertimeout = 5;
-			nid.nid_gid = defaultgid;
 			nid.nid_name = info.name;
+			nid.nid_gid = defaultgid;
 		}
 		nid.nid_namelen = strlen(nid.nid_name);
 		nid.nid_ngroup = 0;