NFS: control file/folder access using groups on the server
Solution 1:
As you are thinking about local accounts, I assume that you are using AUTH_SYS based rpc authentication. This means that client sends with each request uid and gids. IOW, the nfa server just uses group membership information provided by the clients.
There are two possibilities (that I know) to fix that:
complicated one
Use RPCSEC_GSS - the kerberized access and map user principals on the server side to desired uid and gids or query a LDAP server.
simple one
Configure the server (rpc.mountd) to start with --manage-gids
option that will tell the server to ignore gids provided by the client and query it locally based on the uid.