to test AD do a group role for each, one at a time Complete delete the frist . That way you wil elliominate a corrupt nt group

there is only one domain.

the user has several groups assignated in AD but he is only using one rule

i have tried to disable trusted domain and try and its doesnt work

i attach a pic about my configuration AUTH SERVER

Hmm; not one of the common items for the message you are seeing.

Are you also currently working with JTAC on this?

If you take a TCP dump on the IVE internal port while the user tries to login, what do you see for commnication to/from the domain controller?

i dunno what is JTAC.

ill use TCP Dump tomorrow in the client.

Its weird because the 3 first users and group that i created they can login correctly but if i create a new rule using other user or group diferent. NOTHING WORKS

im losing my mind

thanks

I am sorry; JTAC is the Juniper Technical Assistance Center (support)

ill open a case tomorrow i havent the serial number to create it.

i dont know what more i can do

i have the file TCP DUMP. how can i open this file?? what program?? thanks

You can use wireshark to read the file

what should it appear wrong in wireshark, i see many events but i dont know what usefull information i can get from here.

i attach a screenshot wireshark.