You are timing out on the failing user; the groups cannot be retrieved and hence login fails.
Is the user a member of many groups? Do you have more than one domain? If yes, can you disable trusted domain login on the auth server instance and try?
there is only one domain.
the user has several groups assignated in AD but he is only using one rule
i have tried to disable trusted domain and try and its doesnt work
i attach a pic about my configuration AUTH SERVER
Hmm; not one of the common items for the message you are seeing.
Are you also currently working with JTAC on this?
If you take a TCP dump on the IVE internal port while the user tries to login, what do you see for commnication to/from the domain controller?
i dunno what is JTAC.
ill use TCP Dump tomorrow in the client.
Its weird because the 3 first users and group that i created they can login correctly but if i create a new rule using other user or group diferent. NOTHING WORKS
im losing my mind
what should it appear wrong in wireshark, i see many events but i dont know what usefull information i can get from here.
i attach a screenshot wireshark.