I have a problem regarding AD group membership not being always reflected on a Linux machine.
I have joined several CentOS 7.8 machines in my AD, based on Samba and Winbind. After the join, those machines are successfully added to the domain and they all have DNS entries. All the services are up-to-date.
On some machines, the integration works fine: When a user logs in, his groups are visible. On other machines, this is not the case: only the primary group of the user is shown.
All the machines and the steps to join the domain are the same. If I look through the samba logs on the working machines I find multiple user lookups when the authentication takes places, while on the faulty machines there is no lookups (it's like the machine isn't communicating with the AD and it doesn't try to fetch the groups, except for the primary one).
I've tried several workaround removing smb caches/tdb, etc.. but nothing works. Can someone help me with a solution or a troubleshooting guide so I can figure it out what is going on here?
