Rockstor Domain integration

HI Rockstor Team,

i have added my Rockstor to an Active Directory Domain (Join was successful).

In users and groups, I see all items from AD (Users, Groups and Computeraccounts).

I have created a share, set permissions to share (owner and group from AD), permission 777.

In samba I added this share and tried to access the UNC path – so far so good.

I´m also able to set permissions with owner.

But as soon as I try to access the samba share with another user from same domain, who is member of the group, the user is not able to access this share.

If I enable access for everyone the user can access, but not if I add only the group.

I have verified the Kerberos token of the user (klist and verified group membership with whoami /all), and I see the correct Kerberos token for the server (cifs/fqdn@domain name, keytype: AES-256-CTS-HMAC-SHA1-96).
DC is a Windows Server 2022.

May you have an idea what´s going wrong, or maybe how to debug this issue.

Many thanks