Do k8s RBAC authenticate to Windows AD user group?

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version:1.21
Cloud being used: VMware
Installation method: create by VMware Tanzu
Host OS: Photon

Hi experts , Today I finished Tanzu k8s cluster create and integrate windows AD by pinniped for user authentication, I create a AD group named tanzu-admin which has a user name user1, I create a cluster role binding for AD group tanzu-admin use command kubectl create clusterrolebinding id-mgmt-tanzu-admin --clusterrole cluster-admin --group=tanzu-admin@demo.local,
after user1 finished authenticate for work load cluster, I use command kubectl get pods -A --kubeconfig /tmp/id_mgmt_tanzu-admin_kubeconfig I got error Error from server (Forbidden): pods is forbidden: User “user1@demo.local” cannot list resource “pods” in API group “” at the cluster scope.

I would like to know if k8s support this way?