Thanks @osch I already tried the same thing following Authentication w/in Incus with Active Directory but for some reason it doesn’t work.
I restarted Incus, I restarted whole server. Created a new container, but still no success 
.
Host /etc/subuid and /etc/subgid are as yours but inside container I have
root@aha:~# cat /etc/subuid
ubuntu:100000:65536
root@aha:~# cat /etc/subgid
ubuntu:100000:65536
I noticed the uid_map for host is:
root@node-incus-1:~# cat /proc/self/uid_map
0 0 4294967295
and inside container
root@aha:~# cat /proc/self/uid_map
0 1000000 1000000000
Is this correct?