Can't login using a domain user

Hi,

I'm having trouble to login users with centrifyad with a Samba Ad.

Can't login and su users.

- adinfo -m shows connected

- adinfo (CentrifyDC 5.5.1-400)

- Linux Debian 9.5 Cinnamon

- adquery user domain_user -A

samAccountName:domain_user
displayName:domain_user
sid:S-1-5-21-543736460-3497894086-1236349235-1107
userPrincipalName:domain_user@domain.lan
canonicalName:domain.lan/domain/diretoria/domain_user
passwordHash:x
guid:e8585021-56bf-4782-9d3f-fabd430ec4d2
accountExpires:Never
passwordExpired:false
passwordExpires:Never
passwordWillExpire:-2
nextPasswordChange:Fri Sep 28 14:07:51 2018
lastPasswordChange:Tue Sep 25 14:07:51 2018
accountLocked:false
accountDisabled:false
requireMfa:false
zoneEnabled:false
memberOf:domain.lan/Users/Domain Users,domain.lan/domain/diretoria/diretoria

root@efi-cli-01:/home/administrator# adinfo --diag
adinfo (CentrifyDC 5.5.1-400)

Host Diagnostics
uname: Linux efi-cli-01 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64
OS: Debian
Version: 9.0
Number of CPUs: 4

IP Diagnostics
Local host name: cli-01
Local IP Address: xxx.xxx.xxx.xxx
Not found in DNS!Make sure it is in Reverse Lookup Zone.
FQDN host name:cli-01 (domain missing?)

Domain Diagnostics
Domain: domain.lan
Subnet site: Default-First-Site-Name
DNS query for: _ldap._tcp.domain.lan
Found SRV records:
efi-srv-ad.efiltros.lan:389
Testing Active Directory connectivity:
Domain Controller: efi-srv-ad.domain.lan
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: efi-srv-ad.domain.lan:389
Domain controller type: Windows 2008 R2
Domain Name: DOMAIN.LAN
isGlobalCatalogReady: TRUE
domainFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
forestFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
domainControllerFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
Forest Name: DOMAIN.LAN
DNS query for: _gc._tcp.DOMAIN.LAN
Testing Active Directory connectivity:
Global Catalog: efi-srv-ad.domain.lan
gc: 3268/tcp - good
Domain Controller: efi-srv-ad.domain.lan:3268
Domain controller type: Windows 2008 R2
Domain Name: DOMAIN.LAN
isGlobalCatalogReady: TRUE
domainFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
forestFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
domainControllerFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
Forest Name: DOMAIN.LAN

Retrieving zone data from domain.lan

Could not get domain RIDs from adclient: Bad data

Computer Account Diagnostics
Joined as: cli-01.domain.lan
Trusted for Delegation: false
Use DES Key Only: false
Key Version: 4
Service Principal Names: cifs/cli-01
cifs/cli-01.domain.lan
ftp/cli-01
ftp/cli-01.domain.lan
host/cli-01
host/cli-01.domain.lan

Supported Encryption Type(s): DES-CBC-CRC
DES-CBC-MD5
RC4-HMAC
AES128-CTS-HMAC-SHA1-96
AES256-CTS-HMAC-SHA1-96

Operating System Version: 6.1:9.0

System Diagnostic
Failed to get sysinfo from adclient.

Centrify DirectControl Status
Running in connected mode

Licensed Features: Disabled

with I try to su domain-user I get

No passwd entry for user 'domain-user'