Samba 4 associado ao AD: pode acessar compartilhamentos usando FQDN, mas não usando IP ou aliases

Instalei um novo servidor Openmediavault 4 que juntei ao meu Active Directory gerenciado por dois controladores de domínio Samba 4.

Especificações:

• Domínio do Active DirectoryMEU.AD.DOMÍNIOgerenciado por dois controladores de domínio Samba 4 (servidor-z1.meu.ad.domínio (192.168.70.201)eservidor-z2.meu.ad.domínio (192.168.70.202)
• Um servidor de arquivos comSamba versão 4.5.12-DebiancorrendoOpenmediavault 4.1.0-1(Baseado em Debian 9)
• O endereço IP do servidor de arquivos é192.168.70.171
• O FQDN do servidor de arquivos é server-f1.my.ad.domain
• O servidor de arquivos tem um aliasservidor-f10.meu.ad.domínioconfigurado no DNS
• Quero acessar o servidor de arquivos de clientes usando o endereço IP (\192.168.70.171), o FQDN (\servidor-f1.meu.ad.domínio) e o alias DNS (\servidor-f10.meu.ad.domínio).

Entrei no Openmediavault usando SSSD seguindo o guia emhttps://forum.openmediavault.org/index.php/Thread/18886-Guide-how-to-join-OpenMediaVault-3-x-in-an-Active-Directory-domain/e posso listar os usuários do domínio usando getent passwdmesmo após a reinicialização.

O problema que tenho é que consigo acessar os compartilhamentos do Samba no Openmediavault conectando-me a ele usando o FQDN (\servidor-f1ou\servidor-f1.meu.ad.domínio), mas não usando o endereço IP (\192.168.70.171) ou o alias DNS (\servidor-f10ou\servidor-f10.meu.ad.domínio).

Quando acesso usando o endereço IP ou o alias DNS, recebo estes erros no sistema Openmediavault:

Mar 15 20:14:54 server-f1 smbd[21103]: [2018/03/15 20:14:54.956409,  2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
Mar 15 20:14:54 server-f1 smbd[21103]:   ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
Mar 15 20:14:54 server-f1 smbd[21103]: [2018/03/15 20:14:54.957928,  2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
Mar 15 20:14:54 server-f1 smbd[21103]:   ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
Mar 15 20:14:54 server-f1 smbd[21103]: [2018/03/15 20:14:54.961733,  1] ../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
Mar 15 20:14:54 server-f1 smbd[21103]:   WARNING: The "syslog" option is deprecated
Mar 15 20:14:54 server-f1 smbd[21103]: [2018/03/15 20:14:54.961772,  1] ../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
Mar 15 20:14:54 server-f1 smbd[21103]:   WARNING: The "syslog only" option is deprecated
Mar 15 20:14:54 server-f1 smbd[21103]: [2018/03/15 20:14:54.961984,  2] ../source3/param/loadparm.c:2685(lp_do_section)
Mar 15 20:14:54 server-f1 smbd[21103]:   Processing section "[homes]"
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.049955,  1] ../auth/credentials/credentials_secrets.c:410(cli_credentials_set_machine_account_db_ctx)
Mar 15 20:14:57 server-f1 smbd[21103]:   Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.050031,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
Mar 15 20:14:57 server-f1 smbd[21103]:   connect_to_domain_password_server: unable to open the domain client session to machine SERVER-Z1.MY.AD.DOMAIN. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.081918,  1] ../auth/credentials/credentials_secrets.c:410(cli_credentials_set_machine_account_db_ctx)
Mar 15 20:14:57 server-f1 smbd[21103]:   Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.081968,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
Mar 15 20:14:57 server-f1 smbd[21103]:   connect_to_domain_password_server: unable to open the domain client session to machine SERVER-Z1.MY.AD.DOMAIN. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.110632,  1] ../auth/credentials/credentials_secrets.c:410(cli_credentials_set_machine_account_db_ctx)
Mar 15 20:14:57 server-f1 smbd[21103]:   Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.110683,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
Mar 15 20:14:57 server-f1 smbd[21103]:   connect_to_domain_password_server: unable to open the domain client session to machine SERVER-Z1.MY.AD.DOMAIN. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.112016,  0] ../source3/auth/auth_domain.c:184(domain_client_validate)
Mar 15 20:14:57 server-f1 smbd[21103]:   domain_client_validate: Domain password server not available.
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.112060,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
Mar 15 20:14:57 server-f1 smbd[21103]:   check_ntlm_password:  Authentication for user [my.user] -> [my.user] FAILED with error NT_STATUS_NO_LOGON_SERVERS
Mar 15 20:14:57 server-f1 smbd[21103]: [2018/03/15 20:14:57.112088,  2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
Mar 15 20:14:57 server-f1 smbd[21103]:   SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.121674,  2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
Mar 15 20:14:57 server-f1 smbd[21104]:   ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.125426,  1] ../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
Mar 15 20:14:57 server-f1 smbd[21104]:   WARNING: The "syslog" option is deprecated
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.125460,  1] ../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
Mar 15 20:14:57 server-f1 smbd[21104]:   WARNING: The "syslog only" option is deprecated
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.125698,  2] ../source3/param/loadparm.c:2685(lp_do_section)
Mar 15 20:14:57 server-f1 smbd[21104]:   Processing section "[homes]"
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.197432,  1] ../auth/credentials/credentials_secrets.c:410(cli_credentials_set_machine_account_db_ctx)
Mar 15 20:14:57 server-f1 smbd[21104]:   Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.197476,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
Mar 15 20:14:57 server-f1 smbd[21104]:   connect_to_domain_password_server: unable to open the domain client session to machine SERVER-Z1.MY.AD.DOMAIN. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.227212,  1] ../auth/credentials/credentials_secrets.c:410(cli_credentials_set_machine_account_db_ctx)
Mar 15 20:14:57 server-f1 smbd[21104]:   Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.227250,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
Mar 15 20:14:57 server-f1 smbd[21104]:   connect_to_domain_password_server: unable to open the domain client session to machine SERVER-Z1.MY.AD.DOMAIN. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.257018,  1] ../auth/credentials/credentials_secrets.c:410(cli_credentials_set_machine_account_db_ctx)
Mar 15 20:14:57 server-f1 smbd[21104]:   Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.257051,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
Mar 15 20:14:57 server-f1 smbd[21104]:   connect_to_domain_password_server: unable to open the domain client session to machine SERVER-Z1.MY.AD.DOMAIN. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.466888,  0] ../source3/auth/auth_domain.c:184(domain_client_validate)
Mar 15 20:14:57 server-f1 smbd[21104]:   domain_client_validate: Domain password server not available.
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.466920,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
Mar 15 20:14:57 server-f1 smbd[21104]:   check_ntlm_password:  Authentication for user [my.user] -> [my.user] FAILED with error NT_STATUS_NO_LOGON_SERVERS
Mar 15 20:14:57 server-f1 smbd[21104]: [2018/03/15 20:14:57.466943,  2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
Mar 15 20:14:57 server-f1 smbd[21104]:   SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
Mar 15 20:15:01 server-f1 CRON[21106]: (root) CMD (/usr/sbin/omv-mkrrdgraph >/dev/null 2>&1)

Esta é a minha configuração global do Samba:

[global]
workgroup = DOMAIN
server string = %h server
dns proxy = no
log level = 3
syslog = 3
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
guest account = nobody
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = yes
wide links = no
create mask = 0777
directory mask = 0777
use sendfile = yes
aio read size = 16384
aio write size = 16384
local master = yes
time server = no
wins support = no
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
dedicated keytab file = FILE:/etc/krb5.keytab
password server = server-z1.my.ad.domain, server-z2.my.ad.domain
realm = MY.AD.DOMAIN
security = ads
template homedir = /home/my.ad.domain/users/%U
netbios name = server-f1
netbios aliases = server-f10

Você poderia me ajudar por favor?

Obrigado!