[Samba] getent doesn't works

[Piviul]

Hi all, a PC was correctly joined to a domain but offline logon wasn't 
working so then I have tried to get authentication and nss using SSSD 
but I fail to correctly configure the logon. Then I read a message on 
this list that says SSSD doesn't works on samba >= 4.8. Samba installed 
is the 4.12 so I have followed this guide[¹] to reconfigure again the PC 
using winbind instead of SSSD. All seems to works until 8,2 Using Domain 
Accounts and Groups in Operating System. In other words winbind can find 
users and groups but getent doesn't shows user or group information. For 
example getent group "DOMINIOCSA\\Domain Users" show nothing.

This is the smb.conf:
> [global]
> 	dedicated keytab file = /etc/krb5.keytab
> 	disable spoolss = Yes
> 	kerberos method = secrets and keytab
> 	load printers = No
> 	log file = /var/log/samba/%m.log
> 	printcap name = /dev/null
> 	realm = AD.CSARICERCHE.COM
> 	security = ADS
> 	template shell = /bin/bash
> 	winbind refresh tickets = Yes
> 	workgroup = DOMINIOCSA
> 	idmap config dominiocsa:unix_primary_group = yes
> 	idmap config dominiocsa:unix_nss_info = no
> 	idmap config dominiocsa:range = 10000-999999
> 	idmap config dominiocsa:schema_mode = rfc2307
> 	idmap config dominiocsa:backend = ad
> 	idmap config * : range = 3000-7999
> 	idmap config * : backend = tdb
> 	map acl inherit = Yes
> 	printing = bsd
> 	vfs objects = acl_xattr

This is /etc/nsswitch.conf:
> passwd:         files winbind
> group:          files winbind
> shadow:         files
> 
> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis

Someone can help me to find a way to have getent query correctly AD 
remote users and groups?

I forgot to say that the PC is a debian bullseye.

Thank you very much

Piviul

[¹] https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member