An AD joined Samba member server, where "map to guest = bad user" is set and an invalid AD account tries to log in, then map to guest does not work, see also: https://lists.samba.org/archive/samba/2019-February/221248.html
(In reply to Björn Jacke from comment #0) Closing this because: A) It was 'bad uid' in the mailing list discussion. B) I works for me, whether I use 'bad user' or 'bad uid' In smb.conf on the server: .... map to guest = Bad Uid .... [acltest1] path = /srv/acl1 read only = no guest ok = yes I had to set 'map to guest = Bad Uid' instead of 'map to guest = Bad User' on the client, because smbclient kept using the latter (and it worked). rowland@devstation:~$ smbclient //server/acltest1 -U bjorn Password for [SAMDOM\bjorn]: Try "help" to get a list of possible commands. smb: \> There is no user called 'bjorn' anywhere in my network.