Samba server is a member of an Active Directory domain where an account with
userid "administrator" has been purposely locked out for security reasons. When
logged on a Windows computer as local administrator (local account userid is
"administrator"), then trying to connect to a Samba share with "guest ok = Yes"
parameter, the connection is denied with the message: "The referenced account is
currently locked out and may not be logged on to." The Samba server is trying to
authenticate the Windows computer's local administrator against the Active
Directory account, rather than recognizing it as a unique account and allowing
it guest access. This did not occur in Samba 2.x, and this is not the behavior
of Windows servers.
you can set 'auth methods = guest sam_ignoredomain winbind:ntdomain'
to work around this. Without more people complaining, there are no
plans to change the current behavior. Sorry.