Samba file server + AD + SSSD without Winbind

Currently have a CentOS8 server AD integrated using SSSD + automatic SID->UID mapping/generation. I would like to setup some file shares to make use of AD groups, but am struggling to get it set up. Does anybody have an example config that does not make use of winbind? Currently have the following: [global] workgroup = security = ads realm = domain master = no local master = no preferred master = no client min protocol = SMB3 vfs objects = acl_xattr map acl inherit = yes log level = 5 idmap config * : backend = sss idmap config * : range = 10001-2000100000 kerberos method = secrets and keytab I'm not familiar with setting up Samba, so maybe some of those settings dont make sense/are superfluous? I get the following error when trying to start Samba: [2021/02/08 19:26:53.511544, 3] ../../source3/auth/token_util.c:788(finalize_local_nt_token) Failed to check for local Guests membership (NT_STATUS_INVALID_PARAMETER_MIX) [2021/02/08 19:26:53.511550, 0] ../../source3/auth/auth_util.c:1403(make_new_session_info_guest) create_local_token failed: NT_STATUS_INVALID_PARAMETER_MIX [2021/02/08 19:26:53.511603, 0] ../../source3/smbd/server.c:2052(main) ERROR: failed to setup guest info. Thank you