This looks like a regression introduced by the recent security fixes. This commit should hopefully fixes it.
As a quick solution it might be possible to use the username map script based on the example in https://bugzilla.samba.org/show_bug.cgi?id=14901#c0. We're not sure this behaves identical, but it might work in the standalone server case.
Reported-at: https://lists.samba.org/archive/samba/2021-November/238720.html