It's odd though - in the CIFS share options there is Allow Anonymous (which suggests that anonymous are allowed, perhaps in addition to authenticated as well?)
And also, and this is the kicker, Only Allow Anonymous. This definitely suggests that you can have a single share that is authenticated and also allow Anonymous, else why even have this option at all? Ticking it on or off makes no odds...
You can have a single share that allows authentication and anonymous. I use it that way. Samba will accept any username and password, if it isn't in the ACL then you are logged on as anonymous. If it is then you are logged on as the user provided the password is correct. If the password for the user (provided it exists in the ACL) is incorrect you will receive a permission denied.
In Windows you can log on using a username and password to such a share using net use command. eg. net use z: \\server\share password /USER:account
Windows will by default try login to a SMB share using guest. If that fails, it will try login with your current username and password. Failing that it will prompt for a username & password.
If you have share that is set to allow anonymous but you want ACL then it will the username and password provided by Windows regardless if it exists in the ACL and exhibit the behaviour noted above.