"Once we had made the appropriate PAM configuration
file changes, we could log into a Linux workstation at the console
using any Windows domain account (including using accounts in
trusted domains). We could also use Windows accounts to log into
Gnome (KDE should work as well, although we didn't test this) or to
access the server using SSH or FTP.
Previous versions of Samba required that administrators manually
create a Unix user name that matched the account name of a Windows
user (if per-user security was required), or use a mapping file
that statically matched Windows usernames (or groups of usernames)
to Unix usernames.
For us at eWEEK Labs, this meant that we only used Samba servers
for public file shares open to everyone, to avoid having to
manually keep Windows and Unix user directories in sync. (We mapped
all Windows domain names to a "nobody" Unix user.)"