Domain
domain - From the client's point of view, this is the same as user security. This set- ting is used only if the Samba server has been added to a Windows NT domain (using the smbpasswd command). When a client tries to connect to the Samba server in this mode, its username and password are sent to a Windows NT Primary or Backup Domain controller. This is accomplished the same way that a Windows NT server would per- form validation. Valid Linux user accounts must still be set up.
Encrypt passwords - Controls whether encrypted passwords can be negotiated with the client. This is on (Yes) by default. For domain security, this value must be Yes. Later versions of Windows NT (4.0 SP3 or later) and Windows 98 and Windows 2000 expect encrypted passwords to be on.
Update encrypted - Allows users who log in with a plain-text password to automati- cally have their passwords updated to encrypted passwords when they log in. Normally, this option is off. Turn it on when you want an installation using plain-text passwords to have everyone updated to encrypted password authentication. It saves users the trouble of running the smbpasswd command directly from the server. After everyone is updated, this feature can be turned off. When this option is on, the Encrypt passwords option should be set to No.
Obey PAM restrictions - Turn this on (Yes) if you want to use PAM for account and session management. Even if activated, PAM is not used if the encrypted passwords feature is turned on (encrypt passwords = yes). (PAM stands for Pluggable Authentication Modules and is used for authenticating host computers and users.)
The continuation/full version of this article read on site - www.podgrid.org - Linux Bible