It has beena couple years since I have set up samba and I have read the samba howtos and docs that I can find, but i do not seem to see any explanation for my problem.

How does samba users map to linux users on the system?
I see alot of mention of samba users but no mention of acutal linux users, and how would you set file permissions for a user that doesnt exist?
Am I wrong in thinking that you need a linux username to with groups to decide file permissions regardless of samba share information?
I realize that you can use different methods, pam with winbind, ldap etc to manage the passwords of that user, but if i wanted to set up two file servers one for /home one for /usr/local then I would have to set up a username regardless of auth method on each of those boxes wouldnt I?
How does /etc/samba/smbpasswd work into linux user security? Is it like "share" security on nt?
I was also wondering it there was any samab support guys out there that use a best practices type guide to decide how to setup user/group security on the samba server? How does samba groups map to the local groups on a linux server?
If someone could clear the file/samba permissions scheme for me that would be great. tldp doesnt have any information on that type of stuff.

This from my SMB.CONF file...

# Unix users can map to different SMB User names
username map = /usr/local/samba/etc/smbusers

smbpasswd requires that a user be a valid UNIX user prior to being allowed into smbpasswd. Otherwise, map the users to "nobody", or a generic user that you create.

Because of the requirement of a REAL UNIX userid, after the usermap (from above) is applied - there is no difference.

Yes, in that the direct filesystem security cannot be overridden by a share permission. A user (after usermap) either can or cannot read or write a file. The share permissions are one up in that a [share] section in smb.conf can specifically set a share to be available to a particular list of users, and force access to be read-only.

One to one. Although there is not a "group" mapping, a username (after usermapping) either belongs to a unix group or it doesn't.

Good luck.