[Samba] Minimum requirements for pam.d/samba file for AD member

[Mark]

We've been using samba on a small scale in my group using tdbsam but I 
got the go ahead to setup a Samba member server as part of our AD domain 
for our Desktop Support group for desktop image archiving and software 
staging.

Running Fedora Core 6 with the latest Samba rpms from samba.org I have 
successfully joined the AD domain in our test environment.   kinit works 
for all domain users that I've setup. wbinfo -g and -u returns the 
groups and users from the domain. getent group/passwd also returns the 
groups and users.

After researching various article and howtos, I've noticed that there 
are many different things that people have put in the /etc/pam.d/samba 
file. Before I get into this much more, I was wondering what the minumum 
requirements or best practices are for the contents of this file. At 
this time, I don't plan on using AD authentication for anything other 
than file share access.

Basically, I'd like to have local group(s) on the Samba server and be 
able to add domain groups from Windows 2K3 AD to this local group to 
provide access to shares.

Mark