-browsing. The difference is that a distributable authentication
-database is associated with a domain, for secure login access to a
-network. Also, different access rights can be granted to users if they
-successfully authenticate against a domain logon server (samba does not
-support this, but NT server and other systems based on NT server do).
+traffic, except for the client logon sequence. Some kind of distributed
+authentication database is associated with a domain (there are quite a few
+choices) and this adds so much flexibility that many people think of a
+domain as a completely different entity to a workgroup. From Samba's
+point of view a client connecting to a service presents an authentication
+token, and it if it is valid they have access. Samba does not care what
+mechanism was used to generate that token in the first place.