samba - Dec 2003 - WORKGROUP authentication with netapp and multiple sambas (NIS?)

Hello samba folks,

I am thinking about how to upgrade my current file servers.  I have a
Network Appliance NAT (CIFS and NFS) that did not recognize the 2.X
samba PDC (due to 2.x only partially supporting unicode).  Unwilling
to put in a native windows PDC, I threw in the towel, and deployed
Windows native networking (WORKGROUP). (2 logins required, but simple).

This small company of 15 uses wintel clients for microsoft office,
email, and then Xterms to our solaris/Linux compute servers to run
engineering applications.  Ideally all data is windows/unix
accessible.

Now that our NetApp is full, I deployed a RH9 RAID box and installed
3.0.1rc1 samba to handle the less critical data.

A few realizations:
- Without a PDC, each local samba server will have to be logged into.
  - If I add another samba file server, it'll need its own
    authentication to know uid/gid.
- There is no way for samba to authenticate against NIS, so I'll need
  to have smbpasswd for each user on each server.

Are these realizations correct?

Options :
- Run authentication on each CIFS server
- Convert users to domain

Even though samba 3.0.0+ should work with the NetApp now, I am
reluctant to switch over to a domain.  The migration from WORKGROUP to
PDC is troublesome because of the way that Windows stores user
preferences on the client machines.  plus the fact that I have some
'XP home' here that will be excluded from the domain.

I guess a solution would be to have a pseudo PDC acting as a
authenticating host to other samba servers but not serving a
domain. i.e. when a windows client tries to connect to a samba server
in the WORKGROUP, the samba server authenticates via the PDC.

The goals are to keep the WORKGROUP, while having only 1 CIFS login
for any number of samba file servers.

Does anyone have any better solutions? Or suggestions?

Thanks,
Bruce