samba - Mar 2005 - A few questions regarding samba from a samba and windows newbie (almost)

Hi

I am trying to implement a simple Samba server on a Slackware 10.1 machine 
running for a bunch of Windows users that also have unix accounts on the 
machine. Using webmin, I did convert the unix users to samba users (smbpasswd 
is located in /etc/samba/private). A  possible problem is that I have very 
little experience using windows (haven't used any windows version regularly 
since windows 95, or at all since windows 2000), so please be patient with 
me.

The client machines all run Windows XP Professional. I do not have a machine 
running any version of windows but can request any one of my users to test 
out the setup.

I want the users to have read and write permissions only in
/home/<username>.
They are currently using sftp to transfer their files back and forth, but 
having the same appear as a network mounted drive would make things a little 
easier for them. How does one accomplish this ?

Following a suggestion by someone on this list, I changed the workgroup name 
so the o/p of smbclient -L localhost -U% :

Domain=[OMEGA] OS=[Unix] Server=[Samba 3.0.10]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (Samba Server on Molectron)
        ADMIN$          IPC       IPC Service (Samba Server on Molectron)
Domain=[OMEGA] OS=[Unix] Server=[Samba 3.0.10]

        Server               Comment
        ---------            -------
        MOLECTRON            Samba Server on Molectron

        Workgroup            Master
        ---------            -------
        OMEGA

My /etc/samba/smb.conf read as :

[global]
        dns proxy = no
        log file = /var/log/samba.%m
        load printers = no
        server string = Samba Server on Molectron
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        local master = no
        workgroup = OMEGA
        encrypt passwords = yes
        smb passwd file = /etc/samba/private/smbpasswd
        unix password sync = Yes
        passwd program = /usr/bin/passwd %u
        os level = 255
        domain master = no
        security = user
        preferred master = yes
        max log size = 50
        password server = None
        winbind use default domain = no
        bind interfaces only = yes
        template shell = /bin/false

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

Is the above configuration suitable for the setup I have described earlier ? 
(The part about home directories is still not done as I indicated above).

There are no printers, so I did not define a [printers] section. In general, 
do any of samba controlled printers have to be physically connected to the 
machine ? In our setup, the server and the printers I might want to add are 
located quite a distance apart from each other (a few hundred feet). The 
printers are setup on the web using a gotdns.com type of scheme (I did not 
set them up). Can I add those somehow as windows printers through samba ? 
(Just makes things a little tighter than having to set things up over the 
Internet through http).

In my firewall, I have opened the following ports :

SAMBAPORT1=137
SAMBAPORT2=138
SAMBAPORT3=139
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport $SAMBAPORTx -j allowed

I am not comfortable with opening any more ports than are strictly necessary. 
Ease of use is nice, but not at the cost of security. Can't I just tunnel 
samba over the ssh port (22) ?

Thanks.