Using Samba for AD and file sharing
Solution 1:
If you don't want AD logins to be used for anything Samba related, can you change your Samba security mode to "user" or even "share" level permissions? That way you can leverage your built-in accounts for Samba but keep the AD stuff for logins. Or maybe I misunderstood what you where asking.
I have local accounts on my servers, but I also use AD for Samba. What I end up doing is blocking the shares down to group level with the AD permissions by using these parameters on the shares:
valid users = "+AD\Group Name"
force group = "+AD\Group Name"
That way other users can't even browse the contents of the shares. It seems to honor nested groups too so we can mage AD groups be members of other groups and that way be very granular in what we open up to the users.