What about logins? I'd like it so that users can log on using the same password and access the same files no matter which machine they are using. Can that be done w/o the server?
Yes.
What's the easiest way to explain this?
The default behavior for a (MS) computer when accessing a network share is to pass-on the currently logged on user. IF a matching username / password can be found on the server being accessed, WITH appropriate permissions--the share is accessible. If a matching account cannot be found, the user is prompted for a username/password.
jdoe is at workstation_1 and has a password of "password". He attempts to access "Share_1" on "Server_1". Automatically the username jdoe and "password" is sent to "Server_1". If the administrator created an account on "Server_1" called "jdoe/password" and set the permissions correctly...the user has access.
In a workgroup, where people are using different computers daily, generally the administrator will setup the same username and password on EACH workstation. This makes it so that the users can access data on the other workstations without providing different credentials...and also alleviates the need to remember several different username / password combinations depending on the workstation they are using.
Main drawback to this is...if you have 10 users and 10 workstations, this means you will have to create 10 accounts on each workstation. Resulting in a total of 100 accounts that need to be managed. Quite the administrative overhead.
In your situation where you want to use a NAS or a Standalone file server, the same applies. Simply create a username/password for each user on the NAS or server and they can access the server from any workstation using THE CREDENTIALS YOU CREATED FOR THEM ON THE SERVER. If their individual workstation username/password differs from the server...they will be prompted for credentials and must supply the correct uname/pwd that you setup on the server.
This is where a domain controller comes in. With a domain it's like a heirarchy. The domain controller is the master for authentication. Rather than creating 10 accounts on each of the individual workstations (for a grand total of 100 accounts) you create 10 accounts on the domain controller. From there you "join" each of the workstations to the domain...these workstations become children of the domain. A user with a domain logon can logon to any of the workstations with the same password and username.