In the third paragraph of page 271 it says the following.
In the situation where UNIX accounts are held on the domain member
server itself, the only effective way to use them involves the smb.conf
entry winbind trusted domains only = Yes. This forces Samba (smbd)
to perform a getpwnam() system call that can then be controlled via
/etc/nsswitch.conf le settings. The use of this parameter disables
the use of Samba with trusted domains (i.e., external domains).
I would have thought that what was meant to be said was "The use of this parameter disables the use of Samba with 'untrusted' domains (i.e., external domains)." where as what is stated contradicts the obvious intent and is contradictory in a number of ways, not just intent alone.
*Samba 3 by Example* has not been maintained for 10 years, and is clearly marked as deprecated, at least in samba.org's html version.
This is not going to be fixed.
Thanks for the valid report!