That's a fairly broad question - is this for an assignment or something?
In any case, you have two ways of authenticating with SQL Server - Windows Authentication or SQL-Server authentication. In the former, SQL uses the users from the Windows domain; this is the preferred manner of authentication and is always enabled. Additionally, you can optionally have SQL Server maintain its own list of users + passwords.
SQL Server itself has "logins". Within each database, logins are mapped to "users". Users may take on a number of "roles". I suggest you look up such terms in the SQL Server manual known as Books Online.