I intend to build an intranet with zope...though it's not as simple as that...I'd like 90% of the site to be password protected (giving access to members of my company)...do I use acl_users for this?
Yes or any of the other models (UserDB, etc)
I'd also like parts of the site to be accessible (and maybe manageable albeit minimally) by clients....Do I have to create a second user/access model for this or can I use the acl_users to do this for me too.
Yup. Create a role for them and limit that role.
I'm having problems
a. Making the acl_user stuff work...I can either login as admin or not all.
and b. Getting to grips with the concept of the user/privs/access model in acl_users
Create a user, give them a role and they will inherit all of the access levels of that role. Create a new role and give that role different access levels and you can manage it better through the role.
It is not that much different than most user/group/role access scenarios, in that once you get started using it and understand the basic concepts it will all fit.
Remember that users inherit permissions from parent objects which you can turn off if that model does not suit you.