[Samba] win2ksp2 "cannot load profile" from a --with-ldapsam domain controller

[Jim Hebert]

Apologies if this is well hashed-over, but I searched pretty dilligently 
on the web and mailing list archive and couldn't find the answer. I even 
stumped my resident samba guru (hi Sean).

Server is Red Hat 7.3. Tried with both the Red Hat 7.3 rpm just recompiled 
--with-ldapsam as well as the samba.org src.rpm also recompiled with 
--with-ldapsam. Things work for the most part, people are able to log in 
from Win2kSP2, filesharing works, etc. However, at login time they get an 
alert to the effect that they cannot load their profile, and will instead 
be using a cached copy. If I create a brand new user, clearly permissions 
for the profiles share work right because the thing gets populated with 
all the usual profile junk, and the permissions are corect.

I've tried this both with and without disabling nt acl support for the
profiles share, makes no difference.

What's more, this entire set up used to work before I recompiled for 
ldapsam and moved the accounts into ldap. And the Win98 clients still 
work.

I can provide smb.conf, ldif showing the user record in ldap for a test
user, etc if that helps diagnose the problem, but first I thought save
some bandwidth and see if I can't just get a "oh, yeah, everyone has that
problem, here's how to fix it" sort of a response. ;-)

Barring anything else, snippets of a known good user in ldif form and/or a
known good [profiles] share config snippet would at least let me start 
comparing and try to see where I've deviated.

Thanks very much. This is my first time messing with samba since back in 
the 1.x days with Win95 clients, so I remember the basics but all this 
state of the art domain control and ldap stuff is not my strong point.

Jim Hebert
--
LIST=samba
echo ${LIST:-jhebert}\
@jhebert.cx