[Samba] More info on Home Drive mapping problems

[Robert Rati]

I'm running Samba 3.0 on Debain stable (compiled myself) with LDAP as 
the backend authentication.  I've gotten everything working except home 
drive mapping (which I've gotten to work with limited success).  I 
turned on log level 5 on my samba server, and I found that if I don't 
enable that path variable in the [homes] section that the server is 
trying to use /dev/null as the home path.  Since this obviously isn't 
valid, it fails to map the home drive.  If I enable the path variable, 
the user can access his home drive but ONLY his home drive.  How do I 
allow a user to read/write to his home dir and read everyone else's home 
dir?  Can this be done?  The home drives are located on another server 
(or two).

Here's the LDAP entry for sambaHomePath:

sambaHomePath = \\<Samba server>\tester

I've also tried:
sambaHomePath = \\<Samba server>\homes
sambaHomePath = \\<Samba server>\homes\tester

and get the same result.

Here's my smb.conf:

[global]
    panic action = /usr/share/samba/panic-action %d
    workgroup = <Workgroup Name>
    server string = Samba Server
    printcap name = /etc/printcap
    load printers = yes
    log file = /var/log/samba/log.%m
    logon drive = z:
    netbios name = <Samba Server name>
    max log size = 50
    security = user
    password server = localhost:389
    encrypt passwords = true
    passdb backend = ldapsam:ldap://localhost guest
    smb passwd file = /etc/smbpasswd
    unix password sync = No
    passwd program = /usr/bin/smbldap-passwd %u
    passwd chat = *New*password* %n\n *ReType*new*password* %n\n
    username map = /etc/samba/smbusers
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 
SO_SNDBUF=8192
    interfaces = <IP>/<subnet>
    remote browse sync = <other Samba server>
    remote announce = <subnet IP>
    local master = yes
    os level = 99
    preferred master = yes
    domain logons = yes
    name resolve order = wins host lmhosts bcast
    wins server = <wins IP>
    dns proxy = no
    case sensitive = yes

    ldap suffix = "o=suffix"
    ldap admin dn = "cn=Manager,o=suffix"
    ldap port = 389
    ldap server = <ldap_ip>
    #ldap ssl = start tls
    ldap ssl = no
    ldap passwd sync = yes
    ldap user suffix = "ou=Users"

[homes]
    path =/home/%u
#   comment = Home Directory
#   users = %S
#   public = no
#   guest ok = no
    browseable = no
    writable = yes
    create mask = 0644
    directory mask = 0755

[Profiles]
    path = /home/profiles
    browseable = no
    guest ok = no
    profile acls = yes
    create mode = 0644
    csc policy = disable
    directory mode = 0755
    writeable = yes

Rob