[Samba] Samba questions

[Murali krishnan Ganapathy]

Sorry for the bad subject line. But this is a collection of a few
questions.

We are basically a linux place, and are forced to support many windows
clients. 
I have started using samba as a PDC a couple of weeks ago, to manage all
our
WinXP clients. So far, the experience is wonderful, and I am learning a
lot
about how Windows actually works. Thanks for the wonderful product.
Especially
the automatic printer driver dowloading bit. That said:

1. Since it is going to be a PDC I use "security = user" in the
smb.conf. Then 
when I added printer shares, I realised that browsing into the 
"Printers and Faxes" was real slow almost a minute. Then I created
netbios
alias, called PRINT and set that to use "security = share", and made
sure
that only the PRINT netbios name exports the printers. Then the browsing
into
the printers share was much faster. Why is it so slow when I use it
under
the main PDC?

2. My main smb.conf has only a couple of lines, and includes three other
smb.conf 
files (one for each netbios name it is posing as). When I use testparms
utility and 
point it to the smb.conf, I see that it seems to ignore the include
directives. Is there
any way to tell testparms that here is the smb.conf file and I am
interested in the final
output for the PRINT netbios name, or something like that.

3. The profile directory for each user is inside their home share. I
read some where
that this is actually a bad idea, since windows keeps peoples home
shares mounted or 
something like that. I would like to know more details.

3. This is related to roaming profiles. I have decided that I dont like
the idea of 
windows downloading the contents of My Documents everytime they login
and keep a local 
copy of it. However, I do need to support roaming profiles. So I thought
of using roaming
profiles and redirect each users MyDocuments to where ever they want on
their unix
home directory (login script reads a .windowsrc - ini style file and
sets the appropriate
registry keys). However, windows is trying to synchoronize the
MyDocument with the local 
copy and making it available offline. I just cannot allow this as
people's home directories
are huge (100+ MB). So is there a way I can tell windows, dont do
offline files, or sychronizing
with MyDocuments, and redirect MyDocuments to a network share. So if the
machine looses network,
they loose access to MyDocuments.

4. We are exploring the possibility of mounting user home directories in
Linux 
over SAMBA instead of NFS. I seem to getting some bad permissions when I
SMB mounted my 
home directory (which is NFS mounted, but SAMBA exports it as a share)
in Linux. Basically
I have a shell script, with the execute bit turned off, i.e. it has
permission rw-------.
When I mount it using smbmount (PDC\username) the same file has
permissions rwxr-xr-x and 
I was ablt run the script. But in the NFS mounted version, it gave me an
error (since the
execute bit was not set). So, is there anything which can be done about
it. I understand, that
if I were to mount it under windows, it would work correctly, and the
problem is bcos of 
converting a unix file system to SMB and back to unix. 

5. Is it possible to set a share configuration based on the OS which is
attempting to
mount it. So, in the previous problem, I could say....
"If Windows is mounting it, then the share should have the XXX options
set, 
If Linux is mounting it, then options YYY set, if MacOSX then ZZZ ..."
or even finer (i.e. Win95...) granularity.

6. Since samba doesn't have a machine startup script option (not user
logon script), the 
only way I figured to do that, is to set up a local startup script on
each machine, which
mounts a network share and executes the real startup script. Ofcourse, I
run into the "SYSTEM 
account cannot access network" problem. Should I tinker with the
registry and allow 
NullSessionPipes, and make my system less secure, or is there any other
way around it.
Somebody suggested "net use \\PDC\IPC$ /USER:validuser validpassword" in
the startup script
before mounting the network share. Or can I do it using Group Policies
using samba?

Thats a loot of questions. I am still wrapping my head around the power
of samba.

- Murali