[Samba] Odd Roaming Profile behaviour from a Samba PDC

[steve.hallam at propero.net]

Hey All..


I've been trying to track down the source of this problem for some time now
and am hoping that someone may have seen this in the past... I picked up a
system that has Samba V. 2.2.8a, acting as a PDC and serving roaming
profiles to Two Windows 2K Terminal Servers running SP4.

However, as a user attempts to login for the first time, the PDC
authenticates the user and attempts to retrieve its roaming profile from
the relevant share. The user's profile doesn't exist, therefore smbd
creates profiles/[USERNAME] directory and the user logs in to the Terminal
Server with the default profile as normal.

However, when the user logs out, their fresh and shiny new profile is not
written back to the samba server and is left on the TS in c:\documents and
settings\[USERNAME], with UsrClass.dat being used by another process and
unable to be deleted !  Now for the really confusing bit.. After a few
logins, the profile starts to work as normal, I.e.   loaded from and
written back to the samba server as expected and deleted from the TS after
the user logs out.

Initially I thought that this was related to the 'SP4 Breaks roaming
profiles' issue and tried forcing profile acls = yes in the profiles share
and acl compatibility = Win2k in the global section, both to no avail.
Additionally I've opened up the permissions on the 'Documents and Settings'
directories on both of the Terminal Servers so that all users have full
control. Again to no avail..


Any ideas would be greatly appreciated..


Cheers

S.

FYI, below is a copy of the smb.conf, edited (removed some shares that
aren't relevent) for brevity and the usual obfuscations of hostnames etc.


[global]

netbios name = foo-bar
workgroup = FOO
server string = Samba %v
os level = 64
preferred master = yes
domain master = yes
local master = yes
security = user
encrypt passwords = yes
domain logons = yes
logon path = \\%L\profiles\%u
logon drive = H:
logon home = \\%L\%u
guest account = nobody
domain admin group = @WinAdmins
time server = yes
log file = /var/log/samba/log.smbd
log level = 1
dns proxy = no
max log size = 500
deadtime = 1

ldap server = ldap.foo-bar.someone.com
ldap port = 389
ldap suffix = ou=Current,dc=foo,dc=someone,dc=com
ldap admin dn = uid=someone,ou=People,ou=Current,dc=foo,dc=someone,dc=com
ldap ssl = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   inherit permissions = yes

[profiles]
   path = /home/profiles
   read only = no
   create mask = 0600
   directory mask = 0700
   browseable = no
   nt acl support = no
   csc policy = disable

[netlogon]
   path = /home/netlogon
   write list = root
   guest ok = no
   browseable = yes
   writeable = yes

<SNIP>
<!-- Other shares -->
</SNIP>