[Samba] Roaming Profiles Refuse to Load on MS Windows Clients

[Travis L. Bean]

I am unable to get roaming profiles to work correctly when using a Samba 
3.0.1 server with Windows 2000 and XP Pro clients. The MS Windows 
clients will only load the default profile but will stubbornly refuse to 
load their profile from the Samba server, even though when the user logs 
off, their profile is correctly written to /home/samba/profiles/username.

I have even tried the following “Group Policy” options under the MMC:

“Do not check for user ownership on Roaming Profile Folders”
“Delete cached copies of roaming profiles”
“Do not detect slow network connections”
“Wait for remote user profile”
“Add the Administrators security group to roaming user profiles”

None of these group policy options remedied this problem.

I have set permissions on /home/samba/profiles to 1757.

I have tested smbldap-tools-0.8.2 and commented out line 200 of 
smbldap_conf.pm so it would use the smb.conf 'logon path' directive. I 
have also tested
smbldap-tools-0.8.3 and edited line 143 of 
/etc/smbldap-tools/smbldap.conf to set 
userProfile="\\pdc-srv\profiles\". I still get the same results with 
both of these tests.

Here is my smb.conf that I am currently using:

[global]
workgroup = biologicaqua
server string = Samba Server
security = user
server schannel = auto
client schannel = auto
hosts allow = 10.0.0. 127.
hosts deny = all
admin users = administrator
browseable = no
hide unreadable = yes
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
ldap admin dn = "cn=Manager,dc=biologicaqua,dc=org"
ldap ssl = off
ldap delete dn = no
ldap passwd sync = yes
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=biologicaqua,dc=org
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 64
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%L\profiles\%U
logon home = \\%L\%U
logon drive = H:
dns proxy = yes
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"

[homes]
comment = Home Directories
browseable = no
writable = yes
create mode = 0600
directory mode = 0700
guest ok = no
oplocks = false
level2oplocks = false

[netlogon]
comment = Network Logon Service
path=/home/netlogon
writable = no
browseable = no
readonly = yes
write list = root
share modes = no

[profiles]
path = /home/samba/profiles
create mode = 0600
directory mode = 0700
csc policy = disable
profile acls = yes
read only = no

[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

[sharedDocs]
comment = Temporary file space
path = /usr/local/sharedDocs
read only = no
public = yes
browseable = yes
writeable = yes
create mode = 0600
directory mode = 0700

Any help and advice would be greatly appreciated.

Travis L. Bean
Systems Administrator
Bio-Logic Aqua Technologies
Grants Pass, OR – United States