[Samba] Profiles share on BDC

[Danny Paul]

Greetings,

I have a Suse 9.3 server running 3.0.9 as a PDC, using OpenLDAP as the
passdb and idmap backend.  I also have a 3.0.9 server set up as an OpenLDAP
slave, but it only serves files.  I decided that I'd like to set this other
server up to service logins as well.  When I add the "domain logons = yes"
in this server's smb.conf file, I get some rather strange behavior.

Many users experience no problems whatsoever and logons are a little
speedier (to be expected).  Other users, on the other hand, are able to log
in, but after their profile has loaded, they are informed that a domain
controller could not be contacted and changes to their profile will not be
saved. Note that this occurs AFTER the profiles has loaded - the user is at
the desktop, with all their icons when a modal dialog box gives them this
error.  Even stranger, the %logonserver% environment variable is set to the
PDC! When I set "domain logons = no" on the BDC, everything behaves
properly.

Every user has the sambaProfilePath explicitly set in the LDAP directory. 
Also logon home and logon path are set the same on both PDC and BDC. 
'pdbedit -v' outputs the exact same information whether run on PDC or BDC. 
I can't understand why some users have this experience and some do not.

I do not, however, have a profiles share set up on the BDC.  In reading the
"By Example" book, it does not explicitly state that I must have it set,
however the "500 user office" BDC does have a profiles share.  I'm
wondering if BDCs need a profiles share, even if it only shares an NFS
export from the PDC. Is that the case?

I have one other possibility.  Since the BDC was not alwasy a BDC, it had
its own SID for most of its life.  While I did do a "net rpc getsid" and a
"net rpc join", the old sid still appears in the secrets.tdb along with the
new sid.  I'm thinking of erasing the .tdb files and starting over - could
smbd be reading the wrong SID and thus somehow cause the problem?

Many thanks!