[Samba] Roaming profile blues.

[Ruth Ivimey-Cook]

Folks,

I have a samba 3 (Fedora 3) PDC which has been working fine for some time now 
with a roaming profile. I've just reinstalled Windows XP SP2 on my main work 
machine. I remembered to set the three "*seal*" registry flags to 0, and 
joined the computer (which has the same textual name as before) to the domain. 
All well so far. Trying to log in as local user works. That user can access 
samba shares also. I also managed to join the domain ok.

The problem is that something prevents me from logging in to roaming profile 
user defined on the PDC. The only diagnostic samba messages I get are:

[2005/06/03 14:56:39, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766)
   _net_sam_logon: user HOME\rivimey has user sid 
S-1-5-21-117080783-426460007-1280929931-2002
    but group sid S-1-5-32-547.
   The conflicting domain portions are not supported for NETLOGON calls

I eventually found a note on the net about using gpedit.msc not checking for 
ownership of files, and set the policy: "Local Configuration/Administrative 
Templates/System/User Profiles/Do not check for user ownership of Roaming 
Profile Folders" => Enabled.

Having done that I took the computer out of the domain, rebooted twice, logged 
in as admin and tried to take the machine back into the domain. Now it doesn't 
want to play: it says "a domain controller for the domain HOME could not be 
contacted". Well, I restart samba and it agrees to join the domain.

Now, however, it complains that I can't log in to the roaming user because a 
device has failed. There is no problem logging into the local accounts and I 
can't see any warning or errors in the event log, nor can I see Devices listed 
in device manager that aren't working, nor Services set to "automatic" that 
aren't running (except "Security Center", which stopped successfully when I 
started it by hand).

What is going wrong?

Thanks

-- 
Ruth Ivimey-Cook
Software engineer and technical writer.