[Samba] Roaming Profiles only for Admin?

[Albrecht Dreß]

Hi all,

I am currently fighting with roaming user profiles which shall be  
stored on an Ubuntu 8.04 Xeon (64 bit) box.  I'm running the stock  
Ubuntu packages (version 3.0.28a-1ubuntu4.4).  The Ubuntu box runs as  
PDC with a LDAP backend.

Adding a Win 2000 SP4 workstation to the domain works flawlessly.  If I  
log on on the workstation with a root-like account (UNIX user id 0,  
UNIX group id 0), the profile gets stored upon logoff.  However, when I  
log on as a "normal" user on the workstation, the profile is *not*  
stored.

My smb.conf (hope I got the relevant parts):

<snip>
[global]
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
security = user
guest ok = no
encrypt passwords = yes
null passwords = no
obey pam restrictions = no
logon path = \\%L\profiles\%U
logon drive = U:

[profiles]
path = /home/samba/profiles
writeable = yes
store dos attributes = yes
browseable = no
create mask = 0600
directory mask = 0700
guest ok = no
profile acls = yes
</snip>

I *think* the permissions for the profiles folder are fine - 1777, with  
user root and group set to the primary domain group.  The folder  
created for the admin account has uid and gid 0, with permissions 0700.

I also tried to create a profile folder /home/samba/profiles/the_user  
manually, with permissions 700, but it's not being filled with data.

In the system protocol, I see a message like (my vague translation from  
German...)

"The registry file could not be removed. Your settings were not  
replicated, when you have a profile stored on the server. Ask the  
administrator. Detail - access denied, build no. 2195" ("Die  
Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen  
werden nicht repliziert, falls Sie ein servergspeichertes Profil haben.  
Wenden Sie sich an den Administrator.  DETAIL - Zugriff verweigert ,  
Buildnummer ((2195))").

Any idea what goes wrong, and how I could fix this problem?

Thanks in advance,
Albrecht.