[Samba] Roaming profile works for all users except one

[Alex Strasheim]

I've inherited a small office network I didn't build.  We're running
Novell's eDirectory, and using Samba as a PDC.

Everyone's profile roams but mine.

I didn't build our smb.conf file, but I've read tutorials on roaming
profiles, and it seems to be set up correctly.  I've included the text
of that file at the end of this message.

I bungled creating my account in eDirectory, deleted it, and recreated
it with the same name.  In particular, I didn't have the profile
directory set up properly the first time I tried to login.  I don't
know if that could have caused problems.  My account seems to be set
up like the older ones now.

Also, logon.bat doesn't seem to run for me.  I end up with the X:
drive mapped, but logon.bat sets up other shares for every other user
that I don't get.  I see a command prompt window flash by on the
screen when I start, but it doesn't work.  I tried to put a "pause" in
logon.bat, to stop the command prompt, but it flashed by just the
same.

I'm really puzzled by this.  Everything I've read suggests that the
action happens in smb.conf, which doesn't differentiate between users
-- so I don't understand how I could manage to break it for one
account.

Anyway, here is my smb.conf -- we had a lot of comments from the
example file, which I've removed for brevity.

Thanks in advance.

--

#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = DOMINION
   netbios name = MAXIMUS
   server string = EnsembleTravel FileServer
   security = user
   hosts allow = 192.168.128. 192.168.60. 127.
   printing = cups
   printcap name = cups
   load printers = yes
   log file = /usr/local/samba/var/log.%m
   max log size = 500
   interfaces = 192.168.128.0/24
   local master = yes
   os level = 33
   domain master = yes
   preferred master = yes
   domain logons = yes
   wins support = yes
   nt acl support = yes
   time server = yes
   encrypt passwords = yes
   obey pam restrictions = No
   unix password sync = No
   dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
   show add printer wizard = yes
   log level = 0

###########################################
#  this is for roaming profiles
###########################################
   logon path = \\%L\profiles\%U
###########################################
   logon script = logon.bat
   logon drive = X:

   passdb backend = NDS_ldapsam:ldap://mailserver.ensembletravel.net

   ldap admin dn = cn=admin,ou=users,o=EnsembleTravel
   ldap suffix = o=EnsembleTravel
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Users
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   ldap delete dn = Yes
   #delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   #delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

#============================ Share Definitions ==============================

[netlogon]
        path = /usr/local/samba/netlogon
        browseable = No
        read only = Yes

[profiles]
        path = /data/profiles
 	writeable = Yes
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        guest ok = Yes
       profile acls = Yes
        csc policy = disable
        # next line is a great way to secure the profiles
        force user = %U
        # next line allows administrator to access all profiles
        valid users = %U @"Domain Admins"
[homes]
	comment = Home directory for %U
	writeable = Yes
	read only = No
	browseable = No
	create mask = 0700
	directory mask = 0700
	force directory mode = 0700

[printers]
	comment = Printers
	printable = Yes
	path = /usr/local/samba/spool
	browseable = Yes
	guest ok = Yes
	public = Yes
	read only = Yes
	writable = No


[print$]
	path = /usr/local/samba/drivers
	guest ok =Yes
	browseable = Yes
	read only = No
	valid users = @"Domain Users"
	write list = @"Domain Admins"

[public]
        comment = Public directory
        path = /data/common
        public = yes
	browseable = yes
        guest ok = Yes
        read only = No

[sales]
        comment = Sales
        path = /data/sales
        browseable = Yes
        guest ok = Yes
        read only = No
        create mask = 0777
        force create mode = 0777
        directory mask = 0777
        force directory mode = 0777

[apps]
        comment = APPS
        path = /data/apps
        browseable = Yes
        guest ok = Yes
        read only = No
        create mask = 0777
        force create mode = 0777
        directory mask = 0777
        force directory mode = 0777

[groups]
        comment = Groups
        path = /data/groups
        browseable = Yes
        guest ok = No
        read only = No
        directory mask = 0770
        create mask = 0770


[snaps]
	comment = Snapshot backups of maximus
	path = /snapshots
	browseable = Yes
	guest ok = No
	read only = Yes
	valid users = @"Domain Users"