LinuxQuestions.org - Samba 3.0.22 Local Profiles Inconsistent with BDC

Hello,

This is my first post, apologies for any potential logic gaps.

I've recently deployed a Samba 3.0.22 BDC with LDAP. Our current PDC is running Samba 3.0.23d Tdbsam. (My future goal is to move to a completely LDAP system, this is an intermediate step)

We don't use roaming profiles.

The problem is: When a user logs on through the BDC instead of the PDC, they get a new local profile instead of the original local profile they've been for a while now. If the user authenticates via the PDC, they are logged on with their original profile. How do I get it so that the user gets the same profile regardless of logging onto the BDC or PDC.

It appears that re-joining the client to the domain solves this issue, but I don't have the time to go through to the 300+ machines by myself.

I suspect the problem might be a flawed migration between the PDC and BDC. My migration simply takes all the information given by 'pdbedit -Lv' and for each entry adds a new user by smbldap-useradd on the BDC machine. I've also hacked the smbldap-useradd script to allow me to copy over the NT and LM password hashes so users can log on to the BDC without having to rejoin the domain. I was also careful to preserve logon scripts, profile paths, but SID's are different for users.

Any ideas what the problem might be? How does the client XP machine even know it's logged onto a different server?

I've attached the smb.conf and smbldap.conf for the BDC below

Thanks in advance!
Jack C Yu
A Hungry Undergrad of UCB

---------------------------------------
BDC smb.conf:

[global]
unix charset = ISO8859-1
workgroup = CNR-DOM2
server string = G42-6 Samba PDC (with LDAP) [Gentoo Linux - Samba %v]
interfaces = eth0
bind interfaces only = Yes
passdb backend = ldapsam:ldap://localhost
enable privileges = Yes
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins host lmhosts
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /etc/samba/scripts/addMachine.sh u a -m "%u"
delete user script = /etc/samba/scripts/addMachine.sh u d "%u"
add group script = /etc/samba/scripts/addMachine.sh g a -p "%g"
delete group script = /etc/samba/scripts/addMachine.sh g d "%g"
add user to group script = /etc/samba/scripts/addMachine.sh g m -m "%u" "%g"
delete user from group script = /etc/samba/scripts/addMachine.sh g m -x "%u" "%g"
set primary group script = /etc/samba/scripts/addMachine.sh u m -g "%g" "%u"
add machine script = /etc/samba/scripts/addMachine.sh u a -w "%u"
logon path =
logon home =
domain logons = Yes
os level = 65
preferred master = No
domain master = No
dns proxy = No
wins server = 128.32.253.219
ldap admin dn = cn=samba,ou=DSA,dc=cnr,dc=berkeley,dc=edu
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=cnr,dc=berkeley,dc=edu
ldap ssl = start tls
ldap timeout = 30
ldap user suffix = ou=People
passdb expand explicit = No
idmap backend = ldap://localhost
idmap uid = 10000-30000
idmap gid = 10000-30000
hosts allow = 128.32.175.0/255.255.255.0, 128.32.251.0/255.255.255.0, 128.32.253.192/255.255.255.192, 128.32.179.0/255.255.255.0, 128.32.113.0/255.255.255.128, 128.32.76.0/255.255.255.224, 128.32.85.0/255.255.255.0, 128.32.27.0/255.255.255.0, 128.32.222.128/255.255.255.128, 128.32.127.0/255.255.255.0, 128.32.88.0/255.255.255.0, 128.32.128.0/255.255.255.0, 128.32.236.0/255.255.255.0, 128.32.140.0/255.255.255.128, 128.32.129.192/255.255.255.192, 128.32.110.0/255.255.255.0, 199.133.139.0/255.255.255.0, 136.152.0.0/255.255.0.0, 128.48.164.0/255.255.255.0, 128.32.218.128/255.255.255.128, 128.32.8.0/255.255.255.0, 169.229.13.0/255.255.255.192, 169.229.61.0/255.255.255.128, 169.229.159.0/255.255.255.192, 169.229.136.192/255.255.255.192, 169.229.197.128/255.255.255.192, 128.32.188.0/255.255.255.128, 128.32.54.64/255.255.255.192, 127.0.0.0/255.255.0.0
hide unreadable = Yes

[netlogon]
path = /var/lib/samba/netlogon
browseable = No

--------------------------------------------------------
BDC smbldap.conf

SID="S-1-5-21-1668661-2091613485-1446904402"
sambaDomain="CNR-DOM2"
slaveLDAP="128.32.175.76"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="1"
verify="require"
cafile="/etc/openldap/ssl/certs/ca.pem"
clientcert="/etc/openldap/ssl/certs/smb-ldap.pem"
clientkey="/etc/openldap/ssl/keys/smb-ldap.key"
suffix="dc=cnr,dc=berkeley,dc=edu"
usersdn="ou=People,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=CNR-DOM2,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/false"
userHome=""
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="3650"
userSmbHome=""
userProfile=""
userHomeDrive=""
userScript=""
mailDomain=""
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"