samba - Sep 2010 - Creating a PDC on a LAN with standalone boxes and PDC-enabled boxes

Hi,

I have here a LAN on 10.0.0.0/13 where some boxes should connect to a PDC and
others not.

Here's a brief description of the important machines.

- main fileserver is oslo (10.2.1.1) running on kubuntu 10.04 fully updated
- virtual machine running on oslo, named oslo2 (10.2.1.101) running win7
ultimate x64
- main dev machine is lillehammer (10.4.2.1) running kubuntu 10.04 fully updated
- main dev virtual machine is lillehammer2 (10.4.2.101) running win7 ultimate
x64

The fileserver is running Samba (latest packages from ubuntu), and I want Samba
there to act as a PDC, as well as allowing non PDC-enabled machines to access
some shares. I'd want my virtual machines to be connected to the PDC.

I've modified my smb.conf accordingly (see below), and created some
directories (mkdir -p /srv/samba/profiles, /srv/samba/netlogon) . Created my
users with smbpasswd -a USER, and my machines with smbpasswd -a -m MACHINE for
all machines that should be trusted in the PDC.

All unix users have the same username + uid + gid on all unix boxes.
All users have the same username + password on all boxes (irrespective of the OS
involved)

Now, I have a few issues:
- profiles on the fileserver are created in $HOME/profile instead of what I
expected, /var/samba/profiles/) .
- sometimes I can't log onto the PDC from the virtual machines, but I can
use other host accounts :
instead of using domainname\username on oslo2, for exemple, I can use
oslo2\username (local account, I guess), or even lillehammer2\username (... on
oslo2 !) .
- last thing, I want my shares defined in smb.conf to be available to *all*
machines, pdc-enabled or not. Is it feasable ?

Thanks,

Jeff

(below : part of my smb.conf )

=======================[global]
??????? workgroup = APROXYA.NET
??????? server string = %h
??????? map to guest = Bad User
??????? obey pam restrictions = Yes
??????? pam password change = Yes
??????? passwd program = /usr/bin/passwd %u
??????? passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
??????? unix password sync = Yes
??????? syslog = 0
??????? log file = /var/log/samba/log.%m
??????? max log size = 1000
??????? logon script = logon.cmd
??????? logon drive = Z:
??????? domain logons = Yes
??????? os level = 33
??????? preferred master = Auto
??????? domain master = Yes
??????? dns proxy = No
??????? usershare allow guests = Yes
??????? panic action = /usr/share/samba/panic-action %d

[homes]
??????? comment = Home Directories
??????? valid users = %S
??????? read only = No
??????? create mask = 0775
??????? directory mask = 0775
??????? browseable = No
??????? browsable = No

[netlogon]
??????? comment = Network Logon Service
??????? path = /srv/samba/netlogon
??????? guest ok = Yes

[profiles]
??????? comment = Users profiles
??????? path = /srv/samba/profiles
??????? create mask = 0600
??????? directory mask = 0700
??????? browseable = No
??????? browsable = No

[sharepoint]
??????? comment = share point
??????? path = /sharepoint
??????? read only = No
??????? create mask = 0775
??????? directory mask = 0775
================================sharepoint is one of those shares I want
available across the LAN . Other shares have similar properties.

> Now, I have a few issues:
> - profiles on the fileserver are created in $HOME/profile instead of what I
expected, /var/samba/profiles/) .
>
 From the smb.conf man page:

logon path (G)

This parameter specifies the directory where roaming profiles (Desktop, 
NTuser.dat, etc) are stored.