Hi! I was hoping someone had seen this problem, and might be able to help me out with it; I've tried the suggestions I found in the mailing lists and on web sites, to no avail. I'm running samba 3.0.2 on RHEL 3, and XP clients seem to occasionally have problems saving the roaming profile, resulting in error messages and the use of the local profile. The problem is when renaming prf*tmp files for programs that seem like they may be using those files when the user is logging out; this is mostly the ICA client, although I have seen IE cookies cause the error as well. I have tried disabling oplocks, and setting CSC policy to disable on the share, and this reduced the frequency of the error to the point that I thought I'd solved it, but after a couple of weeks I found two more occurrences. When the error occurs I get the following in the USERENV.LOG file on the client machine: USERENV(208.154) 16:33:37:609 ReconcileFile: Failed to rename file <E:\scowman\Application Data\ICAClient\Cache\prf5049.tmp> to <E:\scowman\Application Data\ICAClient\Cache\2E78E792.DMA> with error = 32 USERENV(208.154) 16:33:37:609 ReportError: Impersonating user. USERENV(208.20c) 16:34:08:687 UnloadUserProfileP: CopyProfileDirectory returned FALSE for primary profile. Error = 32 USERENV(208.20c) 16:34:08:687 ReportError: Impersonating user. On the server side, I see only (log level = 2): scowman opened file scowman/Application Data/ICAClient/Cache/prf5049.tmp readYes write=No (numopen=5) [2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228) scowman closed file scowman/Application Data/ICAClient/Cache/prf503B.tmp (numopen=4) [2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228) scowman closed file scowman/Application Data/ICAClient/Cache/prf5049.tmp (numopen=3) The relevant portions of my samba config are: [global] # netbios name of this server netbios name = pdc # domain name of this server workgroup = khlsc # use the TDBSAM (Trivial Database SAM) backend to store account info. passdb backend = tdbsam # require client to encrypt passwords encrypt passwords = yes # Rotate logs when they reach 200MB max log size = 200000 # This should allow us to bypass requiring signorseal, but turning it # on breaks XP clients, for some reason. ;server schannel = yes # Listen for SMB traffic only on port 139. This may help avoid # lost connection issues under Windows XP. smb ports = 139 # Run a WINS server wins support = yes # Always act as the local master browser # and domain master browser. Do not allow # any other system to take over these roles! domain master = yes local master = yes preferred master = yes os level = 255 # Perform domain authentication. domain logons = yes # The profiles share is for storing # Windows NT/2000/XP roaming profiles. # Use your own path, and make sure # the directory exists. [profiles] # -- The following options are in effect to resolve the roaming # profile "access denied" issue. # Disable opportunistic locking on this share. oplocks = false level2 oplocks = false # Disable client-side caching of profile information. csc policy = disable # This should have not effect if oplocks are disabled. veto oplock files = /prf*.tmp/; path = /files/profiles writeable = yes create mask = 0600 directory mask = 0700 browseable = no # workaround for Windows 2000 SP4/XP SP1 security issue. profile acls = yes Thanks for any assistance!