Hi,
I'm trying to get Samba to act as the PDC for a domain populated by Win2k
boxen. All the machines are running Windows 2000 Professional. Unfortunately,
the 2k boxen all produce this error when I try and log in as a normal user:

Windows cannot log you on because the profile cannot be loaded. Contact
your network administrator
REASON - Access is denied.

Here's my smb.conf:
[ BEGIN SMB.CONF ]
# Global parameters
[global]
netbios name = POLARIS
server string = Main fileserver
workgroup = MILKYWAY

; domain & local master browser
; coz we're dealing with Win2k
os level = 65
preferred master = Yes
domain master = Yes
local master = Yes
domain logons = Yes

; misc options
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
time server = Yes

; do not allow guest access, use only local system accounts
security = user
guest ok = No
invalid users = bin daemon sys man postfix mail ftp
admin users = @root, root

; domain administrators
; domain admin group = @root
; domain admin users = root

; use encrypted passwords
encrypt passwords = Yes

; logging (max log size is in kbytes)
log level = 0
log file = /var/log/samba/log.%m
max log size = 50
debug timestamp = Yes
syslog = 1

; user roaming profiles path
logon path = \\%N\profiles\%u
; general logon script (in DOS format)
# logon script = logon.bat

# interfaces = 10.0.0.5
# interfaces = eth0
# dns proxy = No
# wins proxy = Yes
# printer admin = root, philpem
# printing = cups

; share for domain controller
[netlogon]
path = /samba/netlogon
public = No
writeable = No
browsable = No
valid users = root @users

; share for storing user profiles
[profiles]
path = /samba/profiles
writeable = Yes
create mask = 0700
directory mask = 0700
browsable = No
valid users = root @users
profile acls = Yes

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[printers]
comment = All Printers
path = /usr/spool/samba
guest ok = Yes
printable = Yes
browseable = No

[CDs]
comment = CDs
path = /samba/cds
read only = Yes
guest ok = Yes
write list = root, philpem

[public]
comment = Public share (for file exchanging)
path = /samba/public
read only = No
guest ok = Yes

[print$]
comment = Printer drivers
path = /etc/samba/drivers
write list = root, philpem

[ END SMB.CONF ]

Does anyone have any suggestions? The 2k boxen can join the domain fine, but
they can't log on using any username/password combination...

Thanks.
--
Phil. | Acorn RiscPC600 Mk3, SA202, 64MB, 6GB,
philpem@despammed.com (valid address)| ViewFinder, 10BaseT Ethernet, 2-slice,
http://www.philpem.me.uk/ | 48xCD, ARCINv6c IDE, SCSI
No to DRM, software patents and the EUCD!