In order to have server profiles working successfully with Windows 2000 clients it might be necessary that Samba has nt acl support = no added to the file share which houses the roaming profiles. If this is not done, then the Windows 2000 client might complain about not being able to access the profile (Access Denied). Note that the nt acl support parameter was formally a global parameter in releases prior to Samba 2.2.2.
The following is a minimal profile share:
[profile]
path = /export/profile
create mask = 0600
directory mask = 0700
nt acl support = no
read only = no
If you succesfully managed to add your WinXP client to a Samba domain but cannot logon after rebooting this might help you:
Add the following registry key is needed to enable a Windows XP Client to join and logon to a Samba domain:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword:00000000
This key patches only the "CurrentControlSet". There may be more than one, you have to patch them manually.
Tip provided by Joerg Hampel.