Forgive me if this one has already been covered, but I'm struggling to find the fix....

My setup:
ZEN 10.2.0 Server / Vista SP1 client
Roaming profile policy configured to use homespace on NetWare 6.5 server.
Workstation-associated DLU policy - working fine
"Allow Roaming User Profile Paths to non-Windows server" set to "On" in Novell Client 2 (version IR1a)

My problem:
User logs in first time, roaming profile is created successfully.
User logs out, profile saved to <homedir>\Windows NT 6.0 Workstation Profile.V2
User tries to log in again, but is summarily logged out. Timestamp NTUSER.DAT on network profile is updated.

My hypothesis:
What I'm guessing is that the dynamic user is getting created the second time round with a new SID, Vista is complaining this isn't the the one in the roaming profile.

I can see an allusion to the problem in the Policy Management Reference at the top of 2.6 ("Because of the security settings in Microsoft Vista, administrators must manually add the appropriate security rights"), but I can't figure out which registry security settings I need to hack to get this to work.

Can anyone give me any pointers? Many thanks in advance.