After long analysis following course of Netlogon event 5719 has been identified on Windows 7 x64 client connecting to Samba PDC version 3.5.6 with roaming profiles. In my situation the Windows 7 client can logon to the Samba domain controller when the domain is available. Logon has no issues. The problem occurs when the domain is not available. It is not possible to logon to the Windows 7 client using the cached credentials, when the domain is not available. First thing to check if cached credentials are enabled: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\CachedLogonsCount. In my case a valua of 50. The problem with the Offline (domain not available) logon was caused by a difference between two parameters in the cached credentials: "LoggedOnSAMUser" and "LoggedOnUsername". The difference in the two values was introduced by a name change of the domain. All existing users had the old domain name in "LoggedOnSAMUser" and the current domain name in "LoggedOnUsername". These cached credentials can be found in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData. After this discovery I could actually logon to the Windows 7 client by using the cached credentials with the old domain name. Whilst normal online domain logon would require the current domain name. First make sure the user is logged off. And the roaming profile is updated on the server. When using roaming profiles you can delete the cached profiles on the client (right click Computer > Properties > Advanced system settings > User profiles > Settings). The resolution to the problem would be to correct the domain name in the user database for any existing user. I first removed the user "smbpasswd -x <username>" and recreated the user "sbmpasswd -a <username>". Now the user database is corrected. After this change the user should attempt to logon from the client (a new roaming profile will be downloaded). The logon will fail due to a permissions problem with the "NTUSER.DAT". Now you need to correct the permission for the "NTUSER.DAT". Logon to the system as local administrator. Load the "NTUSER.DAT" (Hive) of the specific user into the registry. Give the specific domain user full control permision to the branch in the registry. Unload the hive again to save the permission back into the "NTUSER.DAT". The domain should be able to logon the domain, and also use the offline domain logon with cached credentials. In summary the problem was caused by a domain name change that caused inconsisten data in the cached credentials.