[Samba] Validating as different users, domain user mapping to local (not happening?)

[Thierry ITTY]

>> thought this doesn't forbid you to have shares accessed as user1 and runas
>> something as user2
>----
>	I doesn't seem like it should.
why ?


>	Haven't tried that scenario, specifically.  Where I've seen it is
>on trying to add sharing permissions on a directory:
>...
>The only way I've gotten around this is by unsharing
>(net use [drive|sharename] /d).
I should need time to test, which of course I haven't :-)

>..
>Hm...ok...now RUNAS is working (though not exactly as I'd like...but can
>probably figure that out by consulting my books)...
>Seems user at domain doesn't work in simple case -- their example shows:
>user at domain.microsoft.com.  Maybe it needs the dots in the domain name?
the syntax user at domain.com is the w2k dns based naming scheme whereas the
domain\user is the old netbios one. both should work but with some
third-party tools which don't understand dns naming.

>	Bash.exe (cygwin toolset) is on the local machine.  I can now
>start bash, but not "explorer".  When I try to start Explorer, I get
>no error message and nothing happens (or starts).
Explorer is a much more funny thing to handle
I got it from m$ support : you just can't run explorer as runas with
another user, officially it conflicts with the desktop explorer instance.
but the following works : open a dos command prompt window, start the task
manager, kill explorer : your desktop disappears. then run explorer from
command line : your desktop comes to life again, then you can runas a
second instance of explorer as another user. this _is_ the official way...

>
>	Even though my remote user is listed as being in the Domain Admins
>group, trying to run, say the disk defragmenter gives an error about my
>remote user not having administrative priviledges.  Well...guess that's
>more work to figure out in the future...
maybe you'd have to check that domain admins are members of the local admin
group ?

hth