[Samba] Can't validate USER@DOMAIN in Runas

Thierry ITTY thierry.itty at besancon.org
Fri Jul 29 09:18:29 GMT 2005


A 17:48 28/07/2005 -0700, Linda W a écrit :
>Thierry ITTY wrote:
>> can you open a session on your machine with the username/domain you wish to
>> "runas" ?
>-------
>This was a "semi"-yes.  It couldn't find the profile for Home/Linda, so
>said it would use the local profile -- then it said it couldn't find it,
so it
>logged me in to a temporary directory.  My "home" directory was setup as
>//<servername>/<user> -- not //DOMAIN/<user>.  Despite unexpected location
>for the home directory, it did allow me to log in with the Domain/User
>credentials.
>
>It *may* be that I have drives mounted from the server and windows
>generally complains about having more than 1 connection to a server
>with different credentials (lame!?), but usually it says that's the
>problem instead of giving a failure with with wrong user/password,
>no?

maybe
if you access a share on a server as user1 and want to access another share
on the same server as user2, windows complains that you can't use different
credentials at the same time (error 1236 ? I think)
thought this doesn't forbid you to have shares accessed as user1 and runas
something as user2

the following works : open a session as user1, access a share, run cmd,
then "net use" : you will see your share
then runas "cmd" as user2. what will happen is that from user2's command
prompt "net use" will show an empty list. but you'll be able to access the
same or another share from there and "net use" will show it.
user1 and user2 will access their shares each with their own credentials
even on the same server

the following doesn't work : open a session as user1, access a share
(implicitely "as" user1), access a share as user2 on the same server (net
use /user:...), this pops up the credentials error message

I remember (?) that the program (bash ?) you want to exec is on a share
then runas will set up user2's environment in which there are no shares (at
least no one set up in user1's session) and thus thought "bash.exe" existed
at the time "runas" was invoked, it didn't exist anymore when runas had to
call it

so the only solution I see is : open your session as user1, runas cmd as
user2 (local program, no problem), access the share where bash is on, then
run bash from the share

>I was hoping to have "runas" act as something like a "su" in linux...

I hoped this too a while ago
the main difference in such situations is that linux (and other unices)
sets up "shares" at the system level whereas windows sets them up at the
user level

hth



More information about the samba mailing list