ok I understand now the mechanism of usermap. what we attempt is to have a samba user like "DOMAIN\chief" wich may be with root permissions when we log on physicaly on a client machine. Thanks and regards, Raphaël