I have my XP-Pro machine setup as a member of an Samba-based Domain server.
I usually run as "linda@<localmachine>", but wanted to try
running a
program using "RunAs" in the "Home", DOMAIN my machine
belongs to. The
runas command says:
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/user:<UserName> program
with Notes:
NOTE: Enter user's password only when prompted.
NOTE: USER@DOMAIN is not compatible with /netonly.
NOTE: /profile is not compatible with /netonly.
and Examples as:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc
%windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my
file.txt\""
The output on my XP machine is:
> runas /user:linda@Home bash.exe
Enter the password for linda@Home:
Attempting to start bash.exe as user "linda@Home" ...
RUNAS ERROR: Unable to run - bash.exe
1326: Logon failure: unknown user name or bad password.
---
I verified on my "Samba" server (running SuSE 9.1)
to have the following in my "/etc/samba/smbpasswd" file:
linda:1000:08...<long hex string>...:8...<guid looking thing>...B: \
[ ]:LCT-4<##>E:
I ran smbpasswd on the server to verify I'd set the correct password,
and "linda" is in the "Domain Users" and the "Domain
Admins" group.
Is there something I am missing in how I'm supposed to do this? It's
the first time trying "runas". The XP machine "knows"
it's part of
the "Home" domain. The Domain server is setup as a logon server.
Since it is my first time trying this it's likely some config problem
"somewhere". Any clues? Has anyone done this that might have
some tips?
Thanks,
Linda
Linda W schrieb am 26.07.2005 20:51:> ... > I verified on my "Samba" server (running SuSE 9.1) > to have the following in my "/etc/samba/smbpasswd" file: > > linda:1000:08...<long hex string>...:8...<guid looking thing>...B: \ > [ ]:LCT-4<##>E:As the man page of the smbpasswd file says, the Account Flags (the stuff between the square brackets) should contain a "U" to indicate that this is a "User" account. Otto
Thierry ITTY wrote:> can you open a session on your machine with the username/domain you wish to > "runas" ?------- This was a "semi"-yes. It couldn't find the profile for Home/Linda, so said it would use the local profile -- then it said it couldn't find it, so it logged me in to a temporary directory. My "home" directory was setup as //<servername>/<user> -- not //DOMAIN/<user>. Despite unexpected location for the home directory, it did allow me to log in with the Domain/User credentials. It *may* be that I have drives mounted from the server and windows generally complains about having more than 1 connection to a server with different credentials (lame!?), but usually it says that's the problem instead of giving a failure with with wrong user/password, no? Maybe a better question might be how to make my local login and the domain login map to the same USER on my winXP machine? It's been quite a while since I've read the NT-Domain specific documentation. I'm not entirely sure why my local logon _isn't_ the same as the DOMAIN/user logon -- I'm able to access files as though I were logged in as the same username on the domain host. I was hoping to have "runas" act as something like a "su" in linux... Linda
A 17:48 28/07/2005 -0700, Linda W a ?crit :>Thierry ITTY wrote: >> can you open a session on your machine with the username/domain you wish to >> "runas" ? >------- >This was a "semi"-yes. It couldn't find the profile for Home/Linda, so >said it would use the local profile -- then it said it couldn't find it,so it>logged me in to a temporary directory. My "home" directory was setup as >//<servername>/<user> -- not //DOMAIN/<user>. Despite unexpected location >for the home directory, it did allow me to log in with the Domain/User >credentials. > >It *may* be that I have drives mounted from the server and windows >generally complains about having more than 1 connection to a server >with different credentials (lame!?), but usually it says that's the >problem instead of giving a failure with with wrong user/password, >no?maybe if you access a share on a server as user1 and want to access another share on the same server as user2, windows complains that you can't use different credentials at the same time (error 1236 ? I think) thought this doesn't forbid you to have shares accessed as user1 and runas something as user2 the following works : open a session as user1, access a share, run cmd, then "net use" : you will see your share then runas "cmd" as user2. what will happen is that from user2's command prompt "net use" will show an empty list. but you'll be able to access the same or another share from there and "net use" will show it. user1 and user2 will access their shares each with their own credentials even on the same server the following doesn't work : open a session as user1, access a share (implicitely "as" user1), access a share as user2 on the same server (net use /user:...), this pops up the credentials error message I remember (?) that the program (bash ?) you want to exec is on a share then runas will set up user2's environment in which there are no shares (at least no one set up in user1's session) and thus thought "bash.exe" existed at the time "runas" was invoked, it didn't exist anymore when runas had to call it so the only solution I see is : open your session as user1, runas cmd as user2 (local program, no problem), access the share where bash is on, then run bash from the share>I was hoping to have "runas" act as something like a "su" in linux...I hoped this too a while ago the main difference in such situations is that linux (and other unices) sets up "shares" at the system level whereas windows sets them up at the user level hth