How to add an Domain Admin to the local Admin group

Stephen L Arnold sarnold at
Sun Jun 20 00:36:42 GMT 1999

On 20 Jun 99, "Michael Kramer" <michael-kramer at> had 
questions about How to add an Domain Admin to the local Admin 

> I need the domain admin to be a member of the local admin group,
> If I log into the local domain as admin I cannot add the domain
> admin to the local admin group, because of miising privledges in
> the domain. If I log into the domain it's the same, because of
> missing privledges on the local workstation. 
> User Administrator is member of the linux group root. In
> smb.conf I've set domain admin group = root. 

>From the current smb.conf man page:

domain admin group (G) 

This is an EXPERIMENTAL parameter that is part of the unfinished 
Samba NT Domain Controller Code. It has been removed as of November 
98. To work with the latest code builds that may have more support 
for Samba NT Domain Controller functionality please subscribe to 
the mailing list Samba-ntdom available by sending email to 
listproc at  

Probably why it's not working.

Check and see if you have a username map file specified in 
smb.conf.  You should try the following parameter instead:

domain user map (G) 

This option allows you to specify a file containing unique mappings 
of individual NT Domain User names (in any domain) to UNIX user 
names. This allows NT domain users to be presented correctly to NT 
systems, despite the lack of native support for the NT Security 
model (based on VAX/VMS) in UNIX. The reader is advised to become 
familiar with the NT Domain system and its administration.  


This option, which provides (and maintains) a one-to-one link 
between UNIX and NT users, is DIFFERENT from 'username map', which 
does NOT maintain a distinction between the name(s) it can map to 
and the name it maps.

If you haven't tried this yet, give it a shot


Steve Arnold           

Things go better with Linux and King Crimson.

More information about the samba mailing list