[Samba] net groupmap modify ntgroup="Domain Admins" ... succeeds but fails

Kaleb Pederson kpederson at mail.ewu.edu
Wed Oct 15 20:20:36 GMT 2003

After reading through the documentation, I realized that as a part of the 
migration process from Samba-2.2.X to Samba-3.0.0 I needed to convert 
everyone in my smbadmin group (previously domain admin group = @smbadmin) to 
the "Domain Admins" group w/rid=512.  So, I issued the following command:

[root at localhost profile]# net groupmap modify ntgroup="Domain Admins" 

The command succeded as was evidenced by net groupmap list:

[root at localhost profile]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-3270268339-1200857648-3960152354-512) -> smbadmin

My understanding of the documentation is that the Domain Admins group is 
automatically added to the Administrators on all machines that are a member 
of the domain, however, when I try to log into any of these machines as an 
administrator, I authenticate successfully but am not considered to be an 

To get around this for now, I logged onto the given local machine, went to the 
user management section, and added the individual account to the 
Administrators group.  This is a rough hack, but works.

What am I doing wrong?  How come I'm an administrator without any 
administrator permissions?



More information about the samba mailing list