mapping domain admins to local adminitsrators

First off please update to the 4.2.22 version.

Im not sure if im understanding the situation correctly. But please understand that there are 2 layers of permissions

The Linux ACL Posix permissions which should be set to ALL ACCESS

and the Domain permissions which are cross referenced with the Domain Controller everytime authentication happens.

The domain permissions need to be set with the Admin account from the DC (optional to do it from the DC)

Now if you want your domain admins to be admins on the nas, as in to manage the NAS and be able to access the page https://ipofnas/admins/ that is impossible there is a local admin account on the nas with one password that can access that.

Also to troubleshoot your issue make sure your Linux ACL Permissions are correctly set, to do so reset them:

How to reset permissions on a Readynas:
=======================================
- gets access to all files, if you were in domain mode and your files are locked this will unlock them, and dont worry when you go back to domain mode, all your files will regain their permissions as they were before.. this is just for quick access to your files if they are locked some weird way
1) on the left side go tosecurity tab and security mode link/tab (the one where you hcange from work group to domain mode etc.)
2) change to user mode
3) hit okay or accept
4) on the left side go to SERVICES TAB -> STANDARD FILE PROTOCOLS link/tab
5) disable/uncheck CIFS
6) hit APPLY button at the bottom
7) enable/check CIFS
8) hit APPLY button at the bottom
9) on the left side go to Shares tab - > share listing link/tab
10) click on a share (example "backup") (the CIFS icon, the right most, looks likea notepad paper with a pencil to it)
11) you will be in the CIFS tab once you click that.. change the settings to:
* default access: read/write
===SHARE ACCESS RESTRICTIONS SECTION:===
* uncheck and blank out everything up to the allow guest access. (blank out meaning just erase everything in the text boxes)
* enable/check guest access.
===SHARE DISPLAY OPTION SECTION:===
* uncheck "hide this share...".
* disable recycle bin.
===ADVANCED CIFS PERMISSIONS SECTION:===
* check all (there are two options to check "automatically set permissions..." & "do not allow acl changes ...")
* in that same advanced cifs permissions section select all the drop down menus to say read/write.
===OPPORTUNISTIC LOCKING SECTION:===
* disable "enable oplocks".
* hit APPLY button at the bottom
12) go to the top of the CIFS page that your in and select the ADVANCED OPTIONS tab (you should still be in the settings for whatever share you selected, so the "backup" share for example, your just in a different sub-tab now). and in there just fill this out like so, make sure everything is lowercase like mine:
===ADVANCED SHARE PERMISSION:===
13) Do the appropriate 13a,13b, or 13c step depending on your security settings. 13a works generally. b is for user-mode and c is for domain mode
13a) Just a general setting to try
* Share Folder Owner: nobody
* Share Folder Group: nogroup
13b) If your in User/Volume Security Mode
* Share Folder Owner: admin
* Share Folder Group: nogroup
13c) If your in Domain Security Mode
* Share Folder Owner: administrator
* Share Folder Group: nogroup <-- or leave it as blank only works in this domain mode
14) Continue with these below it
* Share Folder Owner rights: should be greyed out but select read/write if you can
* Share Folder Group rights: read/write
* Share Folder Everyone rights: read/write
* check "set ownership and permission..." (this will actually reset the permissions and then when you hit apply at the end of the step it will uncheck it self, dont worry that it unchecked it self, it does that so that you can do that again)
* check the second one says that "grant rename..."
===ADVANCED SHARE UTILITIES:===
* Shift share content timestamps by: 0 minutes
* hit APPLY button at the bottom
* NOTE IF THAT DIDNT WORK RETRY 13A, 13B or 13C DEPENDING ON THE NETWORK SECURITY SETTING AND HIT APPLY
15) thats it just repeat steps 10 thru 12 for each share

Yeh I don't think I worded it very clearly.
I'm hosting roaming profiles on the ReadyNas. I want to allow domain admins access to the user folders. By default roaming profiles create the folders with only SYSTEM and %USERNAME% having any permissions. It actually clears any inherited permissions and then sets these. There is a gpo that will set the administrators domain group to full access on the folders when they are created. When the share is hosetd on a windows server the gpo works great. Using that gpo while hosting the share on the ReadyNas sets the permissions for a group called administrators on the nas itself ie. pd-lc-rnas1\administrators. This group having full access does not translate into admins on the domain having access. So I was wondering if there was a way to map that group (if it even really exists) to the administrators group in AD. I don't know why the gpo behaves differently when applying permissions to folders on the NAS vs on a windows server, but it does.