locked
AAD DS enabled authentication for storage account still prompts for user name and password RRS feed

  • Question

  • I created an AAD and AAD DS in Azure.

    I have AAD DS authentication enabled for storage account. 


    The virtual machine was joined AAD and logon using a domain account

    I pretty sure I have gave proper role for file share  to the logged on account (Storage File Data SMB Share Contributor).

    When I tried to mount the folder via SMB, it prompts to enter user name and password. I think it should be authorized automatically by domain account. Is any steps I missing?


    Thursday, March 26, 2020 11:53 AM

Answers

  • For better understanding: Before you enable Azure AD over SMB for Azure file shares, make sure you have completed the following prerequisites:

    Enable Active Directory authentication over SMB for Azure file shares

    @miraculeux marvel You can log into an Active Directory domain-joined machine and access Azure file share with a single sign-on experience.

    There is a well explained video, please go through this article

    Sign in to the VM by using the Azure AD identity to which you have granted permissions, . If you have enabled AD authentication for Azure Files, use the AD credential. For Azure AD DS authentication, log in with Azure AD credential.

    Use the following command to mount the Azure file share. Remember to replace the placeholder values with your own values. Because you've been authenticated, you don't need to provide the storage account key, the AD credentials, or the Azure AD credentials. Single sign-on experience is supported for authentication with either AD or Azure AD DS

    net use <desired-drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>

    You have now successfully enabled Azure AD DS authentication over SMB and assigned a custom role that provides access to an Azure file share with an Azure AD identity. To grant additional users access to your file share, follow the instructions in the Assign access permissions to use an identity and Configure NTFS permissions over SMB sections.

    Overview of Azure Files identity-based authentication support for SMB access

    Note: We don't support the native AAD authentication scenario for now.  

    Additional information: Does Azure Files Azure Active Directory Domain Services (Azure AD DS) Authentication support SMB access using Azure AD credentials from devices joined to or registered with Azure AD?

    No, this scenario is not supported.

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue. 
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Friday, March 27, 2020 11:32 AM

All replies

  • That's correct - you should not be prompted for the password.

    Is the domain account synchronized from Azure AD?

    hth
    Marcin

    Thursday, March 26, 2020 12:32 PM
  • For better understanding: Before you enable Azure AD over SMB for Azure file shares, make sure you have completed the following prerequisites:

    Enable Active Directory authentication over SMB for Azure file shares

    @miraculeux marvel You can log into an Active Directory domain-joined machine and access Azure file share with a single sign-on experience.

    There is a well explained video, please go through this article

    Sign in to the VM by using the Azure AD identity to which you have granted permissions, . If you have enabled AD authentication for Azure Files, use the AD credential. For Azure AD DS authentication, log in with Azure AD credential.

    Use the following command to mount the Azure file share. Remember to replace the placeholder values with your own values. Because you've been authenticated, you don't need to provide the storage account key, the AD credentials, or the Azure AD credentials. Single sign-on experience is supported for authentication with either AD or Azure AD DS

    net use <desired-drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>

    You have now successfully enabled Azure AD DS authentication over SMB and assigned a custom role that provides access to an Azure file share with an Azure AD identity. To grant additional users access to your file share, follow the instructions in the Assign access permissions to use an identity and Configure NTFS permissions over SMB sections.

    Overview of Azure Files identity-based authentication support for SMB access

    Note: We don't support the native AAD authentication scenario for now.  

    Additional information: Does Azure Files Azure Active Directory Domain Services (Azure AD DS) Authentication support SMB access using Azure AD credentials from devices joined to or registered with Azure AD?

    No, this scenario is not supported.

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue. 
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Friday, March 27, 2020 11:32 AM