cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Make sure Azure Active Directory Domain Services (Azure AD) is enabled for your Active Tenant

glenbow
Copper Contributor

‎Oct 07 2022 03:06 AM

‎Oct 07 2022 03:06 AM

Make sure Azure Active Directory Domain Services (Azure AD) is enabled for your Active Tenant

Help !!

 

I am trying to setup an Azure Files test share in Azure.   The Azure active directory with users, subscription, the storage account and file share created.  I need to assign general users permissions on the share.  When I click on Access Control (IAM) on the share it says...

 

To give individual accounts access to the file Share (Kerberos), enable identity-based authentication for the storage account.

 

How do I do this ?   Or the way to make the share so that I can select users in the Azure active directory to give them permission (read, write etc..)

 

Note I do not have an onsite domain controller and do not wish to have one.

 

Thanks

1,804 Views
0 Likes
3 Replies
Reply
3 Replies
LainRobertson

‎Oct 07 2022 06:50 AM

‎Oct 07 2022 06:50 AM

Re: Make sure Azure Active Directory Domain Services (Azure AD) is enabled for your Active Tenant

@glenbow 

 

Have a read of the following article to get a basic understanding of the moving parts.

 

From what you've said about not having or wanting domain controllers, I have to assume your tenant is cloud-native meaning of the three identity-based authentication models, you can only use one: Azure AD DS (since the other two involve the on-premise variety of AD DS.)

 

Note: Azure AD DS is note the same thing as Azure AD. It is an option paid extra that amongst other things provides Kerberos support.

 

 

If you already have Azure AD DS then there will be no additional cost. Of course, if you don't currently have it then it does cost extra.

 

Also note point 2 as this may represent significant effort if you have hundreds or even thousands of clients already Azure AD joined (or registered, but I'm wagering this isn't relevant to your configuration.)

 

In short, until you have configured Azure AD DS, you cannot assign users.

 

If you are completely unfamiliar with Azure AD DS, have a read of the following, being sure to note how Azure AD DS produces as copy of your actual Azure AD environment which is then used for the various (including Kerberos) purposes.

 

 

Cheers,

Lain

0 Likes
Reply
glenbow

‎Oct 11 2022 03:21 AM

‎Oct 11 2022 03:21 AM

Re: Make sure Azure Active Directory Domain Services (Azure AD) is enabled for your Active Tenant

So ive gone into my file share that is in my storage account

File share settings

Active Directory: Not configured

So I click on the Not configured

Page appears Step 1: Enable an Active Directory source

3 options..

Active Directory, Azure Active Directory Domain Services, or Azure AD Kerberos

I click on Azure Active Directory Domain Services Set up.

Page Set up Azure AD DS appears

I check Enable Azure Active Directory Domain Services (Azure AD DS) for this file share

I click on the Save button and this error message box appears…

Failed to update storage account.
Error: The resource 3bd9cf9-38e-82t5666e does not exist

Help !
0 Likes
Reply
glenbow

‎Oct 18 2022 04:36 AM

‎Oct 18 2022 04:36 AM

Re: Make sure Azure Active Directory Domain Services (Azure AD) is enabled for your Active Tenant

So I have now enabled the Azure AD DS services and created the file share and enabled rights for users.

When I connect to the azure file share via windows file explorer i'm getting 'The Specified Network Password is Not Correct'

I have entered the correct logon username and password but it comes up with the username and password.

What am I doing wrong ?
0 Likes
Reply