Oct 07 2022 03:06 AM
Help !!
I am trying to setup an Azure Files test share in Azure. The Azure active directory with users, subscription, the storage account and file share created. I need to assign general users permissions on the share. When I click on Access Control (IAM) on the share it says...
To give individual accounts access to the file Share (Kerberos), enable identity-based authentication for the storage account.
How do I do this ? Or the way to make the share so that I can select users in the Azure active directory to give them permission (read, write etc..)
Note I do not have an onsite domain controller and do not wish to have one.
Thanks
Oct 07 2022 06:50 AM
Have a read of the following article to get a basic understanding of the moving parts.
From what you've said about not having or wanting domain controllers, I have to assume your tenant is cloud-native meaning of the three identity-based authentication models, you can only use one: Azure AD DS (since the other two involve the on-premise variety of AD DS.)
Note: Azure AD DS is note the same thing as Azure AD. It is an option paid extra that amongst other things provides Kerberos support.
If you already have Azure AD DS then there will be no additional cost. Of course, if you don't currently have it then it does cost extra.
Also note point 2 as this may represent significant effort if you have hundreds or even thousands of clients already Azure AD joined (or registered, but I'm wagering this isn't relevant to your configuration.)
In short, until you have configured Azure AD DS, you cannot assign users.
If you are completely unfamiliar with Azure AD DS, have a read of the following, being sure to note how Azure AD DS produces as copy of your actual Azure AD environment which is then used for the various (including Kerberos) purposes.
Cheers,
Lain
Oct 11 2022 03:21 AM
Oct 18 2022 04:36 AM