Unable to Authenticate Azure file share with on-premises active directory users.

Rohit Gawade 0 Reputation points
2024-04-19T18:59:42.52+00:00

I have enabled ADDS authentication for my storage account. I did this by setting up an on-premise Active Directory on one of my Azure VMs and providing Storage File Data SMB Share Elevated Contributor access to the file share. Now, I am able to mount the file share using the credentials of active directory users. However, I am facing an issue where I am unable to authenticate/mount the file share with active directory user credentials after adding an alias/CNAME for the file share.

I do not wish to sync AD with Microsoft Entra ID.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,152 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,709 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,549 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anand Prakash Yadav 5,925 Reputation points Microsoft Vendor
    2024-04-22T11:39:01.4733333+00:00

    Hello Rohit Gawade,

    Thank you for posting your query here!

    Can you check and confirm whether Active Directory is enabled on your storage account with the following script: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable#confirm-the-feature-is-enabled

    We strongly recommend that you review the How it works section to select the right AD source for authentication. The setup is different depending on the domain service you choose. This article focuses on enabling and configuring on-premises AD DS for authentication with Azure file shares.

    If you're new to Azure Files, we recommend reading our planning guide.

    There is a video, Prerequisites and Supported scenarios and restrictions in this article: which help you to enable the on-prem Active Directory Authentication for Azure File Share.

    Note: Azure AD DS authentication over SMB with Azure file shares is supported only on Azure VMs running on OS versions above Windows 7 or Windows Server 2008 R2.

    Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. You can check if your firewall is blocking port 445 with the Test-NetConnection cmdlet. To learn about ways to work around a blocked 445 port, see the Cause 1: Port 445 is blocked section of our Windows troubleshooting guide. Similar post that might help: https://learn.microsoft.com/en-us/answers/questions/1135909/ad-authentication-for-azure-file-share

    Further reference: https://adamtheautomator.com/how-to-set-up-an-azure-file-share-with-on-prem-ad-authentication/

    https://www.c-sharpcorner.com/article/implement-an-azure-files-smb-access-on-premises-with-private-endpoints/

    I hope this helps! If the issue persists or if you have any other questions, please let me know in the comment section.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

    0 comments