Azure File Storage Access for Windows Service Accounts
Question
I have a VM running Services under local service accounts that are looking for mapped drives OR UNC paths. I can map a drive (using the powershell fragments from the portal) -- but this mapping only applies to ME, not the service accounts.
I created Azure AD Domain Services I created a user with AD rights. My VM has a system-assigned identity. I created a storage account. The system-assigned identity is assigned to the storage account as Contributor. I am expecting to map a UNC without providing credentials -- mapping UNC without providing credentials does not work. I tried joining the VM to the AD -- mapping UNC without provding credentials does not work.
What am I doing wrong ?
1 answers
solution1
0 2019-07-11 08:09:40
Azure Files AAD Domain Service (AAD DS) Authentication doesn't work for system-assigned identities as these identities are only presented in AAD not AAD DS. Given that AAD DS cannot authenticate system-assigned identities, it will not be able to issue valid Kerberos token for connection to Azure Files. In this case, you can use the AAD user or group identity to connect to Azure Files over SMB.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.