We help IT Professionals succeed at work.

Azure Active Directory Domain Service / Mount SMB File Share

Matthieu Thomas
on
Hello,

Is it possible to mount a SMB file share using NFS right on a machine that is not domain joined ?

Mat
Comment
Watch Question

CoralonSenior Citrix Engineer
CERTIFIED EXPERT

Commented:
No.. you can't mount an SMB share with NFS, they are two completely different protocols.  

You can potentially add an NFS share to the same directory.  

Coralon

Author

Commented:
Sorry I was not clear.

Actually I would like to mount an SMB Share which is on Azure  using Azure AD Domain Service for authentication.

I can't figure out if it is possible to Map the Azure Drive using "Connect unsing different credential" on an On Premise non domain joined machine.

The doc on MS https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable  only refer to domain joined machines.

Mat
CoralonSenior Citrix Engineer
CERTIFIED EXPERT

Commented:
If I understand this correctly, you won't be able to?  The article appears to be referring to Azure domain joined machines, not on-prem machines.  Your AzureAD would need a path to get to the on prem machine.  That's going to be the issue..

If there is an available path, then it should be possible. The authentication mechanisms are similar enough between a domain authentication and a local authentication.  When you authenticate to the local machine, you send the credentials to the local security manager (lsass) instead of the domain.  You would supply the credentials as <machinename>\accountname.  The machinename becomes the domain.

In the AzureAD situation, the machine is reaching out to Azure to initiate the authentication, and I don't *think* there is a path in the other direction.  (I'm not an Azure expert by any stretch).  As a sort of example - when you run Citrix Cloud, you install a Cloud Connector service on premises, so you can authenticate to the on prem resources.  I don't think AzureAD has anything like that?  The main thing is the "client" in this situation must have access to the initiate the connection to the "server".

I'd say just try it :-)

Coralon
OK so here is the clarification. There are 2 way to mount an Azure File share using active directory properties :

Enable Active Directory authentication over SMB for Azure file shares
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable 

Enable Azure Active Directory Domain Services authentication on Azure Files
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable 

It is also VERY well explained here : https://www.youtube.com/watch?v=H04e9AgbcSc 

In my case as I want to be able to acces my azure file share from on-premise computer  the solution is  :
Enable Active Directory authentication over SMB for Azure file shares