I'm currently dealing with a challenge while setting up Azure Files with Kerberos Authentication for a client. I have a machine connected through Entra and an on-premises synced user. All policies are correctly configured, and tickets are being issued without any issues. My test user has the SMB Contributor role on the share, and everything works perfectly when I access it directly as that user. However, I set up Entra groups to manage permissions for the share, added those groups to the corresponding SMB roles, and assigned my test user to the Contributor role as well. After allowing time for the changes to take effect and rebooting the test machine, I tried to access the share but encountered a failure. I checked the Kerberos tickets using 'klist,' and they appear correct. I've also enabled group writeback and switched to Cloud Sync, syncing the relevant groups to Active Directory. I further tested with a purely AD group, assigning it the SMB Contributor role, but it still doesn't work. Am I missing something crucial in this setup?
3 Answers
Have you checked if the new group is added under the properties > security section of the share? It sounds like the NTFS permissions for the group might not be set up properly. Remember, there are two layers to this: RBAC and NTFS.
It looks like you’ve been thorough with your groups and permissions. It’s essential to ensure that both the role assignments and NTFS permissions are set correctly for the groups. Sometimes, a single tick box might be the culprit, so double-check the settings!
What kind of error do you get when it fails? Make sure to check the exact message you're seeing. That can really help pinpoint the issue.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures