I'm currently managing a Linux Samba file share on an Ubuntu VM hosted on Google Compute Engine, which authenticates users through Active Directory using Winbind. This setup allows Windows PCs to automatically connect using their credentials, while Mac users sign in manually. Each user on AD has a uidNumber and gidNumber assigned for access. However, we're migrating from a hybrid Entra setup to full Intune, and I'm curious about how to set up user authentication for Linux file shares with Entra. I want to know if Samba will still be used for mapped drives, how to match uid/gid assignments with new Entra accounts, and how to automate adding new IDs as new accounts are created.
3 Answers
Entra ID Domain Services could work for you here. This setup removes the need for on-prem AD and allows Microsoft to host a domain controller in Azure, pulling user info from Entra. It could authenticate your legacy devices seamlessly.
You might want to consider using Azure Files. It's like an SMB server in the cloud, managed by Microsoft. You can connect it to an Active Directory for authentication, or use Entra Domain Services for direct authentication with your Entra users—no need for a local DC. Pricing can be a bit confusing, but once you input real usage figures, it might be more affordable than you think.
How does permission management work with Azure Files? If not everyone can access everything, is it tied to Entra groups and can permissions be set up recursively? I'm concerned about our existing automation scripts for folder creation and permissions.
I believe Windows "Shares" are becoming less favored, with a push towards cloud solutions like SharePoint. However, if you're tied to on-prem file shares for automation, you might need to find the right balance as organizations move more towards cloud storage.
Do Entra devices even need to join a domain just for this? I noticed our devices are listed as WORKGROUP, and we're still in the process of learning how everything fits together.