We have created Azure file share with ADDS authentication enabled. Provided the required permissions RBAC in azure for accessing the share.
Storage account object as (computer account)
Enabled the NTFS permissions (Windows) on share using the storage account managed key for the first time.
When tried to mount the share without storage account key, we are asked for credentials and is failed with incorrect credentials.
net use X: \.file.core.windows.net<sharename>
Ideally, share should be mounted without any credentials.
We have identified that, if we remove the NTFS permissions and re-add the permissions the share is mounted as expected but happens intermittently and after sometime. when mounting the share, its requesting the credentials.
What could be the issue and the reason for share being mounted only after remove and re-add the NTFS permissions on Azure file share.
Related
Assuming I already have a Storage Account SAS URI configured. How can I connect from outside the network to that Storage Account and which file sharing client should I use? What values do I need to configure it and where are they in the Storage Account - Azure AD? How do I give different permissions to different users? By Roles?
I tried to create a Storage Account SAS URI and a Shared Access Key. I tried connecting from WinSCP using those endpoints. I can't find the username and password. Do you know a method similar to this, but that works?
Many Thanks
If you enable SFTP for Azure Blob Storage, you will have an endpoint that you can access via WinSCP and the ability to create users with differing permissions to control access.
We have an azure VM (Virtual Machine) hosting a web app in IIS but that uses files on the VM's file system. We want to move the files to an Azure Storage Account (so that if the VM losses the data we have the files still). We can do this, but when we try and give the storage account permissions on the VM it says it cant do it. Anyone know how to give the storage account permissions to write and us the file system through IIS?
I don't know what is the reason that you want to change the permission of the mount point. But when you follow the steps in Quickstart: Create and manage Azure Files share with Windows virtual machines and finish all the steps, the Azure File Share was mounted to the Windows VM, then you cannot change the permission. And the admin users have full control of the mount point, the users can write, read and modify the files in the mount point.
I think when you use the admin users to run the IIS, then it already has the permission to write and read in the mount point. So you needn't change the permission.
I have created an azure file share and I was able to create mapped drive on my system , but I need to share different folders to different users
currently I have only one username which is the storage name provided by azure
By default mapping of an Azure File Share happens using SMB protocol that makes use of your storage account name/key.
However, you can also enable Azure Active Directory Domain Services (Azure AD DS) authentication over SMB for Azure Files which will let you grant granular NTFS permissions on folders and files inside a share to users.
Please visit this link for detailed instructions on how you can accomplish that: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable.
I'm trying to create a Google service account which has access to a Drive folder so I can use google-spreadsheets to read and write to files in the folder. During development I created a service account under my unmanaged Google account. The user account has owner access. In order to be allowed access I needed to change the document sharing settings to public (with link access). For development this is no issue, but of course in production I do not want my data to be publicly accessible.
How do I make sure the service account has access to the document while it is not publicly shared (shared within organisation is preferred)? Setting it to organisation access only, the api gives me a 403 (Forbidden) code.
Service accounts are dummy users. You can take the service account email address and share a folder on your personal drive account with the service account. Give it write access and it will be able to read and write to this folder.
Just remember that when uploading to this folder you will need to have the service account grant your personal user access to the file or your going to have files on your drive account that you dont own and cant access.
My Azure API app uses the new Windows File storage API.
In the startup on my Azure API app I need to map to a UNC path. The 3rd party application we integrate with needs to reference a local/UNC path for files.
In doing so I am getting a Error: ERROR_ACCESS_DENIED
Is it possible to map a UNC path to Azure File Store in a Web/API app?
If so - is it possible to run the app pool under an elevated account?
Or can I map this drive before using a different account somehow?
Its possible to add a UNC path to an Azure File.
You may getting an access denied due to different user contexts between file share creation and access. Please check out the Persist your storage account credentials for the virtual machine section in this article: https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/
Additionally, you could use canned user (storage account name, key) credentials to run the app pool.