Azure File storage SMB mounting does not work when Storage account key access is disabled

Question

Hello,

I'm trying to mount an Azure File Storage on Linux (SMB).

• When the "Storage account key access" is disabled on the storage, I've a permission denied error when mounting de storage:

[root@saas-k8s ~]# cat /etc/fstab | grep /mkcms
//mkcmspxmstorage.file.core.windows.net/cms-installer /mount/mkcmssandboxpxmstorage/test cifs vers=3.0,nofail,credentials=/etc/smbcredentials/mkcmspxmstorage.cred,serverino,nosharesock,actimeo=30

[root@saas-k8s ~]# mount -a
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

• When I enable "Storage account key access" on the storage, the mount works

[root@saas-k8s smbcredentials]# mount -a

[root@saas-k8s smbcredentials]# df | grep pxm
//mkcmspxmstorage.file.core.windows.net/cms-installer 1048576 4928 1043648 1% /mount/mkcmssandboxpxmstorage/test

From this page https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent?tabs=portal, It should not impact mounting:
"Disallowing Shared Key access for a storage account does not affect SMB connections to Azure Files."

Could you help me to find a solution ?

Thanks,
Regards,
Grégory

Answer 1

We get a response from Azure support team:

Only AccessKey is currently supported for AKS volume mounting authentication. AAD Domain Service is supported by the Azurefile SMB protocol, but AAD DS and AKS are not currently integrated.