question

SF-9173 avatar image
0 Votes"
SF-9173 asked MilesTherkelsen-3568 commented

Network password incorrect using Azure AD DS Identity

Receiving the following error when using an identity connection to a smb file storage from a domain laptop. "New-PSDrive : The specified network password is not correct" The connection to the smb share works fine using the storage account and key. New-PSDrive command is a follows. New-PSDrive -Name Z -PSProvider FileSystem -Root "\\mystoragetest.file.core.windows.net\myshare" -Persist -Credential $credGetCredentials Here's what has been reviewed and verified. - Port 445 communication is working. - Azure AD DS says it's healthy. - On premise AD DS is synchronizing passwords to Azure AD. - SMB share permissions have been added for the users. - NTFS permissions have been set for users. (This was done while using the storage account to connect the share) - Passed credentials to New-PSDrive using UPN but still receive the error. What are we missing? What log can we look at in Azure to see a connection failure?

azure-filesazure-ad-domain-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexHarvey avatar image
1 Vote"
AlexHarvey answered

Had the same thing recently and it was due to the Synchronization setting on the AAD DS. It has to be set to ALL not Scoped.

It's mentioned in the first note on this article.

https://docs.microsoft.com/en-gb/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal

Hope this is somewhat useful and good luck!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DABrianKinsley-0662 avatar image
0 Votes"
DABrianKinsley-0662 answered

@AlexHarvey, where do you change the setting?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexHarvey avatar image
0 Votes"
AlexHarvey answered MilesTherkelsen-3568 commented

It's under the Synchronization settings menu for Azure AD Domain Services. You can then change the scope from 'Scoped' to 'All'.

One other thing I have found that gives the same experience is that you need to allow the RC4 cypher. If you have deployed CIS benchmarks Level 1 for AD in the domain it will disable RC4 and cause this issue too. It is noted here https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Same issue but we have our AAD DS set to All and the RC4 is allowed as well. Not sure what else to do at this point?

0 Votes 0 ·
SF-9173 avatar image
0 Votes"
SF-9173 answered SF-9173 commented

@AlexHarvey , In working with Microsoft the computer mounting the smb file share had to be a member of the AAD DS. We were trying to connect to a computer connected to our internal hybrid domain. If we missed something, let me know. Thanks.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hey - did you manage to get this solved?

0 Votes 0 ·

At the time you needed accounts in AAD DS to use user based authentication without a computer account. I'm not sure if something has changed since, but that was the case at the time. Since our environment was ADS we used the computer account option and connected the smb file share to DFS.

0 Votes 0 ·