Azure File Shares drive map password prompt - azure-storage

I'm having a problem mapping a file share on Azurefiles using Active directory authentication.Storage account already connected to on premise domain and i have a hybrid domain setup.
File share can be mount using the storage account key without any issue.However, when i try to map the share from a domain joined account without storage account key it gives the following error.
System error 86 has occurred.
The specified network password is not correct.
The AD user account was already added to "Storage File Data SMB Share Contributor" role as well.

Based on the error message you can refer to the suggestion mentioned here Error 86 Specified password is incorrect
Active Directory authentication over SMB for Azure file shares: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable#mount-a-file-share-from-a-domain-joined-vm
Azure Active Directory Domain Services authentication on Azure Files:ht tps://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable#mount-a-file-share-from-a-domain-joined-vm
For additional information please see here also, which gives an idea on your query
Troubleshoot Azure Files problems in Windows

Related

net use command asking for a username and password

Azure Files SMB Access On-premises with private endpoints, But when I used the net use command to mount the drive.
c:>net use Z: \myshare.file.core.windows.net\testshare
its keep asking username passowrd
Enter the user name for myacc.file.core.windows.net':
Thanks
Shanuka M
Azure file share with On-prem AD Authentication
Net use command fails if the storage account contains a forward slash
Try the below mentioned cmdlet
New-SmbMapping -LocalPath z: -RemotePath \\StorageAccountName.file.core.windows.net\sharename -UserName StorageAccountName -Password "AccountPassword"
This article will help in Mapping a Network Drive to an Azure File Share Using Domain Credentials
I would recommended to please refer the Prerequisites : on-premises Active Directory Domain Services authentication over SMB for Azure file shares

Copying folders from S3 to an Azure Storage Blob and receiving "cannot list objects, access is denied" error. Anyone else have this and resolve it?

I've confirmed that my S3 credentials are set correctly and even tried full permissions on the bucket and still receive the same message. On the Azure side, I've added Storage Blob Data Owner permissions to my account and can list files I manually upload through the portal with the credentials I used (signing in through AAD rather than using a token).
Any help is appreciated here.
As it turned out there were no issues with either the Azure or AWS configuration. Trying the same commands in a linux VM worked perfectly. If you're experiencing this error it may be an issue with the AWS CLI or some other local config.

How to grant a user account access for GCE Cloud Storage

I have a Compute VM that has storage permission of read-write. When I try to run the following command:
gsutil rsync -R local-dir gs://folder1/prod/www.domain.tld
I get insufficient permission error:
Building synchronization state...
Skipping cloud sub-directory placeholder object (gs://folder1/prod/www.domain.tld/) because such objects aren't needed in (and would interfere with) directories in the local file system
Starting synchronization
Copying file://local-dir/.gitignore [Content-Type=application/octet-stream]...
Uploading gs://folder1/prod/www.domain.tld/.gitignore: 174 B/174 B
AccessDeniedException: 403 Insufficient Permission
I am not sure what account needs to have specific permissions or how I would even assign the permissions. Can someone provide some direction as to what I need to look into? The only permissions I can think of is a service account but I am not sure how to create one or if that is what I even need to do. Also, once I grant an account access/permission, how would I use the account to authenticate?
Use gcloud auth list command to lookup the active account. The service account of Comoute Engine is similar to the following:
123845678986-compute#developer.gserviceaccount.com (active)
By default, this service account is a member of your project with Edit permission. Check ACLs of your GCS bucket and its folders and make sure the GCE service account or the group which it is belong to, has ownership or editing rights to them.

NTFS vs. File Share

In helping out a friend with a few questions for CS, I came across one that I had no prior experience with and was hoping someone would be able to clarify the difference between NTFS and File Share for me.
To help, the question we faced was:
A folder storing a faculty member’s personal documents are set as a share to which everyone has full access. The only person with NTFS permissions on the folder is said faculty member. Can everyone else access the documents?
I appreciate any clarification you can provide. I'd love your help in learning about this!
Short answer: No.
In Windows each file and directory has an ACL controlling access to it.
Each file share also has an ACL controlling access to the share.
When you access a remote file through a share you are doing so using the credentials used to login to the local computer. (You can connect using different credentials by entering a username/password when connecting).
The remote computer tests the supplied credentials against the ACL on the share.
Once you are past that, then every file you attempt to access on the remote machine through this connection will be checked using your credentials against the ACL on the file and the share. This allows a file share to offer more restricted access to some files than if the same user were attempt to access them locally. (So you could share files as read-only, even if the ACLs on the files themselves would allow that user write access).
If the file share is of a FAT file system then the only ACL checking that is done is against the file share itself because FAT doesn't support ACLs.
When computer are not in a domain and all user accounts are local user accounts then permissions are maybe not what you expect. Unlike Unix/linux, it is generally not possible to create the same user account (uid) on two computers because Windows basically uses a GUID for the UID (a big random number). So when you attempt to look at file owner or ACL information on remote files, since those files are all owned by local accounts on the remote computer, to your local computer those UID will not be recognized (See dir/q from the command line).
Windows can be setup to make non-domain file sharing a little easier. It can be set so that when you attempt to access the remote file share, as long as the remote computer has an account with the same username and password as the local computer, then the connection is allowed -- and you are logged into the remote computer using the remote computer users account.
For reference, see information on NTLM, SMB and NETBIOS.

Cannot change files permissions on server. Could this be because my site does not have a domain name?

I am developing a site for a client who has not decided on their domain name yet. I set up an account on a web server via WHM but have not pointed any domain names to it.
All was going well until I used a plugin (TinyMCE) to try and browse files on the server - it wouldnt work so I had a look at its script files and realised their permissions are set to not executable (644). I tired to change it to executable (755) but I get an error in my FTP clients console:
550 Could not change perms on file.js: Operation not permitted
Could this be because I am accessing the server not through a specific FTP account and so the server has locked down the files?
EG: I am using the servers IP address to access files with my FTP rather then something like:
ftp.mysite.com
Any advice on this would be great! Thanks
Yes, There is an issues with the FTP account permission. You will have to login your server with the main cPanel account user name and password OR you can chnage your file permission through cPanel >> File manager