You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -203,11 +203,11 @@ Use one of the following three methods:
203
203
Changes are not instant, and require a policy refresh or a reboot to take effect.
204
204
205
205
> [!IMPORTANT]
206
-
> Once this change is applied, the client won't be able to connect to storage accounts using on-premises AD DS integration without configuring Kerberos realm mappings. If you want the client(s) to be able to connect to storage accounts using both authentication methods, follow the steps in [Configure coexistence with storage accounts using on-premises AD DS](#configure-coexistence-with-storage-accounts-using-on-premises-ad-ds).
206
+
> Once this change is applied, the client(s) won't be able to connect to storage accounts that are configured for on-premises AD DS integration without configuring Kerberos realm mappings. If you want the client(s) to be able to connect to storage accounts configured for AD DS as well as storage accounts configured for Azure AD Kerberos, follow the steps in [Configure coexistence with storage accounts using on-premises AD DS](#configure-coexistence-with-storage-accounts-using-on-premises-ad-ds).
207
207
208
208
### Configure coexistence with storage accounts using on-premises AD DS
209
209
210
-
If you want to enable client machines to connect to storage accounts using Azure AD Kerberos and AD DS, follow these steps. If you're only using Azure AD Kerberos, skip this section.
210
+
If you want to enable client machines to connect to storage accounts that are configured for AD DS as well as storage accounts configured for Azure AD Kerberos, follow these steps. If you're only using Azure AD Kerberos, skip this section.
211
211
212
212
Add an entry for each storage account that uses on-premises AD DS integration. Use one of the following three methods to configure Kerberos realm mappings:
213
213
@@ -216,6 +216,8 @@ Add an entry for each storage account that uses on-premises AD DS integration. U
216
216
- Configure the following registry value on the client(s): `reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\domain_realm /v <DomainName> /d <StorageAccountEndPoint>`
217
217
- For example, `reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\domain_realm /v contoso.local /d <your-storage-account-name>.file.core.windows.net`
218
218
219
+
Changes are not instant, and require a policy refresh or a reboot to take effect.
220
+
219
221
## Disable Azure AD authentication on your storage account
220
222
221
223
If you want to use another authentication method, you can disable Azure AD authentication on your storage account by using the Azure portal, Azure PowerShell, or Azure CLI.
0 commit comments