You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md
+24-4Lines changed: 24 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -216,10 +216,30 @@ If you want to enable client machines to connect to storage accounts that are co
216
216
217
217
Add an entry for each storage account that uses on-premises AD DS integration. Use one of the following three methods to configure Kerberos realm mappings. Changes aren't instant, and require a policy refresh or a reboot to take effect.
218
218
219
-
- Configure this Intune [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) and apply it to the client(s): [Kerberos/HostToRealm](/windows/client-management/mdm/policy-csp-admx-kerberos#hosttorealm)
220
-
- Configure this group policy on the client(s): `Administrative Template\System\Kerberos\Define host name-to-Kerberos realm mappings`
221
-
- Run the `ksetup` Windows command on the client(s): `ksetup /addhosttorealmmap <hostname> <REALMNAME>`
222
-
- For example, `ksetup /addhosttorealmmap <your storage account name>.file.core.windows.net CONTOSO.LOCAL`
219
+
# [Intune](#tab/Intune)
220
+
221
+
Configure this Intune [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) and apply it to the client(s): [Kerberos/HostToRealm](/windows/client-management/mdm/policy-csp-admx-kerberos#hosttorealm)
222
+
223
+
# [Group Policy](#tab/Group Policy)
224
+
225
+
Configure this group policy on the client(s): `Administrative Template\System\Kerberos\Define host name-to-Kerberos realm mappings`
226
+
227
+
- Set the policy to `Enabled`
228
+
- Then, click on the `Show...` button to define the list of host name-to-realm mappings. For each storage account configured for AD DS, add an entry where:
229
+
-`Value` is the AD DS-enabled storage account's host name, i.e. `<your storage account name>.file.core.windows.net`
230
+
-`Value name` is the AD DS realm name
231
+
232
+
# [Registry Key](#tab/Registry Key)
233
+
234
+
Run the following `ksetup` Windows command on the client(s):
235
+
236
+
```
237
+
ksetup /addhosttorealmmap <hostname> <REALMNAME>
238
+
```
239
+
240
+
For example, `ksetup /addhosttorealmmap <your storage account name>.file.core.windows.net CONTOSO.LOCAL`
241
+
242
+
---
223
243
224
244
> [!IMPORTANT]
225
245
> In Kerberos, realm names are case sensitive and upper case. Your Kerberos realm name is usually the same as your domain name, in upper-case letters.
0 commit comments