Mount Azure file share

Question

I have created a public Azure file share and set the authentication method to Active Directory. The Azure storage account is domain joined to my on-premises Active Directory Domain Services. I have followed these steps to configure it https://learn.microsoft.com/en-gb/azure/storage/files/storage-files-identity-auth-active-directory-enable#overview

This is the file share and authentication method is set to Active Directory.

I have given access control to the user. The user also exist in on-premises Active Directory and is synced to Azure AD.

When I try to mount the file share, with the user's credentials, I get an access denied error.

I'm not sure what I'm missing or what to check to validate the access to the file share. Note: if I mount the file share using the access key it's working fine.

Answer 1

As mentioned in comments and also in this Microsoft Document you need to provide the User which is present in both On-premises and Azure AD for the file share from one of the below roles as per you requirement:

Storage File Data SMB Share Reader allows read access in Azure Storage file shares over SMB.

Storage File Data SMB Share Contributor allows read, write, and delete access in Azure Storage file shares over SMB.

Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage file shares over SMB.

As per the image shared by you , your user has inherited the Contributor role for the resource from the parent resource i.e. the Storage account , that's why its giving you access denied error while mounting.