On-prem ADDS identity is synced to Azure AD via AD Connect. We also have ADDS VM running in Azure.
General purpose v2 storage account file share was created. Azure AD Kerberos identity based access was configured according to this MS guide.
I also ensured that this reg value exists on Win10 Pro workstation:
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1
I can map the drive (saname.file.core.usgovcloudapi.net\sharename) using storage account key, then set ACLs on the share for read-only access using an on-prem ADDS security group.
But, we cannot map the drive (saname.file.core.usgovcloudapi.net\sharename) with AD credentials, we get a username/password prompt, and after entering the [email protected] credentials, it is "incorrect".
This is a MS Azure Government tenant...does anyone know if USGOV tenant is supported for Azure AD Kerberos auth? We have Active Directory enabled on other storage account file shares and that's working great, but requires ADDS line-of-sight, which requires road warriors to be on VPN, undesired.
thanks!