You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md
+6-5
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to enable identity-based Kerberos authentication for hybr
4
4
author: khdownie
5
5
ms.service: azure-file-storage
6
6
ms.topic: how-to
7
-
ms.date: 08/03/2023
7
+
ms.date: 09/25/2023
8
8
ms.author: kendownie
9
9
ms.custom: engagement-fy23
10
10
recommendations: false
@@ -208,14 +208,15 @@ Changes are not instant, and require a policy refresh or a reboot to take effect
208
208
209
209
If you want to enable client machines to connect to storage accounts that are configured for AD DS as well as storage accounts configured for Azure AD Kerberos, follow these steps. If you're only using Azure AD Kerberos, skip this section.
210
210
211
-
Add an entry for each storage account that uses on-premises AD DS integration. Use one of the following three methods to configure Kerberos realm mappings:
211
+
Add an entry for each storage account that uses on-premises AD DS integration. Use one of the following three methods to configure Kerberos realm mappings. Changes aren't instant, and require a policy refresh or a reboot to take effect.
212
212
213
213
- Configure this Intune [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) and apply it to the client(s): [Kerberos/HostToRealm](/windows/client-management/mdm/policy-csp-admx-kerberos#hosttorealm)
214
214
- Configure this group policy on the client(s): `Administrative Template\System\Kerberos\Define host name-to-Kerberos realm mappings`
215
-
- Run the `ksetup` Windows command on the client(s): `ksetup /addhosttorealmmap <hostname> <realmname>`
216
-
- For example, `ksetup /addhosttorealmmap <your storage account name>.file.core.windows.net contoso.local`
215
+
- Run the `ksetup` Windows command on the client(s): `ksetup /addhosttorealmmap <hostname> <REALMNAME>`
216
+
- For example, `ksetup /addhosttorealmmap <your storage account name>.file.core.windows.net CONTOSO.LOCAL`
217
217
218
-
Changes aren't instant, and require a policy refresh or a reboot to take effect.
218
+
> [!IMPORTANT]
219
+
> In Kerberos, realm names are case sensitive and upper case. Your Kerberos realm name is usually the same as your domain name, in upper-case letters.
219
220
220
221
## Undo the client configuration to retrieve Kerberos tickets
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments