This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ZTNA SMB Authentication with on-premise file server

Hi I am hoping someone may have come across or can point me in the right direction.

We have configured ZTNA and have been testing with web based SaaS apps and access to SMB shares to a file server on premise.

We have started to experience some issues with accessing the SMB shares as we receive messages with regards to authentication issues with the domain.

I believe this may be because the devices with the ZTNA agent installed do not have direct line of sight to the domain controllers.

I have added a number of ports via ZTNA to allow communications to the on premise domain controllers however this has not made any difference. I know you also need to allow a port range to the domain controllers however this is currently not possible within ZTNA but have seen on a forum that this is potentially coming Q2 this year.

I am just wondering if anyone else is using ZTNA to access on premise file shares? If so how do you handle authentication with the on premise domain controllers? Also how would you handle logging in if passwords etc need to get reset for a user? 


We are using Azure AD as the identity provider.
The devices with ZTNA agent installed are joined to local domain and not Azure AD joined currently.



This thread was automatically locked due to age.
Parents
  • Hi,

    i found a fix for me, which allows me to smb over ztna.
    This is a relative simple solution :D I put a Logonscript on every Client with GPO.

    This Logon Script looks like this:

    @echo off
    SET _cmd=net use
    FOR /f "tokens=2,3 delims= " %%G IN ('%_cmd%^|find "\\"') DO net use %%G /d && net use %%G %%H /user:example.com\%username%

    This makes the following:

    It list every SMB share mapped to the client, delete it and mapped it again. You have to change example.com to your domain. Et Voila, after restart all SMB shares are accessible.

    Hope this helps. (Only GPO isnt working so waiting for an update for ZTNA)

Reply
  • Hi,

    i found a fix for me, which allows me to smb over ztna.
    This is a relative simple solution :D I put a Logonscript on every Client with GPO.

    This Logon Script looks like this:

    @echo off
    SET _cmd=net use
    FOR /f "tokens=2,3 delims= " %%G IN ('%_cmd%^|find "\\"') DO net use %%G /d && net use %%G %%H /user:example.com\%username%

    This makes the following:

    It list every SMB share mapped to the client, delete it and mapped it again. You have to change example.com to your domain. Et Voila, after restart all SMB shares are accessible.

    Hope this helps. (Only GPO isnt working so waiting for an update for ZTNA)

Children
No Data