Connecting Storage Gateway to AD domain for SMB File Share

For connecting File Share as SMB protocol, you need to connect the storage gateway to the Active Directory domain for SMB to work

To create a storage gateway you can refer following blogs:

Using Public Endpoint:

How to create a File Gateway | AWS Storage Gateway

Using VPC endpoint:

Create a File Gateway in a Secured AWS VPC

If you referred above blog it has shown how to create file share using NFS. But we need to connect it as SMB protocol. So for that first, we need to connect our storage gateway to Active Directory.

NOTE: Your storage gateway security groups should be open to access the Active Directory Ports from domain CIDR (ports: 137, 138, 389, 636).

NOTE: Also SMB has different port requirements than NFS. So open ports for SMB protocol on storage gateway security groups( ports: 139, 445, 80, 443, 53, 123, 22).

If you are following along the demo and are using EC2 as a storage gateway, you need to do the following changes before we can connect the domain from the console. The steps for it are as follows:

1. SSH into storage gateway using hostname as: admin@IP_OF_STORAGE_GATEWAY
2. Once SSH it should look like this:

3. Enter 2: Network Configuration

4. Enter 1: Edit DNS Conffiguration

5. Enter eth0

6. Assign by DHCP: N

7. Enter primary DNS: enter the IP of your Active Directory Domain. Same for the secondary

8. Apply config: y

9. Once done, restart the storage gateway

Now back to console:

1. For that go to Storage Gateway console and select your gateway and choose Actions tab > Edit SMB settings.

2. Click Pencil next to ‘Active Directory settings’.

3. Enter your domain name

NOTE: Your storage gateway security groups should be open to access the Active Directory Ports from domain CIDR (ports: 137, 138, 389, 636).

NOTE: Also SMB has different port requirements than NFS. So open ports for SMB protocol on storage gateway security groups( ports: 139, 445, 80, 443, 53, 123, 22).

4. Enter the user who has admin access to the Active Directory domain and enter the required credentials.

5. Once done click save on right top of that settings and once the domain gets joined( will take few minutes) then close that ‘Edit SMB settings box’.

Now we can create a file share:

1. From Storage Gateway console left panel, go to File Shares > Create File share
2. Enter your required Bucket
3. Access object using SMB
4. Click next. The rest of the configuration is the same as NFS. Click create file share.
5. Once the status of file share gets ‘Available’, try to run the command shown below when you select that file share from your required system which is connected to the AD.

6. Voila! You should be able to access the File Share as mount point now.

So we have successfully configured SMB file share on storage gateway and connected it to Active Directory.