I've enabled CHAP on the EQL, then went to VSphere and added the authentication information to the Static Discovery information of the iSCSI adapter for both volumes. When I rescan the Storage, I get the error: Initiator is not authorized for this target" in the event log on the EQL, same as when I did not use CHAP. Level Error
If you want to enable target authentication (for mutual authentication), see Configuring target authentication.. Configuring target authentication. If you configure initiator authentication though a local CHAP account or a CHAP account on a RADIUS authentication server, you can also allow the iSCSI initiator to authenticate iSCSI targets in a PS Series group. May 30, 2017 · A couple weeks ago I discovered the PowerShell script Get-LockedOutLocation from the "Hey, Scripting Guy!" blog. I've successfully used it twice now to determine the source device causing a user's account to repeatedly lock. Feb 09, 2011 · The iSCSI target(s) you are connecting to uses access control, and this access control uses the iSCSI Initiator Name (e.g. iQN) or initiator IP address for authentication. If you change the Initiator Name in the Configuration tab of the iSCSI Initiator Properties, you may be unable to access certain access-controlled iSCSI targets when the Here is what I have learned from the QNAP tech support today about the iSCSI issue. - First turn off CHAP on the QNAP - Connect to the QNAP without CHAP (Basically they want us to discover the target without CHAP enabled) - After we discover the target, enable CHAP on the QNAP - Log off the session in Windows initiator - Put in the CHAP information in Windows initiator and re-connect again and Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) has some additional features, such as providing a method for changing passwords and retrying in the event of a failure. Do you have any suggestions?
Compared with CHAP, MS-CHAP: is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol; provides an authenticator-controlled password change mechanism; provides an authenticator-controlled authentication retry mechanism; defines failure codes returned in the Failure packet message field
Also check your Authentication Source (primary/backup tab) and see if you can browse the AD tree using the account specified. I would also double check that domain join; even remove and readd. The check for corresponding account with EAP-TLS is an LDAP lookup; as compared to an 802.1X EAP-MSCHAPv2 authentication. May 26, 2017 · If I the box for CHAP is ticked, the authentication request uses MD5-CHAP and fails. I can switch between the two states by toggling the CHAP tickbox. If I get any other details incorrect, it does fail, but with the same error; but I think the root cause is CHAP. Apr 16, 2007 · But I still wondering why chap authentication failed . 0 - Collapse - Just sharing. by R. Proffitt Forum moderator Apr 19, 2007 9:59PM PDT. I wrote some IP server code over 10 years ago. PEAP with MS-CHAP v2 as the client authentication method is one way to help secure VPN authentication. To enforce the use of PEAP on client platforms, Windows Routing and Remote Access Server (RRAS) servers should be configured to allow only connections that use PEAP authentication, and to refuse connections from clients that use MS-CHAP v2 or
I've enabled CHAP on the EQL, then went to VSphere and added the authentication information to the Static Discovery information of the iSCSI adapter for both volumes. When I rescan the Storage, I get the error: Initiator is not authorized for this target" in the event log on the EQL, same as when I did not use CHAP. Level Error
Info PPP PPP: CHAP authentication failed - check username / password ; Info L2TP Server L2TP Server: RADIUS/LDAP reports Authentication Failure zzz.zzz.zzz.zzz, 50611 (testuser) xxx.xxx.xxx.xxx, 1701 Host Name :, User Name :testuser, Auth Algorithm :MD5 CHAP ; Specifically I want to highlight on the last line "Auth Algorithm :MD5 CHAP ". - First turn off CHAP on the QNAP - Connect to the QNAP without CHAP (Basically they want us to discover the target without CHAP enabled) - After we discover the target, enable CHAP on the QNAP - Log off the session in Windows initiator - Put in the CHAP information in Windows initiator and re-connect again and it should connect. Given that these are security servers with a load balancer (F5) in front. I would lean towards the possibility one of the security servers may be the source of the issue and random incoming users are assigned to it.