Hodžův blog

Search
Pages
- Kontakt
Categories
- Hardware
  - Kabeláž
  - Modemy
  - RepRap
- Linux
  - Bezpečnost
    - Hack/Crack
  - Distribuce
    - Debian
    - Gentoo
    - Mikrotik
    - Ubuntu
  - Kernel
  - Multimédia
  - Ostatní
  - Scriptíky
  - Služby
    - Apache
    - DNS
    - FTP
    - Mail
    - MySQL
    - Samba
    - Smtp
    - Ssh
    - virtualizace
- LinuxExpres
- Motorka
- Sranda
- Uncategorized
- Windows
  - Office
- Wordpres
- Ze života
Archives

Meta
- Přihlásit se
- RSS
- Comments RSS
- Valid XHTML
- XFN
- WP

06 Čvn

iSCSI login failed due to authorization failure

Or: How iSCSI Schooled Me Again

I’ve never really liked iSCSI. It’s always felt like the network equivalent of a floppy disk – just with more ways for things to break. And today, I was reminded why.

From one of my Linux machines (Debian 12, of course), I needed to connect to an iSCSI LUN on a Synology NAS. Being the security-paranoid person that I am, I enabled CHAP authentication. And just to be extra safe, I also enabled mutual CHAP. Because trust is good, but verification over TCP port 3260 is better.

And then… this happened:

# sudo iscsiadm -m node -T iqn.2000-01.com.synology:synology.Target-1.abcdefghijk -p xxx.xxx.xxx.xxx --login Logging in to [iface: default, target: iqn.2000-01.com.synology:synology.Target-1.abcdefghijk, portal: xxx.xxx.xxx.xxx,3260] iscsiadm: Could not login to [iface: default, target: iqn.2000-01.com.synology:synology.Target-1.abcdefghijk, portal: xxx.xxx.xxx.xxx,3260]. iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure) iscsiadm: Could not log into all portals

Classic. Something doesn’t work. This time it’s an “authorization failure.”

I use self hosted Passbolt for passwords, so I could safely rule out rogue whitespace or newline characters sneaking into the credentials. I dove into full-on troubleshooting mode:

– Checked network interface bindings on the Synology
– Tweaked CHAP algorithm preferences
– Cleared out all node configs under /etc/iscsi/nodes
– Rebooted both ends (of course)

And even tried logging in without CHAP – which, of course, worked flawlessly

I was just about ready to format everything and move to a remote cave with no internet, when I did something radical:
I read the documentation. (Yes, it had come to that.)

And lo and behold – hidden in Synology’s technical notes – was a line that read:
CHAP passwords must be between 12 and 16 characters.

Mine had 32. Because, you know, longer password = more secure, right?

I chopped it down to 16 characters… and everything just started working. Instantly.
Moral of the story?

– iSCSI will forgive you for many things. Lengthy passwords are not one of them.
– If you get an “authorization failure,” don’t immediately question your sanity – maybe just check the password length.
– And next time… maybe I’ll stick to good old SMB.

At least now I’ve got this blog post. Hopefully it saves someone a few hours — even if that someone is future me, Googling my own mistake.

This entry was posted on Pátek, 6 června, 2025 at 7:39 pm and is filed under Bezpečnost, Debian, Hardware, Kernel, Linux, Ostatní, Scriptíky, Ze života. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Hodžův blog is is proudly powered by Wordpress and the Magellan Theme

Search

Pages

Categories

Archives

Meta

iSCSI login failed due to authorization failure

Leave a Reply