{"id":108,"date":"2007-08-22T22:38:13","date_gmt":"2007-08-22T20:38:13","guid":{"rendered":"http:\/\/www.corelan.be:8800\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/"},"modified":"2026-03-12T20:47:08","modified_gmt":"2026-03-12T19:47:08","slug":"connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/","title":{"rendered":"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)"},"content":{"rendered":"

Assuming that you've made yourself familiar with the procedure on how to allow\/deny access to a specific lun based upon IP addresses, then you might have wondered if you can secure access to a LUN even more. After all, spoofing an IP address is not that hard to do, and if IP based ACL is the only security, then you'll have a false sense of security. So, in case you want to secure your Openfiler based SAN just a little more, this is what you can do. Before explaining the procedure, I'd like to add that it is very very important to exactly follow the sequence that is shown below.<\/p>\n

On the openfiler management website, go to the volume that you want to secure. Edit the LUn and go to the iSCSI CHAP Authentiation section for the currently selected volume. Verify that there is no CHAP username\/password filled out yet. MS iSCSI Initiator Discovery and Openfiler CHAP authentication don't work well together, so you'll have to add the Target in MS iSCSI Initiator without password, then set the password on the filer, refresh the targets and log on using the username\/password<\/p>\n

First, note the Initiator Name<\/p>\n

\"082207_1239_ConnecttoOp1\"<\/a><\/p>\n

Go to the \"Discovery\" tabsheet and add a Target Portal. Don't specify a CHAP username and password. Next, go to the \"Targets\" tabsheet. You should see the lun that is hosted on the filer now (status set to inactive)<\/p>\n

Go to the Openfiler administrator, edit the volume, and go to the iSCSI Chap authentication section. Fill out the username and password next to \"IncomingUser\"<\/p>\n

Make sure to use the Initiator name as username, and choose a 12 character password. I've noticed that Microsoft isn't too happy about strange characters, so you'll need to play with the passwords a bit.<\/p>\n

\"082207_1239_ConnecttoOp2\"<\/a><\/p>\n

Click 'change'<\/p>\n

Next, open a ssh shell on your filer and run<\/p>\n

[root@san01 ~]# service iscsi-target restart\nStopping iSCSI target service: [ OK ]\nStarting iSCSI target service: [ OK ] <\/pre>\n
Go back to the Microsoft iSCSI Initiator client, \"Targets\" tabsheet, select the Target and click \"Log on\".
\n\"082207_1239_ConnecttoOp3\"<\/a>
\nNext, click \"Advanced\"
\nSet the adapter & IP properties, enable \"CHAP logon information\" and fill out the user name (leave as is, the Initiator name will be prompted) and password.
\n\"082207_1239_ConnecttoOp4\"<\/a>
\nClick \"OK\" to save, click \"OK\" to close the \"Log On to Target\" dialog box.<\/p>\n
Look at the status of the Target volume. It should now say \"Connected\".<\/p>\n","protected":false},"excerpt":{"rendered":"
Assuming that you've made yourself familiar with the procedure on how to allow\/deny access to a specific lun based upon IP addresses, then you might have wondered if you can secure access to a LUN even more. After all, spoofing an IP address is not that hard to do, and if IP based ACL is … Continue reading \"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[64,70],"tags":[131,67,62],"class_list":["post-108","post","type-post","status-publish","format-standard","hentry","category-linux","category-storage","tag-linux","tag-san","tag-iscsi"],"yoast_head":"\nConnect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator) - Corelan | Exploit Development & Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator) - Corelan | Exploit Development & Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"Assuming that you've made yourself familiar with the procedure on how to allow\/deny access to a specific lun based upon IP addresses, then you might have wondered if you can secure access to a LUN even more. After all, spoofing an IP address is not that hard to do, and if IP based ACL is … Continue reading "Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development & Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2007-08-22T20:38:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-12T19:47:08+00:00\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)\",\"datePublished\":\"2007-08-22T20:38:13+00:00\",\"dateModified\":\"2026-03-12T19:47:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/\"},\"wordCount\":394,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"keywords\":[\"Linux and Unix\",\"san\",\"iSCSI\"],\"articleSection\":[\"Linux and Unix\",\"Storage\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/\",\"name\":\"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator) - Corelan | Exploit Development & Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"datePublished\":\"2007-08-22T20:38:13+00:00\",\"dateModified\":\"2026-03-12T19:47:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2007\\\/08\\\/22\\\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator) - Corelan | Exploit Development & Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/","og_locale":"en_US","og_type":"article","og_title":"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator) - Corelan | Exploit Development & Vulnerability Research","og_description":"Assuming that you've made yourself familiar with the procedure on how to allow\/deny access to a specific lun based upon IP addresses, then you might have wondered if you can secure access to a LUN even more. After all, spoofing an IP address is not that hard to do, and if IP based ACL is … Continue reading \"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)\"","og_url":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/","og_site_name":"Corelan | Exploit Development & Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2007-08-22T20:38:13+00:00","article_modified_time":"2026-03-12T19:47:08+00:00","author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)","datePublished":"2007-08-22T20:38:13+00:00","dateModified":"2026-03-12T19:47:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/"},"wordCount":394,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"keywords":["Linux and Unix","san","iSCSI"],"articleSection":["Linux and Unix","Storage"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/","url":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/","name":"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator) - Corelan | Exploit Development & Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"datePublished":"2007-08-22T20:38:13+00:00","dateModified":"2026-03-12T19:47:08+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2007\/08\/22\/connect-to-openfiler-san-using-chap-authentication-ms-iscsi-initiator\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"Connect to Openfiler SAN using CHAP authentication (MS iSCSI Initiator)"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":6945,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=108"}],"version-history":[{"count":1,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/108\/revisions"}],"predecessor-version":[{"id":15024,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/108\/revisions\/15024"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}