环境：
在客户端能够发现iscsi服务端的设备后，使用'iscsiadm -m node -T iqn.2022-06.com.test.web:server1 -p 10.165.141.155 -l' 进行登录的时候报错。iscsi服务器设备是国产设备。

1、报错日志

```html/xml

[root@server ~]# iscsiadm -m node -T iqn.2021-05.com.example.storage1 -p 172.25.254.129 -l
Logging in to [iface: default, target: iqn.2021-05.com.example.storage1, portal: 172.25.254.129,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2021-05.com.example.storage1, portal: 172.25.254.129.3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals

## 2、客户端排错思路操作：
a.确保防火墙关闭或者放行
```html/xml

#确保关闭防火墙和selinux
systemctl stop firewalld 
getenforce  #显示为disabled（就是selinux关闭了）

#防火墙或者也可以方行
firewall-cmd --add-port=3260/tcp --permanent
firewall-cmd --add-service=iscsi-target --permanent　
firewall-cmd --reload

b.检查密钥等配置是否正确
```html/xml
cat /etc/iscsi/initiatorname.iscsi

c.重启iscsid服务，然后再次尝试发现和登录(确保你的CHAP配置文件是正确的)
```html/xml

systemctl restart iscsid

#注意：这边以单项CHAP认证为例
#vi /etc/iscsi/iscsid.conf     这是配置文件，修改配置文件后一定要重启isicsid

下图是/etc/iscsi/iscsid.conf 的配置截图

3、补充：客户端配置文件如何进行双向ACP认证

```html/xml

*********

CHAP Settings

*********

To enable CHAP authentication set node.session.auth.authmethod

to CHAP. The default is None.

node.session.auth.authmethod = CHAP

To set a CHAP username and password for initiator

authentication by the target(s), uncomment the following lines:

node.session.auth.username = 存储系统配置CHAP双向认证选择“目标器认证启动器”时设置的用户名
node.session.auth.password = 存储系统配置CHAP双向认证选择“目标器认证启动器”时设置的密码

To set a CHAP username and password for target(s)

authentication by the initiator, uncomment the following lines:

node.session.auth.username_in = 存储系统配置CHAP双向认证选择“启动器认证目标器”时设置的用户名
node.session.auth.password_in = 存储系统配置CHAP双向认证选择“启动器认证目标器”时设置的密码

To enable CHAP authentication for a discovery session to the target

set discovery.sendtargets.auth.authmethod to CHAP. The default is None.

discovery.sendtargets.auth.authmethod = CHAP

To set a discovery session CHAP username and password for the initiator

authentication by the target(s), uncomment the following lines:

discovery.sendtargets.auth.username = 存储系统配置CHAP双向认证选择“目标器认证启动器”时设置的用户名
discovery.sendtargets.auth.password = 存储系统配置CHAP双向认证选择“目标器认证启动器”时设置的密码

To set a discovery session CHAP username and password for target(s)

authentication by the initiator, uncomment the following lines:

discovery.sendtargets.auth.username_in = 存储系统配置CHAP双向认证选择“启动器认证目标器”时设置的用户名
discovery.sendtargets.auth.password_in = 存储系统配置CHAP双向认证选择“启动器认证目标器”时设置的密码

iscsi 设备客户端登陆认证失败的排障思路

1、报错日志

3、补充：客户端配置文件如何进行双向ACP认证

*****

CHAP Settings

*****

To enable CHAP authentication set node.session.auth.authmethod

to CHAP. The default is None.

To set a CHAP username and password for initiator

authentication by the target(s), uncomment the following lines:

To set a CHAP username and password for target(s)

authentication by the initiator, uncomment the following lines:

To enable CHAP authentication for a discovery session to the target

set discovery.sendtargets.auth.authmethod to CHAP. The default is None.

To set a discovery session CHAP username and password for the initiator

authentication by the target(s), uncomment the following lines:

To set a discovery session CHAP username and password for target(s)

authentication by the initiator, uncomment the following lines:

*********

*********