White Papers
Using Windows Active Directory For Account Authentication to PS Series Groups 23
Now navigate to the Authentication tab and uncheck everything except the
Encrypted authentication (CHAP) option. If this box is not checked, check it now.
Navigate to the Encryption tab and uncheck everything except No encryption. If this
box is not checked, check it now.
Finally navigate to the Advanced tab and remove the Framed-Protocol attribute. Edit
the Service-Type attribute and change it to Administrative.
Finish the policy by clicking OK and OK to save and close the policy wizard.
Create new users to use the policy. The new users will be the CHAP username
specified when configuring access control to the PS Series volume. Set the users up the
same way described in the section Creating Users and Groups for SAN Administration.
Make sure you check the box to
Store password using reversible encryption
in the
Account tab. There is no need to create additional user groups in this case because the
CHAP users will use the default Domain Users group for authentication.
Connecting to Volumes
Depending on what operating system is being used the volume connection steps may
vary.
From a server or host running Windows Server 2008 or Windows 7:
Open the iSCSI Initiator Properties
Select the RADIUS tab and add the IP or DNS name of the RADIUS server
granting access to the PS Series volumes.
If a shared secret was used then verify authentication by providing the secret.
Select the Discovery tab and verify the PS group IP is in the Target portals
window.
Select the Targets tab and refresh to view volumes. Any configured volumes
should show up.
Log onto a configured volume by selecting Log on…
Choose the Advanced… button to open the Advanced Settings window.
In the Advanced Settings window select the box next to CHAP logon
information and add the CHAP user name and target secret for authentication.
Select the box next to Use RADIUS to authenticate target credentials (Figure
19) and hit OK and OK to complete the process.