istgt: getting authentification working with CHAP
Denny Schierz
linuxmail at 4lin.net
Wed Jul 13 09:43:57 UTC 2011
hi,
since a while I try to get authentication working, but something is
missing or wrong:
My HowTo is: http://zewaren.net/site/?q=node/70
If I try from Windows7 or Ubuntu 10.4 discovery devices, I get nothing
back:
:~ # iscsiadm -m discovery -t st -p san:3261
:~ #
But, discovery authentication works, I think.
my istgt Config:
auth.conf:
----------
[AuthGroup1]
Comment "Group for Backup Disks"
Auth "iqn.2011-07.san:virtual175" "between12and16"
[AuthGroup9999]
Comment "Group for discovery"
Auth "iqn.2011-07.san:discoverer" "discovermenow"
[AuthGroup10000]
Comment "Group for unit controller"
Auth "ctluser" "test" "mutualuser" "mutualsecret"
istgtcontrol.conf
-----------------
[Global]
Comment "ISTGT control configuration"
Timeout 60
AuthMethod CHAP Mutual
Auth "ctluser" "test" "mutualuser" "mutualsecret"
Host localhost
Port 3259
TargetName "iqn.2011-07.san:backup01"
Lun 0
Flags "ro"
Size "auto"
istgt.conf:
------------------
[Global]
Comment "Global section"
NodeBase "iqn.2011-07.san"
PidFile /var/run/istgt.pid
AuthFile /usr/local/etc/istgt/auth.conf
MediaDirectory /var/istgt
LogFacility "local7"
Timeout 30
NopInInterval 20
DiscoveryAuthMethod CHAP
DiscoveryAuthGroup AuthGroup9999
MaxSessions 32
MaxConnections 8
MaxBurstLength 1048576
MaxRecvDataSegmentLength 262144
MaxR2T 64
MaxOutstandingR2T 16
DefaultTime2Wait 2
DefaultTime2Retain 60
MaxBurstLength 1048576
[UnitControl]
Comment "Unit Controller"
AuthMethod CHAP Mutual
AuthGroup AuthGroup10000
Portal UC1 127.0.0.1:3259
Netmask 127.0.0.1
[PortalGroup1]
Comment "Portal Group 1"
Portal DA2 192.168.1.1:3261
[InitiatorGroup1]
Comment "Initiator Group 1"
InitiatorName "iqn.2011-07.san:virtual175"
#InitiatorName "ALL"
Netmask 192.168.1.0/24
[LogicalUnit1]
Comment "Backup01 (iqn.2011-07.san:backup01)"
TargetName backup01
TargetAlias "Backup01"
Mapping PortalGroup1 InitiatorGroup1
AuthMethod CHAP
AuthGroup AuthGroup1
UseDigest Auto
UnitType Disk
QueueDepth 32
LUN0 Storage /failover/lsipool01/backup01 13631488MB
If I change the InitiatorName from "iqn.2011-07.san:virtual175" to
"ALL", then I can login into the device ..., discover works too.
any suggestions ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20110713/ac6e9f85/attachment.pgp
More information about the freebsd-stable
mailing list