istgt: getting authentification working with CHAP

Denny Schierz linuxmail at
Wed Jul 13 09:43:57 UTC 2011


since a while I try to get authentication working, but something is
missing or wrong:

My HowTo is:

If I try from Windows7 or Ubuntu 10.4 discovery devices, I get nothing

:~ # iscsiadm  -m discovery -t st -p san:3261
:~ #

But, discovery authentication works, I think.

my istgt Config:


  Comment "Group for Backup Disks"
  Auth "iqn.2011-07.san:virtual175" "between12and16"

  Comment "Group for discovery"
  Auth "iqn.2011-07.san:discoverer"  "discovermenow"

  Comment "Group for unit controller"
  Auth "ctluser" "test" "mutualuser" "mutualsecret"


    Comment      "ISTGT control configuration"
    Timeout      60
    AuthMethod   CHAP Mutual
    Auth         "ctluser" "test" "mutualuser" "mutualsecret"
    Host         localhost
    Port         3259
    TargetName   "iqn.2011-07.san:backup01"
    Lun          0
    Flags        "ro"
    Size         "auto"

    Comment                  "Global section"
    NodeBase                 "iqn.2011-07.san"
    PidFile                  /var/run/
    AuthFile                 /usr/local/etc/istgt/auth.conf
    MediaDirectory           /var/istgt
    LogFacility              "local7"
    Timeout                  30
    NopInInterval            20

    DiscoveryAuthMethod      CHAP
    DiscoveryAuthGroup AuthGroup9999

    MaxSessions              32
    MaxConnections           8
    MaxBurstLength           1048576
    MaxRecvDataSegmentLength 262144
    MaxR2T                   64
    MaxOutstandingR2T 16
    DefaultTime2Wait 2
    DefaultTime2Retain 60
    MaxBurstLength 1048576

    Comment                  "Unit Controller"
    AuthMethod               CHAP Mutual
    AuthGroup                AuthGroup10000
    Portal                   UC1

    Comment                  "Portal Group 1"
    Portal                   DA2

    Comment                  "Initiator Group 1"
    InitiatorName            "iqn.2011-07.san:virtual175"
    #InitiatorName            "ALL"

    Comment                  "Backup01 (iqn.2011-07.san:backup01)"
    TargetName               backup01
    TargetAlias              "Backup01"

    Mapping                  PortalGroup1 InitiatorGroup1
    AuthMethod               CHAP
    AuthGroup                AuthGroup1
    UseDigest                Auto
    UnitType                 Disk
    QueueDepth              32
    LUN0           Storage /failover/lsipool01/backup01  13631488MB

If I change the InitiatorName from "iqn.2011-07.san:virtual175" to
"ALL", then I can login into the device ..., discover works too.

any suggestions ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url :

More information about the freebsd-stable mailing list