Date: Wed, 13 Jul 2011 11:50:10 +0200 From: Denny Schierz <linuxmail@4lin.net> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: istgt: getting authentification working with CHAP Message-ID: <1310550610.13539.12.camel@pcdenny>
next in thread | raw e-mail | index | archive | help
--=-zg2rQOCgVr+ENqKMXIXl Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable hi, since a while I try to get authentication working, but something is missing or wrong: My HowTo is: http://zewaren.net/site/?q=3Dnode/70 If I try from Windows7 or Ubuntu 10.4 discovery devices, I get nothing back: :~ # iscsiadm -m discovery -t st -p san:3261 :~ # But, discovery authentication works, I think. my istgt Config: auth.conf: ---------- [AuthGroup1] Comment "Group for Backup Disks" Auth "iqn.2011-07.san:virtual175" "between12and16" [AuthGroup9999] Comment "Group for discovery" Auth "iqn.2011-07.san:discoverer" "discovermenow" [AuthGroup10000] Comment "Group for unit controller" Auth "ctluser" "test" "mutualuser" "mutualsecret" istgtcontrol.conf ----------------- [Global] Comment "ISTGT control configuration" Timeout 60 AuthMethod CHAP Mutual Auth "ctluser" "test" "mutualuser" "mutualsecret" Host localhost Port 3259 TargetName "iqn.2011-07.san:backup01" Lun 0 Flags "ro" Size "auto" istgt.conf: ------------------ [Global] Comment "Global section" NodeBase "iqn.2011-07.san" PidFile /var/run/istgt.pid AuthFile /usr/local/etc/istgt/auth.conf MediaDirectory /var/istgt LogFacility "local7" Timeout 30 NopInInterval 20 DiscoveryAuthMethod CHAP DiscoveryAuthGroup AuthGroup9999 MaxSessions 32 MaxConnections 8 MaxBurstLength 1048576 MaxRecvDataSegmentLength 262144 MaxR2T 64 MaxOutstandingR2T 16 DefaultTime2Wait 2 DefaultTime2Retain 60 MaxBurstLength 1048576 [UnitControl] Comment "Unit Controller" AuthMethod CHAP Mutual AuthGroup AuthGroup10000 Portal UC1 127.0.0.1:3259 Netmask 127.0.0.1 [PortalGroup1] Comment "Portal Group 1" Portal DA2 192.168.1.1:3261 [InitiatorGroup1] Comment "Initiator Group 1" InitiatorName "iqn.2011-07.san:virtual175" #InitiatorName "ALL" Netmask 192.168.1.0/24 [LogicalUnit1] Comment "Backup01 (iqn.2011-07.san:backup01)" TargetName backup01 TargetAlias "Backup01" Mapping PortalGroup1 InitiatorGroup1 AuthMethod CHAP AuthGroup AuthGroup1 UseDigest Auto UnitType Disk QueueDepth 32 LUN0 Storage /failover/lsipool01/backup01 13631488MB If I change the InitiatorName from "iqn.2011-07.san:virtual175" to "ALL", then I can login into the device ..., discover works too. any suggestions ? --=-zg2rQOCgVr+ENqKMXIXl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEABECAAYFAk4dak4ACgkQKlzhkqt9P+D6hQCdHMkVnrcPCc0x5s2kIaRW+74e lG8AoJWEwwHZSZPNS35onrgzsIxEqpzc =Eplb -----END PGP SIGNATURE----- --=-zg2rQOCgVr+ENqKMXIXl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1310550610.13539.12.camel>