5

I need to connect to iSCSI target with CHAP authorization. How to do this? I not found needed option in the iscsiadm. Do I need edit /etc/iscsid.conf or /etc/nodes/iqn.200-01..target/../default?

With attempt to connection I see next errors in console:

Logging in to [iface: default, target: iqn.2000-01.com.syno..22e8a, portal: 12.0.3.21,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2000-01.com.syno..22e8a, portal: 12.0.3.21,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals
Boris Salimov
  • 221
  • 2
  • 3
  • 8

2 Answers2

2

So, I was found a solution.

Open the file /etc/iscsi/nodes/iqn.2000-node-name/10.0.3.89,3260,1/default

Insert next rows:

node.session.auth.username = user_defined_in_target_setting
node.session.auth.password = your_password

Login to target from initiator should be successful.

Boris Salimov
  • 221
  • 2
  • 3
  • 8
  • I suppose the same can be done with `iscsiadm -m node -T -o new -n node.session.auth.username -v ` and same for *password*. – Jiri B Aug 14 '21 at 16:02
  • I was editing /etc/iscsi/iscsid.conf over and over and seeing no effect, the password is duplicated in the file above and takes precedence. – Graham Leggett Jul 11 '22 at 16:11
1

I have zero experience with opensuse, but this is what we do with our network appliance targets in centos.

Steps

  • Open the /etc/iscsi/iscsid.conf file with a text editor.
  • Enable CHAP authentication by setting node.session.auth.authmethod to CHAP, the default is None.

node.session.auth.authmethod = CHAP

  • Provide a CHAP user name and password for the target to use when authenticating the initiator. You must remove the comment indicators and supply values for the options username and password in the following configuration entries:

node.session.auth.username = username

node.session.auth.password = password

  • Provide a CHAP user name and password for the initiator to use when authenticating the target. You must remove the comment indicators and supply values for the options username_in and password_in in the following configuration entries:

node.session.auth.username_in = username_in

node.session.auth.password_in = password_in

  • For a successful session discovery, enable discovery CHAP authentication by supplying the passwords in the discovery.sendtargets.auth. options.

    Note: The user name and password must match for both session and discovery on the host. Ensure that you use the same user names and passwords that you used when you set up CHAP on the storage system with the iscsi security command.

    discovery.sendtargets.auth.authmethod = CHAP

    discovery.sendtargets.auth.username = username

    discovery.sendtargets.auth.password = password

    discovery.sendtargets.auth.username_in = username_in

    discovery.sendtargets.auth.password_in = password_in

After this steps, proceed the discovery as usual

# iscsiadm -m discovery -t sendtargets -p <portalip>

Steps shamelessly plugged from the network applicance site

natxo asenjo
  • 5,641
  • 2
  • 25
  • 27