Linux (openSuSe) iSCSI Initiator: How to pass a CHAP user name and password?

Question

I need to connect to iSCSI target with CHAP authorization. How to do this? I not found needed option in the iscsiadm. Do I need edit /etc/iscsid.conf or /etc/nodes/iqn.200-01..target/../default?

With attempt to connection I see next errors in console:

Logging in to [iface: default, target: iqn.2000-01.com.syno..22e8a, portal: 12.0.3.21,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2000-01.com.syno..22e8a, portal: 12.0.3.21,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals

score 2 · Accepted Answer · answered Jul 20 '16 at 03:36

2

So, I was found a solution.

Open the file /etc/iscsi/nodes/iqn.2000-node-name/10.0.3.89,3260,1/default

Insert next rows:

node.session.auth.username = user_defined_in_target_setting
node.session.auth.password = your_password

Login to target from initiator should be successful.

answered Jul 20 '16 at 03:36

Boris Salimov

221
2
3
8

I suppose the same can be done with `iscsiadm -m node -T -o new -n node.session.auth.username -v ` and same for *password*. – Jiri B Aug 14 '21 at 16:02
I was editing /etc/iscsi/iscsid.conf over and over and seeing no effect, the password is duplicated in the file above and takes precedence. – Graham Leggett Jul 11 '22 at 16:11

score 1 · Answer 2 · answered Jul 13 '16 at 05:35

I have zero experience with opensuse, but this is what we do with our network appliance targets in centos.

Steps

Open the /etc/iscsi/iscsid.conf file with a text editor.
Enable CHAP authentication by setting node.session.auth.authmethod to CHAP, the default is None.

node.session.auth.authmethod = CHAP

Provide a CHAP user name and password for the target to use when authenticating the initiator. You must remove the comment indicators and supply values for the options username and password in the following configuration entries:

node.session.auth.username = username

node.session.auth.password = password

Provide a CHAP user name and password for the initiator to use when authenticating the target. You must remove the comment indicators and supply values for the options username_in and password_in in the following configuration entries:

node.session.auth.username_in = username_in

node.session.auth.password_in = password_in

For a successful session discovery, enable discovery CHAP authentication by supplying the passwords in the discovery.sendtargets.auth. options.

Note: The user name and password must match for both session and discovery on the host. Ensure that you use the same user names and passwords that you used when you set up CHAP on the storage system with the iscsi security command.

discovery.sendtargets.auth.authmethod = CHAP

discovery.sendtargets.auth.username = username

discovery.sendtargets.auth.password = password

discovery.sendtargets.auth.username_in = username_in

discovery.sendtargets.auth.password_in = password_in

After this steps, proceed the discovery as usual

# iscsiadm -m discovery -t sendtargets -p <portalip>

Steps shamelessly plugged from the network applicance site

Linux (openSuSe) iSCSI Initiator: How to pass a CHAP user name and password?

2 Answers2