You need to log in to create posts and topics. Login · Register

iSCSI chap authentication help

Hi All,

Has anyone got CHAP working with PetaSan? I've enabled chap authentication for one of my iSCSI disks in the UI. Then setup the config files in Ubuntu and run the following commands. At first I thought that the client side configs were setup incorrectly, however, there's also an error on the target node as well that looks like the setting maybe didn't propagate? I've tried to add password after disk was setup and also upon initial configuration of a new disk and get the same error messages. Any help would be greatly appreciaited.

--Client side---
root@media:/etc/iscsi# iscsiadm -m discovery -t st -p 172.31.0.13
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to 172.31.0.13 rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure

--Server side /var/log/syslog error---

Feb 12 10:47:24 ceph-public2 kernel: [1048600.300187] CHAP user or password not set for Initiator ACL
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300787] Security negotiation failed.
Feb 12 10:47:24 ceph-public2 kernel: [1048600.301367] iSCSI Login negotiation failed.

 

 

Managed to get this working. Looks like Petasan doesn't want to see CHAP being used to discover the targets. Just to login.

 

Brian

Thanks for this info, maybe we should add a flag if CHAP should be used for discovery as well.