Hi Dan, On Tue, 9 Jun 2015 13:55:32 +0200, Dan wrote : > > Also be sure to correctly configure the ACLs for your iSCSI target. You > > have two options : > > > > 1/ Explicitly set the list of initiators that can login to the target. > > To do that, you create a ACL under the target with `targetcli`. This > > is what you did with ACL "iqn.2015-06.com.foobar:www.test.com". The > > ACL should match the content of /etc/iscsi/initiatorname.iscsi on > > the initiator machine. > > The file /etc/iscsi/initiatorname.iscsi on my server machine 10.0.0.60 > is as follows: > > InitiatorName=iqn.1994-05.com.redhat:168be03a7484 You have to look at the file on the initiator machine (the "client" where you invoke `iscsiadm`), not the target machine. > Therefore I issued the following commands on targetcli: > > /iscsi/iqn.20...t01/tpg1/acls> create iqn.1994-05.com.redhat:168be03a7484 > Created Node ACL for iqn.1994-05.com.redhat:168be03a7484 > Created mapped LUN 0. > /iscsi/iqn.20...t01/tpg1/acls> cd iqn.1994-05.com.redhat:168be03a7484/ > /iscsi/iqn.20...:168be03a7484> set auth userid=foo > Parameter userid is now 'foo'. > /iscsi/iqn.20...:168be03a7484> set auth password=bar > Parameter password is now 'bar'. > /iscsi/iqn.20...:168be03a7484> exit > > > However, I still have an authentication error when I try to connect > via iscsiadm: > > iscsiadm -m node --targetname "iqn.2015-06.com.foobar:target01" > --portal "10.0.0.60:3260" --login > > Logging in to [iface: default, target: > iqn.2015-06.com.foobar:target01, portal: 10.0.0.60,3260] (multiple) > iscsiadm: Could not login to [iface: default, target: > iqn.2015-06.com.foobar:target01, portal: 10.0.0.60,3260]. > iscsiadm: initiator reported error (24 - iSCSI login failed due to > authorization failure) > iscsiadm: Could not log into all portals So you have configured the target to authenticate the initiator with a CHAP challenge. You have to configure the initiator as well by editing the following file: /etc/iscsi/iscsid.conf Set these values: node.session.auth.authmethod = CHAP node.session.auth.username = foo node.session.auth.password = bar And restart the open-iscsi service. > Any idea on how to proceed? > > Here's the guides I have been following: > http://www.server-world.info/en/note?os=CentOS_7&p=iscsi > http://linux-iscsi.org/wiki/Targetcli > http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-iscsi-howto.html > but they are very fragmentary and incomplete. For instance, there's > no mention of the fact that the ACL has to match > /etc/iscsi/initiatorname.iscsi. I am very disappointed to find that > there's a general lack of documentation for iSCSI. If you could point > me to some decent docs, I will be very grateful. I think that this screencast does a pretty good job at explaining targetcli usage and presenting some important iSCSI concepts: targetcli screencast Part 2 of 3: ISCSI https://www.youtube.com/watch?v=mKjBsgOlYmE But you will probably learn more by trial and error. Best regards, -- Christophe Vu-Brugier -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
