iSCSI chap authentication help
ghbiz
76 Posts
February 12, 2020, 4:14 pmQuote from ghbiz on February 12, 2020, 4:14 pmHi All,
Has anyone got CHAP working with PetaSan? I've enabled chap authentication for one of my iSCSI disks in the UI. Then setup the config files in Ubuntu and run the following commands. At first I thought that the client side configs were setup incorrectly, however, there's also an error on the target node as well that looks like the setting maybe didn't propagate? I've tried to add password after disk was setup and also upon initial configuration of a new disk and get the same error messages. Any help would be greatly appreciaited.
--Client side---
root@media:/etc/iscsi# iscsiadm -m discovery -t st -p 172.31.0.13
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to 172.31.0.13 rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure
--Server side /var/log/syslog error---
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300187] CHAP user or password not set for Initiator ACL
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300787] Security negotiation failed.
Feb 12 10:47:24 ceph-public2 kernel: [1048600.301367] iSCSI Login negotiation failed.
Hi All,
Has anyone got CHAP working with PetaSan? I've enabled chap authentication for one of my iSCSI disks in the UI. Then setup the config files in Ubuntu and run the following commands. At first I thought that the client side configs were setup incorrectly, however, there's also an error on the target node as well that looks like the setting maybe didn't propagate? I've tried to add password after disk was setup and also upon initial configuration of a new disk and get the same error messages. Any help would be greatly appreciaited.
--Client side---
root@media:/etc/iscsi# iscsiadm -m discovery -t st -p 172.31.0.13
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to 172.31.0.13 rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure
--Server side /var/log/syslog error---
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300187] CHAP user or password not set for Initiator ACL
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300787] Security negotiation failed.
Feb 12 10:47:24 ceph-public2 kernel: [1048600.301367] iSCSI Login negotiation failed.
ghbiz
76 Posts
February 17, 2020, 11:22 amQuote from ghbiz on February 17, 2020, 11:22 amManaged to get this working. Looks like Petasan doesn't want to see CHAP being used to discover the targets. Just to login.
Brian
Managed to get this working. Looks like Petasan doesn't want to see CHAP being used to discover the targets. Just to login.
Brian
Last edited on February 17, 2020, 12:08 pm by ghbiz · #2
admin
2,930 Posts
February 17, 2020, 12:22 pmQuote from admin on February 17, 2020, 12:22 pmThanks for this info, maybe we should add a flag if CHAP should be used for discovery as well.
Thanks for this info, maybe we should add a flag if CHAP should be used for discovery as well.
iSCSI chap authentication help
ghbiz
76 Posts
Quote from ghbiz on February 12, 2020, 4:14 pmHi All,
Has anyone got CHAP working with PetaSan? I've enabled chap authentication for one of my iSCSI disks in the UI. Then setup the config files in Ubuntu and run the following commands. At first I thought that the client side configs were setup incorrectly, however, there's also an error on the target node as well that looks like the setting maybe didn't propagate? I've tried to add password after disk was setup and also upon initial configuration of a new disk and get the same error messages. Any help would be greatly appreciaited.
--Client side---
root@media:/etc/iscsi# iscsiadm -m discovery -t st -p 172.31.0.13
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to 172.31.0.13 rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure--Server side /var/log/syslog error---
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300187] CHAP user or password not set for Initiator ACL
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300787] Security negotiation failed.
Feb 12 10:47:24 ceph-public2 kernel: [1048600.301367] iSCSI Login negotiation failed.
Hi All,
Has anyone got CHAP working with PetaSan? I've enabled chap authentication for one of my iSCSI disks in the UI. Then setup the config files in Ubuntu and run the following commands. At first I thought that the client side configs were setup incorrectly, however, there's also an error on the target node as well that looks like the setting maybe didn't propagate? I've tried to add password after disk was setup and also upon initial configuration of a new disk and get the same error messages. Any help would be greatly appreciaited.
--Client side---
root@media:/etc/iscsi# iscsiadm -m discovery -t st -p 172.31.0.13
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to 172.31.0.13 rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure
--Server side /var/log/syslog error---
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300187] CHAP user or password not set for Initiator ACL
Feb 12 10:47:24 ceph-public2 kernel: [1048600.300787] Security negotiation failed.
Feb 12 10:47:24 ceph-public2 kernel: [1048600.301367] iSCSI Login negotiation failed.
ghbiz
76 Posts
Quote from ghbiz on February 17, 2020, 11:22 amManaged to get this working. Looks like Petasan doesn't want to see CHAP being used to discover the targets. Just to login.
Brian
Managed to get this working. Looks like Petasan doesn't want to see CHAP being used to discover the targets. Just to login.
Brian
admin
2,930 Posts
Quote from admin on February 17, 2020, 12:22 pmThanks for this info, maybe we should add a flag if CHAP should be used for discovery as well.
Thanks for this info, maybe we should add a flag if CHAP should be used for discovery as well.