Iscsi Chap for discovery, mutual for targets will not connect.

Question

OK I have a lab setup, I have a Freenas server iscsi setup with Chap setup for discovery and mutual chap for targets.

Here are the requirements: Implement CHAP security One-way CHAP for discovery Two-way (Mutual) CHAP for targets

I can connect and discover sucessfully with two esxi servers, windows 7, windows 2003, 2008, and 2012

Centos can see the discovery list, but when trying to connect with :

 iscsiadm --mode node --targetname iqn.2015.lab.com:centos --portal 192.168.1.60:3260 --login

the terminal outputs:

no records found

Here is my iscsid.conf, I left the comments in on the Chap section, but removed it for the rest as it is just so large:

    iscsid.startup = /etc/rc.d/init.d/iscsid force-start
    node.startup = automatic
    node.leading_login = No

    # *************
    # CHAP Settings
    # *************

    # To enable CHAP authentication set node.session.auth.authmethod
    # to CHAP. The default is None.
    node.session.auth.authmethod = CHAP

    # To set a CHAP username and password for initiator
    # authentication by the target(s), uncomment the following lines:
    #node.session.auth.username = group7
    #node.session.auth.password = passwordpassword

    # To set a CHAP username and password for target(s)
    # authentication by the initiator, uncomment the following lines:
    node.session.auth.username_in = group7
    node.session.auth.password_in = passwordpassword

    # To enable CHAP authentication for a discovery session to the target
    # set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
    discovery.sendtargets.auth.authmethod = CHAP

    # To set a discovery session CHAP username and password for the initiator
    # authentication by the target(s), uncomment the following lines:
    discovery.sendtargets.auth.username = group7
    discovery.sendtargets.auth.password = passwordpassword

    # To set a discovery session CHAP username and password for target(s)
    # authentication by the initiator, uncomment the following lines:
    #discovery.sendtargets.auth.username_in = group7
    #discovery.sendtargets.auth.password_in = passwordpassword


    node.session.timeo.replacement_timeout = 120
    node.conn[0].timeo.login_timeout = 15
    node.conn[0].timeo.logout_timeout = 15
    node.conn[0].timeo.noop_out_interval = 5
    node.conn[0].timeo.noop_out_timeout = 5
    node.session.err_timeo.abort_timeout = 15
    node.session.err_timeo.lu_reset_timeout = 30
    node.session.err_timeo.tgt_reset_timeout = 30
    node.session.initial_login_retry_max = 8
    node.session.cmds_max = 128
    node.session.queue_depth = 32
    node.session.xmit_thread_priority = -20
    node.session.iscsi.InitialR2T = No
    node.session.iscsi.ImmediateData = Yes
    node.session.iscsi.FirstBurstLength = 262144
    node.session.iscsi.MaxBurstLength = 16776192
    node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
    node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
    node.conn[0].iscsi.HeaderDigest = None
    node.session.nr_sessions = 1
    node.session.iscsi.FastAbort = Yes

Any help is appreciated. Thank you.

ua2b ua2b · Accepted Answer · 2015-03-12T00:31:17

You want mutual CHAP for session setup, but in your configuration file you have commented-out the lines that define the login from initiator to target:

# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
#node.session.auth.username = group7
#node.session.auth.password = passwordpassword

Iscsi Chap for discovery, mutual for targets will not connect.

1 Answers