Configuring chap authentication using linux – Dell PowerVault MD3800i User Manual
Page 50
6. Under Target Portals, click Add and re-enter the IP address or DNS name of the iSCSI port on the
storage array (removed above).
7. Click Advanced and set the following values on the General tab:
– Local Adapter — Should always be set to Microsoft iSCSI Initiator.
– Source IP — The source IP address of the host you want to connect with.
– Data Digest and Header Digest — Optionally, you can specify that a digest of data or header
information be compiled during transmission to help with troubleshooting.
– CHAP logon information — Enter the target CHAP authentication user name and secret you
entered (for the host server) on the storage array.
– Perform mutual authentication — If mutual CHAP authentication is configured, select this option.
NOTE: IPSec is not supported.
If you require a discovery session failover, repeat step 5 and step 6 (in this procedure) for all iSCSI
ports on the storage array. Otherwise, single-host port configuration is sufficient.
NOTE: If the connection fails, ensure that all IP addresses are entered correctly. Mistyped IP
addresses result in connection problems.
8. Click OK.
Configure CHAP Authentication On The Host Server Using Windows Server
Core Version
1.
Set the iSCSI initiator services to start automatically (if not already set): sc \\<server_name>
config msiscsi start=auto.
2. Start the iSCSI service (if necessary): sc start msiscsi.
3. If you are not using mutual CHAP authentication, go to step 5.
4. Enter the mutual CHAP secret you entered for the storage array: iscsicli CHAPSecret
<secret>.
5. Remove the target portal that you configured on the storage array during target discovery:
iscsicli RemoveTargetPortal <IP_address> <TCP_listening_port>.
6. Add the target portal with CHAP defined: iscsicli QAddTargetPortal
<IP_address_of_iSCSI_port_on_storage_array> [CHAP_username] [CHAP_password].
where, [CHAP_username] is the initiator name and [CHAP_password] is the target CHAP secret.
If you require a discovery session failover, repeat step 5 for all iSCSI ports on the storage array.
Otherwise, single-host port configuration is sufficient.
Configuring CHAP Authentication Using Linux
1.
To enable CHAP (optional), the following line needs to be enabled in your /etc/iscsi/iscsid.conf file:
node.session.auth.authmethod = CHAP.
2. To set a user name and password for CHAP authentication of the initiator by the target(s), edit the
following lines: node.session.auth.username = <iscsi_initiator_username>
node.session.auth.password = <CHAP_initiator_password>.
3. If you are using Mutual CHAP authentication, you can set the user name and password for CHAP
authentication of the target(s) by the initiator by editing the following lines:
node.session.auth.username_in= <iscsi_target_username>
node.session.auth.password_in = <CHAP_target_password>.
4. To set up discovery session CHAP authentication, first uncomment the following line:
discovery.sendtargets.auth.authmethod = CHAP.
50