AuthMethod question
wally.nl
We use a Cisco MDS9216i for iSCSI. Authentication is set to none, we
have no problems connecting with windows boxes with iSCSI.
in /etc/sysconfig/initiator i've tried removing AuthMethod completely
and changing it to AuthMethod=None. But when I want to login to the
fabric I keep getting
Jul 4 19:48:38 iscsi-fc5 kernel: iCHANNEL[0] - No defined iSCSI
Authentication Methods, skipping SecurityNegotiation phase.
Jul 4 19:48:38 iscsi-fc5 kernel:
iscsi_initiator_check_login_response:81: ***ERROR*** Login Response
with non-zero StatusClass 0x03, StatusDetail 0x00.
Jul 4 19:48:38 iscsi-fc5 kernel: Status-Class: Target Error,
Status-Detail: Target hardware or software error.
Jul 4 19:48:38 iscsi-fc5 kernel:
iscsi_initiator_start_negotiation:761: ***ERROR*** iSCSI Login
negotiation failed.
Jul 4 19:48:40 iscsi-fc5 kernel: iCHANNEL[0] - No defined iSCSI
Authentication Methods, skipping SecurityNegotiation phase.
I'm probably missing some tiny detail but I can't figure it out. Anyone
?
Albert Pauw
Authentication set to 1?
It is the second parameter in the line
AUTH="0 1 user00 pass00"
It should be set to 0. You need an "AuthMethod=None" in the other file
so keep that in.
Albert
n...@kernel.org
Please provide configuration files and a packet capture if possible
just so we can double check that this is not a configuration issue. If
there is a genuine problem, please have a look at
http://www.linux-iscsi.org/index.php/Reporting_Bugs for what
information needs to be provided in order resolve the issue.
Thanks for your interest in Core-iSCSI!
--nab
n...@kernel.org
When AuthMethod=None is set in the CHANNEL entry, the stack will jump
to CSG=1,NSG=3 and hence not communicate with initiator-authd daemon.
/etc/sysconfig/initiator_auth is only read by this daemon, so the
configuration settings in this file would not make a difference.
Perhaps the Cisco MDS target implementation expects the initiator node
to neogitate AuthMethod=None in CSG=0, instead of jumping directly to
CSG=1. There was an iSCSI security expliot a while back using this
method, so perhaps this is an over-cautious precaution the target
implemention is taking to prevent this. There is an easy fix to force
the former case, so if there is a genuine issue here this would be the
next step.
--nab
wally.nl
does seem to log-in 'enough' to find targets but after that is falls
back into the same errors (see below). Here are my config files and
parts from /var/log/messages
# /etc/initiator
#
CAN_QUEUE=128
CMD_LUN=64
SG_TABLE=32
ISCSI_CHANNELS=1
CHANNEL="0 2 eth0 145.74.49.8 3260 0
AuthMethod=None;MaxRecvDataSegmentLength=8192 nopout_timeout=5"
# /etc/iscsi/initiator_auth
#
AUTH="0 0"
Don't have anything (yet) in iscs_device_maps mainly because I haven't
completly figured it out yet (does the 'lun' have to be the actual lun#
as presented by the SAN?)
Did a reboot and the messages look good to start with (it DOES find my
targets):
Jul 4 22:57:18 iscsi-fc5 kernel: iSCSI: iscsi_can_queue
= 128
Jul 4 22:57:18 iscsi-fc5 kernel: iSCSI: iscsi_cmd_per_lun = 64
Jul 4 22:57:18 iscsi-fc5 kernel: iSCSI: iscsi_sg_tablesize = 32
Jul 4 22:57:18 iscsi-fc5 kernel: iSCSI Core Stack[1] - Spawned 4
thread set(s) (8 total threads).
Jul 4 22:57:19 iscsi-fc5 kernel: iSCSI Core Stack[1] - Set iSCSI
Node/Initiator Name to iqn.2005-03.com.max:01.455995576d5
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0]: Generated iSID: 0x80 8c
91 d7 00 00
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - Setting max_sectors:
256
Jul 4 22:57:19 iscsi-fc5 kernel: scsi2 : Core-iSCSI Initiator Stack
v1.6.2.8 on Linux/i686 2.6.15-1.2054_FC5
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - Allocated Linux SCSI
Host with ID: 2
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - No defined iSCSI
Authentication Methods, skipping SecurityNegotiation phase.
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - iSCSI login successful
on CID: 0 to 145.74.49.8:3260,12288
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - Incremented iSCSI
connection count to 1 to node:
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - Established iSCSI
session to node:
Jul 4 22:57:19 iscsi-fc5 kernel: iSCSI Core Stack[1] - Incremented
number of active iSCSI sessions to 1.
Jul 4 22:57:19 iscsi-fc5 kernel: Discovered iSCSI Target:
iqn.1987-05.com.cisco:05.sanswcn02.01-01.50060e80102278f1
Jul 4 22:57:19 iscsi-fc5 kernel: Discovered TargetAddress:
145.74.49.8:3260,12288 for
iqn.1987-05.com.cisco:05.sanswcn02.01-01.50060e80102278f1
Jul 4 22:57:19 iscsi-fc5 kernel: Discovered iSCSI Target:
iqn.1987-05.com.cisco:05.sanswcn02.01-01.50060e80102278f0
Jul 4 22:57:19 iscsi-fc5 kernel: Discovered TargetAddress:
145.74.49.8:3260,12288 for
iqn.1987-05.com.cisco:05.sanswcn02.01-01.50060e80102278f0
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - Decremented iSCSI
connection count to 0 to node:
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - released iSCSI session
to node:
Jul 4 22:57:19 iscsi-fc5 kernel: iSCSI Core Stack[1] - Decremented
number of active iSCSI sessions to 0
After that it keeps repeating the same login errors:
Jul 4 22:57:19 iscsi-fc5 kernel: iCHANNEL[0] - No defined iSCSI
Authentication Methods, skipping SecurityNegotiation phase.
Jul 4 22:57:19 iscsi-fc5 kernel:
iscsi_initiator_check_login_response:81: ***ERROR*** Login Response
with non-zero StatusClass 0x03, StatusDetail 0x00.
Jul 4 22:57:19 iscsi-fc5 kernel: Status-Class: Target Error,
Status-Detail: Target hardware or software error.
Jul 4 22:57:19 iscsi-fc5 kernel:
iscsi_initiator_start_negotiation:761: ***ERROR*** iSCSI Login
negotiation failed.
Jul 4 22:57:21 iscsi-fc5 kernel: iCHANNEL[0] - No defined iSCSI
Authentication Methods, skipping SecurityNegotiation phase.
Stopping the initiator stops the messages, starting it brings 'em back
but it does respond well to things like "initiator-ctl listtargets".
Just don't know why it keeps trying to log in.
So I seem to be heading in the right direction but I'm still missing
some tiny config detail (at least that's what I make of it).
Albert Pauw
Ethereal recognises the iSCS protocol so it will decode it.
wally.nl
core-iscsi -> mds9216i (login errors)
open-iscsi -> mds9216i (login ok, operations not ok, tcp resets)
core-iscsi -> linux target (login & operations ok)
open-iscsi -> linux target (login & operations ok)
So there seems to be an issue between the initiator and the mds9216i.
I've collected ethereal traces of all these setups, just let me know
where/how you want them (pasting them here as text doesn't seem a good
idea & I don't see an 'attachment' button in my webinterface to google
groups).
The earlier mentioned CSG=1,NSG=3 (jumping directly to CSG=1) doesn't
seem to be an issue on the mds. Also tested with mds firmware 2.1(1b)
and the current 3.0(2) that also doesn't seem to have any impact on
behaviour/results.
William Studenmund
Hash: SHA1
On Jul 4, 2006, at 11:36 AM, wally.nl wrote:
>
> I'm new to core-iscsi so forgive me if this sounds stupid.
>
> We use a Cisco MDS9216i for iSCSI. Authentication is set to none, we
> have no problems connecting with windows boxes with iSCSI.
>
> in /etc/sysconfig/initiator i've tried removing AuthMethod completely
> and changing it to AuthMethod=None. But when I want to login to the
> fabric I keep getting
>
> Jul 4 19:48:38 iscsi-fc5 kernel: iCHANNEL[0] - No defined iSCSI
> Authentication Methods, skipping SecurityNegotiation phase.
> Jul 4 19:48:38 iscsi-fc5 kernel:
> iscsi_initiator_check_login_response:81: ***ERROR*** Login Response
> with non-zero StatusClass 0x03, StatusDetail 0x00.
> Jul 4 19:48:38 iscsi-fc5 kernel: Status-Class: Target Error,
> Status-Detail: Target hardware or software error.
The log indicates what the error code is saying: "Target hardware or
software error."
Check the logs and/or talk to Cisco to find out what the error is.
Take care,
Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFEq/59DJT2Egh26K0RAgDfAJ9XdTdD2WRVIhf5bSzETpPAMgHghACdFZNJ
DWwQA4b9W6OZWlKL0dTLTKI=
=PunB
-----END PGP SIGNATURE-----