Open iSCSI Discovery methods
Chien, Tom
This E-Mail (including any attachments) may contain privileged or confidential information. It is intended only for the addressee(s) indicated above.
The sender does not waive any of its rights, privileges or other protections respecting this information.
Any distribution, copying or other use of this E-Mail or the information it contains, by other than an intended recipient, is not sanctioned and is prohibited.
If you received this E-Mail in error, please delete it and advise the sender (by return E-Mail or otherwise) immediately.
This E-Mail (including any attachments) has been scanned for viruses.
It is believed to be free of any virus or other defect that might affect any computer system into which it is received and opened.
However, it is the responsibility of the recipient to ensure that it is virus free.
The sender accepts no responsibility for any loss or damage arising in any way from its use.
E-Mail received by or sent from RBC Capital Markets is subject to review by Supervisory personnel.
Such communications are retained and may be produced to regulatory authorities or others with legal rights to the information.
IRS CIRCULAR 230 NOTICE: TO COMPLY WITH U.S. TREASURY REGULATIONS, WE ADVISE YOU THAT ANY U.S. FEDERAL TAX ADVICE INCLUDED IN THIS COMMUNICATION IS NOT INTENDED OR WRITTEN TO BE USED, AND CANNOT BE USED, TO AVOID ANY U.S. FEDERAL TAX PENALTIES OR TO PROMOTE, MARKET, OR RECOMMEND TO ANOTHER PARTY ANY TRANSACTION OR MATTER.
Mike Christie
> Hi,
>
> From the REDAME file, it specifically mentions "SendTargets discovery"
> as a feature, my question is does the latest Open iSCSI initiator
> software support static and/or iSNS discovery methods?
Yes. In the current release:
http://kernel.org/pub/linux/kernel/people/mnc/open-iscsi/releases/open-iscsi-2.0-872.tar.gz
see section "7.2. Discover Targets" of the README for isns examples.
For static discovery it is called "Adding custom iSCSI portal" in the
README's 5.2 iscsiadm examples section.
Mike Christie
> Thanks Mike!
>
> Also, is the CHAP authnetication buggy? I've been unable to get it to
> work...
No. It should work fine.
Mike Christie
What target are you using?
Mike Christie
> Solaris iSCSI target, I have a ZFS vfile volume being used as a block
> device, the whole setup works without authentication, but as soon as I
> configured CHAP on both ends, it stopped working, more specifically on
> the initiator end, my laptop running Redhat Enterprise 5.5 whenever it
> tries to log into the target, an error message would spill out saying
> authentication rejected.
>
Solaris's target should work ok with RHEL 5.5's initiator.
Are you using bidirectional or one way chap. Does the username/password
and username_in/passdword_in when you run:
iscsiadm -m node -T your_target -p ip:port
match what you are trying to use?
Are you using CHAP with discovery and with normal sessions or just
normal sessions? Make sure the discovery chap settings are set or the
normal session (these would be the node.*) chap settings are being set
correctly.
Mike Christie
>>> Solaris's target should work ok with RHEL 5.5's initiator.
>>> Are you using bidirectional or one way chap. Does the
> username/password and username_in/passdword_in when you run:
>>> iscsiadm -m node -T your_target -p ip:port
>>> match what you are trying to use?
>
> initiator), only "username/password" are set, and with bi, the
> "username_in/passdword_in" were also set, will check the match and reply
> back
>
>>> Are you using CHAP with discovery and with normal sessions or just
> normal sessions? Make sure the discovery chap settings are set or the
> normal session>>(these would be the node.*) chap settings are being set
> correctly.
>
> file, don't think I know what you are talking about here...in the
> "/etc/iscsi/iscsid.conf" file, there are more settings, maybe that's
> what you are refering to, I'll check and reply back
There are discovery.sendtargets.auth.* settings which is used for CHAP
during discovery sessions (sessions that are created so the initiatlr
can ask the target what target and portls it has - what happens when you
run iscsiadm -m discovery -t st -p ip:port). Then for sessions to the
target/portals we found during discovery or setup statically that we
access devices like disks through we have the node.session.auth.* values.
Initially when you do discovery the /etc/iscsi/iscsid.conf settings are
read in and used for discovery and for setting up the target/portal
records (when you see when you run iscsiadm -m node and iscsiadm -m node
-T target -p ip:port). If you want to change a specific target portals
settings in the db you can see them with
iscsiadm -m node -T target -p ip:port
then change them with
iscsiadm -m node -T target -p ip:port -o update -n
name-of-param-like-.node.session.auth.username -v yourname
or you can also just edit /etc/iscsi/iscsid.conf and rerun the discovery
command if you wanted to overwrite everything.
Ulrich Windl
Nachricht <4CD089D9...@cs.wisc.edu>:
Maybe let me add: The more specific your question, the more specific the answer will be (most likely ;-))
Regards,
Ulrich
Chien, Tom
device, the whole setup works without authentication, but as soon as I
configured CHAP on both ends, it stopped working, more specifically on
the initiator end, my laptop running Redhat Enterprise 5.5 whenever it
tries to log into the target, an error message would spill out saying
authentication rejected.
Chien, Tom
first of all,
target# iscsitadm list target
initiator# iscsiadm -m node -P 1
matches
second, here's the 4 relevant lines of
/etc/iscsi/iscsid.conf
node.startup = automatic
node.session.authmethod = CHAP
node.session.auth.username = <xxx>
node.session.auth.password = <xxx>
I can discover, but when I try to login
iscsiadm -m node -l
It failed
--------------------------
Sent from my BlackBerry Wireless Handheld
----- Original Message -----
From: Mike Christie <mich...@cs.wisc.edu>
To: Chien, Tom
Cc: open-...@googlegroups.com <open-...@googlegroups.com>
Sent: Tue Nov 02 19:04:25 2010
Subject: Re: Open iSCSI Discovery methods
Chien, Tom
>>Are you using bidirectional or one way chap. Does the
username/password and username_in/passdword_in when you run:
>>iscsiadm -m node -T your_target -p ip:port
>>match what you are trying to use?
I tried both unidirection and bidirection, with uni(target authenticates
initiator), only "username/password" are set, and with bi, the
"username_in/passdword_in" were also set, will check the match and reply
back
>>Are you using CHAP with discovery and with normal sessions or just
normal sessions? Make sure the discovery chap settings are set or the
normal session >>(these would be the node.*) chap settings are being set
correctly.
I've read both RFC's regarding iSCSI as well as the Open-iSCSI's README
file, don't think I know what you are talking about here...in the
"/etc/iscsi/iscsid.conf" file, there are more settings, maybe that's
what you are refering to, I'll check and reply back
Chien, Tom
Also, is the CHAP authnetication buggy? I've been unable to get it to
work...
-----Original Message-----
From: Mike Christie [mailto:mich...@cs.wisc.edu]
Sent: Tuesday, November 02, 2010 5:17 PM
To: open-...@googlegroups.com
Cc: Chien, Tom
Subject: Re: Open iSCSI Discovery methods
________________________________________
Mike Christie
> first of all,
>
> target# iscsitadm list target
> initiator# iscsiadm -m node -P 1
>
iscsiadm -m node -P 1 lists the targets and portals. You would want to
then do
iscsiadm -m node -T target -p ip:port
to see the settings being used for that target. If the setup is simple
then it is probably the same as in the iscsid.conf so you can ignore
this. In the future it might help though.
> matches
>
>
> second, here's the 4 relevant lines of
> /etc/iscsi/iscsid.conf
>
> node.startup = automatic
> node.session.authmethod = CHAP
> node.session.auth.username =<xxx>
> node.session.auth.password =<xxx>
>
> I can discover, but when I try to login
>
> iscsiadm -m node -l
>
Are you using the tools from RHEL 5.5? If so could you try this version
of the iscsi tools:
http://people.redhat.com/mchristi/iscsi/rhel5.6/iscsi-initiator-utils/
If those do not work can you send me a wireshark trace? And just to make
sure, on the target you are setting something like the Incoming
Username/password to the values that are in the
node.session.auth.username/node.session.auth.password, right? And the
username and password are different?