iSCSI chap
Is there anything special needed to get iSCSI CHAP authentication working with NexentaStor 3 community as target, and Windows 2008 server as initiator?
iSCSI works when authentication is turned off. But if I enable CHAP, and specify the same username and password in Windows as I entered in the Nexentastor window, I get "authentication failed".
Screenshot of Windows settings: http://bayimg.com/image/namkiaace.jpg
Replies
RE: iSCSI chap - Added by Dmitry Yusupov 3 months ago
What is the version of software you are using? 3.0.2 or less?
I recommend to update to 3.0.2 and see if it fixes the issue
RE: iSCSI chap - Added by Justin The Cynical 3 months ago
I've run into this exact same issue using VMWare ESXi4 and the globalSAN V4, build 204 as initiators.
$ show appliance version
NMC version: 3.0.2-3
NMV version: 3.0.2-3
NMS version: 3.0.2-3
Operating System: Nexenta/OpenSolaris (version 3.0.2)
Copyright (c) 2005-2010 Nexenta Systems, Inc. All rights reserved.
I tried to run setup/appliance/update, but received 403 errors from the repository:
Err http://apt.nexentastor.org hardy-testing/main Packages 403 Forbidden etc...
Looking at apt.nexentastor.org, all I'm seeing is a repo for hardy-unstable (the appliance is based on hardy-testing unless I'm mistaken).
Anything else I can provide?
RE: iSCSI chap - Added by Dmitry Yusupov 3 months ago
On 06/04/2010 12:39 PM, NexentaStor.org wrote:
http://www.nexentastor.org/boards/2/topics/279 Justin Moe
I've run into this exact same issue using VMWare ESXi4 and the globalSAN V4, build 204 as initiators.
$ show appliance version NMC version: 3.0.2-3 NMV version: 3.0.2-3 NMS version: 3.0.2-3 Operating System: Nexenta/OpenSolaris (version 3.0.2) Copyright (c) 2005-2010 Nexenta Systems, Inc. All rights reserved.
I tried to run setup/appliance/update, but received 403 errors from the repository:
Err http://apt.nexentastor.org hardy-testing/main Packages 403 Forbidden etc...
Looking at apt.nexentastor.org, all I'm seeing is a repo for hardy-unstable (the appliance is based on hardy-testing unless I'm mistaken).
OK. hardy-testing fixed. Try to upgrade again and see if issue is fixed with the new bits.
Thanks
RE: iSCSI chap - Added by Max Max 3 months ago
Dmitry Yusupov wrote:
What is the version of software you are using? 3.0.2 or less?
3.0.2
RE: iSCSI chap - Added by Dmitry Yusupov 3 months ago
After the upgrade to the latest - 3.0.2a, do you still see this problem?
On 06/04/2010 04:31 PM, NexentaStor.org wrote:
http://www.nexentastor.org/boards/2/topics/279 Max Max
Dmitry Yusupov wrote:
What is the version of software you are using? 3.0.2 or less?
3.0.2
RE: iSCSI chap - Added by Justin The Cynical 3 months ago
That seems to have fixed it, at least with ESXi 4.
RE: iSCSI chap - Added by Max Max 3 months ago
Do I need to do something special to upgrade?
== nmc@san:/$ setup appliance upgrade You are about to upgrade the appliance software. Please be advised that by executing this operation you agree to be bound by the terms of the product license available at http://www.nexenta.com/nexentastor-licenses. This operation may take some time to check with the remote appliance's software repository. Proceed? (yYes Checking repository sources. Please wait... No new upgrades/packages available.
nmc@san:/$ show appliance version NMC version: 3.0.2-1 NMV version: 3.0.2-1 NMS version: 3.0.2-1 Operating System: Nexenta/OpenSolaris (version 3.0.2)
Copyright (c) 2005-2010 Nexenta Systems, Inc. All rights reserved.
P.S. the "sign in" link at the top right on www.nexentastor.org is broken in Google Chrome. Clicking on it results in going to / instead of /login. If I right click and do "inspect element" it seems to be caused by:
==
RE: iSCSI chap - Added by Justin The Cynical 3 months ago
Justin Moe wrote:
That seems to have fixed it, at least with ESXi 4.
Crap, I take that back, I may have been mistaken. I'm retesting it now...
RE: iSCSI chap - Added by Justin The Cynical 2 months ago
Nope, still broken for me.
I'm not sure if this is a problem with ESXi 4 or the Nexenta machine. I will attempt to install an iSCSI initiator on one of my windows VM's and see if that works.
RE: iSCSI chap - Added by Justin The Cynical 2 months ago
OK, still not working. I don't know if I have something misconfigured or not.
Data Management -> SCSI Target -> Manage iSCSI target default parameters Auth = none iSNS = no
Data Management -> SCSI Target -> Manage iSCSI targets -> $TARGET Auth Method = CHAP CHAP User = testing CHAP Secret = testingtesting12 (for an example)
Interestingly, the UI shows the CHAP secret as a 12 character string, regardless of what I put in there.
I've tried with 12, 14 and 16 character passwords from the HTML UI and the CLI with no luck from ESXi 4, globalSAN V4 build 204 for Mac, and the Microsoft iSCSI Software Initiator 2.08 under XP.
What logs can I turn up and where are they located on the system? I'm more than happy to help if I can, I just need to know what to adjust and where to look (for what it's worth, I've done QA testing for software and hardware for various companies).
RE: iSCSI chap - Added by Justin The Cynical 2 months ago
Oh yes, I forgot to mention that I upgraded to 3.0.3 as well from 3.0.2
$ setup appliance show version NMC version: 3.0.3-1 NMV version: 3.0.3-1 NMS version: 3.0.3-1 Operating System: Nexenta/OpenSolaris (version 3.0.3) Copyright (c) 2005-2010 Nexenta Systems, Inc. All rights reserved.
RE: iSCSI chap - Added by Daniel Taylor 2 months ago
I can get iscsi working fine with no auth, but get nothing with CHAP.
Don't quite know what the problem is. I'm using 3.0.3 (a fresh build this morning).
RE: iSCSI chap - Added by Daniel Taylor about 1 month ago
I ran an update today and some new comstar/iscsi stuff was brought down and now it works!
There's a new admin option to define remote initiators, I added in my windows pc, left the user name blank, set a password. Created a target set it to 'chap' and left the user/password blank and then connected to the iscsi using the username as my initiator node name. and the password I defined.
and it works!
If you can't get it work, grab the new userguide from your web interface, it has a good explaination.
Hope it works for you to! (my version is now 3.0.3-4)
RE: iSCSI chap - Added by Justin The Cynical about 1 month ago
Hmmm....
Option ? version NMC version: 3.0.3-3 NMV version: 3.0.3-4 NMS version: 3.0.3-4 Operating System: Nexenta/OpenSolaris (version 3.0.3) Copyright (c) 2005-2010 Nexenta Systems, Inc. All rights reserved.
Seems to work from ESXi now (Whee!) Fails from the MS iSCSI initiator (Boo?)
I don't know if the iSCSI thing is because it's in a VM or it's typical MS coding, but meh, ESXi appears to be working now, which was a bigger deal to me.
(Side note, the SSL'ed interface seems to be stable now as well, just don't get why the UI is on that odd port number)
Now to try the target portal group functionality.