Gopu Krishnan [mailto:[email protected]] wrote: > > Hi All, > > I am trying to connect Microsoft initiator and Linux target. > Am trying to understand how the bidirectional chap happens. > > What is the CHAP_N will be send between the Microsoft > initiator and target and vice-versa. Is there is any > functionality differnce between the both? > I also would like to know where we specify target secret and > initiator secret in Microsoft initiator. > > Moreover am clear with Linux initiator and Linux target > communication with respect to chap.
Ok, here is how CHAP works. For incoming initiators only: Configure an IncomingUser, typically the initiator's IQN but you can use a generic name that all initiators can use, then a space then a password which MUST be a minimum of 12 characters and a maximum of 16 characters. You can configure multiple IncomingUser CHAP users, one for each initiator if you wish, or like above configure one that all initiators use. For bi-directional: Configure the IncomingUser CHAP users like above, then, configure ONE OutgoingUser, for compatibility with Microsoft initiator and probably others it should be the target's IQN, followed by a space, then a password which MUST be a minimum of 12 characters and a maximum of 16 characters. The IncomingUser and OutgoingUser passwords MUST NOT match. When you log in with the Microsoft initiator with one-way CHAP you can specify the name and password under the Advanced settings tab, to do bi-directional CHAP with Microsoft you need to configure the secret that ALL targets will use to authenticate against under the "General" tab. The "Secret" defined under the Microsoft initiator "General" tab MUST match the OutgoingUser password. Then when logging in with the MS initiator you specify the IncomingUser name and password, then check the box "Perform Mutal Authentication". I'm not sure about bi-directional CHAP and open-iscsi, but there are plenty of examples of one-way CHAP. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
