Q: iscsiadm -m node: Authentication information

[Ulrich Windl]

Hi!

Assuming an iSCSI node is a path to an IET target, I wonder why iscsiadm -m 
node cannot print any authentication information:
# iscsiadm -m node -P1
Target: iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e
Portal: 127.0.0.1:3260,1
Iface Name: default
Portal: 10.7.7.2:3260,1
Iface Name: default
Portal: 172.20.64.106:3260,1
Iface Name: default
Target: iqn.2012-05.klinik.dvm:e8fb441a-4b8e-454f-ad4f-a51fa7870b62
Portal: 127.0.0.1:3260,1
Iface Name: default
Portal: 10.7.7.2:3260,1
Iface Name: default
Portal: 172.20.64.106:3260,1
Iface Name: default
# grep auth 
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm\:f50b313f-2721-4c16-b293-c51c9163cf2e/1*/*
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/10.7.7.2,3260,1/default:node.session.auth.authmethod
 = CHAP
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/10.7.7.2,3260,1/default:node.session.auth.username
 = iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/10.7.7.2,3260,1/default:node.session.auth.password
 = pass4pass4pass4
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/10.7.7.2,3260,1/default:node.session.auth.username_in
 = iqn.1996-04.de.suse:01:39f021fed644
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/10.7.7.2,3260,1/default:node.session.auth.password_in
 = pass2pass2pass2
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/10.7.7.2,3260,1/default:node.conn[0].timeo.auth_timeout
 = 45
/etc/iscsi/nodes/iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e/127.0.0.1,3260,1/default:node.session.auth.authmethod
 = CHAP

I'm beginning to understand why about every open-iscsi tutorial I found 
recommands to turn off authentication (against the recommandation of the RFC).

I've successfully set up an iSCSI target with one target that does 
bidirectional authentication for discovery and login. Now I thought I 
understood the pattern, but after adding another target with new credentials (a 
valid option IMHO), things don't work as expected.

I have (sketch):
IncomingUser iqn.2012-05.klinik.dvm:i pass1pass1pass1
IncomingUser iqn.1996-04.de.suse:01:39f021fed644 pass1pass1pass1
OutgoingUser iqn.2012-05.klinik.dvm:t passOpassOpassO

Target iqn.2012-05.klinik.dvm:e8fb441a-4b8e-454f-ad4f-a51fa7870b62
Lun 0 Path=/dev/shm/ram1,Type=fileio
IncomingUser iqn.2012-05.klinik.dvm:e8fb441a-4b8e-454f-ad4f-a51fa7870b62 
pass3pass3pass3
OutgoingUser iqn.1996-04.de.suse:01:39f021fed644 pass2pass2pass2

Target iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e
Lun 0 Path=/dev/shm/ram7,Type=fileio
IncomingUser iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e 
pass4pass4pass4
OutgoingUser iqn.1996-04.de.suse:01:39f021fed644 pass2pass2pass2

(As you see, I'm using really cheap disks for my test ;-)

Regards,
Ulrich


-- 
You received this message because you are subscribed to the Google Groups 
open-iscsi group.
To post to this group, send email to open-iscsi@googlegroups.com.
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/open-iscsi?hl=en.

Re: Q: iscsiadm -m node: Authentication information

[Mike Christie]

On 05/07/2012 02:38 AM, Ulrich Windl wrote:
 Hi!
 
 Assuming an iSCSI node is a path to an IET target, I wonder why iscsiadm 
 -m node cannot print any authentication information:
 # iscsiadm -m node -P1

That command only prints the targets/portals that are setup to be logged
into. If you want to see the settings we are going to use or negotiate
for including chap setting you run:

iscsiadm -m node -T
iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e

or

iscsiadm -m node -T
iqn.2012-05.klinik.dvm:f50b313f-2721-4c16-b293-c51c9163cf2e -p
127.0.0.1:3260,1

If you wan to see what we actually negotiated for then run

iscsiadm -m session -P 2

[--show needs to be used for the commands above to force printing passwords]

Probably in the SLES kernel you are using we do not export the chap info
so that session command will not print it out. Also your iscsiadm
version is probably older.

-- 
You received this message because you are subscribed to the Google Groups 
open-iscsi group.
To post to this group, send email to open-iscsi@googlegroups.com.
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/open-iscsi?hl=en.