I've just had a look at the OpenSolaris source code for the iscsi initiator to see if that gives any clues. (Hopefully the source code of Solaris 10u4 is not too different.)
I searched for the string "Initiator is not allowed access to the " and found it here: http://src.opensolaris.org/source/xref/nwsc/src/sun_nws/iscsi/src/iscsi_login.c#1879 This is in function "iscsi_login_failure_str(uchar_t status_class, uchar_t status_detail)" Based on "back40"'s /var/adm/messages, this indicates: Status_class = 0x02, status_detail = 0x02 I think these constants are defined here: http://src.opensolaris.org/source/xref/nwsc/src/sun_nws/headers/common/iscsi/iscsi_protocol.h /* Login Status response classes */ 499 #define ISCSI_STATUS_CLASS_INITIATOR_ERR 0x02 /* Class-2 (Initiator Error) */ 513 #define ISCSI_LOGIN_STATUS_TGT_FORBIDDEN 0x02 Rick is looking at the code from the iscsi target side, here: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/iscsi/iscsitgtd/iscsi_login.c#313 Maybe "back40" could check for error log messages on the target server to see if he is getting a "SecurityNegotiation: access denied". It looks like a snoop capture of the network traffic will be needed to figures this out. Maybe Dtrace could help. I'm not sure if the target provider PSARC/2007/153 made it into Sol-10u4. Thanks Nigel Smith This message posted from opensolaris.org _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
