1

我正在使用两个带有 Centos 6.5 的 VirtualBox VM 来处理 iSCSI。目标由名为“ tgtm”的机器提供(运行 TGT 守护程序),名为“受害者”的机器是发起者。我无法配置 CHAP 目标身份验证(启动器身份验证工作正常)。如果我通过注释掉 放弃 CHAP 目标身份验证node.session.auth.{username_in,password_in},一切正常。特别是,tgtd"CHAP target auth.: no outgoing credentials configured."(这似乎不是真的:))。

配置和日志条目:

cat /etc/tgt/targets.conf | egrep -v '^ *(#|$)'
<target iqn.2014-03.lan.test:it.sucks>
    backing-store /disks/idisk1
    write-cache off
    incominguser benutzer kennwort
    outgoinguser user password
</target>
default-driver iscsi

[root@victim ~]# cat /etc/iscsi/iscsid.conf | egrep -v '^( |#|$)'
iscsid.startup = /etc/rc.d/init.d/iscsid force-start
node.startup = automatic
node.leading_login = No
node.session.auth.authmethod = CHAP
node.session.auth.username = benutzer
node.session.auth.password = kennwort
node.session.auth.username_in = user
node.session.auth.password_in = password
node.session.timeo.replacement_timeout = 120
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.initial_login_retry_max = 8
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.xmit_thread_priority = -20
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
node.conn[0].iscsi.HeaderDigest = None
node.session.nr_sessions = 1
node.session.iscsi.FastAbort = Yes

[root@victim ~]# iscsiadm --mode discoverydb --type sendtargets --portal 172.16.2.5 --discover
Starting iscsid:                                           [  OK  ]
172.16.2.5:3260,1 iqn.2014-03.lan.test:it.sucs
[root@victim ~]# iscsiadm --mode node --portal 172.16.2.5 --targetname iqn.2014-03.lan.test:it.sucs --login
Logging in to [iface: default, target: iqn.2014-03.lan.test:it.sucs, portal: 172.16.2.5,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2014-03.lan.test:it.sucs, portal: 172.16.2.5,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals

[root@victim ~]# less /var/log/messages
Mar 17 03:25:33 victim kernel: scsi13 : iSCSI Initiator over TCP/IP
Mar 17 03:25:33 victim iscsid: Could not set session11 priority. READ/WRITE throughout and latency could be affected.
Mar 17 03:25:34 victim kernel: connection11:0: detected conn error (1020)
Mar 17 03:25:34 victim iscsid: Login failed to authenticate with target iqn.2014-03.lan.test:it.sucs
Mar 17 03:25:34 victim iscsid: session 11 login rejected: Initiator failed authentication with target
Mar 17 03:25:34 victim iscsid: Connection11:0 to [target: iqn.2014-03.lan.test:it.sucs, portal: 172.16.2.5,3260] through [iface: default] is shutdown.

[root@tgtm ~]# less /var/log/messages
Mar 17 03:25:30 tgtm tgtd: conn_close(101) connection closed, 0x2364268 1
Mar 17 03:25:35 tgtm tgtd: CHAP target auth.: no outgoing credentials configured.
Mar 17 03:25:35 tgtm tgtd: conn_close(101) connection closed, 0x2364268 1
4

1 回答 1

1

(令人讨厌)有一个单独的部分,您可以在其中指定用于目标发现的 CHAP 信息。这可能是你遇到的问题。

例如:

发现.sendtargets.address = 172.16.2.5
 发现.sendtargets.port = 3260
 discovery.sendtargets.auth.authmethod = CHAP
 discovery.sendtargets.auth.username = benutzer
 discovery.sendtargets.auth.password = kennwort
 发现.sendtargets.timeo.login_timeout = 15
 发现.sendtargets.reopen_max = 5
 发现.sendtargets.timeo.auth_timeout = 45
 discovery.sendtargets.timeo.active_timeout = 30
 discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
于 2014-03-18T16:49:13.373 回答