1

好的,我有一个实验室设置,我有一个 Freenas 服务器 iscsi 设置,带有用于发现的章节设置和用于目标的相互章节。

以下是要求: 实施 CHAP 安全性 用于发现的单向 CHAP 用于目标的双向(相互)CHAP

我可以成功连接和发现两台 esxi 服务器 windows 7、windows 2003、2008 和 2012

Centos 可以看到发现列表,但是在尝试连接时:

 iscsiadm --mode node --targetname iqn.2015.lab.com:centos --portal 192.168.1.60:3260 --login

终端输出:

no records found

这是我的 iscsid.conf,我在章节部分留下了评论,但因为它太大而将其删除:

    iscsid.startup = /etc/rc.d/init.d/iscsid force-start
    node.startup = automatic
    node.leading_login = No

    # *************
    # CHAP Settings
    # *************

    # To enable CHAP authentication set node.session.auth.authmethod
    # to CHAP. The default is None.
    node.session.auth.authmethod = CHAP

    # To set a CHAP username and password for initiator
    # authentication by the target(s), uncomment the following lines:
    #node.session.auth.username = group7
    #node.session.auth.password = passwordpassword

    # To set a CHAP username and password for target(s)
    # authentication by the initiator, uncomment the following lines:
    node.session.auth.username_in = group7
    node.session.auth.password_in = passwordpassword

    # To enable CHAP authentication for a discovery session to the target
    # set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
    discovery.sendtargets.auth.authmethod = CHAP

    # To set a discovery session CHAP username and password for the initiator
    # authentication by the target(s), uncomment the following lines:
    discovery.sendtargets.auth.username = group7
    discovery.sendtargets.auth.password = passwordpassword

    # To set a discovery session CHAP username and password for target(s)
    # authentication by the initiator, uncomment the following lines:
    #discovery.sendtargets.auth.username_in = group7
    #discovery.sendtargets.auth.password_in = passwordpassword


    node.session.timeo.replacement_timeout = 120
    node.conn[0].timeo.login_timeout = 15
    node.conn[0].timeo.logout_timeout = 15
    node.conn[0].timeo.noop_out_interval = 5
    node.conn[0].timeo.noop_out_timeout = 5
    node.session.err_timeo.abort_timeout = 15
    node.session.err_timeo.lu_reset_timeout = 30
    node.session.err_timeo.tgt_reset_timeout = 30
    node.session.initial_login_retry_max = 8
    node.session.cmds_max = 128
    node.session.queue_depth = 32
    node.session.xmit_thread_priority = -20
    node.session.iscsi.InitialR2T = No
    node.session.iscsi.ImmediateData = Yes
    node.session.iscsi.FirstBurstLength = 262144
    node.session.iscsi.MaxBurstLength = 16776192
    node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
    node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
    node.conn[0].iscsi.HeaderDigest = None
    node.session.nr_sessions = 1
    node.session.iscsi.FastAbort = Yes

任何帮助表示赞赏。谢谢你。

4

1 回答 1

1

您需要相互 CHAP 进行会话设置,但在您的配置文件中,您已经注释掉了定义从启动器到目标的登录的行:

# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
#node.session.auth.username = group7
#node.session.auth.password = passwordpassword
于 2015-03-12T00:31:17.567 回答