+ Post New Thread
Results 1 to 6 of 6
Hardware Thread, Sun 7110 - Chap authentication in Technical; Hi there, I am playing with my 7110 and am looking to add Chap Authentication to our iSCSI LUNs. However, ...
  1. #1
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    20

    Sun 7110 - Chap authentication

    Hi there,

    I am playing with my 7110 and am looking to add Chap Authentication to our iSCSI LUNs. However, I am obviously doing something silly as I am getting an authentication failure.

    Could someone who has it working pop in with some advice?

    I am using Microsoft's iSCSI initiator and have done the following
    1. Set a Mutual Chap Secret in the Windows Machine (Secret number 1)
    2. Set a target CHAP name and target Chap Secret on the 7110 (Secret number 2) (BTW - does the name have to be anything specific here?)
    3. Setup an initiator on the 7110 for the windows machine. Entered the IQN for the chap name (Does this have to be anything specific?) Entered Secret Number 1 for the Chap Secret.
    4. Used the Advanced tab to connect to the LUN. Checked the boxes for Chap Login information and Mutual authentication. Put Secret Number 2 in as the target secret.

    I am hoping that I just have the wrong name or secret in somewhere but would be glad of any advice/help.

    Cheers

    Jonathan

  2. #2
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    I'm going by memory here a bit so this is going to be a little bit off...

    Once you've made the LUN on the S7000, go to protocols and remove 'Allow any initiator access' then manually add the IQN of your Windows machine that you want to connect to it. On the screen for adding the IQN you get an Initiator Alias (doesn't matter what this is, just something easy for you to remember like the client's hostname), IQN (whatever the Microsoft iSCSI connector says the client machine's IQN is), CHAP Name (name for this CHAP group or account), CHAP Secret (the shared password).

    I'm running the old version of the MS initiator but at that point you should just give the MS initiator the same CHAP secret you gave the 7110 and tell it to look for LUNs on the 7110's hostname or IP address. You can do two-way CHAP where the 7110 authenticates the client and then the client authenticates the 7110, but that shouldn't be necessary.

    You don't need to set the CHAP stuff under the iSCSI service configuration (at least I didn't) as you can do it on a per-initiator basis. Just make sure you give the 7110 and your Windows box the same CHAP secret and make sure the 7110 has the right client IQN and you should be sorted.

    Chris

  3. Thanks to Duke from:

    ArchersIT (1st September 2009)

  4. #3
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    20
    Thanks for this - unfortunately this is what I think I have done and I still get the same error.

    Jonathan

  5. #4
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    Hmm, bit odd...

    Presumably you can connect okay if you turn off CHAP and just use initiator security? Are you on the latest firmware release for the 7110?

    I don't suppose you've got anything else that supports iSCSI like a Citrix XEN or VMware ESX/ESXi setup that you could try to connect with? I'm using iSCSI and CHAP but it's currently only with ESX servers rather than a Windows box.

    What version of Windows and/or the MS iSCSI Initiator are you using?

    Chris

  6. #5

    Join Date
    Jul 2007
    Location
    Suffolk
    Posts
    10
    Thank Post
    2
    Thanked 8 Times in 5 Posts
    Rep Power
    16
    Hi,

    I've just run through the following process, using the S7000 simulator and a windows2003 Enterprise edition server.

    Set an Initiator.
    Do this in the iscsi service configuration on the S7000.
    Initiator Alias: This can be anything, but best to use a meaningful name such as the name of the windows server.
    IQN: The IQN copied from the general tab on the windows iscsi tool.
    CHAP name: This can be anything, I used 'SUNNAS'.
    CHAP secret: This is the shared password.

    Create a LUN.
    In the protocol properties of the LUN untick inherit from project. The initiator we set up should be visible, tick the box next to it to allow it access.

    In Windows.
    Add the target portal, using the ip address or hostname of the S7000.
    In the targets tab, select the target IQN of the LUN and click Logon.
    Tick automatically restore and click advanced.
    Tick CHAP authentication information.
    In Username put the CHAP name we specified earlier, in this case SUNNAS.
    In taget secret, put the secret we specified earlier.
    Click 'ok' and 'ok' again and the lun should be connected.

    I hope this is of help to you.

    Richard
    Last edited by Ricko; 4th September 2009 at 11:54 AM.

  7. 2 Thanks to Ricko:

    ArchersIT (4th September 2009), john (4th September 2009)

  8. #6
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    20
    Ok - thanks for the replies - I have now got CHAP authentication working.

    I have a horrible suspicion that I must have put the wrong password in one end or other as the proecures detailed here seem to be the same as what I was doing before. However, it has good to have the method confirmed as being correct so it was clear I was just mis-typing something.

    Many thanks for your assistance.

    Cheers

    Jonathan

SHARE:
+ Post New Thread

Similar Threads

  1. Sun Storage 7110
    By Ric_ in forum Hardware
    Replies: 663
    Last Post: 17th August 2012, 07:34 AM
  2. Sun Storage 7110 Performance
    By Ric_ in forum Hardware
    Replies: 64
    Last Post: 7th November 2011, 07:52 PM
  3. Xenserver 5.5 with Sun Storage 7110 backup?
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 12th August 2009, 05:30 AM
  4. Sun 7110 Storage options
    By cookie_monster in forum Hardware
    Replies: 5
    Last Post: 14th July 2009, 02:07 PM
  5. Xenserver 5 and SUN 7110 SAN
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 9
    Last Post: 1st June 2009, 06:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •