EasyManua.ls Logo

IBM DS3000 - Page 433

IBM DS3000
602 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 17. iSCSI configuration 2 - Software Initiator on Red Hat Linux 401
Draft Document for Review August 30, 2007 12:59 am 7065iSCSI_Config2.fm
represents the initiator authentication. The initiator has itself to authenticate against a
target.
Note that initiator and target CHAP secrets cannot be identical.
Incoming and outgoing usernames are limited to valid IQNs by the DS3300 as defined as
host ports.
Example 17-22 shows the /etc/iscsi.conf file with the incoming and outgoing account
details. The incoming account was configured as a local option for the target and not a
global option. Other subsystems may use a different password.
Example 17-22 Configuration of the iSCSI software initiator
HeaderDigest=always
DataDigest=always
OutgoingUsername=iqn.1987-05.com.cisco:01.5913f144a0d9
OutgoingPassword=b1234567890h
Targetname=iqn.1992-01.com.lsi:1535.00000000000000000000000000000000
Enabled=yes
IncomingUsername=iqn.1992-01.com.lsi:1535.00000000000000000000000000000000
IncomingPassword=a1234567890t
ConnFailTimeout=15
2. Shutdown the server until the DS3300 is also configured.
3. Use the Storage Manager CLI commands (set iscsiInitiator) shown in Example 17-23
to setup the CHAP secret (Challenge Handshake Authentication Protocol) for the already
defined host ports of host HOOGHLY. See Example 17-23.
Example 17-23 SMcli commands to set CHAP secrets for initiators
amazon:~ # SMcli -n DS3300 -c "set iscsiInitiator [\"Hooghly-Initiator\"]
host=\"Hooghly\" chapSecret=\"b1234567890h\"; " -S
amazon:~ #
4. Clarify if there are any initiators without target authentication configured that access the
DS3300. In that case use the command in Example 17-25 otherwise use the command
shown in Example 17-24.
Example 17-24 SMcli - set target authentication - CHAP only
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=chap chapSecret=\"a01234567890t\";" -S
amazon:~ #
Example 17-25 SMcli - set target authentication - CHAP and no CHAP
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=none authenticationMethod=chap
chapSecret=\"a01234567890t\";" -S
amazon:~ #
Note: CHAP (RFC1944) is the most basic level of iSCSI security available.

Table of Contents

Related product manuals