EasyManuals Logo

IBM DS3000 User Manual

IBM DS3000
602 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #433 background imageLoading...
Page #433 background image
Chapter 17. iSCSI configuration 2 - Software Initiator on Red Hat Linux 401
Draft Document for Review August 30, 2007 12:59 am 7065iSCSI_Config2.fm
represents the initiator authentication. The initiator has itself to authenticate against a
target.
Note that initiator and target CHAP secrets cannot be identical.
Incoming and outgoing usernames are limited to valid IQNs by the DS3300 as defined as
host ports.
Example 17-22 shows the /etc/iscsi.conf file with the incoming and outgoing account
details. The incoming account was configured as a local option for the target and not a
global option. Other subsystems may use a different password.
Example 17-22 Configuration of the iSCSI software initiator
HeaderDigest=always
DataDigest=always
OutgoingUsername=iqn.1987-05.com.cisco:01.5913f144a0d9
OutgoingPassword=b1234567890h
Targetname=iqn.1992-01.com.lsi:1535.00000000000000000000000000000000
Enabled=yes
IncomingUsername=iqn.1992-01.com.lsi:1535.00000000000000000000000000000000
IncomingPassword=a1234567890t
ConnFailTimeout=15
2. Shutdown the server until the DS3300 is also configured.
3. Use the Storage Manager CLI commands (set iscsiInitiator) shown in Example 17-23
to setup the CHAP secret (Challenge Handshake Authentication Protocol) for the already
defined host ports of host HOOGHLY. See Example 17-23.
Example 17-23 SMcli commands to set CHAP secrets for initiators
amazon:~ # SMcli -n DS3300 -c "set iscsiInitiator [\"Hooghly-Initiator\"]
host=\"Hooghly\" chapSecret=\"b1234567890h\"; " -S
amazon:~ #
4. Clarify if there are any initiators without target authentication configured that access the
DS3300. In that case use the command in Example 17-25 otherwise use the command
shown in Example 17-24.
Example 17-24 SMcli - set target authentication - CHAP only
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=chap chapSecret=\"a01234567890t\";" -S
amazon:~ #
Example 17-25 SMcli - set target authentication - CHAP and no CHAP
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=none authenticationMethod=chap
chapSecret=\"a01234567890t\";" -S
amazon:~ #
Note: CHAP (RFC1944) is the most basic level of iSCSI security available.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the IBM DS3000 and is the answer not in the manual?

IBM DS3000 Specifications

General IconGeneral
BrandIBM
ModelDS3000
CategoryStorage
LanguageEnglish

Related product manuals