i need authentication due to security reasons, there is no way. otherwise i would not ask here! ;-) without configuring the security, it works.
something here must be wrong:
Code:
sudo itadm modify-target -a chap iqn.1986-03.com.sun:02:8e0d1b08-bade-48f6-fd52-fff3a0348402
sudo itadm create-initiator -s iqn.1986-03.com.sun:02:8e0d1b08-bade-48f6-fd52-fff3a0348402
sudo itadm modify-initiator -u iscsi_user iqn.1986-03.com.sun:02:8e0d1b08-bade-48f6-fd52-fff3a0348402
the server will be accessed remote with the windows client:
the value in "Name" is by default from windows... i want the create a "user account" / chap name created on the server i can use as "Name" in the windows client... and also the passphrase...
on "starwind iscsi server" (windows) and my nas system (linux), there is no problem to create such "user accounts" / logins i want...
but solaris 11.2 seems to be a lil bit more complicated!
hope you understand what i mean.
regards, jan
---------- Post updated at 08:30 PM ---------- Previous update was at 08:23 PM ----------
I think it's not impossible to do that with a solaris iscsi target?
---------- Post updated at 08:40 PM ---------- Previous update was at 08:30 PM ----------
with step 3 icreate the "username"-alias for iqn.1986-03.com.sun:... so i think:
---------- Post updated at 08:49 PM ---------- Previous update was at 08:40 PM ----------
i repeated that 3 steps, without success:
Code:
jmarti@solaris:~$ sudo itadm modify-target -a chap iqn.1986-03.com.sun:02:8e0d1b
08-bade-48f6-fd52-fff3a0348402
Target iqn.1986-03.com.sun:02:8e0d1b08-bade-48f6-fd52-fff3a0348402 successfully
modified
jmarti@solaris:~$ sudo itadm modify-initiator -s iqn.1986-03.com.sun:02:8e0d1b08
-bade-48f6-fd52-fff3a0348402
Enter CHAP secret:
Re-enter secret:
jmarti@solaris:~$ sudo itadm modify-initiator -u iscsi_user iqn.1986-03.com.sun:
02:8e0d1b08-bade-48f6-fd52-fff3a0348402
because it's a re-configuration, i need modify-initiator instead of create-initiator...
---------- Post updated at 08:56 PM ---------- Previous update was at 08:49 PM ----------
same code in oracle's " How to Configure CHAP Authentication for Your iSCSI Target"
(sry. can't post links)
---------- Post updated at 09:04 PM ---------- Previous update was at 08:56 PM ----------
not it works, the problem was i need to configure a lil bit more than with other os:
how to bypass that??
---------- Post updated 30-01-15 at 03:01 AM ---------- Previous update was 29-01-15 at 09:04 PM ----------
i also got big network-level problems, e.g. the target portal was on the internal private ip 192.168.1.251, and it's nor possible to use a public ip (it's dynamic (also a reason for chap security!!) i use no-ip.com) neither to use a domain name as a target potal like myserver0001.no-ip.org...
because of that, now i had set up a windows server 2003 as a virtual machine in "oracle virtual machine" (same as oracle virtualvox in other os) together with "starwind iscsi san v6 free edition".
this decision has solved a lot of problems:
- i don't need to set the chap login 2 times in windows iscsi initiator ("General" AND "Target" tab settings, like before with solaris
- with the starwind solution, there are no entries with private ip adresses anymore in the "Target Potal" selection - just one entry with name "Default"... no problems with private ip addresses in target portals anymore!
- i can set up chap user account in starwind iscsi console
with starwin, the problem was solved in 2-3 minutes... solaris (=comstar iscsi so i know) seems to be more complicated, and the solaris internet community i not very big so i saw...
With iSCSI a target may support host chap authenication and/or individual volume chap authenication. Perhaps one of them, perhaps both.
Similarly, an iSCSI initiator may support host chap authenication and/or individual volume chap authenication. Perhaps one of them, perhaps both.
So, for example, if you are unfortunate enough to have your initiator only support host chap and your target only supports volume chap then you cannot make any chap authenication work.
Run a test to see if host chap works, yes or no, then run a test to see if volume chap works, yes or no.
Then you will know whether you can use one, both, or none.
Of course, if you've changed your host or initiator software then what works and doesn't work changes.
"Similarly, an iSCSI initiator may support host chap authenication and/or individual volume chap authenication."
thank you very much, i think that was the problem. i will try it for the next time when i set up a solaris 11.2 server.
the other problem is more complicated i think, that target portal will be shown (in the windows iscsi initiator) with the local ip 192.168.1.251... i can only access that target from my subnet with that target portal ip config!!
With the starwind solutions in windows, there is no ip in the target portal selectbox visible, i see just one entry "Default"...
And it's accessible via public internet. (port forwarding to server behind router with ip 192.168.1.251) comstar/solaris iscsi is not... when i install wireshark on the public internet client, i see some entries with 192.168.1.251... cannot work! ;-)
i do not use ssh or vpn channel for iscsi access via internet, but there is a ip-level firewall.
thx and have a nice day!
---------- Post updated at 05:39 PM ---------- Previous update was at 04:54 PM ----------
"the other problem is more complicated i think, that target portal will be shown (in the windows iscsi initiator) with the local ip 192.168.1.251..."
the problem is i can use nor a public ip neither a domain name with solaris' "itmadm modify-target"... it always need to set it to the local ip, which causes problem when i access in the public internet...
I get "mount: I/O error" when trying to mount an existing FAT32 iSCSI target. I also tried formatting the iSCSI target with fdisk and got
fdisk: "Error in ioctl DKIOCSMBOOT"
Details --
According to the format command, the whole disk is allocated to slice 6 and /dev/rdsk shows this as:... (0 Replies)
Hi,
I need to set up iscsi LUN on Solaris 9. I've done it on Solaris 10 with iscsiadm. How do you do it on Solaris 9 though? Currently using Solaris 9 update 2. Your help is appreciated.
Thanks,
Sparcman (6 Replies)
I am running Solaris 10 on a V490. I have Dell EqualLogic SAN attached.
I would like to take full advantage of the iSCSI initiator.
I have a primary network interface and IP addresses for all four SAN ports. Since the four ports are SUN GigaSwift (legacy), I cannot utilize dladm, so I downloaded... (2 Replies)
Hello,
i am trying to get following configuration up running, but get no access to the library roboter.
Server: SunOS 5.10 Generic_138889-03 i86pc i386 i86pc
DELL TL-2000: 1 Tape: IBM ULT3580-HH4 and Robot: 3573-TL,
connected via ISCSI Bridge (build into the TL)
... (1 Reply)
Hello!
I have several disks discovered using iscsi protocol.
There disks are represented in OS like c2txd0 .
logs:
Is it possible to change drive path, for example, from c2t6d0 to c2t7d0?
It's important for me because I have to install oracle RAC on RAW devices.
NIck (0 Replies)
hi,
I have installed Solaris 10 10/08 on sparc machine. I would like to configure iSCSI on that to mount SAN Volumes. Is there any need to install any additional patches for iSCSI to work.
Thanks,
Prashant. (4 Replies)
I'm running solaris 10 and this packages is installed
SUNWiscsir - Sun iSCSI Device Driver (root)
SUNWiscsiu - Sun iSCSI Management Utilities (usr)
But the commands iscsiadm or iscsitadm dont work.
He are not in my system. Do you know the problem. (1 Reply)
Very strange one, we've got a recently build server (Sol10 via JET flash).
Bascially you can ssh to it fine, but telnet will allow entry of username, but will then feed in a carriage return on the passwd field, this also happens on any auth type command, ie passwd on a user account will also... (4 Replies)
01-29-2015
