3

When I run

iscsiadm --mode node --targetname iqn.2018-12.dz.esi:iso --portal 10.11.0.2 --login

I get this error:

Logging in to [iface: default, target: iqn.2018-12.dz.esi:iso, portal: 10.11.0.2,3260] (multiple)
iscsiadm: Could not login to [iface: default, target:
iqn.2018-12.dz.esi:iso, portal: 10.11.0.2,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to
authorization failure) iscsiadm: Could not log into all portals

enter image description here My /etc/iscsi/initiatorname.iscsi file:

InitiatorName = iqn.2018-12.dz.esi:kvm1

Auth config in my target:

/iscsi/iqn.20....esi:iso/tpg1> set auth userid=vcl
Parameter userid is now 'vcl'.
/iscsi/iqn.20....esi:iso/tpg1> set auth password=password
Parameter password is now 'password'.

My /etc/iscsi/iscsid.conf file:

# To enable CHAP authentication set node.session.auth.authmethod
# to CHAP. The default is None.
node.session.auth.authmethod = CHAP

# To configure which CHAP algorithms to enable set
# node.session.auth.chap_algs to a comma seperated list.
# The algorithms should be listen with most prefered first.
# Valid values are MD5, SHA1, SHA256
# The default is MD5.
# node.session.auth.chap_algs = SHA256,SHA1,MD5

# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
node.session.auth.username = vcl
node.session.auth.password = password

Thanks for your help,

Yasmine
  • 31
  • 1
  • 3

1 Answers1

3

I actually just bumped into this issue myself. Hopefully the cause of your fault was the same as mine:

Problem:

I was 100% sure that the chap secrets were exact in /etc/iscsi/iscsid.conf but checked again to validate I didn't introduce a copy-n-paste error. Chap secrets were the same on the storage server and client, but nonetheless kept throwing the error.

My Config:

I'm using open-iscsi on Linux hosts to connect to a Synology storage box exposing the LUNs.

Solution:

After much head scratching, it occurred to me to reduce the complexity of the CHAP secrets: Strip-out the special characters

  1. In /etc/iscsi/iscsid.conf strip out any special characters. Copy this updated password.

  2. Update cached copies of the password in /etc/iscsi/nodes

  3. sudo systemctl restart iscsid.service

  4. Paste the updated password in the storage host exposing the LUN on your network.

  5. Now try reconnecting to the LUN(s); all should now connect if special characters were the issue.

Conclusion:

At first the error seemed a red herring, but it was 100% correct. Indeed, authentication WAS failing, but not because the CHAP secrets were different between the storage host and the client. It was failing due to but special characters borking authentication.

Anyhoo, the problem wasn't complex, but a bit of a slight time-waster...

F1Linux
  • 2,286
  • 1
  • 16
  • 28