SolidFire and HCI

new VLAN. initiator failed authorization

diaaeldin
1,329 Views

Hello all

 

On solidfire 11.8.0.23

I added a new vlan:

   vlan tag: 202
   SVIP: 10.1.2.240
   VRF enabled: No

 

From RHEL 8.2 server, which has interface in the same vlan, when I try to discover targets on SVIP I got failed authorization, but I am sure the account and initiator/target secret are similar to those credentials on RHEL server !

[root@rhvh11 ~]# cat /etc/iscsi/iscsid.conf
...
node.session.auth.authmethod = CHAP
node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
node.session.auth.username = rhvuser
node.session.auth.password = rhvpassword
node.session.auth.username_in = rhvuser
node.session.auth.password_in = rhvpassword
discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.username = rhvuser
discovery.sendtargets.auth.password = rhvpassword
discovery.sendtargets.auth.username_in = rhvuser
discovery.sendtargets.auth.password_in = rhvpassword
...

 

[root@rhvh11 ~]# iscsiadm -m discovery --type sendtargets --portal 10.1.2.240:3260
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to 10.1.2.240 rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure

 

[root@rhvh11 ~]# nc -vz -w3 10.1.2.240 3260
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 10.1.2.240:3260.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

 

[root@rhvh11 ~]# ping -c1 10.1.2.240
PING 10.1.2.240 (10.1.2.240) 56(84) bytes of data.
64 bytes from 10.1.2.240: icmp_seq=1 ttl=64 time=0.115 ms

--- 10.1.2.240 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.115/0.115/0.115/0.000 ms

 

On solidfire element web UI, I cannot see any related message in "Event Log" tab

1 ACCEPTED SOLUTION

Ontapforrum
1,302 Views

Could be this issue:
https://kb.netapp.com/Advice_and_Troubleshooting/Flash_Storage/SF_Series/Newer_versions_of_Linux_open-iSCSI_initiator_for_environments_like_OpenShift_...

 

Solution
1) Edit the iscsid.conf file on each Linux host.

2) Change this line in the iscsid.conf file:
“node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5”

 

To the below:

“node.session.auth.chap_algs = MD5”

 

3) Try iSCSI login again.

View solution in original post

2 REPLIES 2

Ontapforrum
1,303 Views

Could be this issue:
https://kb.netapp.com/Advice_and_Troubleshooting/Flash_Storage/SF_Series/Newer_versions_of_Linux_open-iSCSI_initiator_for_environments_like_OpenShift_...

 

Solution
1) Edit the iscsid.conf file on each Linux host.

2) Change this line in the iscsid.conf file:
“node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5”

 

To the below:

“node.session.auth.chap_algs = MD5”

 

3) Try iSCSI login again.

diaaeldin
1,169 Views

hello
Issue resolved without doing any change from storage & server sides. Looks like our network team was missing something!

Public