Different "Authorized Access"groups for iSCSI not working

[mleopold]

Hi,

I'm using FreeNAS-9.10.2-U1 for iSCSI targets on several boxes. I'm configuring various initiators and various targets using these initiators. This works fine as long as i use the same "Authorized Access Group" for all targets. As soon as is try to use another "Authorized Access" group than "1" the client can't login anymore. Using different users in group "1" works OK. The only way I found to create another "Authorized Access" group is to give a different "Group ID" when using "Adding Authorized Access". Is this correct? Why can't I use different "Authorized Access"groups?

For clients I'm using iscsi-initiator-utils from CentOS 6/7

thx for help
matthias

 

[dlavigne]

What's the specific error on the client side and is there anything in /var/log/messages or /var/log/auth.log on the FreeNAS side when the client gets the error?

 

[mleopold]

iscsi client says:

# iscsiadm -m discovery -p foo.bar -t st
iscsiadm: Login failed to authenticate with target
iscsiadm: discovery login to xxx.xxx.xxx.xxx rejected: initiator failed authorization
iscsiadm: Could not perform SendTargets discovery: iSCSI login failed due to authorization failure

/var/log/messages on freenas foo.bar says:

Feb 1 18:38:16 foo ctld[84175]: xxx.xxx.xxx.xxx (iqn.1994-05.com.redhat:xxx): received CHAP Login with invalid user "baz"
Feb 1 18:38:16 foo ctld[80303]: child process 84175 terminated with exit status 1

user "baz" is in "Authorized Access" Group 2
target for initiator "iqn.1994-05.com.redhat:xxx" is configured with "Authentication Group Number: 2"
same setup works when putting user "baz" in "Authorized Access" Group 1

thx
matthias

 

[dlavigne]

Please create a bug report at bugs.freenas.org and post your issue number here.

 

[mleopold]

https://bugs.freenas.org/issues/20826

 

[mleopold]

as it turned out it was a misconfiguration issue on my side. thanks for help. please close this thread

 

[darkwarrior]

Where was the culprit ?
Maybe you can share your experience for future reference

 

[mleopold]

Where was the culprit ?
Maybe you can share your experience for future reference :)

i'm sorry, but you can read it at https://bugs.freenas.org/issues/20826.