iSCSI initiator with CHAP

[angelski]

I know FreeNAS is not intended to be iScsi initiator - in my opinion it should be as you usually connect to a bigger storage system where you can store all your files etc. But anyway...

I've read post number 22098 where it's very well explained how to create iScsi initiator. And I have managed to successfully connect to storage - but only without CHAP.

If I add to iscsi.conf:

• AuthMethod = CHAP;
• chapIName = user;
• chapSecret = "1234567890123456";

when running "iscsictl -v" I always get "Failure reason: Authentication failure".

I'm pretty sure the storage works fine since I was able to connect with the same user/pass directly via Windows machine.

Does anyone have any idea how to proceed to solve this issue?

 

[jonpetersathan]

Hey, I know it's propably a little late, but in case you still want to solve this issue or for anyone else who has this issue:
The problem is that TrueNas is using SCST to configure and share iSCSI devices. While on most other linux distributions you would use open-iscsi. The issue here is that open-iscsi is still using MD5 algorithm as default which doesnt work with SCST (figured this out by luck, no idea where this is documented...).

In order to make it work you have to edit "/etc/iscsi/iscsid.conf" on the system you are trying to connect to TrueNas and uncomment the following line:
node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5

It then tries to connect using the algorithms in the specified order. This should be the default setting IMO, but it isn't - at least for Ubuntu 22.04.

This is also true btw if you try to use TrueNas as storage server for your kubernetes cluster over iSCSI.

 

[jonpetersathan]

ok nvm, Mutual CHAP still doesn't work for me :(
Regular chap does though, I guess that's a start...