CHAP Authentication
CHAP authentication is configured to protect iSCSI links. After CHAP authentication is configured, a host can connect a discovered target only after the correct user name and password are provided.
The following describes how to configure CHAP authentication on a host and storage system respectively.
Configuring CHAP Information on a Host
Go to the Target tab page, select the desired target, and click Connect. In the dialog box that is displayed, click Advanced. In the dialog box that is displayed, select Enable CHAP log on, and enter the user name and password configured on the storage system, as shown in Figure 5-24.
Windows iSCSI Initiator will automatically connect to favorite targets after down links are recovered. However, when CHAP authentication is configured, iSCSI Initiator will not automatically update CHAP authentication information about the favorite targets before automatic target connection. As a result, the automatic target connection may fail. To ensure correct connection to favorite targets, update favorite target information after configuring CHAP authentication as follows:
- On the Favorite Target tab page of iSCSI Initiator, delete the previously configured target.
- Reconnect to the iSCSI target. Enter the user name and password of CHAP authentication and select Add this connection to the list of Favorite Targets.
Configuring CHAP Information on a Storage System
The method for configuring CHAP authentication varies with storage systems. The following describes how to configure CHAP authentication on various storage systems.
OceanStor T V1 storage system
To configure CHAP authentication on OceanStor T V1, perform the following steps:
- Go to the CHAP configuration page.
In the ISM navigation tree, choose SAN Services > Mappings > Initiators. In the function pane, select the initiator whose CHAP authentication you want to configure and choose CHAP > CHAP Configuration in the navigation bar, as shown in Figure 5-25.
- In the CHAP Configuration dialog box that is displayed, click Create in the lower right corner, as shown in Figure 5-26.
In the Create CHAP dialog box that is displayed, enter the CHAP user name and password, as shown in Figure 5-27.
The CHAP user name contains 4 to 25 characters and the password contains 12 to 16 characters.
The limitations to CHAP user name and password vary with storage systems. For details, see the help documentation of corresponding storage systems.
- Assign the CHAP user name and password to the initiator, as shown in Figure 5-28.
- Enable the CHAP account that is assigned to the host.
In the ISM navigation tree, choose SAN Services > Mappings > Initiators. In the function pane, select the initiator whose CHAP account is to be enabled and choose CHAP > Status Settings in the navigation bar, as shown in Figure 5-29.
- In the Status Settings dialog box that is displayed, choose Enabled from the CHAP Status drop-down list, as shown in Figure 5-30.
On the ISM, view the initiator status, as shown in Figure 5-31.
OceanStor 18000/T V2/V3 (V300R001) storage system
The iSCSI initiators' CHAP authentication methods are similar for OceanStor 18000/T V2/V3 systems. The following uses OceanStor V3 (V300R001) as an example to describe how to configure CHAP authentication.
- On DeviceManager, click the icon
on the right navigation tree. Then, click Host in the displayed page.
Figure 5-32 Storage configuration page - Select the host for which CHAP authentication needs to be enabled. In the initiator list, select the target initiator and click Modify.Figure 5-33 Host configuration page
- In the displayed Modify Initiator dialog box, select Enable CHAP authentication, enter the CHAP name and password, and then click OK.Figure 5-34 Initiator configuration page
CHAP authentication is configured on the storage system.
OceanStor V3 (V300R002 and later)/Dorado V3/OceanStor V5 storage system
The iSCSI CHAP authentication methods are similar for OceanStor V3 (V300R002 and later), OceanStor V5, and Dorado V3. The following uses OceanStor V3 as an example to describe how to configure CHAP authentication.
- On DeviceManager, choose Provisioning > Host.Figure 5-35 Storage configuration page
- Select the host for which CHAP authentication needs to be enabled. In the initiator list, select the target initiator and click Properties.Figure 5-36 Host configuration page
- In the displayed Initiator Properties dialog box, select Enable CHAP authentication, enter the CHAP name and password, and then click OK.Figure 5-37 Initiator configuration page
CHAP authentication is configured on the storage system.