Discussion:
iSCSI and 13.0
john via freebsd-questions
2021-04-20 19:59:00 UTC
Permalink
Has anything changed in either the target or initiator in 13.0 that
requires a configuration change? Specifically, with respect to chap
authentication?

I'm asking because a setup with a FreeBSD target and multiple FreeBSD
initiators stopped working consistently after upgrading to 13.0.
--
John R. Shannon
***@johnrshannon.com
john via freebsd-questions
2021-04-20 20:49:11 UTC
Permalink
It seems to work fine when my initiator is running Linux with CHAP
authentication and with FreeBSD initiator using no authentication. After
connecting, using the iSCSI drive and disconnecting, /usr/sbin/ctld
remains running.

If I connect from a FreeBSD initiator using CHAP authentication ctld
terminates.

If I run "ctld -d" and initiate a connection from a FreeBSD initiator
with CHAP authentication I see:
[***@nas ~]# ctld -d
ctld: obtaining previously configured CTL luns from the kernel
ctld: CTL port 0 "camsim" wasn't managed by ctld;
ctld: CTL port 1 "ioctl" wasn't managed by ctld;
ctld: CTL port 2 "tpc" wasn't managed by ctld;
ctld: obtaining configuration from /etc/ctl.conf
ctld: auth-group "default" not defined; going with defaults
ctld: portal-group "default" not defined; going with defaults
ctld: opening pidfile /var/run/ctld.pid
ctld: adding lun "iqn.2000-05.com.johnrshannon:target0,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target1,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target2,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target3,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target4,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target5,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target6,lun,0"
ctld: adding lun "iqn.2000-05.com.johnrshannon:target7,lun,0"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target0"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target1"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target2"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target3"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target4"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target5"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target6"
ctld: adding port "group0-iqn.2000-05.com.johnrshannon:target7"
ctld: not listening on portal-group "default", not assigned to any target
ctld: listening on 0.0.0.0, portal-group "group0"
ctld: incoming connection; not forking due to -d flag
ctld: accepted connection from 192.168.1.23; portal group "group0"
ctld: 192.168.1.23: setting session timeout to 60 seconds
ctld: 192.168.1.23: Capsicum capability mode enabled
ctld: 192.168.1.23: beginning Login Phase; waiting for Login PDU
ctld: 192.168.1.23: key received: "AuthMethod=None,CHAP"
ctld: 192.168.1.23: key received:
"InitiatorName=iqn.1994-09.org.freebsd:polya.johnrshannon.com"
ctld: 192.168.1.23: key received: "SessionType=Normal"
ctld: 192.168.1.23: key received:
"TargetName=iqn.2000-05.com.johnrshannon:target4"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
initiator requests to connect to target
"iqn.2000-05.com.johnrshannon:target4"; auth-group "ag4"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
CHAP authentication required
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "AuthMethod=CHAP"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "TargetPortalGroupTag=257"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
beginning CHAP authentication; waiting for CHAP_A
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "CHAP_A=5"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
sending CHAP_C, binary challenge size is 1024 bytes
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "CHAP_A=5"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "CHAP_I=93"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send:
"CHAP_C=0x422d337dd60ad86d8e30e8b95f03eea63353465a352c944e3427c9315ef0ebcb518a8b39455d64ebb2cfc1b073765d7a7ef02399da388ddf84e7f9ea8e1464152a7f6ac507611d69725ea2d4ce568ae995cf7f3e0d8372a6d6b9cb71004d7c126fcba777f0643ab526055437ff0dccba49758353822519d73ffae0e664a8d52e87c691b1b4a09c6efa1cc3633ae4e4ae5f4c4eba08d72cb07e6709d899ff14976f9c9ec56c33608f98695f5b34e1bc2db6a301cf809bce1b4f70d4b126c082e4b78b01b0974d804d421bb96ede80b842761bf2732370c6d114437de954d299c1132f2395943d5cfee83a0c409e23928be77ca5693d5daf8954983d909642bb7d0aef7feccb7abfe4ffbfda5854f7544f225d3aa8b663268088be9f1a5546c19dc86a84713709fcbe9cd5ac105654c702a93377cb953c6a39a16ae8a8b380aaf805d895441a4521ad07decd4adc1fabbf008e8c17ca7c1985e215a4bfbd547f02dd96b145e5f3191055898e2afb06b1f6177e1a6d2069d5c0d0a90414b3f7d056b6f5c77c4b64d5a3bc5126b40f0dc307aa78ab54314bdb6ad2094925c0ebc587f05e379fe5096a38564dfb8f8479c31e1b2c19cdf0d5a4dcb7663c57f2051e647dba628e844c1f9988a7dbf9625642070b902bcee7374cc646a5e33ca99c05ff3b730b6a52ca5c42368d77f5d90fad9f6b109bae
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
waiting for CHAP_N/CHAP_R
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "CHAP_N=polya"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "CHAP_R=0xad14e0cedbcb56b11dfc9f4038f321ae"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
authentication succeeded for user "polya"; transitioning to operational
parameter negotiation
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "CHAP_N=polya"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "CHAP_R=0xad14e0cedbcb56b11dfc9f4038f321ae"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
initiator did not request target authentication
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
Kernel limits are MaxRecvDataSegment=262144, max_send_dsl=262144,
MaxBurstLength=1048576, FirstBurstLength=1048576
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
beginning operational parameter negotiation; waiting for Login PDU
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "iSCSIProtocolLevel=2"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "HeaderDigest=None"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "DataDigest=None"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "ImmediateData=Yes"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "MaxBurstLength=1048576"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "FirstBurstLength=1048576"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "InitialR2T=Yes"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "MaxOutstandingR2T=1"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "MaxRecvDataSegmentLength=262144"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "DefaultTime2Wait=0"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "DefaultTime2Retain=0"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
received: "ErrorRecoveryLevel=0"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "iSCSIProtocolLevel=2"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
initiator prefers not to do header digest; we'll comply
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "HeaderDigest=None"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
initiator prefers not to do data digest; we'll comply
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "DataDigest=None"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "ImmediateData=Yes"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "MaxBurstLength=1048576"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "FirstBurstLength=1048576"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "InitialR2T=Yes"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "MaxOutstandingR2T=1"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "MaxRecvDataSegmentLength=262144"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "DefaultTime2Wait=0"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "DefaultTime2Retain=0"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com): key
to send: "ErrorRecoveryLevel=0"
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
operational parameter negotiation done; transitioning to Full Feature Phase
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
connection handed off to the kernel
ctld: 192.168.1.23 (iqn.1994-09.org.freebsd:polya.johnrshannon.com):
nothing more to do; exiting
Post by john via freebsd-questions
Has anything changed in either the target or initiator in 13.0 that
requires a configuration change? Specifically, with respect to chap
authentication?
I'm asking because a setup with a FreeBSD target and multiple FreeBSD
initiators stopped working consistently after upgrading to 13.0.
--
John R. Shannon
***@johnrshannon.com
Loading...