Applies to:
----------------------------------------------------------------------------------------------------------------------

Operating Systems - RHEL 5.x, RHEL 6.x, OL 5.x, OL 6.x, Oracle VM 2.x
Platform - Applies to all Dell PowerEdge Servers

Problem:
----------------------------------------------------------------------------------------------------------------------
How do I enable CHAP to restrict access to volumes?

Solution:
----------------------------------------------------------------------------------------------------------------------
In this article we we will discuss how to setup CHAP authentication at the operating system level. For information regarding configuring CHAP on the EqualLogic array, please visit:
http://www.equallogic.com/resourcecenter/assetview.aspx?id=5317

Once you have created your local CHAP user account on the EqualLogic array and have restricted access to your specific volumes, we must now enable our operating system to login those particular targets.

The first step in enabling CHAP is to edit the following file:
/etc/iscsi/iscsid.conf

Within the /etc/iscsi/iscsid.conf file, find the "CHAP Settings" section and uncomment the following lines and add the proper credentials for username and password that you originally set in your EqualLogic array.

# *************

# CHAP Settings

# *************

# To enable CHAP authentication set #node.session.auth.authmethod to CHAP. The default is None.

node.session.auth.authmethod = CHAP

 

# To set a CHAP username and password for initiator #authentication by the target(s), uncomment the following #lines:

node.session.auth.username = username

node.session.auth.password = password

 

# To enable CHAP authentication for a discovery session to the target

# set discovery.sendtargets.auth.authmethod to CHAP. The #default is None.

discovery.sendtargets.auth.authmethod = CHAP

 

# To set a discovery session CHAP username and password for #the initiator authentication by the target(s), uncomment #the following lines:

discovery.sendtargets.auth.username = username

discovery.sendtargets.auth.password = password

Once you have made these changes save the file, and restart your iSCSI service with the following command:
#service iscsi restart

Once your iscsi service has been restarted, follow section 3.2.1.1 How do I discover, login, and logout iSCSI targets? to login your iSCSI volumes.

The direct link to that wiki article can be found here:

http://en.community.dell.com/dell-groups/enterprise_solutions/w/oracle_solutions/3-2-1-1-2-how-do-i-discover-login-and-logout-iscsi-targets.aspx