You can use the command-line interface
(CLI) to configure the Lenovo Storage V series clustered
system to authenticate with iSCSI-attached hosts using the Challenge-Handshake
Authentication Protocol (CHAP). After the CHAP is
set for the system, all attached hosts must be configured to authenticate. When
troubleshooting a problem, you can delay your configuration of the
CHAP authentication until after you configure the first one or two
hosts and test their connectivity.
To configure authentication between the Lenovo Storage V series system
and the iSCSI-attached hosts, follow these steps:
- To configure CHAP authentication for an iSCSI host,
enter the following CLI command:
chhost -chapsecret chap_secrethost_name
where chap_secret is
the CHAP secret to be used to authenticate the system via iSCSI and host_name is
the name of the iSCSI host.The chap_secret value
must be 12 characters.
- To set the authentication method
for the iSCSI communications of the system, enter the following CLI
command:
chsystem -iscsiauthmethod chap -chapsecret chap_secret
where chap specifies that CHAP
is the authentication method and chap_secret is
the CHAP secret to be used. The specified CHAP secret cannot begin
or end with a space.
- To clear all CHAP secrets for iSCSI authentication that
have been previously set, enter the following CLI command:
chsystem -nochapsecret
The
nochapsecret parameter
is not allowed if the
chapsecret parameter is
specified.
- Run the lsiscsiauth command to display
the Challenge Handshake Authentication Protocol (CHAP) secret that
has been configured.
After you configure the CHAP secret
for the Lenovo Storage V series system,
ensure that the system CHAP secret is added to each iSCSI-attached
host. On all iSCSI-attached hosts, specify a CHAP secret that the
hosts use to authenticate to the Lenovo Storage V series system.