You can use the command-line interface
(CLI) to configure the Lenovo Storage V7000 clustered
system to authenticate with iSCSI-attached hosts using the Challenge-Handshake
Authentication Protocol (CHAP). After the CHAP is
set for the system, all attached hosts must be configured to authenticate. When
troubleshooting a problem, you can delay your configuration of the
CHAP authentication until after you configure the first one or two
hosts and test their connectivity.
To configure authentication between the Lenovo Storage V7000 system
and the iSCSI-attached hosts, follow these steps:
- To configure CHAP authentication for an iSCSI host,
enter the following CLI command:
chhost -chapsecret chap_secrethost_name
where chap_secret is
the CHAP secret to be used to authenticate the system via iSCSI and host_name is
the name of the iSCSI host.The chap_secret value
must be 12 characters.
- To set the authentication method
for the iSCSI communications of the system, enter the following CLI
command:
chsystem -iscsiauthmethod chap -chapsecret chap_secret
where chap specifies that CHAP
is the authentication method and chap_secret is
the CHAP secret to be used. The specified CHAP secret cannot begin
or end with a space.
- To clear all CHAP secrets for iSCSI authentication that
have been previously set, enter the following CLI command:
chsystem -nochapsecret
The
nochapsecret parameter
is not allowed if the
chapsecret parameter is
specified.
- Run the lsiscsiauth command to display
the Challenge Handshake Authentication Protocol (CHAP) secret that
has been configured.
After you configure the CHAP secret
for the Lenovo Storage V7000 system,
ensure that the system CHAP secret is added to each iSCSI-attached
host. On all iSCSI-attached hosts, specify a CHAP secret that the
hosts use to authenticate to the Lenovo Storage V7000 system.