• No replies
4779 Posts

Pinned topic N3300 iSCSI auth/CHAP issue with QLogic HBAs

‏2013-02-01T23:19:42Z |

I have an old/unsupported N3300 I am trying to bring to life.

FYI, I am using NetApp's OnCommand System Manager for configuration.

iSCSI is enabled and I am able to connect some QLogic HBAs to it, provided that each initiator has its "security type" set to "None (Authentication is not required for this initiator)".

However, I want to use CHAP authentication for my initiators.

Some background - I also have a NetApp box and these same QLogic HBAs connect to the NetApp perfectly fine using CHAP security. Obviously both the NetApp box N3300 are both running OnTap, albeit different versions of course.

I have attempted to enable CHAP authentication within the N3300 for each initiator, along with entering their inbound CHAP credentials. The HBAs are configured at BIOS level with their username and password. VMware vSphere has then been used to configure the storage adapters to point to the N3300 for dynamic/static LUN discovery. When scanning for storage, the N3300 console reports the iSCSI CHAP login as failing due to incorrect login -
Sat Feb 2 03:28:11 EST iscsi.warning:warning: ISCSI: Authentication failed for initiator
I will note, however, that these same HBAs connect to a NetApp box just fine, using the exact same inbound CHAP details configured (using OnCommand System Manager).

Has anyone experienced anything similar?

I have considered the following -

  • could the N3300 be using/expecting a different CHAP username? (ie, the initiator iqn?) (I have tried this)

  • could our CHAP password be too short? (7 chars). Interestingly, our NetApp box permits us to use an "Default Security" initiator password of only 7 chars, the configured initiators then use the default security type for authentication (works for NetApp box). However, the N3300 insists on having a 12-char minimum for the default security password (required for MS initiators even though I'm not using MS). However, the N3300 does permit individual 7-char passwords for each initiator (authentication still fails).

I did manage to force the N3300 to accept a 7-char default security password by using the CLI (ie, iscsi security default -s CHAP -n user -p 1234567). Authentication still failed for all initiators.
Are there flat iSCSI/CHAP config files stored on the N3300 I can view? I have browsed to \\filer\c$\etc and looked in the obvious places. I would like to manually inspect the files myself.

Is there a log file which will show the failed login attempts?