From: Jon Heese <jheese@inetu.net>
To: ronnie sahlberg <ronniesahlberg@gmail.com>
Cc: "stgt@vger.kernel.org" <stgt@vger.kernel.org>
Subject: RE: Authorizing iSCSI access by IQN
Date: Tue, 22 Sep 2015 19:34:24 +0000 [thread overview]
Message-ID: <2dea931a447945da88ebb0f5e565ace9@int-exch6.int.inetu.net> (raw)
In-Reply-To: <CAN05THRjt=fhdMJ8NuNy3ReSi9zoovxupfmHZ6raruOJ=r4AWA@mail.gmail.com>
Awesome, thanks.
Jon Heese
Systems Engineer
INetU Managed Hosting
P: 610.266.7441 x 261
F: 610.266.7434
www.inetu.net
** This message contains confidential information, which also may be privileged, and is intended only for the person(s) addressed above. Any unauthorized use, distribution, copying or disclosure of confidential and/or privileged information is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately via reply e-mail. **
-----Original Message-----
From: ronnie sahlberg [mailto:ronniesahlberg@gmail.com]
Sent: Tuesday, September 22, 2015 3:30 PM
To: Jon Heese <jheese@inetu.net>
Cc: stgt@vger.kernel.org
Subject: Re: Authorizing iSCSI access by IQN
Change initiator-address to initiator-name
initiator-address is for specifying an ip address to allow access from.
initiator-name is to specify the iqn name to allow access from.
See
http://linux.die.net/man/5/targets.conf
On Tue, Sep 22, 2015 at 8:57 AM, Jon Heese <jheese@inetu.net> wrote:
> Hello,
>
> I am attempting to use tgtd to provide iSCSI storage for a (large) group of initiators who are given IPs with DHCP, and thus cannot be relied upon to be static. As such, I'd like to authorize access to the storage LUs based on the IQNs on each initiator. For example:
>
> <target iqn.storage.server:target02>
> backing-store /var/iscsi.file02
> initiator-address
> iqn.1996-12.net.inetu:server-name.domain.net-r4zsbpwh2nfy
> </target>
>
> However, when I connect an initiator with that IQN, they don't see any LUs. If I remove the "initiator-address" restriction, or change it to "ALL" or the IP or subnet of the initiator, the LUs show up and work properly, albeit without sufficient access control.
>
> On a RHEL6 initiator, using iscsi-initiator-utils-6.2.0.873-14, I get the following:
> [root@jheese-rhel6 ~]# iscsiadm -m discovery -t sendtargets -p
> 10.174.1.101
> iscsiadm: No portals found
>
> And on Windows 2012 R2, I get the following:
> "No Targets available for Login using Quick Connect."
>
> Can anyone help me to troubleshoot what's going wrong here? Any suggestions of ways to gain more insight into what's happening?
>
> FYI, I'm running tgtd 1.0.60, cloned from the git repo and built from scratch (because I needed the capability of using RBD backing-stores, and I couldn't find any CentOS 7 packages/repos that would provide that).
>
> Thanks in advance!
>
> Jon Heese
> Systems Engineer
> INetU Managed Hosting
> P: 610.266.7441 x 261
> F: 610.266.7434
> www.inetu.net
>
> ** This message contains confidential information, which also may be
> privileged, and is intended only for the person(s) addressed above.
> Any unauthorized use, distribution, copying or disclosure of
> confidential and/or privileged information is strictly prohibited. If
> you have received this communication in error, please erase all copies
> of the message and its attachments and notify the sender immediately
> via reply e-mail. **
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in the
> body of a message to majordomo@vger.kernel.org More majordomo info at
> http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2015-09-22 19:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-22 15:57 Authorizing iSCSI access by IQN Jon Heese
[not found] ` <CAL2tJLJ677c3pQZjRBdqCH=Xe12pjnRh53eD30i0xngCHDp3FA@mail.gmail.com>
2015-09-22 19:15 ` Jon Heese
2015-09-22 19:29 ` ronnie sahlberg
2015-09-22 19:34 ` Jon Heese [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2dea931a447945da88ebb0f5e565ace9@int-exch6.int.inetu.net \
--to=jheese@inetu.net \
--cc=ronniesahlberg@gmail.com \
--cc=stgt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).