I have already shown you how to create an iSCSI share without authentication. Here I will show you how to create an iSCSI portal with CHAP authentication. In TrueNAS, you can not add CHAP authentication on an existing portal unless you create a new “Authorized Access” group and change the other configurations. .
Note: The wizard does not not work well when using CHAP.
- Click on the “Authorized Access” tab and press “Add”
- Assign a “Group ID” number
- Supply a user name and password for CHAP then press Save
- Click on the “Portals” tab and press “Add”
- Select CHAP under Discovery Authentication Method.
- Select the Discovery Authentication group you just created.
- Select the correct IP address and port. 3260 is the default iSCSI port.
- Press Save
- Click on the “Initiators Group” tab and press “Add”
- Select “Allow All Initiators” and press Save
- Click on the “Targets” tab and press “Add”
- Supply a “Target Name”.
- Select the “Portal Group ID” you created
- Select “CHAP” for the Authentication Method
- Select the “Initiator Group ID” and “Authentication Group Number” and press Save
- Click on the “Extents” tab and press “Add”
- Supply an extent name
- Select “Device” for the “Extent Type” and select the Device (zVol)
- Press Save
- Click on the “Associated Target” tab and press “Add”
- Select the Target, assign a LUN number and select the Extent. Press Save.
One of the options for “Discovery Authentication Method” is Mutual CHAP. According to VMware, this allows for bi-directional CHAP, which TrueNAS does not support.