1itadm(1M) System Administration Commands itadm(1M)
2
6 itadm - administer iSCSI targets
7
9 itadm create-target [-a,--auth-method radius | chap | none | default]
10 [-s,--chap-secret] [-S,--chap-secret-file path]
11 [-u,--chap-user chap-user-name] [-n,--node-name target_node_name]
12 [-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]]
13 itadm modify-target [-a,--auth-method radius | chap | none | default]
16 [-s,--chap-secret] [-S,--chap-secret-file path]
17 [-u,--chap-user chap-user-name] [-n,--node-name new_target_node_name]
18 [-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name
19 itadm delete-target [-f,--force] target_node_name
22 itadm list-target [-v,--verbose] [target_node_name]
25 itadm create-tpg tpg_name IP-address[:port] [IP-address[:port]]...
28 itadm list-tpg [-v,--verbose] [tpg_name]
31 itadm delete-tpg [-f,--force] tpg_name
34 itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
37 [-u,--chap-user chap-user-name] initiator_node_name
38 itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
41 [-u,--chap-user chap-user-name] initiator_node_name
42 itadm list-initiator [-v,--verbose] initiator_node_name
45 itadm delete-initiator initiator_node_name
48 itadm modify-defaults [-a,--auth-method radius | chap | none]
51 [-r,--radius-server IP-address[:port]] [-d,--radius-secret]
52 [-D,--radius-secret-file path][-i,--isns enable | disable]
53 [-I,--isns-server IP-address[:port][,IP-address[:port]]]
54 itadm list-defaults
57
60 The itadm command manages Internet SCSI (iSCSI) target nodes within the
61 SCSI Target Mode Framework described in stmfadm(1M) and libstmf(3LIB).
62 This allows the iSCSI initiators to access STMF logical units using the
63 iSCSI protocol. In addition to iSCSI target nodes, itadm manages two
64 other classes of managed objects: iSCSI Target Portal Groups, and iSCSI
65 Initiator Node Contexts.
66 itadm is implemented as a set of subcommands with options and operands
69 for each subcommand. These subcommands are described in their own sec‐
70 tion, below. In addition to its subcommands, itadm has a help command,
71 which displays the utility's usage information. The help command is
72 invoked with the -? option.
73 iSCSI Target Portal Groups
75 An iSCSI Target Network Portal is an IP address and TCP port that can
76 be used by an initiator node to connect to an iSCSI target. A collec‐
77 tion of these portals is called a Target Portal Group (TPG). You can
78 use a TPG to limit access to an iSCSI target. Use the itadm modify -t
79 command to bind a specific iSCSI target to the TPG. An iSCSI listener
80 is created on each IP address that belongs to the TPG, and listens for
81 connections to the iSCSI target.
82 A TPG is identified by a unique name provided when the TPG is created.
85 A numerical "Target Portal Group Tag" from the range 2-65535 is auto‐
86 matically generated when the TPG is created. The Target Portal Group
87 Tag 1 is reserved for the "default" target portal group that is used
88 when no explicit Target Portal Groups are set on the target. The portal
89 for the default TPG matches requests from all network interfaces on
90 port 3260.
91 iSCSI Initiator Node Contexts
93 Certain operations such as authentication by means of Challenge Hand‐
94 shake Authentication Protocol (CHAP) require parameters associated with
95 a remote iSCSI Initiator Node. These parameters are associated with an
96 iSCSI Initiator Node Context. An iSCSI Initiator Node Context is iden‐
97 tified by its Initiator Node Name, formatted in either IQN or EUI for‐
98 mat (see RFC 3720). For example:
99 iqn.1986-03.com.sun:01:e00000000000.47d55444
101 eui.02004567A425678D
102 Specifying IP Addresses
106 A number of itadm subcommands require that you specify one or more IP
107 addresses with optional port numbers. For IPv4, use standard dotted
108 decimal notation. For IPv6, enclose addresses in square brackets. The
109 following are example specifications.
110 IPv4: 10.2.4.1
112 10.2.4.1:3260
113 IPv6: [1080:0:0:0:8:800:200C:417A]
114 [1080:0:0:0:8:800:200C:417A]:3260
115
119 The following are the itadm subcommands with their options.
120 itadm create-target
122 itadm create-target [-a,--auth-method radius | chap | none | default]
123 [-s,--chap-secret]
124 [-S,--chap-secret-file path] [-u,--chap-user chap-user-name]
125 [-n,--node-name target_node_name] [-l,--alias alias]
126 [-t,--tpg tpg-name[,tpg-name,...]]
127 Create a iSCSI target with the specified options. Options are as fol‐
132 lows.
133 -a,--auth-method radius | chap | none | default
135 Specifies the authentication method to use for the target. Valid
137 values are radius, chap, and none. chap indicates that initiators
138 connecting to this target must be authenticated using the Challenge
139 Handshake Authentication Protocol (CHAP). radius indicates initia‐
140 tors should also be authenticated by means of CHAP but the required
141 authentication parameters should be obtained from a central RADIUS
142 server (see the radius-server and radius-secret options). none
143 means that no authentication is required to connect to the target.
144 default means the target will use the global setting of this prop‐
145 erty. (See the modify-defaults subcommand.)
146 -s,--chap-secret
149 The CHAP secret to send during mutual CHAP authentication. There is
151 no default for this property. Maximum length is 255 characters;
152 minimum required length is 12 characters.
153 -S,--chap-secret-file path
156 Path to a temporary file containing the CHAP secret as described in
158 the -s option.
159 -u,--chap-user chap-user-name
162 Specifies the CHAP username for a target for use in mutual CHAP
164 authentication. This value is allowed only for targets, cannot be
165 set globally, and is used only when the initiator node is config‐
166 ured to use mutual CHAP authentication. If no value is specified
167 then the target node name is used as the username. See iscsi‐
168 adm(1M).
169 -n,--node-name target_node_name
172 An iSCSI Target Node is identified by its Target Node Name, format‐
174 ted in either IQN or EUI format (see RFC 3720). This option estab‐
175 lishes that name.
176 -l,--alias alias
179 An alternate identifier associated with a target node. The identi‐
181 fier does not need to be unique.
182 -t,--tpg tpg-name[,tpg-name,...]
185 A list of Target Portal Group (TPG) identifiers that specifies the
187 TPGs that an initiator can use to access a specific target or the
188 keyword default. If default is specified, the target will use the
189 default portal, INADDR_ANY:3260.
190 itadm modify-target
193 itadm modify-target [-a,--auth-method radius | chap | none | default]
194 [-s,--chap-secret] [-S,--chap-secret-file path]
195 [-u,--chap-user chap-user-name] [-n,--node-name new_tgt_node_name]
196 [-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name
197 Modify an iSCSI target according to the specified options. Options are
202 as follows.
203 -a,--auth-method radius | chap | none | default
205 As described under the create-target subcommand, above.
207 -s,--chap-secret
210 As described under the create-target subcommand, above.
212 -S,--chap-secret-file path
215 As described under the create-target subcommand, above.
217 -u,--chap-user chap-user-name
220 As described under the create-target subcommand, above. To remove
222 an explicitly set CHAP username use -u none.
223 -n,--node-name target_node_name
226 Renames the target. See also the description of -n under the cre‐
228 ate-target subcommand, above.
229 -l,--alias alias
232 As described under the create-target subcommand, above. To remove
234 an explicitly set alias use -l none.
235 -t,--tpg tpg-name[,tpg-name,...]
238 As described under the create-target subcommand, above.
240 itadm list-target
243 itadm list-target [-v,--verbose] [target_node_name]
244 List information about the configured targets. If target_node_name is
249 specified, list only the information for that target. Option is as fol‐
250 lows.
251 -v,--verbose
253 Verbose mode.
255 itadm delete-target
258 itadm delete-target [-f,--force] target_node_name
259 Delete the target specified by target_node_name. The target must be
264 offline before it can be deleted. Option is as follows.
265 -f,--force
267 If the target persists in an online state, this option attempts to
269 offline the target before deleting it.
270 itadm create-tpg
273 itadm create-tpg tpg_name IP-address[:port]...
274 Create an iSCSI target portal group made up of the specified portals
279 and assign it the identifier tpg_name. Each portal is an IP address and
280 port pair. IPv4 portals are specified in dotted address notation, for
281 example, 172.31.255.255. IPv6 portal addresses must be enclosed in
282 square brackets.
283 This subcommand has no options.
286 itadm list-tpg
288 itadm list-tpg [-v,--verbose] [tpg_name]
289 List information about the configured target portal group. If tpg_name
294 is specified then list only the information about the target portal
295 group associated with that tpg_name. Option is as follows.
296 -v,--verbose
298 Verbose mode.
300 itadm delete-tpg
303 itadm delete-tpg [-f,--force] tpg_name
304 Delete the target portal group associated with tpg_name. Option is as
309 follows.
310 -f,--force
312 If the TPG is associated with any targets, the request to delete
314 will be denied unless this option is specified.
315 itadm create-initiator
318 itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
319 [-u,--chap-user chap-user-name] initiator_node_name
320 Configure parameters associated with the remote initiator named initia‐
325 tor_node_name. Options are as follows.
326 -s,--chap-secret
328 As described under the create-target subcommand, above.
330 -S,--chap-secret-file path
333 As described under the create-target subcommand, above.
335 -u,--chap-user chap-user-name
338 Specifies the CHAP username for an initiator, for use in CHAP
340 authentication. If no value is specified then the initiator node
341 name is used as the username.
342 itadm modify-initiator
345 itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
346 [-u,--chap-user chap-user-name] initiator_node_name
347 Modify parameters associated with the remote initiator named initia‐
352 tor_node_name. Options are as follows.
353 -s,--chap-secret
355 As described under the create-target subcommand, above.
357 -S,--chap-secret-file path
360 As described under the create-target subcommand, above.
362 -u,--chap-user chap-user-name
365 Specifies the CHAP username for an initiator, for use in CHAP
367 authentication. If no value is specified then the initiator node
368 name is used as the username.
369 itadm delete-initiator
372 itadm delete-initiator initiator_node_name
373 Delete parameters associated with the remote initiator named initia‐
378 tor_node_name. This subcommand has no options.
379 itadm list-initiator
381 itadm list-initiator [-v,--verbose] initiator_node_name
382 List parameters associated with the initiator named initia‐
387 tor_node_name. Option is as follows.
388 -v,--verbose
390 Verbose mode.
392 itadm modify-defaults
395 itadm modify-defaults [-a,--auth-method radius | chap | none]
396 [-r,--radius-server IP-address[:port]] [-d,--radius-secret]
397 [-D,--radius-secret-file path][-i,--isns enable | disable]
398 [-I,--isns-server IP-address[:port][,IP-address[:port]]]
399 Modify default parameters. Options are as follows.
404 -a,--auth-method radius | chap | none
406 Specifies the default authentication method to use for all targets.
408 Valid values are radius, chap, and none. chap indicates that ini‐
409 tiators connecting to this target must be authenticated using Chal‐
410 lenge Handshake Authentication Protocol (CHAP). radius indicates
411 initiators should also be authenticated by means of CHAP, but the
412 required authentication parameters should be obtained from a cen‐
413 tral RADIUS server. (See --radius-server and --radius-secret
414 options.) none means that no authentication is required to connect
415 to the target. Individual targets can override this global setting
416 using the -a option of the create-target and modify-target subcom‐
417 mands.
418 -d,--radius-secret
421 RADIUS Shared Secret for centralized CHAP authentication.
423 -D,--radius-secret-file path
426 Path to a temporary file containing the CHAP secret as described in
428 the -d option.
429 -i,--sns enable | disable
432 Specifies whether targets should be registered with the set of
434 defined iSCSI Name Service (iSNS) servers.
435 -I,--isns-server IP-address[:port][,IP-address[:port],...]
438 Defines a list of iSNS servers with which iSCSI target nodes will
440 be registered when the isns option associated with the respective
441 target is set. Up to eight iSNS servers can be specified. To remove
442 all iSNS servers, use -I none.
443 -r,--radius-server IP-address[:port]
446 Specify the IP address of the RADIUS server used for centralized
448 CHAP authentication.
449 itadm list-defaults
452 itadm list-defaults
453 List information about the default properties. This subcommand has no
458 options.
459
461 Example 1 Creating a Target
462 The following command creates a target.
465 # itadm create-target
468 Target iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a
469 successfully created
470 Example 2 Creating a Target with a Specific Name
474 The following command creates a target with a specific IQN.
477 # itadm create-target -n eui.20387ab8943ef7548
480 or:
481 # itadm create-target \
482 -n iqn.1986-03.com.sun:02:a9a366f8-cc2b-f291-840948c7f29e
483 Example 3 Changing a Name
487 The following command changes an IQN for an existing target.
490 # itadm modify-target -n eui.20387ab8943ef7548 \
493 iqn.1986-03.com.sun:02:a9a366f8-909b-cc2b-f291-840948c7f29e
494 Example 4 Setting up CHAP Authentication
498 The following command sets up CHAP authentication for a target using
501 the default CHAP username.
502 # itadm modify-initiator -s iqn.1986-03.com.sun:01:e00000000000.47d55444
505 Enter CHAP secret: *********
506 Re-enter secret: *********
507 # itadm modify-target -a chap eui.20387ab8943ef7548
509 Example 5 Creating Target Portal Groups
513 The following command creates two target portal groups, A and B, using
516 port 8000 for the addresses in TPG 2.
517 # itadm create-tpg A 192.168.0.1 192.168.0.2
520 # itadm create-tpg B 192.168.0.2:8000 192.168.0.2:8000
521 Example 6 Configuring a Target to Use TPGs
525 The following command configures a target to use TPGs A and B.
528 # itadm modify-target -t A,B eui.20387ab8943ef7548
531 Example 7 Setting up RADIUS Authentication for Specific Target
535 The following command sets up RADIUS authentication for a specific tar‐
538 get.
539 # itadm modify-defaults -r 192.168.10.1 -d
542 Enter RADIUS secret: *********
543 Re-enter secret: *********
544 # itadm modify-target -a radius eui.20387ab8943ef7548
546 Example 8 Setting up RADIUS Authentication for All Targets
550 The following command sets up RADIUS authentication for all targets.
553 # itadm modify-defaults -d -r 192.168.10.1 -a radius
556 Enter RADIUS secret: *********
557 Re-enter secret: *********
558 The preceding command assumes all targets were created with -a default.
563 Example 9 Listing Default Properties
566 The following command lists default properties.
569 # itadm list-defaults
572 iSCSI Target Default Properties:
573 alias: none
575 auth: none
576 radiusserver: none
577 radiussecret: unset
578 isns: disabled
579 isnsserver: 2.3.4.5,4.5.6.7
580 Example 10 Listing Targets
584 The following command lists targets.
587 # itadm list-target
590 TARGET NAME STATE SESSIONS
591 iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a online 0
592 iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 0
593 iqn.1986-03.com.sun:02:d14125bb-1c9d-c28d-97b0-f89259b642f3 online 0
594 iqn.1986-03.com.sun:02:03ff9fc5-794a-e9b4-a081-bb82917c292a online 0
595 Example 11 Listing Targets (Verbose)
599 The following command lists targets with the verbose option.
602 # itadm list-target -v
605 TARGET NAME STATE SESSIONS
606 iqn.1986-03.com.sun:02:d23e68d8-2d79-c988-98e7-a6361689d33c online 0
607 alias: -
608 auth: none (defaults)
609 targetchapuser: -
610 targetchapsecret: unset
611 tpg-tags: default
612 iqn.1986-03.com.sun:02:94ec46d4-c8e1-6993-ef03-ffc1dcd66606 online 1
613 alias: -
614 auth: chap
615 targetchapuser: -
616 targetchapsecret: unset
617 tpg-tags: nge1_ipv4 = 3
618 Example 12 Listing a Specific Target
622 The following command lists targets with the verbose option.
625 # itadm list-target -v \
628 iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227
629 TARGET NAME STATE SESSIONS
630 iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 1
631 alias: -
632 auth: chap
633 targetchapuser: -
634 targetchapsecret: unset
635 tpg-tags: nge1_ipv4 = 3
636
640 See attributes(5) for descriptions of the following attributes:
641 ┌─────────────────────────────┬─────────────────────────────┐
646 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
647 ├─────────────────────────────┼─────────────────────────────┤
648 │Availability │SUNWiscsitu │
649 ├─────────────────────────────┼─────────────────────────────┤
650 │Interface Stability │Committed │
651 └─────────────────────────────┴─────────────────────────────┘
652
654 iscsiadm(1M), stmfadm(1M), libstmf(3LIB), attributes(5)
655SunOS 5.11 4 Aug 2009 itadm(1M)