Florian –
No, I have not made any configuration changes to the hba.conf file.
First, as I said, Im using a Windows install, not a *nix. Those
instructions are not for windows installs.
Second, those settings are to restrict access to the external
database. At this point, I don’t want to restrict anything, as I am unable to
make a connection to the database
Jeff
From: Florian Kroessbacher [mailto:florian.kroessbac...@gmail.com]
Sent: Thursday, March 20, 2014 12:42 PM
To: Jeffrey Girard
Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on
Windows for Presence and IM?
hy i mean that from the pdf
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html
About Security Recommendations for the External Database
•Connection to the External
Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055358>
•Restriction of User Access to the
Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055626>
(Recommended)
•Limiting the Maximum Connections to the
Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056168>
(Optional)
•Default Listener Port
Configuration<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056160>
(Optional)
Connection to the External Database
Cisco Unified Presence does not provide a secure TLS/SSL connection to the
external database. We recommend that you consider this security limitation when
you plan your Cisco Unified Presence deployment, and consider the security
recommendations we provide in this topic.
Restriction of User Access to the Database
We strongly recommend that you restrict user access to the external database to
only the particular user and database instance that Cisco Unified Presence
uses. You can restrict user access to the PostgreSQL database in the
pg_hba.conf file located in the <install_dir>/data directory.
[Image removed by sender.]
________________________________
Caution Do not configure 'all' for the user and database entries because
potentially this could allow any user access to any database.
________________________________
When you configure user access to the external database, we also recommend that
you configure password protection for the database access using the 'password'
method.
[Image removed by sender.]
________________________________
Note You are required to enter a password for the database user when you
configure a database entry on Cisco Unified Presence.
________________________________
The following are examples of a secure user access configuration, and a less
secure user access configuration, in the pg_hba.conf file.
Example of a secure configuration:
# TYPE
DATABASE
USER
CIDR-ADDRESS
METHOD
host
dbinst1
tcuser1
10.89.99.0/24<http://10.89.99.0/24>
password
host
dbinst2
mauser1
10.89.99.0/24<http://10.89.99.0/24>
password
Example of a less secure configuration:
# TYPE
DATABASE
USER
CIDR-ADDRESS
METHOD
host
dbinst1
tcuser1
10.89.99.0/24<http://10.89.99.0/24>
trust
host
dbinst2
all
10.89.99.0/24<http://10.89.99.0/24>
password
Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard :
Florian –
Thanks for the response.
Yes, I have already turned off the firewall completely
No, I have not done any config in the hba.conf - I don’t know what
that is or where its located
------------------------------------------------------------------------------------
Dr. Jeffrey T. Girard (Jeff), PhD
Colonel, United States Army (Retired)
Senior Network Engineer / VoIP Engineer - WireMeHappy.com
reply to:
jeffrey.gir...@wiremehappy.com<javascript:_e(%7B%7D,'cvml','jeffrey.gir...@wiremehappy.com');>
(607)835-0406 (home office)
(845)764-1661 (mobile)
(607)835-0458 (fax)
From: Florian Kroessbacher
[mailto:florian.kroessbac...@gmail.com<javascript:_e(%7B%7D,'cvml','florian.kroessbac...@gmail.com');>]
Sent: Thursday, March 20, 2014 12:26 PM
To: Jeffrey Girard
Cc:
cisco-voip@puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip@puck.nether.net');>
Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on
Windows for Presence and IM?
hy
have u checked the local fw on the windows server for inbound connection from
the presence server.
have u done the config in the hba.conf and so on
Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard :
I have searched the Cisco site and there are tons of documents on how to
configure the database for *nix installs. I, unfortunately, am not skilled in
that arena.
I have downloaded and installed PostgreSQL on a Win2k8R2 server.
I tried to interpret the Cisco doc instructions as best I could
I have created a new database called tcmadb
I have created a new entity under Login Roles called tcuser and gave that user
superadmin rights
I went back to the tcmadb database and made the tcuser the owner of the database
In CUPS, I created the new external database:
Database name -> tcmadb
Username -> tcuser
Pasword -> password that I assigned to tcuser when I created it in
the database
Hostname -> IP address of my win2K8 server
Port Number -> 5432.
After several failures, I found a thread that indicated that I should create a
new user in the Windows domain called tcuser. I did that, and gave that user
domain admin privileges.
I get the failure to connect error under External Database Status
Green check for reachability
Failure on connectivity to database “Verify the hostname, username, and
password are valid”
Does it have anything to do with the postgres user account?
--
--
Florian Kroessbacher
gmail: florian.kroessbac...@gmail.com<mailto:florian.kroessbac...@gmail.com>
<<inline: ~WRD000.jpg>>
<<inline: image001.jpg>>
<<inline: image002.jpg>>
<<inline: image003.jpg>>
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
