Florian – No, I have not made any configuration changes to the hba.conf file.
First, as I said, Im using a Windows install, not a *nix. Those instructions are not for windows installs. Second, those settings are to restrict access to the external database. At this point, I don’t want to restrict anything, as I am unable to make a connection to the database Jeff From: Florian Kroessbacher [mailto:florian.kroessbac...@gmail.com] Sent: Thursday, March 20, 2014 12:42 PM To: Jeffrey Girard Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM? hy i mean that from the pdf http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html About Security Recommendations for the External Database •Connection to the External Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055358> •Restriction of User Access to the Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055626> (Recommended) •Limiting the Maximum Connections to the Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056168> (Optional) •Default Listener Port Configuration<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056160> (Optional) Connection to the External Database Cisco Unified Presence does not provide a secure TLS/SSL connection to the external database. We recommend that you consider this security limitation when you plan your Cisco Unified Presence deployment, and consider the security recommendations we provide in this topic. Restriction of User Access to the Database We strongly recommend that you restrict user access to the external database to only the particular user and database instance that Cisco Unified Presence uses. You can restrict user access to the PostgreSQL database in the pg_hba.conf file located in the <install_dir>/data directory. [Image removed by sender.] ________________________________ Caution Do not configure 'all' for the user and database entries because potentially this could allow any user access to any database. ________________________________ When you configure user access to the external database, we also recommend that you configure password protection for the database access using the 'password' method. [Image removed by sender.] ________________________________ Note You are required to enter a password for the database user when you configure a database entry on Cisco Unified Presence. ________________________________ The following are examples of a secure user access configuration, and a less secure user access configuration, in the pg_hba.conf file. Example of a secure configuration: # TYPE DATABASE USER CIDR-ADDRESS METHOD host dbinst1 tcuser1 10.89.99.0/24<http://10.89.99.0/24> password host dbinst2 mauser1 10.89.99.0/24<http://10.89.99.0/24> password Example of a less secure configuration: # TYPE DATABASE USER CIDR-ADDRESS METHOD host dbinst1 tcuser1 10.89.99.0/24<http://10.89.99.0/24> trust host dbinst2 all 10.89.99.0/24<http://10.89.99.0/24> password Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard : Florian – Thanks for the response. Yes, I have already turned off the firewall completely No, I have not done any config in the hba.conf - I don’t know what that is or where its located ------------------------------------------------------------------------------------ Dr. Jeffrey T. Girard (Jeff), PhD Colonel, United States Army (Retired) Senior Network Engineer / VoIP Engineer - WireMeHappy.com reply to: jeffrey.gir...@wiremehappy.com<javascript:_e(%7B%7D,'cvml','jeffrey.gir...@wiremehappy.com');> (607)835-0406 (home office) (845)764-1661 (mobile) (607)835-0458 (fax) From: Florian Kroessbacher [mailto:florian.kroessbac...@gmail.com<javascript:_e(%7B%7D,'cvml','florian.kroessbac...@gmail.com');>] Sent: Thursday, March 20, 2014 12:26 PM To: Jeffrey Girard Cc: cisco-voip@puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip@puck.nether.net');> Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM? hy have u checked the local fw on the windows server for inbound connection from the presence server. have u done the config in the hba.conf and so on Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard : I have searched the Cisco site and there are tons of documents on how to configure the database for *nix installs. I, unfortunately, am not skilled in that arena. I have downloaded and installed PostgreSQL on a Win2k8R2 server. I tried to interpret the Cisco doc instructions as best I could I have created a new database called tcmadb I have created a new entity under Login Roles called tcuser and gave that user superadmin rights I went back to the tcmadb database and made the tcuser the owner of the database In CUPS, I created the new external database: Database name -> tcmadb Username -> tcuser Pasword -> password that I assigned to tcuser when I created it in the database Hostname -> IP address of my win2K8 server Port Number -> 5432. After several failures, I found a thread that indicated that I should create a new user in the Windows domain called tcuser. I did that, and gave that user domain admin privileges. I get the failure to connect error under External Database Status Green check for reachability Failure on connectivity to database “Verify the hostname, username, and password are valid” Does it have anything to do with the postgres user account? -- -- Florian Kroessbacher gmail: florian.kroessbac...@gmail.com<mailto:florian.kroessbac...@gmail.com>
<<inline: ~WRD000.jpg>>
<<inline: image001.jpg>>
<<inline: image002.jpg>>
<<inline: image003.jpg>>
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip