[cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM?

Jeffrey Girard jeffrey.girard at girardinc.com
Thu Mar 20 13:42:06 EDT 2014


Florian –
          No, I have not made any configuration changes to the hba.conf file.

          First, as I said, Im using a Windows install, not a *nix.  Those instructions are not for windows installs.

          Second, those settings are to restrict access to the external database.  At this point, I don’t want to restrict anything, as I am unable to make a connection to the database

Jeff

From: Florian Kroessbacher [mailto:florian.kroessbacher at gmail.com]
Sent: Thursday, March 20, 2014 12:42 PM
To: Jeffrey Girard
Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM?

hy i mean that from the pdf

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html

About Security Recommendations for the External Database

•Connection to the External Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055358>

•Restriction of User Access to the Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055626> (Recommended)

•Limiting the Maximum Connections to the Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056168> (Optional)

•Default Listener Port Configuration<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056160> (Optional)

Connection to the External Database

Cisco Unified Presence does not provide a secure TLS/SSL connection to the external database. We recommend that you consider this security limitation when you plan your Cisco Unified Presence deployment, and consider the security recommendations we provide in this topic.

Restriction of User Access to the Database

We strongly recommend that you restrict user access to the external database to only the particular user and database instance that Cisco Unified Presence uses. You can restrict user access to the PostgreSQL database in the pg_hba.conf file located in the <install_dir>/data directory.

[Image removed by sender.]
________________________________
Caution Do not configure 'all' for the user and database entries because potentially this could allow any user access to any database.
________________________________

When you configure user access to the external database, we also recommend that you configure password protection for the database access using the 'password' method.

[Image removed by sender.]
________________________________

Note You are required to enter a password for the database user when you configure a database entry on Cisco Unified Presence.

________________________________

The following are examples of a secure user access configuration, and a less secure user access configuration, in the pg_hba.conf file.

Example of a secure configuration:

# TYPE


DATABASE


USER


CIDR-ADDRESS


METHOD


host


dbinst1


tcuser1


10.89.99.0/24<http://10.89.99.0/24>


password


host


dbinst2


mauser1


10.89.99.0/24<http://10.89.99.0/24>


password



Example of a less secure configuration:

# TYPE


DATABASE


USER


CIDR-ADDRESS


METHOD


host


dbinst1


tcuser1


10.89.99.0/24<http://10.89.99.0/24>


trust


host


dbinst2


all


10.89.99.0/24<http://10.89.99.0/24>


password


Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard :
Florian –
          Thanks for the response.

          Yes, I have already turned off the firewall completely

          No, I have not done any config in the hba.conf  -  I don’t know what that is or where its located

------------------------------------------------------------------------------------
Dr. Jeffrey T. Girard (Jeff), PhD
Colonel, United States Army (Retired)
Senior Network Engineer / VoIP Engineer - WireMeHappy.com
reply to: jeffrey.girard at wiremehappy.com<javascript:_e(%7B%7D,'cvml','jeffrey.girard at wiremehappy.com');>
(607)835-0406 (home office)
(845)764-1661 (mobile)
(607)835-0458 (fax)

From: Florian Kroessbacher [mailto:florian.kroessbacher at gmail.com<javascript:_e(%7B%7D,'cvml','florian.kroessbacher at gmail.com');>]
Sent: Thursday, March 20, 2014 12:26 PM
To: Jeffrey Girard
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM?



hy



have u checked the local fw on the windows server for inbound connection from the presence server.



have u done the config in the hba.conf and so on

Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard :

I have searched the Cisco site and there are tons of documents on how to configure the database for *nix installs.  I, unfortunately, am not skilled in that arena.



I have downloaded and installed PostgreSQL on a Win2k8R2 server.



I tried to interpret the Cisco doc instructions as best I could



I have created a new database called tcmadb



I have created a new entity under Login Roles called tcuser and gave that user superadmin rights



I went back to the tcmadb database and made the tcuser the owner of the database



In CUPS, I created the new external database:



          Database name -> tcmadb

          Username -> tcuser

          Pasword -> password that I assigned to tcuser when I created it in the database

          Hostname -> IP address of my win2K8 server

          Port Number -> 5432.



After several failures, I found a thread that indicated that I should create a new user in the Windows domain called tcuser.  I did that, and gave that user domain admin privileges.



I get the failure to connect error under External Database Status



Green check for reachability

Failure on connectivity to database “Verify the hostname, username, and password are valid”



Does it have anything to do with the postgres user account?




--
--
Florian Kroessbacher
gmail: florian.kroessbacher at gmail.com<mailto:florian.kroessbacher at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/d0844fd3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/d0844fd3/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 334 bytes
Desc: image001.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/d0844fd3/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 332 bytes
Desc: image002.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/d0844fd3/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 332 bytes
Desc: image003.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/d0844fd3/attachment-0003.jpg>


More information about the cisco-voip mailing list