[cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM? - SOLVED

Jeffrey Girard jeffrey.girard at girardinc.com
Thu Mar 20 14:51:04 EDT 2014 

Florian –
          Thank you Florian !

So much for reading the Cisco Documentation.

The Cisco documentation indicates that this is an optional configuration and is used to restrict the number of connections to the database and to make it more secure.

          At this point, I was not worried about security, I was just trying to get it to connect – so I did not worry about it

          However, after your last email, I went ahead and did it anyway.

          I found the hba file and modified it to include the following lines:


host

tcmadb

tcuser

10.89.99.0/24

password

host

dbinst

mauser

10.89.99.0/24

password


          I then stopped and restart the Postgre service.

          I ran the CUPS troubleshooter and it indicates all green as well as the external database status.

Thanks again!

Jeff


From: Florian Kroessbacher [mailto:florian.kroessbacher at gmail.com]
Sent: Thursday, March 20, 2014 2:06 PM
To: Jeffrey Girard
Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM?

The Settings are on the Windows Site as well, the Files are located at i think

Program Files(x86)\PostgreSQL\...

And must be made on Windows as well, because this is how PostGRE is working
neither Windows or .nix

cheers

Florian Kroessbacher

gmail: florian.kroessbacher at gmail.com<mailto:florian.kroessbacher at gmail.com>

2014-03-20 18:42 GMT+01:00 Jeffrey Girard <jeffrey.girard at girardinc.com<mailto:jeffrey.girard at girardinc.com>>:
Florian –
          No, I have not made any configuration changes to the hba.conf file.

          First, as I said, Im using a Windows install, not a *nix.  Those instructions are not for windows installs.

          Second, those settings are to restrict access to the external database.  At this point, I don’t want to restrict anything, as I am unable to make a connection to the database

Jeff

From: Florian Kroessbacher [mailto:florian.kroessbacher at gmail.com<mailto:florian.kroessbacher at gmail.com>]
Sent: Thursday, March 20, 2014 12:42 PM
To: Jeffrey Girard

Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM?

hy i mean that from the pdf

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html

About Security Recommendations for the External Database

•Connection to the External Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055358>

•Restriction of User Access to the Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1055626> (Recommended)

•Limiting the Maximum Connections to the Database<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056168> (Optional)

•Default Listener Port Configuration<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_0/english/install_upgrade/database/guide/CUPDBSetup/Preparing_database_setup.html#wp1056160> (Optional)

Connection to the External Database

Cisco Unified Presence does not provide a secure TLS/SSL connection to the external database. We recommend that you consider this security limitation when you plan your Cisco Unified Presence deployment, and consider the security recommendations we provide in this topic.

Restriction of User Access to the Database

We strongly recommend that you restrict user access to the external database to only the particular user and database instance that Cisco Unified Presence uses. You can restrict user access to the PostgreSQL database in the pg_hba.conf file located in the <install_dir>/data directory.

[Image removed by sender.]
________________________________
Caution Do not configure 'all' for the user and database entries because potentially this could allow any user access to any database.
________________________________

When you configure user access to the external database, we also recommend that you configure password protection for the database access using the 'password' method.

[Image removed by sender.]
________________________________

Note You are required to enter a password for the database user when you configure a database entry on Cisco Unified Presence.

________________________________

The following are examples of a secure user access configuration, and a less secure user access configuration, in the pg_hba.conf file.

Example of a secure configuration:

# TYPE


DATABASE


USER


CIDR-ADDRESS


METHOD


host


dbinst1


tcuser1


10.89.99.0/24<http://10.89.99.0/24>


password


host


dbinst2


mauser1


10.89.99.0/24<http://10.89.99.0/24>


password



Example of a less secure configuration:

# TYPE


DATABASE


USER


CIDR-ADDRESS


METHOD


host


dbinst1


tcuser1


10.89.99.0/24<http://10.89.99.0/24>


trust


host


dbinst2


all


10.89.99.0/24<http://10.89.99.0/24>


password


Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard :
Florian –
          Thanks for the response.

          Yes, I have already turned off the firewall completely

          No, I have not done any config in the hba.conf  -  I don’t know what that is or where its located

------------------------------------------------------------------------------------
Dr. Jeffrey T. Girard (Jeff), PhD
Colonel, United States Army (Retired)
Senior Network Engineer / VoIP Engineer - WireMeHappy.com
reply to: jeffrey.girard at wiremehappy.com<mailto:jeffrey.girard at wiremehappy.com>
(607)835-0406 (home office)
(845)764-1661 (mobile)
(607)835-0458 (fax)

From: Florian Kroessbacher [mailto:florian.kroessbacher at gmail.com]
Sent: Thursday, March 20, 2014 12:26 PM
To: Jeffrey Girard
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Instructions on installing/configuring PostgreSQL on Windows for Presence and IM?



hy



have u checked the local fw on the windows server for inbound connection from the presence server.



have u done the config in the hba.conf and so on

Am Donnerstag, 20. März 2014 schrieb Jeffrey Girard :

I have searched the Cisco site and there are tons of documents on how to configure the database for *nix installs.  I, unfortunately, am not skilled in that arena.



I have downloaded and installed PostgreSQL on a Win2k8R2 server.



I tried to interpret the Cisco doc instructions as best I could



I have created a new database called tcmadb



I have created a new entity under Login Roles called tcuser and gave that user superadmin rights



I went back to the tcmadb database and made the tcuser the owner of the database



In CUPS, I created the new external database:



          Database name -> tcmadb

          Username -> tcuser

          Pasword -> password that I assigned to tcuser when I created it in the database

          Hostname -> IP address of my win2K8 server

          Port Number -> 5432.



After several failures, I found a thread that indicated that I should create a new user in the Windows domain called tcuser.  I did that, and gave that user domain admin privileges.



I get the failure to connect error under External Database Status



Green check for reachability

Failure on connectivity to database “Verify the hostname, username, and password are valid”



Does it have anything to do with the postgres user account?




--
--
Florian Kroessbacher
gmail: florian.kroessbacher at gmail.com<mailto:florian.kroessbacher at gmail.com>

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/16608b4a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 334 bytes
Desc: image001.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/16608b4a/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image004.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/16608b4a/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 332 bytes
Desc: image005.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/16608b4a/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 332 bytes
Desc: image006.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140320/16608b4a/attachment-0003.jpg>

More information about the cisco-voip mailing list