I connect to my PostgreSQL databases (which run on AWS EC2 instances) using certificate authentication (and not passwords). An example of a psql command I would use to connect to one of my databases is:
psql "host=<AWS EC2 instance> user=<db user> sslcert=<path to .crt> sslkey=<path to .key> sslrootcert=<path to .crt> sslmode=require dbname=<db name>"
I would like to be able to connect Tableau Desktop to one of my databases. The standard PostgreSQL connector does not allow me to specify which SSL certs to use (but it does have a Require SSL checkbox - which I think is for encryption not authentication).
So I have tried to use the ODBC connector. I make the following entries:
Connect Using
Driver: PostgreSQL Unicode
Connection Attributes
Server: <AWS EC2 instance>
Port: 5432
Database: <db name>
Username: <db user>
String Extras: sslcert=<path to .crt>; sslkey=<path to .key>; sslrootcert=<path to .crt>; sslmode=require
By much trial and error I think the String Extras require a semicolon as a delimiter, but I still cannot connect. I get the error message:
An error occurred while communicating with Other Databases (ODBC).
Unable to connect to the server. Check that the server is running and that you have access privileges to the requested database.
FATAL: connection requires a valid client certificate
Generic ODBC requires additional configuration. The driver and DSN (data source name) must be installed and configured to match the connection.
Unable to connect to the server "<AWS EC2 instance>" using the driver "PostgreSQL Unicode". Check that the server is running and that you have access privileges to the requested database.
I would be really grateful to hear from anyone who has connected Tableau Desktop to PostgreSQL using certificate authentication and could tell me what I’m doing wrong. Cheers!
I managed to fix this myself, and just in case there's someone out there who might be vaguely interested I'll go through the salient features:
1. Created a DSN (Data Store Name)
This made testing much easier rather than constantly retyping details into dialog boxes.
Rather than create manually I used this: http://www.odbcmanager.net/
On Mac OS I had to run it as sudo from the terminal or it wouldn't create anything.
I created a User DSN, which on my Mac have details stored in /Users/<user name>/.odbc.ini
It picked up the PostgreSQL Unicode driver that I'd previously installed. On Mac OS you might need to do brew install brew install psqlodbc and/or brew install unixodbc
Most of the configuration was specified by adding key/value pairs e.g. DBNAME <db name>
Set SSLMODE verify-ca (changed from require to make behaviour specific - psql assumes verify-ca/verify-full if SSL certs are supplied)
The cert paths are set with key Pqopt, value sslcert=<path to .crt> sslkey=<path to .key> sslrootcert=<path to .crt>. Must be lower case and only spaces between entries!
Here's what it added to my user's odbc.ini file:
[<DSN name>]
Driver = <path to driver, this was mine /usr/local/lib/psqlodbcw.so>
Description = <description>
SSLMODE = verify-ca
HOST = <host>
DBNAME = <database>
PORT = 5432
UID = <db user>
Pqopt = sslcert=<path to .crt> sslkey=<path to .key> sslrootcert=<path to .crt>
2. Tableau Desktop Connection
Select Other Database (ODBC) connector.
Select the DSN you created previously (it should be automatically picked up), it will automatically populate host, port, db and user fields, then click Sign In.
Once signed in behaviour was slightly different to the dedicated PostgreSQL connector. Tables did not appear on left-hand side initially. But they are accessible - they can all be displayed by clicking on the 'contains' radio button and searching with a blank name.
Hope this helps. Let me know if you've got any questions.
Related
Hi I am having issues connecting to my postgres database, I am using this connection string on my 64 bit machine. I have downloaded the updated 64 bit postgres driver.
driver used: database=Travel_Information;driver={PostgreSQL Unicode(x64)};port=5432;server=travel-information.chda0n3dhd8k.eu-west-1.rds.amazonaws.com
Issue when selecting tables to import
Any suggestions?
In the DSN select "(None)" instead of "dBASE Files" and your connection string should look like this.
database=dbname;driver={PostgreSQL Unicode(x64)};port=5432;server=server.eu-w1.compute.server.com;sslmode=require;
I had to use sslmode=require because I am connecting to a postgresql server instance on heroku server, and it requires it.
It is an SSL issue
I added sslmode=require at the end of connection string and it succeeded.
I tried before with the original Postgredb connector and various Npgsql versions but it didn't worked.
Although there's still an option to import the certificate from the server to your client To get the SSL cert for the PostgreSQL server you might need to speak to the DBA/sysadmin if you don’t have access. In the configuration folder for the PostgreSQL server there is a postgresql.conf file, search it for ssl settings, there is one with the location of the ssl cert. Note NOT the key file which contains the private key, only the cert file which contains the public key. copy it or its content to the machine running PowerBI and import using that procedure
For a system that I am using, I run into the problem pasted on the title when I try to drop a database and recreate it. More specifically, this is the exact problem that I am facing:
Couldn't drop staging_databse : #<PG::ConnectionBad: FATAL: no pg_hba.conf entry for host xxx.xx.xxxx.xxx, user "ruby", database "postgres", SSL off
I've done some research regarding this problem and it seems that the solution is simply to turn on SSL. I've consulted Postgresql Documentation on pg_hba.conf but I'm unable to find this configuration file.
I typed in locate postgresql and I noticed that there is a postgresql-client-9.2 installed on the system. From what I have determined, I won't find this pg_hba.conf file because the client doesn't have it. I've also looked for the postgresql.conf file on SSL according to the official documentation but this file is not included either.
Finally, the documentation shows me this configuration option of the pgsql 9.2 client shown below:
libpq reads the system-wide OpenSSL configuration file. By default,
this file is named openssl.cnf and is located in the directory reported by
openssl version -d. This default can be overridden by setting environment
variable OPENSSL_CONF to the name of the desired configuration file.
However, this too isn't in my system. I've run the linux find command and this file doesn't seem to be there. I've run out of leagues and I have a sneaking suspicion that I am overlooking something very simple. Is there any other leads I can go on? Thanks.
Based on this message and the rest of the context:
FATAL: no pg_hba.conf entry for host xxx.xx.xxxx.xxx, user "ruby", database "postgres", SSL off
It looks plausible that:
you're connecting to a remote PostgreSQL instance which you don't administrate because you're acting as developer, not admin.
the db management layer tries to connect to the database named postgres in order to drop another database (staging_database) . It's necessary indeed because we can't drop a database when we're connected to it (in fact, a database can't be dropped when anyone is connected to it).
the admin policy established by the remote pg_hba.conf is such that your login and IP address together are not allowed to connect to the database named postgres
These facts combined together imply that you're missing the necessary rights to drop your database, even if indirectly.
At this point you want to submit the problem to the admin responsible for that PostgreSQL server.
I'm learning web development in Clojure and I'm not at all an expert in either PostgreSQL or JDBC.
I'm going through the "Web development with Clojure" book and I'm stuck because I cannot connect to a PostgreSQL database, although I believe I have followed the tutorial step by step.
I connected to psql with
sudo -u postgres psql
Then I created an admin user with password 'admin'
postgres=# CREATE USER admin WITH PASSWORD 'admin';
CREATE ROLE
Then I created a database named reporting :
postgres=# CREATE DATABASE reporting OWNER admin;
CREATE DATABASE
No complaints so far.
Then from my clojure code, I attempt to connect to the database and create a table :
(ns reporting-example.models.db
(:require [clojure.java.jdbc :as sql]))
;defining the db connection
(def db
{:subprotocol "postgresql"
:subname "//localhost/reporting"
:user "admin"
:password "admin"})
;function for creating an 'employee' table
(defn create-employee-table []
(sql/create-table :employee
[:name "varchar(50)"]
[:occupation "varchar(50)"]
[:place "varchar(50)"]
[:country "varchar(50)"])
)
; then trying to actually create the table, here's the part that breaks with an exception :
(sql/with-connection db
(create-employee-table))
And I'm getting an ugly :
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "admin"
Which does not make sense to me, the credentials seem fine.
I tried the above code from both the Counterclockwise REPL and the Leiningen REPL. I'm on Ubuntu 13.10, if that matters.
Could someone explain to me what I am doing wrong here?
Thanks in advance!
Since you can't connect with psql using the same settings there are really three possibilities:
wrong/typo'd password
wrong/typo'd username
you are not connecting to the same server as you created the account on.
To check the latter, connect however you did to create the account and then run
show port;
Make sure it is the same as what you specify in your app. That isn't perfect - two pg instances can share a port if one isn't listening on TCP/IP and has a different socket directory - but it is a good first test.
You should also examine the PostgreSQL server error logs, as they may contain more detailed information about the nature of the authentication failure.
If you have not tried this already, review your pg_hba.conf file. It will be named something like
/etc/postgresql/9.6/main/pg_hba.conf (Ubuntu 16.04)
/var/lib/pgsql/9.3/data/pg_hba.conf (Fedora 20);
You may have to use find / -name pg_hba.conf to locate it.
At the bottom of the file, change the METHOD values to trust for local testing (see postgres docs for full information). Restart postgres to ensure everything is started clean and the new params are read:
> sudo systemctl restart postgresql # ubuntu
Hopefully this will cure your woes. It solved my problems on Ubuntu/Fedora.
I have a MySql database that is running on a linux server. The DB is not password encrypted.
I understand that no password != empty password.
I installed mysql workbenck on my windows laptop and am trying to connect to my database. It doesn't allow me to.
Details:
Connection method: Standard (TCP/IP)
Error: Cannot connect to Database server
Your connection attempt failed for user'root' from your host to server at 3306
Host is not allowed to connect to this MySql Server.
I am supposing it might be a windows firewall issue.
Please can somebody help me resolve this.
The error message says it clearly: the machine you are connecting from is not allowed to connect. In a MySQL server you can create users with specific IPs they can connect from. Often only localhost access is enabled (user#localhost or user#127.0.0.1 or user#::1), sometimes anyhost (user#%). In order to connect from your Windows machine your user must either be allowed to connect from any host or you need a specific user for the IP address of your Win machine.
The error because the mysql server is not starting in your computer.so you can start it manually..do the following steps,
1.download and install wamp server according to your bit version(32bit or 64bit) in your computer(http://wampserver-64bit.en.softonic.com/) this link allows you to download wamp server for 64bit.
2.As soon as you install it you can double click and run it..(you can see a icon in the right hand of the taskbar.It may be hide.so you can click the arrow which dhows you the hide apps runing).So click the icon and go to Mysql
3.Then go to Service and there you can find Start/Resume Services click on it..
4.And now it is done.Open mysql workbench and see.It will work..
You should create an specific user for accesing from your laptop:
CREATE USER 'youruser'#'machine.domain.com' IDENTIFIED BY 'your-password';
GRANT ALL PRIVILEGES ON *.* TO 'youruser'#'machine.domain.com' WITH GRANT OPTION;
Or you could create an user for accesing from anywhere
CREATE USER 'new_user'#'%' IDENTIFIED BY 'my-password';
GRANT ALL PRIVILEGES ON *.* TO 'new_user'#'%' WITH GRANT OPTION;
We have set up postgres 9.0 on our new debian 6.0 server
We want to remotely connect to this database server.
We followed the steps in the below url
http://www.ubuntugeek.com/howto-setup-database-server-with-postgresql-and-pgadmin3.html
But when restart our database it thows the foloowing error
authentication option not in name=value format: sameuser
Any advice on how to access database server remotely using pgadmin 3 would be much appreciated
According to this link, there was changed format of configuration file pg_hba.conf. Remove, please, keyword sameuser from it.