I try do access remotely a Postgresql(10.3) db.
After I modify #listen_addresses = 'localhost' to listen_addresses = '*' or the ip, I get an error when I use:
sudo -u postgres psql
'Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
'
simply remove '#' - before - that means commented line.
UPDATE: if you changed postgresql's listen configuration, then default socket connection is not present. So if you specify exact IP for listen: listen_address = '192.168.1.2' then you need to connect via psql -h 192.168.1.2 -U postgres and your pg_hba.conf should contain entry similar to :
host all all 192.168.1.2/32 md5
and you will need to know postgres password. if you not worried about security - then simply use
host all all 192.168.1.2/32 trust
WARNING: do not use 'trust' configuration in production!
Related
I just create a user and new database on my local machine.
sudo su - postgres -c "createuser gauthier"
sudo su - postgres -c "createdb local-ag-db"
Then:
$ sudo -u postgres psql
sudo -u postgres psql
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
postgres=# grant all privileges on database "local-ag-db" to gauthier;
GRANT
I can access the database locally through a socket:
$ psql local-ag-db gauthier
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
local-ag-db=> \conninfo
You are connected to database "local-ag-db" as user "gauthier" via socket in "/var/run/postgresql" at port "5432".
But I cannot access it through localhost:
$ psql -d local-ag-db -h localhost -U gauthier
Password for user gauthier:
psql: fe_sendauth: no password supplied
My guess is that while createuser accepted to create a user without a password, logging in through the host requires identification that this user cannot provide.
This is the default content of /etc/postgresql/11/main/pg_hba.conf:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I have tried adding this at the end of that file, after reading the included documentation:
host local-ag-db gauthier samehost peer
but that did not work (after a restart sudo /etc/init.d/postgresql restart), it even broke my Unix socket access:
$ psql local-ag-db gauthier
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
I also tried this as last row of my config, with the same result:
host local-ag-db gauthier 127.0.0.1/32 peer
My questions:
how do I allow my local user to access the database through localhost?
how do I edit my conf file so that I don't break everything? (Unix socket method stops working when I add a rule)
On Debian.
You will need to add a line like:
host all all localhost trust
As you have no explicit rule currently it is dropping through to another catch all rule and prompting for authentication. Adrian's comment above is saying the same and likewise I don't suggest using trust outside of testing your connectivity - you really should assign a password and enforce it.
Adding entries to the pg_hba.conf needs care as the PostgreSQL will find the first match:
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no “fall-through” or “backup”: if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.
From https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
Regarding
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Looks like the restart may not have worked. Looks like no response rather than authentication failure.
Your server is not running. It never came back up when you tried to restart it, because you broke your hba. If you look in the log file, you should something like:
LOG: peer authentication is only supported on local sockets
FATAL: could not load pg_hba.conf
LOG: database system is shut down
Unbreak your pg_hba.conf and start the server again. Also, read your log files when you don't know what's going on. That is what they are there for.
You will need to choose a different method for authentication over localhost. ident is equivalent to peer, but it requires you to run the identd daemon on the server, and is not very secure for any addresses other than loopback ones.
Postgresql server running and verified on 5432 on my localhost system:
If I type: psql -l I get the following response:
psql: could not connect to server: No such file or directory
Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
If I type psql -h localhost -l, it works and gives me a list of the databases.
The pg_hba.conf file is wide open, showing:
TYPE DATABASE USER ADDRESS METHOD
The value "local" is for Unix domain socket connections only:
local all all trust
Allow any IP to connect without password:
host all all 0.0.0.0/0 trust
IPv4 local connections:
host all all 127.0.0.1/32 trust
IPv6 local connections:
host all all ::1/128 trust
What have I missed? On other systems the first call from the command line works fine.
It sounds like when you are running the command you are connecting to localhost, not the file socket.. try
psql -h localhost -p 5432
Default Admin Login sudo -u postgres psql
Login into specific db with privilages psql -h host -p port -U User_Name db_name
Is the server running locally and accepting connections on Unix domain
socket "/var/run/postgresql/.s.PGSQL.5432"?
This just means that the unix_socket_directory configuration parameter on the server differs from the default of the client-side psql.
/var/run/postgresql is the default Unix domain socket path for Debian-based packages. For a self-compiled server, it is /tmp. It may also be a custom path specified in postgresql.conf or through a start directive.
Assuming it's /tmp you could do psql -l -h /tmp. The command knows that the parameter following -h is to be interpreted as a directory and not as a hostname because it starts with a slash.
I have a VM set up with Vagrant that has Postgres running on it (on port 5432), forwarded to port 8280 on the host machine.
I have set the password for the default user and I can connect locally just fine.
I have been trying to set up access from the host machine over port 8280, and I have been unable to get it working with 'MD5' as the trust method.
I have set up postgresql.conf to listen on all addresses:
# postgresql.conf
listen_addresses = '*'
and I have configured pg_hab.conf as follows:
# pg_hab.conf
#TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 0.0.0.0/0 md5
With all of these settings, if I run the following command from my host machine:
psql --host=127.0.0.1 --port=8280 --username=postgres -d mydb -c '\l'
I am prompted for the password, and then I get:
psql: FATAL: password authentication failed for user "postgres"
If I then change the METHOD from 'md5' to 'trust' I'm not asked for a password and I can connect as expected. My question is - why can't I connect using 'md5', which is what I want to be able to do? I know that the password I am entering is correct (I have changed it), but for some reason it isn't working.
I had the same exact problem. The issue was on the host side, basically the firewall was blocking the port I was using. So this is what I did (I am using OSX Mavericks)
Open the port (Host)
sudo ipfw add 7000 allow tcp from any to any dst-port 7001
Modify Vagrantfile in order to allow portforwarding
config.vm.network "forwarded_port", guest: 5432, host: 7001
Edit postgresql.conf (Guest)
listen_addresses = '*'
Edit pg_hba.conf (you might want to tune this better)
host all all 0.0.0.0/0 md5
Now, from the host connect normally using the port (in my case 7001) and 'localhost' as host address
You need to set a password for the postgres user. It does not have one by default, so you cannot connect.
ALTER USER postgres PASSWORD 'somepassword';
Your local connections probably work because they're using unix sockets with peer authentication, not TCP/IP. If you use:
psql -h 127.0.0.1 -U postgres postgres
on the VM, you'll probably find that that fails too, because you're actually testing TCP/IP based connections now.
I have a database server (192.168.1.50) running postgres. I have created a database named "testdb" and a user "testuser" with password "testuserpw".
Locally, I can connect to the db using:
psql -d testdb -U testuser
When I issue the command from another host (192.168.1.60):
psql -h 192.168.1.50 -d testdb -U testuser
I have the error:
psql: could not connect to server: Connection refused
Is the server running on host "192.168.1.50" and accepting
TCP/IP connections on port 5432?
Any idea ?
Check the setting of listen_addresses in your postgresql.conf file. Many distributions make it default to 127.0.0.1, i.e. listen only to connections coming in from localhost. It should be set to '*' to listen for connections on all interfaces.
If you are still having trouble, use lsof to see what network sockets the postgres process is listening on.
On Ubuntu, I noticed that remote access at some point stopped working (currently using 9.1.9). The reason is, that postgres is no longer started with the -i switch [1] so no matter what you configure for listen_addresses, it will be ignored.
Fortunately, adding the following line to /etc/environment solves the problem after logging out and in again (or reboot):
PGOPTIONS="-i"
See [2] for more options. Note, that adding this to /etc/postgresql/9.1/main/environment did NOT work for me.
Now, when doing nmap ip-of-my-remote-server I finally get this again:
5432/tcp open postgresql
Yay!
[1] http://www.postgresql.org/docs/9.1/static/runtime-config-short.html
[2] http://www.postgresql.org/docs/9.1/static/libpq-envars.html
Is the firewall letting the connections through? Or, check if pg_hba.conf allows connecting from addresses other than localhost.
The listen_address configvar in postgresql.conf is not the only way to get postgres to listen on the non-local IP-address (or addresses).
Use option "-o -h *" if you start postgres from pg_ctl, otherwise do add "-h" "*" to the postgres command line, like e.g.
/usr/local/pgsql/bin/postgres -D /pg/data "-h" "*"
Of course /pg/data must be changed to your current datapath.
This is especially useful when experimenting.
I came across the same problem as yours, and my source of problem is the firewall settings.
If you're using Ubuntu, print your firewall status:
sudo ufw status verbose
It may looks like this:
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
...
The default rule of incoming connection is "deny", so you need to specify the "allow"ed port.
type:
sudo ufw allow 5432/tcp
reference:
https://www.vultr.com/docs/how-to-configure-ufw-firewall-on-ubuntu-14-04
Connection refused (0x0000274D/10061) i fixed here with:
Open the terminal and type:
VIM /var/lib/pgsql/data/postgresql.conf
Edit the "listen_adresses", it should be set to '*'
After this, rest it on terminal:
/scripts/restartsrv_postgres
I believe i have set up Pg properly, but my script doesn't seem to be connecting to the database. I am testing with:
$database="networkem";
$user="postgres";
$password="";
$host="localhost";
$dbh = DBI->connect("DBI:Pg:dbname=$dbname;host=$host", $user, $password);
My pg_hba reads:
host all postgres 127.0.0.1 255.255.255.255 trust
I can use psql just fine via command-line and have started postmaster with -i option. What am I missing?
I also tried with another user that works fine via psql:
$user="jimbo"; $password="p2ssw0rd";
with pg_hba reading:
host all jimbo 127.0.0.1 255.255.255.255 trust
Rather than play 20 questions to debug your setup, DBI->errstr will say why the connection failed.
my $dbh = DBI->connect(...) or die DBI->errstr;
Though if I had to guess... since Postgres authenticates based on host and login user, I suspect the confusion lies between the user name you're giving to the Postgres connection and the Unix user you're logged in as.
Besides Schwern's excellent response, you can also check PostgreSQL log which, depending on the options selected in postgresql.conf may tell you a lot about what was wrong.
It is recommended that you use the 'listen_addresses' configuration option in your postgresql.conf instead of '-i' on the command line. For example:
listen_addresses = '*'
Try executing the following command as the same user you are running your perl script with:
psql -U postgres -h localhost networkem
The '-h localhost' forces a network connection instead of a Unix socket connection. If that command works, your perl script should also work.
I had the same issue. The hint above for trying "-h localhost" confirmed that I had a problem connecting over the network.
Adding the following to pg_hba.conf fixed the problem.
host all postgres 127.0.0.1/32 trust
DBI may be connecting to either the IPv4 or IPv6 postgresql server interface, depending on how things are configured.
So you may need both of these lines in pg_hba.conf:
IPv4:
host all <user> 127.0.0.1/32 trust
IPv6:
host all <user> ::1/128 trust