I am working on a local network based on Windows, and I would like to use the account system of the network to allow users to connect to my DB.
As I understand the proper way is to set the pg_hba method on "ident" as such :
host all all 10.0.0.0/8 ident
But when I do so I get a message saying
"Error connecting to the server: FATAL: ident authentication failed for user <user>"
As far as I can think of it, my guess is that there could be two problems :
- I do not properly set the pg_hba.
- The role I created does not match the ident found by the server.
In the first case, could you tell if the syntax is correct ? I tried to add "sameuser" after the ident, but it corrupt my pg_hba, and also map=sameuser, but I get the same error as mentionned.
In the second case, I am using a batch run on every session to get the users names like
find /c "%username%"
or the Python3.6 function os.getlogin(), which produce the same result.
How does PostgreSQL get its "ident" ? And more importantly, how can I reproduce this process to know the idents of the sessions that PostgreSQL will recognize ?
Thanks.
after reading ident.conf manual and using the example from hba_file manual, I set this up:
postgres=# create user ident_user_db;
CREATE ROLE
vao#vao-X102BA:~$ sudo tail -n 1 /etc/postgresql/9.6/main/pg_hba.conf
host all all 192.168.8.0/24 ident map=vao_ident
vao#vao-X102BA:~$ sudo tail -n 1 /etc/postgresql/9.6/main/pg_ident.conf
vao_ident vao ident_user_db
Now I'm connecting from same machine to its external IP:
vao#vao-X102BA:~$ psql -h 192.168.8.107 -U ident_user_db
psql: FATAL: Ident authentication failed for user "ident_user_db"
FATAL: Ident authentication failed for user "ident_user_db"
Seems familiar. Though I followed manual. Last thing to check:
vao#vao-X102BA:~$ telnet localhost 113
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
So nothing provides my identity. As advised here
vao#vao-X102BA:~$ sudo apt-get install oidentd
...
vao#vao-X102BA:~$ telnet localhost 113
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
so try now:
vao#vao-X102BA:~$ psql -h 192.168.8.107 -U ident_user_db -d vao
psql (9.6.3)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.
Hope it helps
Related
I use postgres 11, I just try to connect with one of my user to psql and pgadmin4
my pg_hba.conf file
# "local" is for Unix domain socket connections only
local all all peer
host sito lcm_admin 127.0.0.1/32 md5
host sito sito_lcm 127.0.0.1/32 md5
My postgres user have a password.
I tried my posgres user, sito_lcm and lcm_admin to connect to pgAdmin4, alway get
Invalid username or password
I know there are good because It's the one I use to connect to posgres db in a java program
for psql i tried
su - postgres
typed my password
authentication fail
tried with one of my db user
psql -U lcm_admin sito
psql: FATAL: Peer authentication failed for user "lcm_admin"
Edit
With Daniel Vérité tips, I can connect to psql but not to pgAdmin4
First time i see this screen, my last connection was a few month ago, don't know if some updated had created this issue
Because of this rule in pg_hba.conf
host sito lcm_admin 127.0.0.1/32 md5
You probably want to invoke psql that way:
psql -U lcm_admin -h 127.0.0.1 sito
Then it will ask for a password instead of failing with "Peer authentication failed".
Note that rules in pg_hba.conf are tested in their order in the file (top to bottom), and it stops at the first one that matches.
About connectiong with pgAdmin4:
As mentioned in https://www.pgadmin.org/docs/pgadmin4/latest/getting_started.html there is an additional step to access pgAdmin4 itself, as an application.
In a server deployment, an email address and password are asked at installation time. If you don't remember the password but you gave a valid email address, the link "Forgotten your password" might work for you.
Otherwise I guess reinstalling pgAdmin4 from scratch might work too.
Personally, I launch pgAdmin4 as a docker container without a persistent volume:
$ docker run -p8080:80 -e PGADMIN_DEFAULT_EMAIL=foo#example.com -e PGADMIN_DEFAULT_PASSWORD=bar dpage/pgadmin4
Then I connect to http://localhost:8080 and the email/password to enter on the first page are those environment variables passed on the command line.
I am having an issue that has been bothering me for some time now. It is with postgres on my mac. I set a password for postgres and I can not remember it for some reason. I have looked up and attempted several different methods for trying to reset the password but none of them are working and I need it fixed as soon as possible.
Here is what my pg_hba.conf file
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
I reset the local all all trust and then restarted my postgres server running
brew services restart postgres
and when i go to try and open postgres on my terminal I get the same password issue:
omars-MacBook-Pro:postgres omarjandali$ psql -U postgres -W -h localhost
Password:
psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"
or
omars-MacBook-Pro:~ omarjandali$ psql -h 127.0.0.1 -U postgres
Password for user postgres:
psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"`
You only configured "local" connections which are using Unix domain sockets. But your psql command line tries to establish a TCP connection (-h ...), which is not configured in your pg_hba.conf.
You need to use host instead of localin pg_hba.conf to allow trusted, non-password connections through TCP.
But that is a really, really bad idea, because that means that as soon as your Mac is visible on the internet, everybody can connect to your Postgres instance and hack it. This isn't a theoretical threat - there have been numerous posts on this site regarding that.
If you want to allow connections without passwords, at least only allow them from "localhost", not from the outside:
# TYPE DATABASE USER ADDRESS METHOD
host all all samehost trust
I am trying to connect from a psql session to a locally running postgresql:
psql -h 192.168.195.84 -d aact_bac
The pg_hba.conf entry is:
host all all 0.0.0.0/0 md5
host all all 192.168.195.84/0 md5
Here is the result:
psql: FATAL: psql: FATAL: no pg_hba.conf entry for host "192.168.195.84",
user "pointr", database "aact_back", SSL o for host "192.168.195.84",
user "pointr", database "aact_back", SSL o
What is missing here?
Update The following had been done several times - after each attempt for change in pg_hba.conf:
sudo service postgresql restart
It was verified that the pg server had been restarted by seeing the launch time from ps -ef | grep postgres.
Here is best answer for you, if it works, this is duplicate answer.
If you don't leave comment. :D
I think this is you missed.
# content in pg_hba.conf
# IPv4 local connections:
host all all 0.0.0.0/0 md5
Remote PostgreSQL connection with pgAdmin
I have the following lines in my pg_hba.conf file:
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all localhost trust
and I've restarted Postgres. When I connect at the command line everything works as expected:
$ psql -U me -W
Password for user me: # I can type any password and it will work
psql (9.5.7)
Type "help" for help.
me=#
However, when I connect through a software library (the Node library pg, through the library knex) I get an error:
password authentication failed for user "me"
I'm not specifically looking for a fix, I'm just trying to understand how this is even possible. If I just told Postgres to trust anyone, how can I still be getting errors about authentication failing? Was there something wrong with my pg_hba.conf entries, or does Postgres just choose to ignore them under certain circumstances, or ....
EDIT
In case it helps the database connection URL my program is using to connect is:postgres://localhost:5432/mydb.
When you did psql -U me -h localhost, psql failed to connect because it doesn't know what database to connect to.
Solution is psql -U me -h localhost -d database_name
Hope this helps.
I have a postgresql demon on my virtual Linux box, and just installed pgAdmin III on the Windows machine. Now I'd like to configure the first connection.
What I did so far:
I edited /etc/postgresql/9.1/main/pg_hba.conf and added a line to make the demon accept connections from my Windows machine:
host all all 192.168.123.45/32 md5
I set a shell passphrase for the system user postgres (sudo passwd postgres)
Edit: this seems to be irrelevant
I copied /usr/share/postgresql/9.1/pg_service.conf.sample to /etc/postgresql-common/pg_service.conf and uncommented the sample service, giving me
[postgres]
dbname=postgres
user=postgres
Edit: this seems to be irrelevant
I put a line into /etc/environment to point to the pgservice.conf file:
PGSERVICEFILE=/etc/postgresql-common/pg_service.conf
(which works; when I duplicated the PuTTY session, it had this variable)
I restarted the database server after each change:
sudo /etc/init.d/postgresql restart
Finally, I restartet the Linux box,
The server seems to have restarted successfully:
[ ok ] Restarting PostgreSQL 9.1 database server: main.
However, when I try to connect to the service, pgAdmin III gives me an error message:
Error connecting to the server: definition of service "postgres" not found.
dmesg | grep postgres gives me a single line:
[ 18.054965] postgres (2242): /proc/2242/oom_adj is deprecated, please use /proc/2242/oom_score_adj instead.
I have no clue whether postgresql uses my pq_service.conf at all, or whatever else is the problem; any help is appreciated ...
Edit:
My original question, "How can I know whether postgresql uses my pg_service.conf file?", seems to be answered - it simply doesn't. I still can't connect; but now the question doesn't match the error messages anymore.
I removed the "Service" entry from my "New Server Registration" data. Now I get another error - something like "password authentication for user >>postgres<< failed". I'm quite sure the password is correct - I just set it ... and I tested it by commenting out my ssh key from the authorized_keys file.
I'd happily connect with my ssh key, but this seems to be difficult as well. With PuTTY, my key is taken from Pageant, and I'm logged in without any problem; pgAdmin talks about "SSH tunnelling", but I normally don't need tunnels for this local machine ...
I tried to create a tunnel anyway.
PuTTY session:
Source port is 5432
destination is my-vbox.host.name:5432
In pgAdmin, "SSH Tunnel":
Username postgres
using Identity file
Tunnel host localhost → error:
"SSH error: Could not connect to socket with error code 10051"
Tunnel host localhost:5432 → error:
"SSH error: Unable to resolve host: localhost:5432"
Tunnel host 127.0.0.1:5432 → error:
"SSH error: Unable to resolve host: 127.0.0.1:5432"
How the heck is this supposed to be configured?!
I finally managed to connect as db user tobias (I never had problems to connect locally, with psql).
# sudo -u postgres psql postgres
psql (9.1.9)
Type "help" for help.
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication | {}
tobias | Superuser | {}
postgres=# ALTER USER tobias WITH PASSWORD 's3cr3t';
ALTER ROLE
After doing this, I could connect as tobias, using the password just set.
The "Maintenance DB" happens to be template1; I didn't try to change this.
For further reference - I activated log_connections in /etc/postgresql/9.1/main/postgresql.conf and watched the log:
sudo tail -f /var/log/postgresql/postgresql-9.1-main.log