| From: | Israel Brewster <ijbrewster(at)alaska(dot)edu> |
|---|---|
| To: | "Johnson, Bruce E - (bjohnson)" <Johnson(at)pharmacy(dot)arizona(dot)edu> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Connection not allowed because of an error 'Not in pg_hba.conf' |
| Date: | 2023-09-18 20:48:20 |
| Message-ID: | FF1FEFAC-E897-4888-85DD-D0F4E0B9A7F2@alaska.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On Sep 18, 2023, at 11:45 AM, Johnson, Bruce E - (bjohnson) <Johnson(at)pharmacy(dot)arizona(dot)edu> wrote:
>
> I am doing some testing trying to migrate some websites from using Oracle to Postgres. (Using Perl DBI and DBD::Pg as the connecting mechanism)
>
> (Server Environment Postgres 15 running on Ubuntu 22.04, client Rocky Linux using the supplied PostgreSQL DBI and DBD::Pg packages)
>
> The error I am getting on the client is:
>
> password authentication failed for user "trav"
> connection to server at "dhbpostgres.pharmacy.arizona.edu" (10.128.206.109), port 5432 failed: FATAL: no pg_hba.conf entry for host "10.128.206.109", user "trav", database "webdata", no encryption
>
> But I do have an entry that should allow it:
>
> #Internal server mgmt range
> hostssl
> all all
> 10.128.206.0/23 password
>
I might be missing something obvious, but your error says “no encryption”, while the pg_hba entry is “hostssl” indicating it will match encrypted connections only, so it doesn’t match.
---
Israel Brewster
Software Engineer
Alaska Volcano Observatory
Geophysical Institute - UAF
2156 Koyukuk Drive
Fairbanks AK 99775-7320
Work: 907-474-5172
cell: 907-328-9145
> From the manual (pg 704, 21.1. The pg_hba.conf File):
>
> "An IP address range is specified using standard numeric notation for the range's starting address, then a slash (/) and a CIDR mask length. The mask length indicates the number of high-order bits of the client IP address that must match. Bits to the right of this should be zero in the given IP address. There must not be any white space between the IP address, the /, and the CIDR mask length.
>
> Typical examples of an IPv4 address range specified this way are 172.20.143.89/32 for a single host, or 172.20.143.0/24 for a small network, or 10.6.0.0/16 for a larger one. "
>
> 10.128.206.109 is definitely in that range.
>
> The test script DOES work with my desktop running the same software, but I have it set in pg_hba.conf as just my systems ip:
>
> hostssl
> webdata
> trav nnn.nnn.nnn.nnn/32
> password
>
>
> (Ip address redacted because it is externally accessible)
>
> --
> Bruce Johnson
> University of Arizona
> College of Pharmacy
> Information Technology Group
>
> Institutions do not have opinions, merely customs
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2023-09-18 22:21:31 | Re: [EXT]Re: Connection not allowed because of an error 'Not in pg_hba.conf' |
| Previous Message | Tom Lane | 2023-09-18 20:02:21 | Re: Connection not allowed because of an error 'Not in pg_hba.conf' |