psycopg2.OperationalError: FATAL: password authentication failed for user "user1" - python-3.x

I'm getting the followign error when trying to connect to postgres database from a vm:
psycopg2.OperationalError: FATAL: password authentication failed for user "user1"
FATAL: password authentication failed for user "user1"
I've created the user
CREATE USER user1 WITH PASSWORD 'pass1';
and added the following to my pg_hba.conf file
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
host all all 0.0.0.0/0 md5
local all postgres md5
but when using pscopg2.connect() and specifying the dbname, user, password, port and host, I'm still getting the same error
for reference, when trying to connect to the server using psql on the vm I get the following error:
psql --host=localhost --port=5432 --username=user1 --dbname=postgres
Password for user user1:
psql: FATAL: password authentication failed for user "user1"
FATAL: password authentication failed for user "user1"
please let me know if more info is needed!

Related

OperationalError: SSL SYSCALL error: Connection reset by peer

I am trying to connect to a Postgres server using Python.
import psycopg2
conn = psycopg2.connect(
host="ec2-blablabla.compute-1.amazonaws.com",
database="postgres",
user="myuser",
password="mypassword",
port = 5432,
sslmode ='prefer',
sslcompression = 0
)
cur = conn.cursor()
I get the following error:
OperationalError: SSL SYSCALL error: Connection reset by peer
FATAL: no pg_hba.conf entry for host "207.100.100.100", user "myuser", database "postgres", SSL off
I am able to connect to this server from my IP using pgadmin and same ssl settings as I set in Python code. What could be the issue here?
no pg_hba.conf entry for host
I cannot modify pg_hba.conf so if there is any other way, please let me know!!

Failed to connect to Postgres database Postgres requires connecting to a specific database, the following databases were tried:

I'm getting this error when i try to connect my fabric-ca to use postgres as a database.
Using postgres database, connecting to database...
2019/10/22 09:21:16 [DEBUG] Database Name: fabriccaserver
2019/10/22 09:21:16 [DEBUG] Connecting to PostgreSQL server, using connection string: host=127.0.0.1 port=5432 user=**** password=**** dbname=fabriccaserver sslmode=disable
2019/10/22 09:21:16 [WARNING] Failed to connect to database 'fabriccaserver'
2019/10/22 09:21:16 [DEBUG] Connecting to PostgreSQL server, using connection string: host=127.0.0.1 port=5432 user=**** password=**** dbname=postgres sslmode=disable
2019/10/22 09:21:16 [WARNING] Failed to connect to database 'postgres'
2019/10/22 09:21:16 [DEBUG] Connecting to PostgreSQL server, using connection string: host=127.0.0.1 port=5432 user=**** password=**** dbname=template1 sslmode=disable
2019/10/22 09:21:16 [WARNING] Failed to connect to database 'template1'
2019/10/22 09:21:16 [ERROR] Error occurred initializing database: Failed to connect to Postgres database. Postgres requires connecting to a specific database, the following databases were tried: [fabriccaserver postgres template1]. Please create one of these database before continuing
I solved this error by putting container_name in the host i,e.
db:
db:
type: postgres
datasource: host=db-postgres port=5432 user=postgres password=caDbPass12345 dbname=fabriccaserver sslmode=disable
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
Previously, i was entering localhost and also tried with 127.0.0.1 and after that i saw that in my docker-compose.yaml my postgres service was under different network and ica.org1.example.com was under different network which i fixed and also had to do docker network prune after killing and removing all the docker processes.

Memsql Master Node is not running

I have a memsql cluster with 1 master and 4 leaf node.
I have a problem my master node is not running but it is connected in the cluster. And i can read and write a data to my cluster.
while trying to restart the master node its showing some error.
2018-03-31 20:54:22: Jb2ae955f6 [ERROR] Failed to connect to MemSQL node BD60BED7C8082966F375CBF983A46A9E39FAA791: ProcessHandshakeResponsePacket() failed. Sending back 1045: Access denied for user 'root'#'xx.xx.xx.xx' (using password: NO)
ProcessHandshakeResponsePacket() failed. Sending back 1045: Access denied for user 'root'#'10.254.34.135' (using password: NO)
Cluster status
Index ID Agent Id Process State Cluster State Role Host Port Version
1 BD60BED Afb08cd NOT RUNNING CONNECTED MASTER 10.254.34.135 3306 5.8.10
2 D84101F A10aad5 RUNNING CONNECTED LEAF 10.254.42.244 3306 5.8.10
3 3D2A2AF Aa2ac03 RUNNING CONNECTED LEAF 10.254.38.76 3306 5.8.10
4 D054B1C Ab6c885 RUNNING CONNECTED LEAF 10.254.46.99 3306 5.8.10
5 F8008F7 Afb08cd RUNNING CONNECTED LEAF 10.254.34.135 3307 5.8.10
That error means that while the node is online, memsql-ops is unable to log in to the node, most likely because the root user's password is misconfigured somewhere in the system - memsql-ops is configured with no password for that node, but likely the memsql node does have a root password set.
Did you set a root password in memsql? Are you able to connect to the master node directly via mysql client?
If yes, you can fix this by logging in to the memsql master node directly and changing the root password to blank:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' identified by '' WITH GRANT OPTION
Then, after ensuring that connectivity is restored, you can update the root password in the future with the command https://docs.memsql.com/memsql-ops-cli-reference/v6.0/memsql-update-root-password/.

Mongoose - remote database connect failed

I am trying to connect to my mongo database in my remote server:
$ mongo xxx.xxx.xxx.xx:27017
But I get this error:
MongoDB shell version: 2.6.10 connecting to: xxx.xxx.xxx.xx:27017/test
2016-11-07T05:18:39.140+0000 warning: Failed to connect to
xxx.xxx.xxx.xx:27017, reason: errno:111 Connection refused
2016-11-07T05:18:39.142+0000 Error: couldn't connect to server
xxx.xxx.xxx.xx:27017 (xxx.xxx.xxx.xx), connection attempt failed at
src/mongo/shell/mongo.js:148 exception: connect failed
Any ideas why?
I even have tried to connect it with an username and password but it still fails to connect...
Run this following command :
sudo service mongodb stop
sudo rm /var/lib/mongodb/mongod.lock
sudo service mongod restart
mongo

Linux authentication to AD causing lockout on single failure [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am trying to set up a Linux box (specifically Centos 6) to authenticate users via our Windows AD. The authentication works fine. The problem: Our password lockout policy is 3 strikes and you're locked. If a user logging into the Linux host enters their password wrong just once, their account gets locked.
Here is my /etc/pam.d/system-auth file:
%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_access.so
account required pam_unix.so broken_shadow
account [default=ignore success=1] pam_succeed_if.so uid < 16777216 quiet
# only allow login if user is in group serveradmins
account [default=bad success=ignore] pam_succeed_if.so user ingroup serveradmins quiet
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
Here are the log entries captured in /var/log/secure when a user tried to log in and gave the wrong password on the first try. For the sake of brevity, I've stripped off the datetime and hostname from the start of the log entries:
sshd[1589]: Connection from 22.33.44.55 port 49532
sshd[1589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host0001.foo.bar user=gumby
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): Authentication failure (Preauthentication failed)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
sshd[1589]: pam_winbind(sshd:auth): user 'gumby' denied access (incorrect password or invalid membership)
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): Authentication failure (Preauthentication failed)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
sshd[1589]: pam_winbind(sshd:auth): user 'gumby' denied access (incorrect password or invalid membership)
sshd[1589]: Failed password for gumby from 22.33.44.55 port 49532 ssh2
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): User not known to the underlying authentication module (Clients credentials have been revoked)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
sshd[1589]: pam_winbind(sshd:auth): internal module error (retval = PAM_MAXTRIES(11), user = 'gumby')
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): User not known to the underlying authentication module (Clients credentials have been revoked)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
sshd[1589]: pam_winbind(sshd:auth): internal module error (retval = PAM_MAXTRIES(11), user = 'gumby')
sshd[1589]: Failed password for gumby from 22.33.44.55 port 49532 ssh2
What in this configuration is causing the authentication module to try multiple times and how might we change it to make it not do that?
Thanks.
So this is an old post but might save a few people several days of troubleshooting.
Although sometimes the simplest of answers are usually the rights ones, in the case of migrations you should always check routes, firewall and DNS entries to be the same and ntp synchronized.
Short background:
Problems started when it was decided to migrate the old DC to new versions (Windows Server 2008 -> Windows server 2016).
Our Linux environment consisted of Rhel 5, 6 and 7 systems joined in AD through Samba, Winbind.
By default, Windows Server 2016 has disabled SMBv1, this means that all Rhel 5 and 6 systems were failing to communicate with the new DC's, for reference: https://access.redhat.com/articles/3164551
This can be resolved by enabling this role on the DC (and you understand the consequences of enabling a 30 year old protocol):
SMBv1
In case the pic is no longer available (action on DC): Add roles and features -> Features -> SMB 1.0/CIFS File Sharing Support -> check.
Note: you need to reboot after enabling this.
Everything was running smoothly after that change, or so it seemed.
I also stumbled upon this particular error, from the servers (Rhel 5) logs:
Oct 27 09:06:58 dummy sshd[22520]: Failed password for some_user from x.x.x.x port 53207 ssh2
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): getting password (0x00000050)
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): pam_get_item returned a password
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): user 'some_user' denied access (incorrect password or invalid membership)
Oct 27 09:07:09 dummy sshd[22520]: Failed password for some_user from x.x.x.x port 53207 ssh2
And I also could not authenticate with my own account so I migrated to samba3x, reference( I did not do all the steps): https://access.redhat.com/solutions/42635
For those who might not have an account, these are the steps I took:
Backup original config files (you will need your smb.conf):
tar cf /root/backup_samba_migration.tar /etc/samba /var/cache/samba /var/lib/samba
Stop services:
service smb stop; service winbind stop
Remove samba and install samba3x:
yum remove samba samba-common -y
yum install samba3x* -y
This is where you put your old smb.conf:
vim /etc/samba/smb.conf
You should also copy pam_winbind.conf (we used required_membership parameter for example):
\cp /etc/security/pam_winbind.conf.rpmsave /etc/security/pam_winbind.conf
In my case I needed to rejoin the domain (you might not need to use createcomputer):
net ads join -U youradminaccount createcomputer="Linux system"
Restart services:
service smb restart; service winbind restart
Test (before this authentication would give direct failed password):
wbinfo -t
wbinfo -a youradminaccount
Hope it helps, have a good one!
To determine exactly what is going on, you should put the 'debug' flag on there.
It is also not helpfull to remove timestamps from the Log to understand a performance problem.
I think you do pam_krb5 auth first, then pam_winbind auth, then pam_krb5 account and then you are locked out.
Try to only use krb5 OR winbind for the tasks. Not both.

Resources