Customer has 2 Clearpass servers in a cluster and tried to set up an enforcement policy that uses the Insight database as an authorisation source. The insight database is running on the subscriber. The lookup to Insight appears as if it is failing as I see this alert in all authentications that are using this service:
Session failed for Host=10.24.0.24, Reason=[Failed to connect to datasource: [unixODBC]FATAL: password authentication failed for user "appexternal"
FATAL: no pg_hba.conf entry for host "10.26.0.23", user "appexternal", database "insightdb", SSL off
SQLState=08001 ErrorCode=101].
Session failed for Host=10.26.0.23, Reason=[Failed to connect to datasource: [unixODBC]FATAL: password authentication failed for user "appexternal"
FATAL: no pg_hba.conf entry for host "10.26.0.23", user "appexternal", database "insightdb", SSL off
SQLState=08001 ErrorCode=101]
I have changed the real IP addresses but in this case 10.24.0.24 is the subscriber running Insight. 10.26.0.23 is the publisher
I understand that there is an 'appexternal' database account but I thought this was for databases that are external to the cluster so I should not need to change this.
Additionally, in the event viewer, starting about 1 week ago I see this warning every minute:
Unable to communicate with database 10.24.0.24
and
Unable to communicate with database 10.26.0.23
Is there anything I can do before calling TAC?
Thanks
------------------------------
--------------------
Stewart Smith
ACMX, ACDX, ACCP, ACSA
--------------------
------------------------------