Uputstvo za instalaciju i konfiguraciju PostgreSQL baze podataka za potrebe eduroam Davaoca Resursa (RP)¶

PostgreSQL softver će se koristiti za potrebe skladištenja log poruka vezanih za upotrebu eduroam Davaoca Resursa.

Verzija PostgreSQL softvera: 14.6
Operativni sistem: CentOS 7

Nakon što ste ispratili uputstvo za instalaciju i konfiguraciju eduroam Davaoca Resursa, možete na istoj VM nastaviti instalaciju i konfiguraciju PostgreSQL baze

U okviru ovog uputstva podrazumeva se da instalirate PostgreSQL bazu na VM gde ste već instalirali i konfigurisali eduroam Davalac Resursa. Deo Priprema VM vam samo daje mogućnost da instalirate bazu na zasebnu VM. Ukoliko vam to nije potrebno, preskočiti deo Priprema VM i pratiti od dela Instalacija postgres baze podataka

Priprema VM¶

Ukoliko PostgreSQL bazu instalirate na zasebnoj VM

U tom slučaju neophodno je da izvršite sva inicijalna podešavanja VM što podrazumeva: proces onemogućenja SELinux funkcionalnosti, podesiti hostname VM, onemogućiti firewalld servis, podešavanje IPTABLES pravila tako da se otvori port 5432 putem kog bi radius server pristupao bazi i skladištio log poruke

Onemogućiti SElinux¶

Radi adekvatnog funkcionisanja softvera neophodno je onemogućiti SELinux!

Provera statusa:

sestatus

To se može uraditi na sledeći način:

Otoriti fajl /etc/selinux/config i promeniti vrednost iz SELINUX=enforcing u SELINUX=disabled.

vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Sačuvati izmene:

reboot

Podesiti hosta¶

U okviru čitavog uputstva smatraće se da je domen VM postgresql.institucija.ac.rs, tako da na svim mestima umesto ovog naziva domena potrebno je da unesete naziv po vašem izboru.

Veoma je važno da FQDN (Fully Qualified Domain Name) i pun hostname (# hostname -f) ove VM, npr. postgresql.institucija.ac.rs, koji se podešava u okviru ove sekcije bude isti kao i domen koji je adekvatno podešen na DNS serveru, a taj domen će se takođe kasnije koristiti za kreiranje sertifikata.

Podešavanje host podataka

Dat je primer postavljanja FQDN podatka postgresql.institucija.ac.rs i postavljanja HOSTNAME podatka postgresql :

vim /etc/hosts

Na kraju fajla se unosi linija u formi: IP ADRESA FQDN HOSTNAME:

xxx.xxx.xxx.xxx postgresql.institucija.ac.rs postgresql

Postaviti hostname

Koristi se komanda sledeće forme: hostnamectl set-hostname HOSTNAME

hostnamectl set-hostname postgresql

Sačuvati izmene:

reboot

Podesiti IPTABLES¶

Najpre je potrebno onemogućiti firewalld servis, ukoliko već nije.

systemctl stop firewalld

systemctl mask firewalld

Potrebno je instalirati iptables-services softverski paket i omogućiti iptables proces, ukoliko već nije.

yum install iptables-services

systemctl enable iptables

Otvoriti port 5432 prema instaliranom RADIUS Davaocu Resursa. Zaštitite na ovaj način pristup bazi tako da bude dostupan samo RADIUS Davaocu Resursa.

To se može uraditi na sledeći način:

vim /etc/sysconfig/iptables

Otvoriti navedeni port dodavanjem sledeće linije u fajl:

-A INPUT -s 1xx.xxx.xxx.xxx/255.255.255.255 -p tcp -m tcp --dport 5432 -j ACCEPT

Napomena: Navedene linije je potrebno uneti bavezno iznad linije: -A INPUT -j REJECT --reject-with icmp-host-prohibited

iptables-restore < /etc/sysconfig/iptables

iptables-save

systemctl restart iptables

iptables -L

Instalacija PostgreSQL baze podataka¶

Napomena: Možete da instalirate bilo koju verziju PostgreSQL baze veću od 9.5, a u ovom uputstvu je korišćena najnovija verzija PostgreSQL baze 14.6

yum update ; yum upgrade -y

yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

yum install -y postgresql14-server

/usr/pgsql-14/bin/postgresql-14-setup initdb

Zatim je potrebno pokrenuti postgresql proces:

systemctl enable postgresql-14

systemctl start postgresql-14

Instalirati dodatne pakete:

yum install -y postgresql14-contrib

yum install centos-release-scl-rh devtoolset-7 llvm-toolset-7 -y

yum install -y postgresql14-devel

Provera verzije instalirane PostgreSQL baze:

[root@postgresql ~]# su postgres
bash-4.2$ psql
could not change directory to "/root": Permission denied
psql (14.6)
Type "help" for help.

postgres=# SELECT version();
                                                 version
---------------------------------------------------------------------------------------------------------
 PostgreSQL 14.6 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44), 64-bit
(1 row)
postgres=# \q
postgres@postgresql:/root$ exit

Podešavanje PostgreSQL baze podataka¶

Fajl postgresql.conf¶

Ne treba menjati ovaj fajl ukoliko se PostgreSQL baza instalira na istoj VM gde ste instalirali RADIUS server.

Ovaj fajl je potrebno izmeniti samo ukoliko PostgreSQL bazu instalirate na zasebnoj VM. Putem ovog fajla se omogućava konekcija sa RADIUS RP

Potrebno je izmeniti deo CONNECTIONS AND AUTHENTICATION

vim /var/lib/pgsql/14/data/postgresql.conf

Ispod linije: #listen_addresses = 'localhost' dodati liniju:

listen_addresses = '*'

Sačuvati izmene fajla.

Restart postgresql-14 procesa:

systemctl restart postgresql-14

Kreiranje radius korisnika¶

Ukoliko se naredne komande izvrše sa putanje /root prikazalo bi se obaveštenje could not change directory to "/root": Permission denied

To obaveštenje ne utiče na rezultat komandi tako da nije od presudog značaja
Bilo bi ipak preporuka pokrenuti ove komande sa putanje /var/lib/pgsql/

[root@postgresql ~]# cd /var/lib/pgsql/
[root@postgresql pgsql]# su postgres
bash-4.2$ psql
psql (14.6)
Type "help" for help.

postgres=#

Potrebno je kreirati radius korisnika u instaliranoj PostgreSQL bazi podataka

postgres=# CREATE USER radius WITH NOSUPERUSER NOCREATEDB NOCREATEROLE PASSWORD 'L0z1nk@123';

Pregled kreiranog radius korisnika:

postgres=# \du
                                   List of roles
 Role name |                         Attributes                         | Member of
-----------+------------------------------------------------------------+-----------
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
 radius    |                                                            | {}

Kreiranje radius baze u okviru PostgreSQL baze podataka¶

Potrebno je kreirati radius bazu u instaliranoj PostgreSQL bazi podataka i dodeliti pivilegije korisniku iz prethodnog koraka

postgres=# CREATE DATABASE radius;
postgres=# GRANT ALL PRIVILEGES ON DATABASE radius TO radius;

Pregled kreirane radius baze:

postgres=# \l
                                  List of databases
   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
 postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 radius    | radius   | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
           |          |          |             |             | postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
           |          |          |             |             | postgres=CTc/postgres
(4 rows)

Za sada je radius baza prazna i potrebno je importovati u nju odgovarajuće tabele u nastavku uputstva

postgres=# \c radius
You are now connected to database "radius" as user "postgres".
radius=# \dt
Did not find any relations.

Izlaz iz postgres baze podataka:

postgres=# \q
exit

Fajl pg_hba.conf¶

Izmene fajla pg_hba.conf kada su RADIUS server i PostgreSQL baza podataka na istoj VM¶

Da bi se importovale tabele u okviru radius baze potrebno je editovati fajl pg_hba.conf

cd /var/lib/pgsql/14/data/

vim pg_hba.conf

Fajl pg_hba.conf Hint

Potrebno je zakomentarisati liniju local all all peer i ispod nje dodati liniju :

local   all             all                                     scram-sha-256

Potrebno je zakomentarisati linije:

local   replication     all                                     peer
host    replication     all             127.0.0.1/32            scram-sha-256
host    replication     all             ::1/128                 scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer

# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            scram-sha-256
host    replication     all             ::1/128                 scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
#local   all             all                                     peer
local   all             all                                     scram-sha-256

# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            scram-sha-256
#host    replication     all             ::1/128                 scram-sha-256

Sačuvati izmene fajla.

Restart postgresql-14 procesa:

systemctl restart postgresql-14

Izmene fajla pg_hba.conf kada su RADIUS server i PostgreSQL baza podataka na različitim VM¶

Da bi se importovale tabele u okviru radius baze potrebno je editovati fajl pg_hba.conf

cd /var/lib/pgsql/14/data/

vim pg_hba.conf

Fajl pg_hba.conf Hint

Potrebno je zakomentarisati liniju local all all peer i ispod nje dodati liniju :

local   all             all                                     scram-sha-256

Potrebno je zakomentarisati liniju host all all 127.0.0.1/32 scram-sha-256 i ispod nje dodati liniju gde deo 1xx.xxx.xxx.xxx predstavlja IP adresu RADIUS servera:

host    all             all             1xx.xxx.xxx.xxx/32      scram-sha-256

Potrebno je zakomentarisati linije:

local   replication     all                                     peer
host    replication     all             127.0.0.1/32            scram-sha-256
host    replication     all             ::1/128                 scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer

# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            scram-sha-256
host    replication     all             ::1/128                 scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
#local   all             all                                     peer
local   all             all                                     scram-sha-256
# IPv4 local connections:
#host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             1xx.xxx.xxx.xxx/32      scram-sha-256
# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            scram-sha-256
#host    replication     all             ::1/128                 scram-sha-256

Sačuvati izmene fajla.

Restart postgresql-14 procesa:

systemctl restart postgresql-14

Import tabela radacct, radcheck, radgroupcheck, radreply, radgroupreply, radusergroup, radpostauth i nas¶

Import navedenih tabela kada su RADIUS server i PostgreSQL baza podataka na istoj VM¶

Potrebno je otići na sledeću putanju:

cd /usr/local/etc/raddb/mods-config/sql/main/postgresql

Importovati fajl schema.sql koji sadrži potrebne tabele:

[root@postgresql postgresql]# su postgres
[postgres@postgresql postgresql]$ psql -U radius radius < /tmp/schema/schema.sql
Password for user radius:

Napomena: Uneta komanda traži unos lozinke radius korisnika koji je kreiran u prethodnim koracima.

Izveštaj:

[root@postgresql postgresql]# su postgres
[postgres@postgresql postgresql]$ psql -U radius radius < /tmp/schema/schema.sql
Password for user radius:
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX

Izlaz iz PostgreSQL baze podataka:

[postgres@postgresql postgresql]$ exit

Import navedenih tabela kada su RADIUS server i PostgreSQL baza podataka na različitim VM¶

Preskočiti ovaj deo ukoliko se PostgreSQL baza instalira na istoj VM gde ste instalirali RADIUS server.

U ovom slučaju potrebno je preneti schema.sql fajl sa RADIUS servera na ovu VM. Možete da kreirate direktorijum /tmp/schema/ u svrhu skladištenja šeme:

mkdir /tmp/schema/

Zatim sa lokacije /usr/local/etc/raddb/mods-config/sql/main/postgresql na RADIUS serveru preneti fajl schema.sql u novokreirani direktorijum na VM gde je PostgreSQL baza.

Vratiti se u direktorijum /var/lib/pgsql/ :

cd /var/lib/pgsql/

Importovati fajl schema.sql koji sadrži potrebne tabele u radius bazu korišćenjem radius korinika i njegove lozinke:

[root@postgresql pgsql]# su postgres
[postgres@postgresql pgsql]$ psql -U radius radius < /tmp/schema/schema.sql
Password for user radius:

Napomena: Uneta komanda traži unos lozinke radius korisnika koji je kreiran u prethodnim koracima.

Izveštaj:

[root@postgresql pgsql]# su postgres
[postgres@postgresql pgsql]$ psql -U radius radius < /tmp/schema/schema.sql
Password for user radius:
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX

Izlaz iz PostgreSQL baze podataka:

[postgres@postgresql pgsql]$ exit

Import tabele cui¶

Import tabele cui kada su RADIUS server i PostgreSQL baza podataka na istoj VM¶

Potrebno je otići na sledeću putanju:

cd /usr/local/etc/raddb/mods-config/sql/cui/postgresql/

Importovati fajl schema.sql koji sadrži potrebne tabele:

[root@postgresql postgresql]# su postgres
[postgres@postgresql postgresql]$ psql -U radius radius < /tmp/schema/schema.sql
Password for user radius:

Napomena: Uneta komanda traži unos lozinke radius korisnika koji je kreiran u prethodnim koracima.

Izveštaj:

[root@postgresql postgresql]# su postgres
[postgres@postgresql postgresql]$ psql -U radius radius < /tmp/schema/cui/schema.sql
Password for user radius:
CREATE TABLE
CREATE RULE

Izlaz iz PostgreSQL baze podataka:

[postgres@postgresql postgresql]$ exit

Import tabele cui kada su RADIUS server i PostgreSQL baza podataka na različitim VM¶

Preskočiti ovaj deo ukoliko se PostgreSQL baza instalira na istoj VM gde ste instalirali RADIUS server.

U ovom slučaju potrebno je preneti schema.sql fajl sa RADIUS servera na ovu VM. Možete da kreirate direktorijum /tmp/schema/cui u svrhu skladištenja šeme:

mkdir /tmp/schema/cui

Zatim sa lokacije /usr/local/etc/raddb/mods-config/sql/cui/postgresql/ na RADIUS serveru preneti fajl schema.sql u novokreirani direktorijum na VM gde je PostgreSQL baza.

Vratiti se u direktorijum /var/lib/pgsql/ :

cd /var/lib/pgsql/

Importovati fajl schema.sql koji sadrži potrebne tabele u radius bazu korišćenjem radius korinika i njegove lozinke:

[root@postgresql pgsql]# su postgres
[postgres@postgresql pgsql]$ psql -U radius radius < /tmp/schema/cui/schema.sql
Password for user radius:

Napomena: Uneta komanda traži unos lozinke radius korisnika koji je kreiran u prethodnim koracima.

Izveštaj:

[root@postgresql pgsql]# su postgres
[postgres@postgresql pgsql]$ psql -U radius radius < /tmp/schema/schema.sql
Password for user radius:
CREATE TABLE
CREATE RULE

Izlaz iz PostgreSQL baze podataka:

[postgres@postgresql pgsql]$ exit

Ponovna izmena fajla pg_hba.conf¶

Izmene fajla pg_hba.conf kada su RADIUS server i PostgreSQL baza podataka na istoj VM¶

cd /var/lib/pgsql/14/data/

vim pg_hba.conf

Fajl pg_hba.conf Hint

Potrebno je otkomentarisati liniju local all all peer
Potrebno je zakomentarisati liniju local all all scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
#local   all             all                                     peer
local   all             all                                     scram-sha-256

# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            scram-sha-256
#host    replication     all             ::1/128                 scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
#local   all             all                                     scram-sha-256

# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            scram-sha-256
#host    replication     all             ::1/128                 scram-sha-256

Sačuvati izmene fajla.

Restart postgresql-14 procesa:

systemctl restart postgresql-14

Izmene fajla pg_hba.conf kada su RADIUS server i PostgreSQL baza podataka na različitim VM¶

Da bi se importovale tabele u okviru radius baze potrebno je editovati fajl pg_hba.conf

cd /var/lib/pgsql/14/data/

vim pg_hba.conf

Fajl pg_hba.conf Hint

Potrebno je otkomentarisati liniju local all all peer
Potrebno je zakomentarisati liniju local all all scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
#local   all             all                                     peer
local   all             all                                     scram-sha-256

# IPv4 local connections:
#host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             1xx.xxx.xxx.xxx/32      scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            scram-sha-256
#host    replication     all             ::1/128                 scram-sha-256

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
#local   all             all                                     scram-sha-256

# IPv4 local connections:
#host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             1xx.xxx.xxx.xxx/32      scram-sha-256

# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            scram-sha-256
#host    replication     all             ::1/128                 scram-sha-256

Restart postgresql-14 procesa:

systemctl restart postgresql-14

Provera importovanih tabela¶

[root@postgresql ~]# cd /var/lib/pgsql/
[root@postgresql pgsql]# su postgres
[postgres@postgresql pgsql]$ psql
psql (14.6)
Type "help" for help.

postgres=# \c radius
You are now connected to database "radius" as user "postgres".
radius=# \dt
            List of relations
 Schema |     Name      | Type  | Owner
--------+---------------+-------+--------
 public | cui           | table | radius
 public | nas           | table | radius
 public | radacct       | table | radius
 public | radcheck      | table | radius
 public | radgroupcheck | table | radius
 public | radgroupreply | table | radius
 public | radpostauth   | table | radius
 public | radreply      | table | radius
 public | radusergroup  | table | radius
(9 rows)

Dodatno podešavanje cui tabele¶

Otići na lokaciju /var/lib/pgsql/ :

cd /var/lib/pgsql/

Pristupiti PostgreSQL bazi :

[root@postgresql pgsql]# su postgres
[postgres@postgresql pgsql]$ psql
psql (14.6)
Type "help" for help.

Otvoriti radius bazu:

radius baza se otvara korišćenjem komande: \c radius

postgres=# \c radius
You are now connected to database "radius" as user "postgres".

Trenutne karakteristike cui tabele:

Za ispis karakteristika tabele koristi se komanda: \d cui nakon što se uđe u radius bazu.
Tu se mogu videti veličine, tipovi polja, određena pravila koja se vezuju za tu tabelu i sl.

Prikaz karakteristika cui tabele:

radius=# \d cui
                                                       Table "public.cui"
      Column      |           Type           | Collation | Nullable |                          Default
------------------+--------------------------+-----------+----------+-----------------------------------------------------------
 clientipaddress  | inet                     |           | not null | '0.0.0.0'::inet
 callingstationid | character varying(50)    |           | not null | ''::character varying
 username         | character varying(64)    |           | not null | ''::character varying
 cui              | character varying(32)    |           | not null | ''::character varying
 creationdate     | timestamp with time zone |           | not null | '2023-01-12 12:06:02.704965+01'::timestamp with time zone
 lastaccounting   | timestamp with time zone |           | not null | '-infinity'::timestamp without time zone
Indexes:
    "cui_pkey" PRIMARY KEY, btree (username, clientipaddress, callingstationid)
Rules:
    postauth_query AS
    ON INSERT TO cui
   WHERE (EXISTS ( SELECT 1
           FROM cui cui_1
          WHERE cui_1.username::text = new.username::text AND cui_1.clientipaddress = new.clientipaddress AND cui_1.callingstationid::text = new.callingstationid::text)) DO INSTEAD  UPDATE cui SET lastaccounting = '-infinity'::timestamp with time zone, cui = new.cui
  WHERE cui.username::text = new.username::text AND cui.clientipaddress = new.clientipaddress AND cui.callingstationid::text = new.callingstationid::text

Nedovoljno je da cui polje zauzima dužinu od 32 karaktera i ima tip varchar(32) i to u nastavku treba povećati na 128:

Najpre treba odbaciti prisutno pravilo komandom: DROP RULE postauth_query ON cui;
Zatim povećati broj karaktera polja komandom: ALTER TABLE cui ALTER COLUMN cui TYPE varchar(128);
Za ispis novih karakteristika tabele koristi se komanda: \d cui

Prikaz izvršenih komandi:

radius=# DROP RULE postauth_query ON cui;
DROP RULE
radius=# ALTER TABLE cui ALTER COLUMN cui TYPE varchar(128);
ALTER TABLE
radius=# \d cui
                                                       Table "public.cui"
      Column      |           Type           | Collation | Nullable |                          Default
------------------+--------------------------+-----------+----------+-----------------------------------------------------------
 clientipaddress  | inet                     |           | not null | '0.0.0.0'::inet
 callingstationid | character varying(50)    |           | not null | ''::character varying
 username         | character varying(64)    |           | not null | ''::character varying
 cui              | character varying(128)   |           | not null | ''::character varying
 creationdate     | timestamp with time zone |           | not null | '2023-01-12 12:06:02.704965+01'::timestamp with time zone
 lastaccounting   | timestamp with time zone |           | not null | '-infinity'::timestamp without time zone
Indexes:
    "cui_pkey" PRIMARY KEY, btree (username, clientipaddress, callingstationid)

Pošto smo u prethodnim koracima odbacili postojeće pravilo da bismo izmenili veličinu polja, potrebno je vratiti to pravilo:

Napomena: Ukoliko instalirate neku drugu verziju PostgreSQL baze može ovo pravilo biti za nijansu drugačije, zbog toga iskoristite pravilo koje je Vaša verzija baze imala.
Pravilo se vraća komandom:

CREATE RULE postauth_query AS ON INSERT TO cui
   WHERE (EXISTS ( SELECT 1
           FROM cui cui_1
          WHERE cui_1.username::text = new.username::text AND cui_1.clientipaddress = new.clientipaddress AND cui_1.callingstationid::text = new.callingstationid::text)) DO INSTEAD  UPDATE cui SET lastaccounting = '-infinity'::timestamp with time zone, cui = new.cui
  WHERE cui.username::text = new.username::text AND cui.clientipaddress = new.clientipaddress AND cui.callingstationid::text = new.callingstationid::text;

Prikaz ponovnog uvođenja pravila:

radius=# CREATE RULE postauth_query AS ON INSERT TO cui
   WHERE (EXISTS ( SELECT 1
           FROM cui cui_1
          WHERE cui_1.username::text = new.username::text AND cui_1.clientipaddress = new.clientipaddress AND cui_1.callingstationid::text = new.callingstationid::text)) DO INSTEAD  UPDATE cui SET lastaccounting = '-infinity'::timestamp with time zone, cui = new.cui
  WHERE cui.username::text = new.username::text AND cui.clientipaddress = new.clientipaddress AND cui.callingstationid::text = new.callingstationid::text;
CREATE RULE
radius=# \d cui
                                                       Table "public.cui"
      Column      |           Type           | Collation | Nullable |                          Default
------------------+--------------------------+-----------+----------+-----------------------------------------------------------
 clientipaddress  | inet                     |           | not null | '0.0.0.0'::inet
 callingstationid | character varying(50)    |           | not null | ''::character varying
 username         | character varying(64)    |           | not null | ''::character varying
 cui              | character varying(128)   |           | not null | ''::character varying
 creationdate     | timestamp with time zone |           | not null | '2023-01-12 12:06:02.704965+01'::timestamp with time zone
 lastaccounting   | timestamp with time zone |           | not null | '-infinity'::timestamp without time zone
Indexes:
    "cui_pkey" PRIMARY KEY, btree (username, clientipaddress, callingstationid)
Rules:
    postauth_query AS
    ON INSERT TO cui
   WHERE (EXISTS ( SELECT 1
           FROM cui cui_1
          WHERE cui_1.username::text = new.username::text AND cui_1.clientipaddress = new.clientipaddress AND cui_1.callingstationid::text = new.callingstationid::text)) DO INSTEAD  UPDATE cui SET lastaccounting = '-infinity'::timestamp with time zone, cui = new.cui
  WHERE cui.username::text = new.username::text AND cui.clientipaddress = new.clientipaddress AND cui.callingstationid::text = new.callingstationid::text

Izlaz iz PostgreSQL baze podataka:

postgres=# \q
exit

Pregled logova¶

Pregled upisanih logova u PostgreSQL bazu podataka¶

Sledeći koraci odnose se na povezivanje sa PostgreSQL bazom i otvaranje radius baze u okviru nje:

[root@postgresql ~]# cd /var/lib/pgsql/
[root@postgresql pgsql]# su postgres
bash-4.2$ psql
psql (14.6)
Type "help" for help.

postgres=# \c radius
You are now connected to database "radius" as user "postgres".

Pregled radacct tabele:

postgres=#select * from radacct;

Pregled cui tabele :

postgres=#select * from cui;

Izlaz iz PostgreSQL baze podataka:

postgres=# \q
exit