Well, after reading topics with the same name without success I feel forced to ask again and show you my scenario:
I am on a Kali Linux machine, my mysql config file (/etc/my.cnf) is setup this way:
bind-address = 172.16.1.228
I reset the service I can't enter neither remotely nor localy, I got this 2 errors depending on how I access:
root#Adkadon:~# mysql -u root -p -h 172.16.1.228
Enter password:
ERROR 1130 (HY000): Host 'Adkadon' is not allowed to connect to this MySQL server
mysql -u root -p -h 127.0.0.1
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)
Note that without the -h 127.0.0.1 I have never been allowed to access.
So, I change the my.cnf and set bind-address to 0.0.0.0.
I access this way: mysql -u root -p -h 127.0.0.1, I do the following:
GRANT ALL PRIVILEGES ON *.* TO root#172.16.1.228 BY ‘root‘ WITH GRANT OPTION;
Again change bind-address to 172.16.1.228 and no success.
This is the output of SELECT user,host FROM user; inside the database:
root | 127.0.0.1 |
| root | 172.1.16.228 |
| root | ::1 |
| debian-sys-maint | localhost |
| root | localhost |
| root | repo
I don't know what do to, any idea¿? Thank you very much
If I guess right, 172.1.16.228 is your IP of mysql server .
'Adkadon' is the host where you try to access mysql from.
If that is the case, get the IP address of Adkadon (ifconfig)
Say if 172.1.16.xxx is your host IP, then in my.cnf mention
bind-address = 172.16.1.xxx
This indicates connections are allowed only from 172.16.1.xxx
Create a user root#172.16.1.xxx
And for connecting to mysql , use command
mysql -u root -p -h 172.1.16.228
Please note, -h 172.1.16.228 indicates where to connect to, not where it is connecting from.
Does it solve your problem? Or am I missing something from your question?
Related
This question relates to 3rd party tool dbdeployer, located Dbdeployer at Github
The section in question:
Users:
root, with the default grants as given by the server version being installed.
I have an instance installed on port 5730 and port 5731 respectively. (Corresponds to MySQL 5.7.30 and 5.7.31).
I can connect like this:
mysql -u msandbox -p -h 127.0.0.1 -P 5730
mysql -u msandbox -p -h 127.0.0.1 -P 5731
mysql -u mycustomusername -p -h 127.0.0.1 -P 5730
I created a file for grants like shown in the article:
use the option --post-grants-sql-file to load the instructions.
> cat << EOF > orchestrator.sql
CREATE DATABASE IF NOT EXISTS orchestrator;
CREATE USER orchestrator IDENTIFIED BY 'msandbox';
GRANT ALL PRIVILEGES ON orchestrator.* TO orchestrator;
GRANT SELECT ON mysql.slave_master_info TO orchestrator;
EOF
$ dbdeployer deploy single 5.7 \
--post-grants-sql-file=$PWD/orchestrator.sql
This works fine for a new empty database deployed by the SQL script (and its grants), but I now have an existing instance, and want to create a new database from within the mysql instance.
The article claims that root should be available, but:
mysql -u root -p -h 127.0.0.1 -P 5731
Access denied for user 'root'#'localhost' (using password: YES)
I have the local instance installed on 3306, but this is not supposed to be the user I need to login with.
When I do this:
mysql -u root -p -h localhost -P 5731
I am able to login, _however this seems to ignore the port (when connecting as localhost) because I see different databases (those on port 3306 and not those from 5730/5731)!
This also confirms my suspicion that port gets ignored :
SHOW GRANTS FOR mycustomusername;
ERROR 1141 (42000): There is no such grant defined for user 'mycustomusername' on host '%'
SHOW GLOBAL VARIABLES LIKE '%port%';
.... truncated ....
port | 3306
I need to use root#host5731 and root#host5730 but there does not seem a way to use root here?
I need to do one (either) of the following:
Use root user at these ports,
Get a way to let msandbox or mycustomusername to be able to have ability to do GRANT ALL PRIVILEGES on a new database.
Why?
I cannot remove/recreate a new MySQL instance to add new databases (using the SQL file method) --post-grants-sql-file when I already have existing databases.
Dbdeployer instances and setup installed and configures the password for root to be the same password as the username specified (default username msandbox).
You cannot do this (even though some answers on the github repo claim you can)
dbdeployer deploy single 5.7.31 -u root -p somepassword
Rather what happens (and not clearly mentioned anywhere easily accessible) is that you can do the following:
dbdeployer deploy single 5.7.31 -u someuser -p somepassword
Dbdeployer setup then deploys this someuser AND root to have the same password (somepassword).
More information:
I found that I could do this:
cd /var/dbdeployer/instance/location/of/mysql.5.7.31/
./use -u root
(Not specifying the password here.)
Inspecting the ./use script, it greps the password from your configuration (which is the password for someuser.
This then gives us the ability to login via root to change grants:
mysql -u root -p -h 127.0.0.1 -P 5731
I have now changed the password from inside:
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'new-password';
This prevents you from externally using ./use -u root as the password is now different than the other user.
I have created a MariaDB database user user. Looks something like:
MariaDB [(none)]> select host,user,password from mysql.user;
+-----------+-------+-------------------------------------------+
| host | user | password |
+-----------+-------+-------------------------------------------+
| % | user | ***************************************** |
+-----------+-------+-------------------------------------------+
I can connect to the database from a remote computer using command like
mysql -uuser -hdevops.ok -p mydatabase
This works as expected. I can login using my password.
When I am on the database server and try to connect with
[vagrant#devops ~]$ mysql -h127.0.0.1 -uuser -p mydatabase
Enter password:
ERROR 1045 (28000): Access denied for user 'user'#'localhost' (using password: YES)
I expected the % to allow access from all nodes in the network including localhost but it seems this is not how it works.
Is it possible to grant this user local access?
I can create another account of course
create user 'myser'#'localhost' identified by '****';
This would allow me access to the database but that feels more like a workaround.
Update
I now think this is only possible by creating two accounts 'myuser'#'localhost' and 'myuser'#'%'
% does not include localhost. Btw 127.0.0.1 and 127.0.0.2 resolve to localhost and as a consequence these are also not matches by %.
Doesn't make sense but it looks like this is the way it is supposed to work.
The % in the host field means any targeted host is possible.
There is one special case, when the database makes a difference between 127.0.0.1 (TCP based connection) and localhost which connects to the local unix socket.
Consider the db settings skip-networking and bind-address. See
https://mariadb.com/kb/en/mariadb/configuring-mariadb-for-remote-client-access/
TCP connections are usually disabled by default - this might be different depending on distribution, package used, ...
So when you type the following it should work:
mysql -hlocalhost -uuser -p mydatabase
References:
https://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file.
You could also use the --socket option.
i have a problem with connecting to mysql usung 127.0.0.1 for host :
mysql -uroot -p -h 127.0.0.1
ERROR 1045 (28000): Access denied for user 'root'#'127.0.0.1' (using password: YES)
but when i change 127.0.0.1 to localhost its ok.
i checked privilleges for root user with:
mysql> select user,host from mysql.user;
and that is :
root | %
root | 127.0.0.1
root | localhost
why i got this error while root user has privilleges from both 127.0.0.1 and local host ? and how can i fix that to connect to mysql using 127.0.0.1 for host?
Thanks
When using the special hostname localhost your client will connect using a local socket, not a network socket, unless you took special preparations. So there is a difference.
Take a look here: http://dev.mysql.com/doc/refman/5.5/en/can-not-connect-to-server.html
So this sounds like your mysql server does not bind to the loopback network interface or does not listen to network connections at all.
When I try to connect to a local mysql database using it's remote ip-address I get a access denied. When I try to connect to that same database from an external machine, it works without any problems. When I connect to the local database using localhost, it works perfectly as well. E.g., if the database server has the ip 1.2.3.4 then I get the following results:
# From the db server
mysql -u username -h localhost -p #works perfectly
mysql -u username -h 127.0.0.1 -p #works perfectly
mysql -u username -h 1.2.3.4 -p #Access denied
# From any other machine
mysql -u username -h 1.2.3.4 -p #works perfectly
What can I do to allow local access to my database using its remote ip-address? The OS of the database server is Fedora 15 and the MySQL version is 5.5.23.
Try to edit/add bind-address = 0.0.0.0 to your [mysqld] section of your /etc/mysql/mysql.conf.d/mysqld.cnf file and restart MySQL Service.
I found the solution to my problem myself, but I still don't quite understand why it didn't work:
I granted privileges to that user on the hosts % and localhost:
# Before
+-----------------+------------+
| Host | User |
+-----------------+------------+
| % | username |
| localhost | username |
+-----------------+------------+
With these settings I got the results I showed above. When I granted privileges to that user on host it suddenly did work.
# After
+-----------------+------------+
| Host | User |
+-----------------+------------+
| % | username |
| localhost | username |
| <myIpAddress> | username |
+-----------------+------------+
Apparently % does work for remote connections, but not for local connections.
This particular issue can be caused by host name resolution.
I have resolved it in my particular case by deleting this variable from my my.cnf config file:
skip-name-resolve
Either remark the variable by placing a pound sign # or just delete it from your my.cnf after making sure you back it up, of course.
I've installed MySQL server on a remote Ubuntu machine. The root user is defined in the mysql.user table this way:
mysql> SELECT host, user, password FROM user WHERE user = 'root';
+------------------+------+-------------------------------------------+
| host | user | password |
+------------------+------+-------------------------------------------+
| localhost | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| ip-10-48-110-188 | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| 127.0.0.1 | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| ::1 | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+------------------+------+-------------------------------------------+
I can access with user root from the same remote machine command-line interface using the standard mysql client. Now I want to allow root access from every host on the internet, so I tried adding following row (it's an exact duplicate of the first row from previous dump, except for the host column):
mysql> SELECT host, user, password FROM user WHERE host = '%';
+------------------+------+-------------------------------------------+
| host | user | password |
+------------------+------+-------------------------------------------+
| % | root | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+------------------+------+-------------------------------------------+
But my client on my personal PC continues to tell me (I obscured the server IP):
SQL Error (2003): Can't connect to MySQL server on '46.x.x.x' (10061)
I can't tell if it's a authentication error or a network error. On the server firewall I enabled port 3306/TCP for 0.0.0.0/0, and that's ok for me...
Update:
As mentioned in the comments, since MySql 8 you need to first explicitly create the user, so the command will look like:
CREATE USER 'root'#'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Original answer:
There's two steps in that process:
a) Grant privileges. As root user execute with this substituting 'password' with your current root password :
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password';
b) bind to all addresses:
The easiest way is to comment out the line in your my.cnf file:
#bind-address = 127.0.0.1
and restart mysql
service mysql restart
By default it binds only to localhost, but if you comment the line it binds to all interfaces it finds. Commenting out the line is equivalent to bind-address=*.
To check where mysql service has binded execute as root:
netstat -tupan | grep mysql
Update For Ubuntu 16:
Config file is (now)
/etc/mysql/mysql.conf.d/mysqld.cnf
(at least on standard Ubuntu 16)
Run the following query:
use mysql;
update user set host='%' where host='localhost'
NOTE: Not recommended for production use.
MYSQL 8.0 - open mysql command line client
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
use mysql
UPDATE mysql.user SET host='%' WHERE user='root';
Restart mysql service
Sometimes
bind-address = 127.0.0.1
should be
bind-address = *
MariaDB running on Raspbian - the file containing bind-address is hard to pinpoint. MariaDB have some not-very-helpful-info on the subject.
I used
# sudo grep -R bind-address /etc
to locate where the damn thing is.
I also had to set the privileges and hosts in the mysql like everyone above pointed out.
And also had some fun time opening the 3306 port for remote connections to my Raspberry Pi - finally used iptables-persistent.
All works great now.
I'm using AWS LightSail and for my instance to work, I had to change:
bind-address = 127.0.0.1
to
bind-address = <Private IP Assigned by Amazon>
Then I was able to connect remotely.
if you have many networks attached to you OS, yo must especify one of this network in the bind-addres from my.conf file.
an example:
[mysqld]
bind-address = 127.100.10.234
this ip is from a ethX configuration.
In my case the "bind-address" setting was the problem. Commenting this setting in my.cnf did not help, because in my case mysql set the default to 127.0.0.1 for some reason.
To verify what setting MySql is currently using, open the command line on your local box:
mysql -h localhost -u myname -pmypass mydb
Read out the current setting:
Show variables where variable_name like "bind%"
You should see 0.0.0.0 here if you want to allow access from all hosts. If this is not the case, edit your /etc/mysql/my.cnf and set bind-address under the [mysqld] section:
bind-address=0.0.0.0
Finally restart your MySql server to pick up the new setting:
sudo service mysql restart
Try again and check if the new setting has been picked up.
Update the bind-address = 0.0.0.0 in the /etc/mysql/mysql.conf.d/mysqld.cnf and from the mysql command line allow the root user to connect from any Ip.
Below was the only commands worked for mysql-8.0 as other were failing with error syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'abcd'' at line 1
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
UPDATE mysql.user SET host='%' WHERE user='root';
Restart the mysql client
sudo service mysql restart
mysql_update is what you need.
I don't know why anyone would follow the more complex ways of correcting this issue, when MySql graciously built a tool that already does this...