I want to create mysql user that can be connect from any host, i have followed instruction from MYSQL documentation from this link
Adding User Accounts
MYSQL documentation said i should create two user with host localhost and %. So i create two user like documentation said. Give same grant privileges to both. And then execute flush privileges. All user work on localhost, but when i try to connect from other host, it always said Can't connect on MySQL server on ....
Any opinion ?
Related
I am trying to access mysql server in office remotely from home by mysql workbench.
I already solved to connect remotely. I created an user by:
mysql> CREATE USER 'myusername'#'%' IDENTIFIED BY 'some_pass';
And, with this user, I can access the database remotely. But, I don't think it's safe. #'%' means that all hosts can access once they find out 'myusername' and 'some_pass'.
Instead of that, I would like to get it done by an user whose IP is specified. (after removing the user above), I created the user below by:
mysql> CREATE USER 'myusername'#'123.456.789.012' IDENTIFIED BY 'some_pass';
'123.456.789.012' here is the IP address of my home computer.(the number is dummy, though.). With user like this, it allows only the specified host to access. I think it is safer. But, I have already tried this and didn't work. I got the error below on mysql workbench on home computer when trying to connect remotely (by test connection from mysql workbench):
Failed to Connect to MySQL at XXX.XX.XX.XXX:3306 with user myname
Host 'XXX-XXX-XXX-XX-XX.abc.defg.hi.jk' is not allowed to connect to this MySQL server
I don't know why this error pops up.
and also, I tried the user with IP addresses like '123.456.789.%' or '%.456.789.012' which got the same error.
Is there another way to accomplish remote connection safer?
I want to connect to a mysql database from Rapidminer, I am not sure, but to have acces to databases, I have to execute a GRANT ALL string on my mySQL machine first, is that right?
it goes like:
GRANT ALL ON . to user#IPADRESS IDENTIFIED BY 'password';
where IPADRESS should be ipadress of my remote computer, and password is the password of the root login of my mySQL Workbench, is that correct?
but what is the user? I didn't create a user before, and I am trying from rapidminer...
Can you specify a little your question, because I am not sure, if I understand correctly you question.
But: every MySQL connection should have following things:
database name
host
username
password
table name
An user you can create from MySQL workbench, not from RapidMiner. I think, the same database can have multiple users with respective passwords.
I need to give a remote user access to a MySQL database. I also need to limit the permissions they have to the MySQL database tables. The current database contains approx. 50+ tables so rather than revoke permissions table by table, I'm trying to give the user access with no privileges and then add those that are needed. What I've done appears to work when:
I'm logged in as root (via SSH)
I login using "mysql -u username -p" - enter my password for the newly created user.
This users account honors all the privileges I've set up. However, when this user tried to connect via their desktop client - they can connect but can not view the database. When using "use databasename" they get this error:
Error Code: 1044. Access denied for user 'username'#'%' to database 'database_name'
Not sure if this helps but I'm using Media Temple DV w/ Plesk. I've first added the user. Then I SSH in and revoked ALL privileges. Then I added the privileges for the user and did command "flush privileges". Nothing is working. As I said, if I'm accessing via the command line (after SSHing in as root) the permissions are honored and I can access the database - just not remotely.
Any help would be greatly appreciated.
May be network that is allowed to connect is localhost, but not users network IP.
And check max connections amount.
If you're logged in as root via SSH and MySQL database is on the same machine, then i guess that if you run:
mysql -u username -p
you try to connect to MySQL as 'username'#'localhost' user.
If you want to connect to MySQL database from outside of this server, you need to:
create user like 'username'#'%' which allow to connect to MySQL using 'username' from anywhere ('%')
allow mysql server to connect from outside by setting bind-address more details here
I have the current setup:
SVR01:
Ubuntu Trusty, with Xen
VM01:
IP: 192.168.0.10
Ubuntu Trusty, with Apache2 + php modules
VM02:
IP: 192.168.0.11
Ubuntu Trusty, with mysql server
When I try connecting from VM01 (The apache server) to mysql on VM02, I get the "Access Denied for 'NewUser'#'192.168.0.10' (Using password: YES)" error.
I created the user using:
CREATE USER 'NewUser'#'192.168.0.10' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'192.168.0.10';
But, it will work if I create the user using the host wildcard:
CREATE USER 'NewUser'#'%' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'%';
Does anyone know why it won't work when I specify the host ip?
PS. I get the error when trying to connect either through the Mysql client, or through the PHP PDO.
Follow up questions:
Does the grant seem to work if you create a user with a 192.168.0.% wildcard host mask?
Run select user, host, password from mysql.user where user='NewUser' to ensure there's not another user#host you weren't aware of that might be getting picked up?
Does the Access denied messages in your error logs confirm the failed connection attempts are in fact coming from the IP you think it is? Some weirdness like this might pop up if you have multiple routes setup in a system that has multiple network interfaces or perhaps some VPN routes in the mix.
When attempting connections to VM02 are you using a literal IP address or a hostname? If the later are you sure this is resolving to the IP you think it is from VM01 (you can verify using ping or just the host command from the command line)
Run "show variables like 'init_connect';" on the root account you were creating the users with. If that value is not blank you will want to ensure the accounts of permissions required to execute whatever that value does hold.
I've just tried to create a bunch of users for a (currently local) database but I'm having issues connecting to the database and not too sure what I'm doing wrong.
The users exist after creation but I can't connect to the database with their credentials while using Workbench for connection testing.
I've created my users and then granted them permission straight after as so:
CREATE USER 'username'#'%' IDENTIFIED BY 'password';
GRANT ALL ON DATABASE.* TO 'username'#'%';
If I run SELECT * FROM mysql.user; to see the users, I can see that the users are there.
I've tried flushing privileges but it doesn't seem to make any difference.
When trying to connect to the server via Workbench as one of the users I've created I get re-prompted for my password. It then seems to either hang or tell me the password is wrong.
This is initially local for development purposes but I'll be setting this up on a server once I've got this working. Could this be down to it being ran locally?
As mentioned in the MySQL documentation for adding users, when connecting locally a user must be created #'localhost' as well as to wildcard locations:
Two of the accounts have a user name of monty and a password of
some_pass. Both accounts are superuser accounts with full privileges
to do anything. The 'monty'#'localhost' account can be used only when
connecting from the local host. The 'monty'#'%' account uses the '%'
wildcard for the host part, so it can be used to connect from any
host.
It is necessary to have both accounts for monty to be able to connect
from anywhere as monty. Without the localhost account, the
anonymous-user account for localhost that is created by
mysql_install_db would take precedence when monty connects from the
local host. As a result, monty would be treated as an anonymous user.
The reason for this is that the anonymous-user account has a more
specific Host column value than the 'monty'#'%' account and thus comes
earlier in the user table sort order. (user table sorting is discussed
in Section 6.2.4, “Access Control, Stage 1: Connection Verification”.)
With a user only being denoted with a host name of '%' to allow for connection anywhere MySQL will instead use the anonymous <anonymous>''#'localhost' account because it will attempt to match the localhost location first and then not find the related user name for localhost and so use the <anonymous> user instead.
Alternatively, the anonymous user can be deleted and this should also fix the problem rather than having to duplicate users.