Hi so I am trying to set up my mysql server to accept remote connections from all hostnames by using a % sign in the place of hostname. This however still will not let me connect. My MySQL user table is as follows:
mysql> select host,user from user;
+----------------+------------------+
| host | user |
+----------------+------------------+
| % | guest |
| 127.0.0.1 | root |
| 197.87.180.*** | guest |
| ::1 | root |
| localhost | |
| localhost | debian-sys-maint |
| localhost | root |
| raspberrypi | |
| raspberrypi | root |
+----------------+------------------+
I am able to connect to the server using the username guest from my remote computer with IP address 197.87.180.* but any other IP it gives me the error Access denied for user 'guest'#'197.87..' (using password: YES)
Anyone know the reason for this or what I am doing wrong?
Verify the privileges for guest#'%' with the following:
show grants for 'guest'#'%';
Also, user guest can have a different password for host 197.87.180.*** and another password for host %.
You can verify if the password is the same for both instances of guest user by executing the following query: select host,user,password from mysql.user;
If they don't have the same password, you can change it by executing the following: set password for guest#'%' = password('newPwd');
Cheers,
JF
Related
I'm trying to connect my mysql server from remote host (IP: 10.26.72.109) with username 'applogger' and having above mentioned error.
when I checked mysql user table, I think it's having enough privileges.
mysql> select host,user from mysql.user where user='applogger' order by host desc, user desc;;
+---------------+-----------+
| host | user |
+---------------+-----------+
| ms.portal-01 | applogger |
| localhost | applogger |
| 10.26.72.70 | applogger |
| 10.26.72.109 | applogger |
| % | applogger |
+---------------+-----------+
Here ms.portal-01 and 10.26.72.70 are same hosts and I can successfully make mysql connection from that servers.
According to the Mysql refernace, Mysql server will load user privileges based on host and user most specific values.
How can I make the mysql connection from 10.26.72.109 successfully?
Can anyone help on this?
When I create a user in mysql, following this:
CREATE USER IF NOT EXISTS 'devadmin'#'localhost' IDENTIFIED BY 'admindev';
GRANT ALL PRIVILEGES ON developerparse.* TO 'devadmin'#'%';
FLUSH PRIVILEGES;
I can join into mysql:
mysql -u devadmin -p
but I need set remote access for user, so when I set the host to '%':
CREATE USER IF NOT EXISTS 'devadmin'#'%' IDENTIFIED BY 'admindev';
and trying to join mysql, I get an error:
MySQL ERROR 1045 (28000): Access denied for user 'devadmin'#'localhost' (using password: YES)
How to resolved that?
table of users accounts:
select user, host from mysql.user;
+------------------+-----------+
| user | host |
+------------------+-----------+
| devadmin | % |
| devuser | % |
| prodadmin | % |
| produser | % |
| testadmin | % |
| testuser | % |
| debian-sys-maint | localhost |
| developer | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+-----------+
% mean this user can be from any host. localhost, the user can only from that server. This can be usefull for root by example (security purpose). root#localhost mean nobody can connect with root user, except from the server itself.
The error is 1045. But my username and password are correct.
I am connecting as fcapdi from 192.168.0.18 (to 192.168.0.240:3306)
My users table
MariaDB [(none)]> SELECT User,Host FROM mysql.user;
+--------+-----------+
| User | Host |
+--------+-----------+
| dba | % |
| fcapdi | % |
| root | 127.0.0.1 |
| root | ::1 |
| | localhost |
| root | localhost |
| | tester |
| root | tester |
+--------+-----------+
When I login with phpMyAdmin with the root account I receive
#1045 - Access denied for user 'root'#'localhost' (using password: YES)
But my account dba can login fine. What is going on?
Also I guess I should note the MySQL instance is sitting on a server that has 2 NIC's and sits on 2 (internal) networks. One is a local domain 192.168.0/24 the other is a larger domain 10.228./16.
I can login via the fcapdi account from the 10.228./16 network. But not from the 192.168.0./24 network.
Execute:
GRANT ALL ON
your_database_schema_name.* to
'fcapdi'#'192.168.0.18' IDENTIFIED BY 'your_connection_password';
as user with GRANT privileges on the server and try to connect.
As an aside question under comments
SET PASSWORD FOR 'root'#'localhost' = PASSWORD('newPass123^');
SET PASSWORD FOR 'root'#'127.0.0.1' = PASSWORD('newPass123^');
SET PASSWORD FOR 'root'#'etc_etc' = PASSWORD('newPass123^');
you can also do it in a single update statement but it depends on your mysql version
create user 'joe1'#'localhost' identified by 'blah';
create user 'joe1'#'127.0.0.1' identified by 'afadfafsdblah2';
create user 'joe1'#'%' identified by 'djdjdjjdjdd';;
select user,host,password from mysql.user where user='joe1';
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| joe1 | localhost | *0380BEA27363E56C37F0BFDA438F429080848051 |
| joe1 | % | *7BEAF25E9BDFBDEF5A9B9E4A37023721B668FA51 |
| joe1 | 127.0.0.1 | *5CD978E569B31B1558E5C1D0972E6E02516893BF |
+------+-----------+-------------------------------------------+
update mysql.user set password=PASSWORD('nEW_COMMon_password762') where user='joe1';
-- 3 rows updated
select user,host,password from mysql.user where user='joe1';
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| joe1 | localhost | *A248B352CE5BF750A11AA9BA253B5F191C721D1A |
| joe1 | % | *A248B352CE5BF750A11AA9BA253B5F191C721D1A |
| joe1 | 127.0.0.1 | *A248B352CE5BF750A11AA9BA253B5F191C721D1A |
+------+-----------+-------------------------------------------+
For Mysql 5.7 it is not a column named password. Instead do it against authentication_string
Cleanup:
drop user 'joe1'#'%';
drop user 'joe1'#'127.0.0.1';
drop user 'joe1'#'localhost';
I just set up mysql my Yosemite by following the directions here:
http://coolestguidesontheplanet.com/get-apache-mysql-php-phpmyadmin-working-osx-10-10-yosemite/
I tried to set the password for root with the mysqladmin command. The result is that now I can log in mysql with the new password or no password. I think it's because one root user (root#localhost) has no password and the other root user has the new passwor.
Should I drop any root users here? I don't understand why 2 root users exist for both localhost and macbook-pro.local.
+------+-------------------+
| User | Host |
+------+-------------------+
| root | 127.0.0.1 |
| root | ::1 |
| | localhost |
| root | localhost |
| | macbook-pro.local |
| root | macbook-pro.local |
+------+-------------------+
So I got another representation by add the password field:
mysql> select User,Host,password from mysql.user;
+------+-------------------+-------------------------------------------+
| User | Host | password |
+------+-------------------+-------------------------------------------+
| root | localhost | *xxx |
| root | macbook-pro.local | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | macbook-pro.local | |
+------+-------------------+-------------------------------------------+
So this made me understand that there are users with empty strings and I guess there's no duplicate after all. But then how do I NOT let users log in with just:
mysql -u root
Set password for all root user:
SET PASSWORD FOR 'root'#'localhost' = PASSWORD('cleartext password');
SET PASSWORD FOR 'root'#'macbook-pro.local' = PASSWORD('cleartext password');
SET PASSWORD FOR 'root'#'127.0.0.1' = PASSWORD('cleartext password');
SET PASSWORD FOR 'root'#'::1' = PASSWORD('cleartext password');
And if you don't want any user can log into your mysql without username and password, drop any user from the list:
DROP USER ''#'localhost';
DROP USER ''#'macbook-pro.local';
Note that '' (blank) user is any user. If you don't set a password for them, any user(human, machine) can log into your mysql with any (means anything,any word,any phrase) as username without a password.
But, your 2 blank users here is used by mysql (itself) during installation of mysql service, and it doesn't have granted access. If you have installed mysql service, you can safely drop them.
see reference1
see reference2
I'm having this strange problem. We have a ubuntu 12.04 server with 2 NICs. One public with 172.30.1.1, the other is private with 192.168.1.1. We have a MySQL server running. In /etc/mysql/my.conf, we have bind-address = 0.0.0.0.
A table is created and privilege granted.
CREATE DATABASE db;
GRANT ALL ON db.* TO 'user0'#'%' IDENTIFIED BY 'password';
GRANT ALL ON db.* TO 'user0'#'localhost' IDENTIFIED BY 'password';
The hostname is 'myhost', and it's in /etc/hostname. /etc/hosts has
127.0.0.1 localhost
127.0.1.1 myhost
192.168.1.1 myhost
When I connect with 172.30.1.1, it's fine. But when I use 192.168.1.1, the access is denied.
mysql -h 192.168.1.1 -uuser0 -ppassword
ERROR 1045 (28000): Access denied for user 'user0'#'myhost' (using password: YES)
I have the user table like this.
mysql> SELECT user, host FROM mysql.user;
+------------------+-----------+
| user | host |
+------------------+-----------+
| user0 | % |
| root | 127.0.0.1 |
| root | ::1 |
| | localhost |
| debian-sys-maint | localhost |
| user0 | localhost |
| root | localhost |
| | myhost |
| root | myhost |
+------------------+-----------+
I observed the difference is that I have 192.168.1.1 myhost line in /etc/hosts file; not 172.30.1.1. If I remove that line or change the hostname after the IP, it will work fine. If I add 172.30.1.1 myhost to /etc/hosts, then I can't connect with 172 IP. How to explain this?
Usually anonymous users (empty username) have the effect like that. When looking for a match in mysql.user table, the ''#myhost found first (since '' matches every user), and 'user0'#'%' is ignored.
The best practice is to remove empty usernames.