I have a created user in my MySQL database:
CREATE USER 'user'#'host' IDENTIFIED BY 'password';
I have granted that user full privileges:
GRANT ALL ON *.* to 'user'#'host';
Echoing the grant:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'host' IDENTIFIED BY PASSWORD '*03FFC888F82E921D8CA360925A8F443CF326DE89'
I can connect from MySQL workbench using this login credential w/o any issues and execute queries. And it's running on the same machine the web application is running on. MySQL instance is running on another computer in the same local network.
However, when I try to use the same credentials from my web application running in Tomcat7 under Eclipse I receive the error. Please advise.
Note: As of last night, the web application was able to connect just fine. With nothing changing (that I am aware of - I am only one working on this), this morning I could not connect.
RESOLVED:
I added the user with grants using the IP address for the host for the local machine.
I am not sure what changed on the server, but now I am able to connect again.
Would someone possibly be able to explain this change, and with it why I am now required to use the IP address when previously the local host name was sufficient?
Make sure you are using the appropriate hostname, and you're accessing from that host, the user can't connect from another host.
To give permission you must put the password unencrypted.
Example
GRANT ALL PRIVILEGES ON test. * TO 'root' # 'localhost'
IDENTIFIED BY 'goodsecret';
Also must be the same password when you create the user.
Here How adding users to MySQL
Note: For more information on GRANT here is the documentation.
Hope this helps
Related
I'm in the process of setting up a MySQL server. I set up the server as localhost on port 3306. However I want to be able to access this server over the network. The server has a static IP address. How can I change it from localhost to the static IP address?
I already did this suggestion I found online, and it didn't work:
mysql> GRANT ALL ON *.* to root#'localhost' IDENTIFIED BY 'your-root-password';
mysql> FLUSH PRIVILEGES;
When I try to access it from the server or another PC, I get this error:
Failed to Connect to MySQL at XXXXXX:3306 with user root
HOST 'XXXXXXX' is not allowed to connect to this MySQL server
Thank You.
In addition to the GRANT statement you've already listed above, you also need this one to connect from somewhere other than localhost
GRANT ALL ON *.* to root#'%' IDENTIFIED BY 'your-root-password';
In MySQL land user#somehost is, in practice, a different user than user#some-other-host.
I have the current setup:
SVR01:
Ubuntu Trusty, with Xen
VM01:
IP: 192.168.0.10
Ubuntu Trusty, with Apache2 + php modules
VM02:
IP: 192.168.0.11
Ubuntu Trusty, with mysql server
When I try connecting from VM01 (The apache server) to mysql on VM02, I get the "Access Denied for 'NewUser'#'192.168.0.10' (Using password: YES)" error.
I created the user using:
CREATE USER 'NewUser'#'192.168.0.10' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'192.168.0.10';
But, it will work if I create the user using the host wildcard:
CREATE USER 'NewUser'#'%' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'%';
Does anyone know why it won't work when I specify the host ip?
PS. I get the error when trying to connect either through the Mysql client, or through the PHP PDO.
Follow up questions:
Does the grant seem to work if you create a user with a 192.168.0.% wildcard host mask?
Run select user, host, password from mysql.user where user='NewUser' to ensure there's not another user#host you weren't aware of that might be getting picked up?
Does the Access denied messages in your error logs confirm the failed connection attempts are in fact coming from the IP you think it is? Some weirdness like this might pop up if you have multiple routes setup in a system that has multiple network interfaces or perhaps some VPN routes in the mix.
When attempting connections to VM02 are you using a literal IP address or a hostname? If the later are you sure this is resolving to the IP you think it is from VM01 (you can verify using ping or just the host command from the command line)
Run "show variables like 'init_connect';" on the root account you were creating the users with. If that value is not blank you will want to ensure the accounts of permissions required to execute whatever that value does hold.
I need to connect a desktop application to a MySQL server. The website connect to the database 'localhost'. What would the the full path of the localhost be?
Using CentOS 6.5/apache/zpanel
The answer is probably so obvious that nobody has ever asked it before. But I rally can't figure it out. Here is the screenshot of what I have:
It's the IP address of the server which is running mysql (the same of the webserver, if you're connecting to it as localhost)
But many hosting companies disable remote MySQL by default, you may need to ask them to enabled it, or to whitelist the IP you are connecting from.
You have to grant access to the user you are using to connect from remote, on your case the root user so:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'password' WITH GRANT OPTION;
After this run this other command to refresh the new privileges
FLUSH PRIVILEGES;
The '%' is the option that you allow root to connect from anywhere. You can specify also an IP address.
I try to connect my db using host address as my ip address 203.199.209.**,but not able to connect db.if i try to connect my db using host address as localhost it connected successfully.
How to solve this issue?
MySQL grants access based on which host you are connecting from.
Run this command as root:
SELECT user, host FROM mysql.user;
These are the users which exist on your server. Notice the host column.
In short, a user is defined as both a user name (user) and a point of connection (host). When you access your server as localhost, you actually login as some_user#localhost. On the other hand, when you access the sever via its IP address, you actually login as some_user#your.ip.address.here. I guess the latter does not exist on your server.
You may want to create a new user such as some_user#your.ip.address.here or some_user#% (the percent sign is a wildcard; here, it means "any host"):
CREATE USER 'some_user'#'your.ip.address.here' IDENTIFIED BY 'your_password';
GRANT ALL ON your_database.* to 'some_user'#'your.ip.address.here';
If you wish to dig further, see this manual page for more details about MySQL access control, and this page for the CREATE USER syntax.
[edit]
Obviously, as suggested by others, you first need to make sure your server listens to this IP address (203.199.209.**). But if this were not already the case, you should get the following error:
ERROR 2003 (HY000): Can't connect to MySQL server on '203.199.209.**' (111)
The error you are getting definitely indicates a permission issue.
For mysql-5.7.15-winx64 (Windows Version), login as "root" user and run the following queries in MYSQL:
CREATE USER 'user'#'localhost' IDENTIFIED BY 'pass';
GRANT ALL PRIVILEGES ON *.* TO 'user'#'localhost' WITH GRANT OPTION;
CREATE USER 'user'#'%' IDENTIFIED BY 'pass';
GRANT ALL PRIVILEGES ON *.* TO 'user'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
and then Re-start your MYSQL DB.
For this version of MYSQL DB no changes are required in "my-default.ini" located in the same location as "bin" folder.
I'm giving Toad a try for use with my MySQL db, but I cannot seem to connect (Linux-based server with MySQL database) remotely using Toad. After entering the right credentials for both SSH login and the database login, I still get this:
'Access denied for user 'wlaprise'#'166.203.5.139' (using password: YES)'
I can however successfully login remotely using SSH and MYSQL commands directly from the command line using the same host and credentials, so I believe the credentials and firewall settings are not the problem. The username is the same for both SSH and the db (not the smartest, I know), so I even tried reversing the password entries in case I had the credentials switched. No difference.
I looked through Toad's 'Connection Properties' to see if it was encrypting my credentials somehow which could explain the 'Access denied' error, but didn't see anything.
This has to be basic, but I don't see what I'm missing? Ideas? Thanks.
When you are using shell command line , then you are connecting from localhost,
thus effective permissions are 'wlaprise'#'localhost'
What you can do is to grant permissions to same user, but from different location/IP:
GRANT ALL PRIVILEGES ON *.* TO 'wlaprise'#'166.203.5.139'
IDENTIFIED BY PASSWORD 'mypassword';
or
GRANT ALL PRIVILEGES ON *.* TO 'wlaprise'#'%'
IDENTIFIED BY PASSWORD 'mypassword';