MySQL ODBC Link Fails due to "authentication protocol refused" - mysql

I've had a good search around but not yet found an answer that allows me to rectify this problem.
I'm trying to connect from MS Access to a MySQL 5.2 database on a remote server.
I've set up a user account which has select, insert, update, delete privileges on the table in question. However, when I try to connect with this account, I get:
Connection Failed [HY000][MySQL][ODBC 5.2(w) Driver] Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)
When I try to access with the root account, the connection works, which makes me wonder why it's returning an authentication protocol error, since the same driver is being used - all that's changing is the account used - so surely is passing the password via the same authentication protocol? Why would one username/password combination return a protocol error but not another?
It seems this error is very common, but I haven't yet found a response that gives a clear solution. Can you help?

The problem here was due to two concurrent issues.
On the remote server, the global setting OLD_PASSWORDS was set to 1 - meaning that passwords were being hashed in the pre-4.1 method.
the root account had been encoded in the newer hashing method despite the global setting (presumably it had been entered before this parameter was set), meaning that it was being granted access via the ODBC connection because the new hashing was beign recognised.
The global setting caused the PASSWORD() function in MySQL to hash any entered value in the old method instead of the new method as it was supposed to.
I assumed that the DBA had set OLD_PASSWORDS to 1 for a good reason so as a solution I used
Set session old_passwords=0;
set password for 'user'#'%' = password('mypassword');
Using the password() function had not worked previously because the global setting OLD_PASSWORDS=1 caused it to use the same hashing as the OLD_PASSWORD() function. The session setting allowed it to produce the correct password.

"When I installed 5.1.12 instead, I had no problems"
Ditto! Just successfully authenticated into MySQL using ODBC driver version 5.1.12. I have NO idea why MySQL doesn't provide a better way to handle this error w/ its newer drivers, but i can confirm that using ODBC driver 5.1.12 DOES work.
Here is a link to the 5.1.12 ODBC driver installation page.
http://dev.mysql.com/downloads/file.php?id=411741

I was getting the same error message, while my co-worker was not having any problems. I was trying to use MySQL ODBC driver 5.1.13 (the latest GA version available) and she had 5.1.12. When I installed 5.1.12 instead, I had no problems.

Related

MySQL 8.0.11 error connecting due to caching_sha2_password

When I try to connect to server on MySQL Workbench, I get the error saying
Your connection attempt failed to user 'root' from your host to server as localhost:3306:
Authentication plugin caching_sha2_password cannot be loaded:
The specified module could not be found.
It seems like I do not have the module for caching_sha2_password installed. How do I install this plugin?
I tried to follow steps provided here. But this is my first interaction with MySQL, so I did not understand the steps.
For example, under Using SHA-2 Pluggable Authentication, it says
"storing those values in the plugin and authentication_string columns of the > mysql.user system table."
But where is the mysql.user system table and how do I access it and store the values?
Any help would be greatly appreciated!
You are looking at the wrong places. The story is this:
MySQL 8 introduced a new authentication method: caching_sha2_password which improves performance (hence the caching) for a secure authentication (the sha2 hashing). This breaking change had been made the default for new accounts pretty late so that MySQL Workbench (and quite a number of other client tools) could not be made ready for it when MySQL 8.0.11 was released. Unprepared client applications/libraries will show the mentioned error.
Many of the socalled "solutions" simply recommend to switch the authentication method to the older, less secure one (MySQL native). This is rather a hack than a solution. And keep in mind this only applies to new accounts which by default use the new auth method. Existing accounts (e.g. when you upgrade an older server to 8.0) still work as before, unless you explicitly changed the user's auth method.
Meanwhile MySQL Workbench catched up here and there's a release candidate (MySQL Workbench 8.0.11 RC) available on the MySQL download page (see the "Development Releases" tab). Use that for your 8.x server. A GA version will follow soon.

SSL connection working in MySQL Workbench, but not in DBeaver

EDIT for present day readers
This was a bug in an old version of DBeaver that was subsequently fixed.
I am getting an 'access denied' error trying to connect to a Google Cloud SQL MySQL instance with SSL in DBeaver.
I am able to:
connect to the server with the same SSL credentials in MySQL Workbench
connect without SSL credentials (through user name / password) in DBeaver.
Any suggestions why this might be?
You can add connection with SSL support, at least in latest version for today (5.1). Create connection as usual, then skip testing and go to next step, then on SSL tab select "Require SSL" and unselect other checkboxes if selected, then test the connection.
in dbeaver the ssl connection configuration is available but it is not working and it is not implemented, it took me a day to find out that this is because of dbeaver bug. If you need to connect through ssl to Postgres, you can use 'DataGrip' instead.
As mentioned here:
https://dbeaver.io/forum/viewtopic.php?f=2&t=1921
'Currently DBeaver doesn't support SSL connections out of the box.
You could try to configure it manually if you are familiar with Java (instructions are at https://jdbc.postgresql.org/documentati ... lient.html).
Easy SSL support is in TODO and will be added in one of next versions.'
I get to do access database in DBeaver updating only useSSL = true in Driver Properties. See the picture:
Verify if the useSSL property is set to TRUE in data-sources.json. In windows its path is path-to-user/AppData\Roaming\DBeaverData\workspace6\General\.dbeaver\data-sources.json.
I had a similar issue. I am using DBeaver version Version 22.1.0.202206051253.
I noticed even though the driver properties would show useSSL=true, it was not set.
As a result, it throws Access denied for user xxxxxx-XXXXX'#'XXX:XX:X:X' (using password: YES).
In 'Connection Settings' navigate to 'Driver Properties' check whether the 'useSSL' value is 'true' or 'false'. If 'false' make it 'true' and finish.
If value is 'true' first make it 'false' and again change value to 'true'. Then try to connect to databse. It should be success. Most of time that useSSL value not getting correctly by json file. Hence this will update it again.

Windows client for MySQL 4.1

Today i find myself administrating a 2003 MySQL database, does anyone know a Windows Client for MySQL 4.1?
I tried Workbench, DbVisualizer and DBeaver.
The problem mainly is from the auth, somewhere around version 4, MySQL changed the auth method, and the new clients no longer support that kind of connection.
Workbench in particular has an "use old authentication method" as a advanced option, but it seems that it's not enough.
I tried console connection and works just fine, but they are simply to many data and to many work to do to use only console (and the DDBB it's too big as well).
Before checking the "use old auth.." the error message was:
Error connecting to datasource "MySQL - DDBB"
SQL Error [1044] [42000]: Access denied for user 'user'#'%' to database 'information_schema'
Access denied for user 'user'#'%' to database 'information_schema'
Which make sense since the information schema table does not exists in that MySQL version (so i been told)
After checking and using the old auth method, the error is:
Your connection attemp failed for user 'user' from your host to server at ...... MySQL version is older than 5.0, which is not supported.
Anyone has an old client or the possiblity to bypass the old auth and work with a visual client for MySQL 4.1?
Heidi SQL worked just fine.
Also, you can try http://downloads.mysql.com/archives/workbench/
Problem solved.
You might also be able to connect in DBeaver using the MariahDB drivers which have the authentication method built in.

mysql on ec2 amazon instance attempting to login with incorrect user

I've set up a very basic LAMP setup on an ec2 server, all good it seems to work.
However i've seen for some queries a failure to connect to the mysql server with the following error:
[07-Jul-2013 20:15:41 Australia/Sydney] PHP Warning: mysql_real_escape_string(): Access denied for user 'ec2-user'#'localhost' (using password: NO) in /var/www/html/mycobber/class/sql/SqlQuery.class.php on line 40
[07-Jul-2013 20:15:41 Australia/Sydney] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /var/www/html/xxx/xxxx/sql/SqlQuery.class.php on line 40
the thing i dont' understand is the fact that in no location in my mysql connection configuration does it specify the user ec2-user. this is the default user when I log onto the unix server. I've set up a separate account to actually run all my processes, i dont' even use the es2-user.
I've looked online and can't see anything to explain this. does anyone have an idea what's going on here. it's not all the time
Your can't call mysql_real_escape_string without having opened a connection with mysql_connect first.
Quoting from the documentation:
A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned.
The error message refers to your default username # localhost because you haven't opened a connection with specific credentials yet - it doesn't know what account details to use.

SQL Server 2008 Connection Error "No process is on the other end of the pipe"

Let me begin by saying, I am aware of this thread and others around the web that seek to trouble shoot this issue.
The solutions posted there do not apply to my issue. I have spent 5 hours trying to resolve this before deciding to ask the question.
The problem:
When I attempt to log into SSMS (or connect from a java application) using SQL Authentication I get this error:
A connection was successfully established with the server, but then an
error occurred during the login process. (provider: Shared Memory
Provider, error: 0 - No process is on the other end of the pipe.)
(Microsoft SQL Server, Error: 233)
Although it does work, it is not an option for me to use integreated authentication.
The database I am attempting to connect to is on the same machine as my SSMS instance. There is no network, this is a stand-alone system.
NAMED PIPES is ENABLED in my configuration, I HAVE rebooted since, TCP IP is a higher priority than named pipes in my configuration.
I have even gone as far as to uninstall SQL Server and reinstall it, to no avail.
The details of my SQL Server instance are as follows:
Microsoft SQL Server Management Studio - 10.0.2531.0
Microsoft Analysis Services Client Tools - 10.0.1600.22
Microsoft Data Access Components (MDAC) - 6.1.7601.17514
Microsoft MSXML - 3.0 5.0 6.0
Microsoft Internet Explorer - 9.0.8112.16421
Microsoft .NET Framework - 2.0.50727.5466
Operating System - 6.1.7601
Configuration details are as follows:
http://i45.tinypic.com/vxdz7c.png
http://i45.tinypic.com/vxdz7c.jpg
I connect from java using this code.
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
String connectionUrl = "jdbc:sqlserver://localhost;database=AdventureWorks;integratedSecurity=false;User=JIMBO; Password=JIMBO;";
Connection con = DriverManager.getConnection(connectionUrl);
But please remember, this error also occurs when I atttempt to log in to SSMS directly.
Thanks in advance.
-Jim
To force TCP/IP being used replace localhost with 127.0.0.1 in your connection string.
As you are using a username and password make sure SQL authentication is enabled. By default only Windows integrated is enabled on sqlserver 2008.
With SqlServer authentication keep in mind that a password policy is in place to enforce security.
Forcing the TCP/IP connection (by providing 127.0.0.1 instead of localhost or .) can reveal the real reason for the error. In my case, the database name specified in connection string was incorrect.
So, here is the checklist so far:
Make sure Named Pipe is enabled in configuration manager (don't forget to restart the server).
Make sure SQL Server Authentication (or Mixed Mode) is enabled.
Make sure your user name and password are correct.
Make sure the database you are connecting to exists.
My resolution was to login using the Windows Login then go to security>Logins locate the troubled ID And retype the used password. The restart the services...
Adding "user instance=False" to connection string solved the problem for me.
<connectionStrings>
<add name="NorthwindEntities" connectionString="metadata=res://*/Models.Northwind.csdl|res://*/Models.Northwind.ssdl|res://*/Models.Northwind.msl;provider=System.Data.SqlClient;provider connection string="data source=.\SQLEXPRESS2008R2;attachdbfilename=|DataDirectory|\Northwind.mdf;integrated security=True;user instance=False;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
This problem was caused for me by this error which appeared just prior in the application error log.
"A read operation on a large object failed while sending data to the client. A common cause for this is if the application is running in READ UNCOMMITTED isolation level. This connection will be terminated."
I was storing PDFs in a SQL table and when attempting to SELECT from that table it spit out that error, which resulted in the error mentioned in your question.
The solution was to delete the columns that had large amounts of text, in my case Base64 encoded files.
perhaps this comes too late, but still it could be nice to "document it" for others out there.
I received the same error after experimenting and testing with Remote Desktop Services on a MS Server 2012 with MS SQL Server 2012.
During the Remote Desktop Services install one is asked to create a (local) certificate, and so I did. After finishing the test/experiments I removed the Remote Desktop Services. That's when this error appeared (I cannot say whether the error occured during the test with RDS, I don't remember if I used/tried the SQL Connection during the RDS test).
I am not sure how to solve this since the default certificate does not work for me, but the "RDS" certificate does.
BTW, the certificates are found in App: "SQL Server Configuration Manager" -> "SQL Server Network Configuration" -> Right click: "Protocols for " -> Select "Properties" -> Tab "Certificate"
My default SQL Certificate is named: ConfigMgr SQL Server Identification Certificate, has expiration date: 2114-06-09.
Hope this can give a hint to others.
/Kim
For me it was because only Windows Authentication was enabled. To change security authentication mode. In SQL Server Management Studio Object Explorer, right-click the server, and then click Properties. On the Security page, under Server authentication, select the new server authentication mode, and then click OK.
Change Server Authentication Mode - MSDN - Microsoft
https://msdn.microsoft.com/en-AU/library/ms188670.aspx
This Might help as reference
I had the same issue, after multiple trial of suggested solution on this site and others, I found a solution for my scenario. The account was locked out
How to Check if the account is Locked out...
Login to the server using higher privileged account (like SA or admin rights)
Expand security ==> select the login name ==>open the property window of the login ==> select the status page on the property window
Make sure This 3 Things
1, permission to connect database is GRANTED
2, Login is ENABLED
3, Status
SQL server authentication
Login is not locked out (Uncheck the box)
Thanks
Tsige
I just executed connection.close() by adding it as first statement and it was solved. Then i removed the line.
One follow up to this. I had installed SQL Server 2014 with only Windows Authentication. After enabling Mixed Mode, I couldn't log in with a SQL user and got the same error message as the original poster. I verified that named pipes were enabled but still couldn't log in after several restarts. Using 127.0.0.1 instead of the hostname allowed me to log in, but interestingly, required a password reset prompt on first login:
Once I reset the password the account worked. What's odd, is I specifically disabled password policy and expiration.
Another cause is if the user's default database is unavailable.
I had an account that was used for backing up two databases. When the backup user's default database was taken off-line, the "no process on the other end of the pipe" error started.
Came here looking for a solution to a similar issue, which I just introduced by changing Schannel settings of our IIS server using "IIS Crypto" by Nartac... By disabling the SHA-1 hash, the local SQL Server was not able to be reached anymore, even though I didn't use an encrypted connection (not useful for an ASP.Net site accessing a local SQL Express instance using shared memory).
Thanks Count Zero for pointing me in the right direction :-)
So, lesson learned: do not disable SHA-1 on your IIS server if you have a local SQL Server instance.
For me the issue seems to have been caused by power failure. Restarting the server computer solved it.