MySQL Forums
Forum List  »  Security

Stumped: Granting access to a client on my network
Posted by: Big Edgar
Date: August 24, 2009 11:45AM

Hi,

I'm running MySQL on a server, and want to add the ability for a client machine on my network to access the server via a client. (FWIW, this is for a MythTV setup to enable a MythTV frontend client to connect to a remote backend server), and the helpful folks on the MythTV list have done all they can to help, so I'm bringing my questions to the MySQL forums in hopes that someone will be able to spot what's wrong.

Anyways, I've granted permissions correctly as far as I can tell, but whenever I login a) from a remote machine, or b) when specifying a host on the local machine, I get an access denied error message at the terminal: ERROR 1045 (28000): Access denied for user 'mythtv'@'mythtv3.local' (using password: YES)

Here's a run down of all of the things I have tried:


1. This works fine (accessing MySQL on the server machine from the server machine):

$ mysql -u mythtv -p

2. But doing this from the server or client machine does *not* work:

$ mysql -u mythtv -h 192.168.5.19 -p
Enter password:
ERROR 1045 (28000): Access denied for user 'mythtv'@'mythtv3.local' (using password: YES)

3. I've granted permissions from very specific all the way up to them wide open:

mysql> select User, Host from user where user='mythtv';
+--------+----------------------+
| User | Host |
+--------+----------------------+
| mythtv | % |
| mythtv | 192.168.5.% |
| mythtv | ubuntu-desktop.local |
| mythtv | localhost |
+--------+----------------------+
4 rows in set (0.00 sec)

4. I'm not running a firewall.

5. I've got skip-networking and bind-address disabled in my.cnf file (and I've restarted MySQL many times since I made these changes):

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
# bind-address = 127.0.0.1

6. Now, I *can* get access from a remote machine if I start mysqld with the --skip-grant-tables option, so that tells me that the problem lies in my grant table. But I can't see anything wrong with it.

7. I can telnet in on 3306 just fine from a remote machine, so I'm confident that this is not a networking issue:

$ telnet 192.168.5.19 3306
Trying 192.168.5.19...
Connected to 192.168.5.19.
Escape character is '^]'.
@
5.0.75-0ubuntu10.2.7k7mCCh,`,UHIt12GO5]

8. I've enabled logging and warnings, but I'm not seeing any warnings get popped anywhere. Errors appear to be showing up in syslog, which is great. But I can't get warnings to show up. According to the MySQL docs, if the value for log-warning is >1, then connection related info is written to the error log:

"The --log-warnings option or log_warnings system variable can be used to control warning logging to the error log. The default value is enabled (1). Warning logging can be disabled using a value of 0. If the value is greater than 1, aborted connections are written to the error log."

So I've set the log level in the DB:

mysql> show global variables like 'log_warn%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_warnings | 1 |
+---------------+-------+
1 row in set (0.00 sec)

mysql> set global log_warnings=2;
Query OK, 0 rows affected (0.00 sec)

mysql> show global variables like 'log_warn%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_warnings | 2 |
+---------------+-------+
1 row in set (0.00 sec)

Logging in with the u/p and host that result in the "access denied" error message doesn't cause anything to show up in the syslog.

In addition, I've also just started mysqld from the command line with logging and log-warnings enabled:

$ sudo /usr/sbin/mysqld --log-warnings=2 --log-error

... and still, the access attempt doesn't show up in any of the logs. (And I don't see any other warnings logged anywhere).
********************

As I said, I'm stumped. Anyone have any ideas on what I'm missing here?

Options: ReplyQuote


Subject
Views
Written By
Posted
Stumped: Granting access to a client on my network
10493
August 24, 2009 11:45AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.