I have a mysql server running on x.x.x.x, and can access it internally no problem (of course). However when attempting to connect externally, ie using mysql workbench, or even from an external server, I get the error message "Host 'bla.bla.bla' is not allowed to connect to this MySQL server".
I have done:
GRANT ALL PRIVILEGES ON *.* TO my开发者_如何学JAVAsql@x.x.x.x IDENTIFIED BY "somepass";
- And I have opened port 3306 in iptables.
Is there another fundamental security issue I am missing?
You need to do
GRANT ALL PRIVILEGES ON *.* TO mysql@'bla.bla.bla' ...
The part after the @
is the host from which the connection is coming, so you have allowed only connections coming from localhost. You need to allow access from each remote host necessary (or all hosts - ... mysql@'%' ...
- if applicable).
To solve this you needed to perform the following commands:
mysql -u root -p
[enter in your password]
CREATE USER 'mysqluser'@'%' IDENTIFIED BY 'aC0MPL3XPa33W0RD';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'%' WITH GRANT OPTION;
I had the exactly similar situation.my MYSQL is installed on a centOS. The path to Nirvana is as below.
- bind-address: DID NOT WORK
- grant permission: DID NOT WORK
- Iptables when turned off: DID work.
SOLUTION:I went fishing into the iptables and made following changes:
- Access the iptables using the command : vim /etc/sysconfig/iptables
If you find the below statements COMMENT them out by adding a '#' at the beginning of the line.
-A INPUT -s 123.123.123.123/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
Restart the iptables using the command: service iptables restart
Yep, that worked for me. Hope it is useful to someone.
When I Got my server,even I had the same problem accessing the mysql from MySQL client application, Then I granted the Mysql permission, with following query.
it worked Great
**GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';**
db_base is the database Name
db_user is database User
db_passwd is the database password
Once you execute this flush it, by the following command
FLUSH PRIVILEGES;
Suppose if you are looking to give privileges to access certain tables in the Database you can use the following command
GRANT ALL PRIVILEGES ON db_base.HELLOWORLD TO db_user @'%' IDENTIFIED BY 'db_passwd';
Where HELLOWORLD
is the table Name
Are you connecting as user mysql? You might try running the GRANT query as : GRANT ALL PRIVILEGES ON *.* TO mysql@x.x.x.x IDENTIFIED BY "somepass";
Have you verified that mysql workbench is trying the connect using the appropriate username? Have you flushed the privileges after running the grant command?
I dont know the ins and outs of security behind this bind-address
thing, just learning by installing a debian server on a virtual-box machine.
This guest has a virtual network card set up as a bridge, so the rest of the house can see it. Its IP is 192.168.1.4.
From another computer (192.168.1.3), connection failed with bind-address = 127.0.0.1
.
Set up bind-address = 192.168.1.4
works fine.
(its own address, litterally)
It must be the interpretation of 127.0.0.1 inside a virtual config, not sure...
Comment out the line:
bind-address = localhost
#bind-address = localhost < this is what it should look like.
in your MySQL my.conf file. It is normally located in /etc/mysql/my.conf.
精彩评论