Cannot connect to MySQL server over different domains_问答_开发者

Cannot connect to MySQL server over different domains

开发者 https://www.devze.com 2023-04-10 21:44 出处：网络

I\'m having a problem connecting to a MySQL server over two different trusted domains. We\'re developing an app for internal use and have been using MySQL till now. It\'s a desktop app written in vb.n

I'm having a problem connecting to a MySQL server over two different trusted domains.

We're developing an app for internal use and have been using MySQL till now. It's a desktop app written in vb.net.

Up until now all the users were on the same domain and there were no issues. Just recently there was an higher-level decision to split users in 2 different domains for various reasons.

The problem is that users from the new domai开发者_Python百科n cannot access the server. If that helps, I was told by the administrators that the users from both domains are trusted. Both machines are running Windows Server - 2003 and 2008.

The server port is open, the grants are all in there(base_class@%) but upon attempt -

access denied for user base_class@datablock2.

What is the problem?

Access denied means the clients are connecting, but don't have the appropriate rights. So concentrate on the grant rights for those users. Note that mysql uses * for wildcards in GRANT queries, not %, so the grant query should be

GRANT ... ON database.* TO base_class@datablock2

Also note that if you're using hostnames (datablock2) in your grant queries, that you'll need a properly configured DNS setup so MySQL can reverse-lookup the connecting IP back to a hostname. hostnames are not present at the TCP/IP level, and MySQL only ever sees an IP. To match for hostnames, it has to do the reverse lookup. If that lookup fails, then it'll go purely off the IP.

IMO, this is not a development task, it's a sysadmin and/or DBA task. So devise a test case using MS Query, and hand it off to sysadmins/DBAs to figure out. ex: an ODBC configuration, and a SQL statement to run through MS Query, which should (in theory) work, and which would have worked before the split. Prove that it works for users from the old domain. Tell them to let you know when it works for the new domain. Otherwise, they'll continue to blame your VB app.

In MySQL, permissions are granted on a per-domain basis. That is, permissions granted to a user connecting from the local domain do not exist for a user connecting from a different domain. The same user connecting from a different domain is treated as a different accessor. The reason is to provide protection against misuse. For example, I personally configure my servers to grant potentially dangerous permissions only to users connecting from the local machine. You must be logged in to the server machine physically to delete critical data! Try granting permissions to the server for each user at each domain they will be logging in from specifically. Don't use wild cards at all. Take advantage of the additional layer of security to create a domain for administration and one for less critical tasks.