I'm trying to grant privileges for user on MariaDB 10, but I've got an error 1045
[root#lw343 ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 42
Server version: 10.0.11-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [mysql]> select user,host from mysql.user;
+--------+-----------+
| user | host |
+--------+-----------+
| ruser | % |
| root | 127.0.0.1 |
| bill | localhost |
| nagios | localhost |
| root | localhost |
+--------+-----------+
5 rows in set (0.00 sec)
MariaDB [mysql]> select user(),current_user();
+----------------+----------------+
| user() | current_user() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
MariaDB [mysql]> show variables like 'skip_networking';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| skip_networking | OFF |
+-----------------+-------+
1 row in set (0.00 sec)
MariaDB [mysql]> GRANT ALL PRIVILEGES ON *.* TO root#"localhost" IDENTIFIED BY '**********' WITH GRANT OPTION;
ERROR 1045 (28000): Access denied for user 'root'#'localhost' (using password: YES)
MariaDB [mysql]>
I have tried all what I found on the internet, but I've got the same error.
I also tried creating new user, but I still got same error on every user I try to grant on.
Does anybody could help me to resolve this problem?
Thanks in advance.
First of all i would check if the database server is listening on the network.
netstat -tlpn | grep mysql
i expect something like this:
tcp 0 127.0.0.1:3306 0.0.0.0:* LISTEN
If the database server is listening on 127.0.0.1:3306, connection are allowed only from localhost.
Change the following lines in 50-server.cnf and restart the database service (service mariadb restart).
bind-address = 0.0.0.0
Permit listening on multiple network interfaces or a specific IP address with bind-address
Your mysql.user tables shows that user root can connect only from localhost and 127.0.0.1.
If you need a remote user, that can connect to database from everywhere (#'%'), with root privileges, you can create another superuser.
GRANT ALL PRIVILEGES ON *.* TO 'superuser'#'%' IDENTIFIED BY 'use_a_secure_password';
Now superuser has the same privileges as the default root account, beware!
As a final step following any updates to the user privileges:
FLUSH PRIVILEGES;
Also i notice that your mysql.user tables shows a user ruser that can connect over the network.
Usefull ressources:
Adding User Accounts
Server Command Options - bind-address
You may also check following answer:
https://stackoverflow.com/a/16288118/3095702
Ok, so first, understand that users are created as username/hostname combinations. So root#localhost is different from root#192.168.1.5 So for a remote connection you cannot use root#localhost since that is for connecting from localhost
So, create a different user.
Secondly, if root#localhost already exists then don't use identified by since you already have a password....
Related
I am trying to connect my RedisInsightsv2 client to a cluster of redis instances.
When the redis instance hasn't joined the cluster yet, redisinsights is able to make a connection.
After the cluster is created however, new connections from the GUI, just fail.
I have 3 shards with 1 replica each:
redis-cli -h 10.9.9.4 -p 7001 --cluster create 10.9.9.4:7001 10.9.9.5:7002 10.9.9.6:7003 10.9.9.4:7004 10.9.9.5:7005 10.9.9.6:7006 --cluster-replicas 1 -a Password
The cluster gets successfully created with the right shards and everything.
I can even verify using the CLUSTER NODES command
root ➜ ~ $ redis-cli -h 10.9.9.4 -p 7004 -a Password
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
10.9.9.4:7004> CLUSTER NODES
5b77b776f0ed08b4f34b0fe3e48b609e4bd8400e 10.9.9.6:7003#17003 master - 0 1662318446553 3 connected 10923-16383
a42f44163b046273ca02b1fc99ed93cf6188f65e 10.9.9.5:7002#17002 master - 0 1662318446755 2 connected 5461-10922
d2b21a37b62283a6cfbd5fb436df505ddc31aea8 10.1.1.10:7001#17001 master - 0 1662318445549 1 connected 0-5460
2cd5783411ceea96b4006b596942cc49484884ab 10.9.9.5:7005#17005 slave d2b21a37b62283a6cfbd5fb436df505ddc31aea8 0 1662318445750 1 connected
61541ad0455539335f27d5a90a5a8e504b3dea5f 10.1.1.11:7004#17004 myself,slave 5b77b776f0ed08b4f34b0fe3e48b609e4bd8400e 0 1662318445000 3 connected
c00d264a625998e89becb9334a1f4ea9d2057a0d 10.9.9.6:7006#17006 slave a42f44163b046273ca02b1fc99ed93cf6188f65e 0 1662318445550 2 connected
10.9.9.4:7004>
However, when trying to connect to any of these in the UI I get the following errors:
9/4/2022, 12:03:31 PM | ERROR | TimeoutInterceptor | Request Timeout. GET /api/instance/9e253e74-0091-44b8-bf8c-29ff0f4f0275/connect | {"stack":[{}]}
9/4/2022, 12:03:41 PM | ERROR | TimeoutInterceptor | Request Timeout. GET /api/instance/9e253e74-0091-44b8-bf8c-29ff0f4f0275/connect | {"stack":[{}]}
OR
9/4/2022, 12:16:17 PM | ERROR | KeysBusinessService | Failed to get keys with details info. Connection is closed.. | {"stack":[{}]}
9/4/2022, 12:16:18 PM | ERROR | ExceptionsHandler | Connection is closed. | {"stack":[{}]}
9/4/2022, 12:16:23 PM | ERROR | ExceptionsHandler | Connection is closed. | {"stack":[{}]}
This is the redis.conf that I use for 10.9.9.5:
port 7002
loadmodule /opt/redis-stack/lib/redisearch.so
loadmodule /opt/redis-stack/lib/redisgraph.so
loadmodule /opt/redis-stack/lib/redistimeseries.so
loadmodule /opt/redis-stack/lib/rejson.so
loadmodule /opt/redis-stack/lib/redisbloom.so
cluster-enabled yes
cluster-config-file cluster-node-2.conf
cluster-node-timeout 5000
dbfilename dump-2.rdb
maxmemory 1862mb
maxmemory-policy allkeys-lru
requirepass Password
masterauth Password
I've done a bunch of googling but I'm not able to determine why this is failing. Any help is appreciated!
RedisInsight version: 2.8.0
Running on: Windows 11
Cluster is running on remote machines part of my local network i.e.
10.9.9.0/24
please specify additional information:
what is your OS
what is the version of RedisInsight? (2.8.0?)
where is your cluster running? (is it local? k8s? any SSH tunnels?)
Can you try and see if you are able to connect using this debug build: https://drive.google.com/file/d/1od2uClDKb0649ixkgyRwXfqj8QLr0GXw/view?usp=sharing
Also please check and comment the logs if it is not working
I am in a mysql terminal and I created a user.
CREATE USER 'webuser'#'localhost' IDENTIFIED BY 'identifier';
I tried to grant the user privileges with
GRANT INSERT ON *.* TO 'webuser'#'localhost';
And got the error:
Access denied for user 'eligooch'#'localhost' (using password: YES)
So I tried
sudo GRANT INSERT ON *.* TO 'webuser'#'localhost';
And got
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'sudo GRANT INSERT ON *.* TO 'webuser'#'localhost'' at line 1
So I am trying to grant privileges to a user but I am stuck.
Try this:
$ sudo mariadb -u root mysql -e "DROP USER 'webuser'#'localhost';"
$ sudo mariadb -u root mysql -e "CREATE USER 'webuser'#'localhost' IDENTIFIED BY 'Password123#%';"
$ sudo mariadb -u root mysql -e "GRANT INSERT ON *.* TO 'webuser'#'localhost';"
$ sudo mariadb -u root mysql -e "SELECT host, user, Select_priv, Insert_priv FROM mysql.user;"
+-----------+---------+-------------+-------------+
| host | user | Select_priv | Insert_priv |
+-----------+---------+-------------+-------------+
| localhost | root | Y | Y |
| localhost | halley | Y | Y |
| localhost | webuser | N | Y |
+-----------+---------+-------------+-------------+
Make sure the password used for the user complies with the password policy
For almost a month now I have been struggling with this issue. Whenever I try to access my Django Admin page on production I get the following error:
OperationalError at /admin/login/
FATAL: password authentication failed for user "vpusr"
FATAL: password authentication failed for user "vpusr"
My production.py settings file is as follows:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'vpdb',
'USER': 'vpusr',
'PASSWORD': os.environ["VP_DB_PASS"],
'HOST': 'localhost',
}
}
NOTE: the environment variable is working correctly. even if I put the normal password hard coded in there it doesn't work.
Here is the list of databases with their owner:
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
vpdb | vpusr | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/vpusr +
| | | | | vpusr=CTc/vpusr
And here is the list of users:
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
vpusr | Superuser, Create DB | {}
As you can see I have also tried adding the roles of Superuser and Create DB to the vpusr but that did not have any effect.
Even when I try to connect through the terminal like this I get the same error:
sudo -u postgres psql -U vpusr vpdb
I still get the error: psql: FATAL: Peer authentication failed for user "vpusr"
When I do this command:
psql -U vpusr -h localhost vpdb
I properly connect to psql as vpusr.
A few more notes: I did delete the database, and the user and re created them. I made sure the password was correct.
I use Gunicorn, Nginx, Virtualenv, Django, Postgres on an Ubuntu Server from Digital Ocean.
Thank you in advance for taking the time to read this and helping me out!
EDIT: I have noticed that there are no migrations in my apps migration folder! Could it be that django or my user or postgres does not have permission to write the file?
EDIT: NOTE: I CHANGED THE USER TO TONY
In my postgres log file the following errors are found:
2017-09-09 18:09:55 UTC [29909-2] LOG: received fast shutdown request
2017-09-09 18:09:55 UTC [29909-3] LOG: aborting any active transactions
2017-09-09 18:09:55 UTC [29914-2] LOG: autovacuum launcher shutting down
2017-09-09 18:09:55 UTC [29911-1] LOG: shutting down
2017-09-09 18:09:55 UTC [29911-2] LOG: database system is shut down
2017-09-09 18:09:56 UTC [2711-1] LOG: database system was shut down at 2017-09-09 18:09:55 UTC
2017-09-09 18:09:56 UTC [2711-2] LOG: MultiXact member wraparound protections are now enabled
2017-09-09 18:09:56 UTC [2710-1] LOG: database system is ready to accept connections
2017-09-09 18:09:56 UTC [2715-1] LOG: autovacuum launcher started
2017-09-09 18:09:57 UTC [2717-1] [unknown]#[unknown] LOG: incomplete startup packet
2017-09-09 18:10:17 UTC [2740-1] tony#vpdb LOG: provided user name (tony) and authenticated user name (postgres) do not match
2017-09-09 18:10:17 UTC [2740-2] tony#vpdb FATAL: Peer authentication failed for user "tony"
2017-09-09 18:10:17 UTC [2740-3] tony#vpdb DETAIL: Connection matched pg_hba.conf line 90: "local all all peer"
EDIT:
pg_hba.conf file:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 password
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
what can you tell form this?
Your application is trying to connect to PostgreSQL using a password authentication method, but in your pg_hba.conf file, the connection type is matching the md5 method so it's expecting a md5 authentication. We can see this in your log messages
2017-09-01 11:42:17 UTC [16320-1] vpusr#vpdb FATAL: password authentication failed for user "vpusr"
2017-09-01 11:42:17 UTC [16320-2] vpusr#vpdb DETAIL: Connection matched pg_hba.conf line 92: "host all all 127.0.0.1/32 md5"
Locate your pg_hba.conf file inside your PostgreSQL data directory, vim the pg_hba.conf file and update the line
host all all 127.0.0.1/32 md5
and change it to
host all all 127.0.0.1/32 password
and then restart your PostgreSQL service
[root#server] service postgresql restart
and then try to authenticate again
To expand on the other messages you are seeing, when you run the command:
sudo -u postgres psql -U vpusr vpdb
you are not passing the -h <host> parameter, so the connection will attempt to match the line
local all all 127.0.0.1/32 <method>
so you will need to check which method of authentication it expects for local connections and authenticate that way, or else pass the -h <host> parameter, and then it will match your line
host all all 127.0.0.1/32 password
which means you can then enter your password when prompted, or else change your connection string to
sudo -u postgres -c "PGPASSWORD=<password>;psql -h localhost -U vpusr vpdb"
From the documentation:
db_user_namespace (boolean)
This parameter enables per-database user names. It is off by default. This parameter can only be set in the postgresql.conf file or on the server command line.
If this is on, you should create users as username#dbname. When username is passed by a connecting client, # and the database name are appended to the user name and that database-specific user name is looked up by the server. Note that when you create users with names containing # within the SQL environment, you will need to quote the user name.
With this parameter enabled, you can still create ordinary global users. Simply append # when specifying the user name in the client, e.g. joe#. The # will be stripped off before the user name is looked up by the server.
db_user_namespace causes the client's and server's user name representation to differ. Authentication checks are always done with the server's user name so authentication methods must be configured for the server's user name, not the client's. Because md5 uses the user name as salt on both the client and server, md5 cannot be used with db_user_namespace.
Although this doesn't explain why psql does the right thing, it's worth looking into.
Another possibility is that psycopg2 links with a different libpq, that links with a different and FIPS compliant OpenSSL. It would have no way to do md5 hashing as that OpenSSL doesn't contain the md5 algorithm. I would expect a different error message, but this bug is all but obvious.
UPDATE: This looks like a red herring. Apparently psycopg2 brings it's own crypto version.
Last thing to check would be character encoding. Test with a password that only contains ascii characters, like abcdefghijkl. If Django works then, look into LANG_* and LC_* variables in the environment.
fox fix password authentication failed for user "vpusr" try add password as is to the settings and the test for os.environ["VP_DB_PASS"],
change Engine
'ENGINE': 'django.db.backends.postgresql_psycopg2'
install if need:
pip install psycopg2
for fix psql: FATAL: Peer authentication failed for user "vpusr" try simple add host
psql -h localhost -U vpusr vpdb
# ^^^^^^^^^^^^
Team,
I am facing some difficulties running commands on a remote machine. I am unable to understand why ssh is trying to think that the command I pass is a host.
ssh -tt -i /root/.ssh/teamuser.pem teamuser#myserver 'cd ~/bin && ./ssh-out.sh'
|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|
ssh: Could not resolve hostname cd: No address associated with hostname
Connection to myserver closed.
It works absolutely fine if I don't pass a command. It simply logs me in. Any ideas?
Man ssh says:
If command is specified, it is executed on the remote host instead of
a login shell.
The thing is that cd is a bash built-in (run type cd in your terminal). So, ssh tries to run cd as a shell, but can not find it in PATH.
You should invoke ssh something like this:
ssh user#host -t 'bash -l -c "cd ~/bin && ./ssh-out.sh"'
So far as I can tell, Apache James is running correctly:
root#dur:~/apache-james-3.0-beta4.derby#
root#dur:~/apache-james-3.0-beta4.derby# bin/james-cli.sh -h localhost listdomainslocalhost
127.0.1.1
127.0.0.1
127.0.1.1
listdomains command executed sucessfully in 262 ms.
root#dur:~/apache-james-3.0-beta4.derby#
root#dur:~/apache-james-3.0-beta4.derby# bin/james-cli.sh -h localhost listusersa#localhost
b#localhost
thufir#localhost
listusers command executed sucessfully in 277 ms.
root#dur:~/apache-james-3.0-beta4.derby#
root#dur:~/apache-james-3.0-beta4.derby# telnet localhost 143 -l thufir#localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK JAMES IMAP4rev1 Server Server dur.bounceme.net is ready.
login
* BYE Unknown command.
Connection closed by foreign host.
root#dur:~/apache-james-3.0-beta4.derby#
So, I'm trying to login with tomcat:
Of course, that fails. Here's how the account was setup:
Should the server names be prepended with imap and smtp? Why won't thunderbird login? (Yes, I'm using the correct password.)
If this would be better to troubleshoot with Java, I can do that, but it seemed prudent to start with thunderbird.
James shows the login attempts as:
root#dur:~/apache-james-3.0-beta4.derby#
root#dur:~/apache-james-3.0-beta4.derby# tail log/james-server.log
INFO 03:38:56,180 | james.imapserver | ID=10307467 Connection closed for 127.0.0.1
INFO 03:39:42,277 | james.imapserver | ID=18745390 Connection established from 127.0.0.1
INFO 03:40:16,779 | james.imapserver | ID=18745390 Too many authentication failures. Closing connection.
INFO 03:40:16,801 | james.imapserver | ID=18745390 Connection closed for 127.0.0.1
INFO 03:40:16,854 | james.imapserver | ID=18407750 Connection established from 127.0.0.1
INFO 03:40:20,028 | james.imapserver | ID=18407750 Connection closed for 127.0.0.1
INFO 03:42:04,682 | james.imapserver | ID=295845 Connection established from 127.0.0.1
INFO 03:42:14,286 | james.imapserver | ID=295845 Connection closed for 127.0.0.1
INFO 03:48:17,081 | james.imapserver | ID=9571677 Connection established from 127.0.0.1
INFO 03:48:17,143 | james.imapserver | ID=9571677 Connection closed for 127.0.0.1
root#dur:~/apache-james-3.0-beta4.derby#
Your server name should be as is, without any prefixes. It would be best to put there real server name. In your case "dur.bounceme.net".
Or you can play with "hosts" file and assign an alias to your server (i.e. you can add smtp and imap, or just mail prefixes to an alias of the server if you like). For a linux machine you can find it in /etc/hosts and add e.g.:
127.0.0.1 imap.localhost
127.0.0.1 smtp.localhost
or:
<server's IP> <server alias>
This way you can have two additional aliases for the same machine if you would like that, but it is not needed.