On Thu, 2005-02-17 at 12:21, Ian Meyer wrote:
> Michael Dykman wrote:
> > On Thu, 2005-02-17 at 10:41, Ian Meyer wrote:
> >>Hello everyone,
> >>We have a few MySQL servers (4.1.8) running on RedHat ES3. We're having
> >>problems when trying to use hostnames in the grant command.
> >>create database blah;
> >>grant all on blah.* to 'user'@'host' identified by 'xxxx';
> >>(also have used the FQDN instead of just host)
> >>When trying to connect, it fails with the message:
> >>'MySQL Error Number 1045
> >>Access denied for user 'user'@'192.168.2.103' (using password: YES'
> >>Our DNS servers have correct forward and reverse entries for all of our
> >>machines. I read the docs about MySQL and DNS, but I still can't figure
> >>this out.
> > Instead, try determining what the ips the host names resolve to (not the
> > other way around) If you are GRANTing to someone@foo , you want to make
> > sure that when the machine 'foo' connects, it is connecting as the same
> > ip address the 'foo' resolves to when the server looks it up
> > for example,
> > $ host foo
> > might translate to foo.domain.com -> 126.96.36.199 [external ip]
> > but foo is connecting as 192.168.1.21 [internal ip]
> > and Mysql will reject the connection.
> This is all internal, so that isn't an issue. See my 2nd or 3rd reply
> for additional `host` information for the hosts I'm trying to connect with.
your right, I had noticed the reverse lookup but didn't see the
I note that the lookup finds an address for the fully qualified domain
name, not just the lowest-level..
if host resolves to host.domain.com resolves to 'someip' and you are
granting to host, it might be that mysql (very wisely and safely)
chooses not to attempt the resolution with additional qualifications
(domain.com). Perhaps if your GRANT was to the fully qualified name
MySQL could match it to the incoming address unambiguously?
- michael dykman