Michael Dykman wrote:
> On Thu, 2005-02-17 at 12:21, Ian Meyer wrote:
>
>>Michael Dykman wrote:
>>
>>>On Thu, 2005-02-17 at 10:41, Ian Meyer wrote:
>>>
>>>
>>>>Hello everyone,
>>>>
>>>>We have a few MySQL servers (4.1.8) running on RedHat ES3. We're having
>>>>problems when trying to use hostnames in the grant command.
>>>>
>>>>Example:
>>>>create database blah;
>>>>grant all on blah.* to 'user'@'host' identified by 'xxxx';
>>>>(also have used the FQDN instead of just host)
>>>>
>>>>When trying to connect, it fails with the message:
>>>>'MySQL Error Number 1045
>>>>Access denied for user 'user'@'192.168.2.103' (using password: YES'
>>>>
>>>>Our DNS servers have correct forward and reverse entries for all of our
>>>>machines. I read the docs about MySQL and DNS, but I still can't figure
>>>>this out.
>>>>
>>>>Thanks,
>>>>Ian
>>>
>>>
>>>Instead, try determining what the ips the host names resolve to (not the
>>>other way around) If you are GRANTing to someone@foo , you want to make
>>>sure that when the machine 'foo' connects, it is connecting as the same
>>>ip address the 'foo' resolves to when the server looks it up
>>>
>>>for example,
>>> $ host foo
>>>might translate to foo.domain.com -> 20.20.20.21 [external ip]
>>>but foo is connecting as 192.168.1.21 [internal ip]
>>>and Mysql will reject the connection.
>>>
>>
>>This is all internal, so that isn't an issue. See my 2nd or 3rd reply
>>for additional `host` information for the hosts I'm trying to connect with.
>
>
> your right, I had noticed the reverse lookup but didn't see the
> forward..
>
> I note that the lookup finds an address for the fully qualified domain
> name, not just the lowest-level..
>
> if host resolves to host.domain.com resolves to 'someip' and you are
> granting to host, it might be that mysql (very wisely and safely)
> chooses not to attempt the resolution with additional qualifications
> (domain.com). Perhaps if your GRANT was to the fully qualified name
> MySQL could match it to the incoming address unambiguously?
>
Tried the FQDN like 'user'@'thishost.domain.com' and it still didn't work.
I'll do the source deal after lunch and let y'all know what the story
is. Thanks so far for your help.
Ian
