DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th January 2013
ershiba ershiba is offline
Loading, please wait...
 
Join Date: Dec 2012
Posts: 34
Default [solved] phpMyAdmin - #2002 Cannot log in to the MySQL server

hi,,
let me described a bit what i have done,

1. clean install OpenBSD with X sets
2. add php-5.3.14p1, phpMyAdmin-3.4.10.2, mysql-server-5.1.63p0 and their dependencies.
3.
Code:
$ sudo nano /etc/rc.conf.local
mysqld_flasg=""
httpd_flags=""
pkg_scripts="mysqld"

$ sudo /usr/local/bin/mysql_install_db
$ sudo /usr/local/bin/mysql_secure_installation
4. setting phpMyAdmin link
Code:
$ cd htdocs/
$ sudo ln -s ../phpMyAdmin/ /var/www/htdocs/phpMyAdmin
5. i got 2 NIC on this virtual OpenBSD
Code:
$ ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 08:00:27:a7:7a:af
        priority: 0
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet6 fe80::a00:27ff:fea7:7aaf%em0 prefixlen 64 scopeid 0x1
        inet 10.0.2.15 netmask 0xffffff00 broadcast 10.0.2.255
$ ifconfig em1
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 08:00:27:77:6e:08
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.56.200 netmask 0xffffff00 broadcast 192.168.56.255
        inet6 fe80::a00:27ff:fe77:6e08%em1 prefixlen 64 scopeid 0x2
6. i sshd into my virtual OpenBSD using OBSD user name "oem" and i created a mysql user name "oem" too. i could use console mysql -u root -p and console mysql -p (when ssh using putty)
Code:
mysql> select User, Host, Password FROM mysql.user;
+------+-----------+-------------------------------------------+
| User | Host      | Password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *######################################## |
| oem  | %         | *######################################## |
| root | 127.0.0.1 |                                           |
+------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)
i change the original password here to ### as display for security purpose.

7. i use http://192.168.56.200/phpMyAdmin and try to log in the
first attempt would direct my to http://vmobsdx.my.domain/phpMyAdmin/
i don't have valid hostname yet, i just dummy fill one, should i change it to localhost?
Code:
$ hostname
vmobsdx.my.domain
8. second attempt http://192.168.56.200/phpMyAdmin would displays the Welcome to phpMyAdmin, fill in username and password,

i tried the mysql root user and mysql oem user with their respective password (not the OpenBSD password) but received the following error,
#2002 Cannot log in to the MySQL server

that is pretty much how i reach to this error, any advice?
thank you.

Last edited by ershiba; 6th January 2013 at 06:12 AM. Reason: problem solved, thanks a lot!
Reply With Quote
  #2   (View Single Post)  
Old 4th January 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The "root" mySQL user is limited to connections from "localhost" or 127.0.0.1. I don't use mySQL, and am unclear on what "%" might mean. If it means "anywhere", you should be able to log in to the "oem" mySQL user from anywhere.

However, your mySQL system may not listen for connections on all networks. I use PostgreSQL, and that doesn't open external ports by default.

Check your mySQL configuration file(s).
Reply With Quote
  #3   (View Single Post)  
Old 6th January 2013
ershiba ershiba is offline
Loading, please wait...
 
Join Date: Dec 2012
Posts: 34
Default

hi jggimi,
i tried use sqlyog to connect from 192.168.56.101 (windows box) to OpenBSD 192.168.56.103,
and it works, i believe this means, the mysql user "oem" permission would be no problem, and mysql server port 3306 is available, netstat shows it is in LISTENING mode.

somehow maybe setting or configuration problem? no much idea =(
Reply With Quote
  #4   (View Single Post)  
Old 6th January 2013
ershiba ershiba is offline
Loading, please wait...
 
Join Date: Dec 2012
Posts: 34
Default

ok, finally, i got it to works =)
it seems that the magic is on var/www/phpMyAdmin/config.inc.php

Code:
// $cfg['Server'][$i]['host']='localhost';
$cfg['Server'][$i]['host']='192.168.56.200';
changing the host from localhost to em1 ip address works,
but why? idk.
Reply With Quote
  #5   (View Single Post)  
Old 6th January 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

On a webserver you should not allow mysql to LISTEN on an publicly accessible IP address. On a FreeBSD webserver in the pf pflog file, I see a lot of connection attempts like this:

Code:
2013-01-04 03:31:40.702524 IP 113.12.81.228.6000 > xx.xxx.xxx.45.3306: S 1322188800:1322188800(0) win 16384
2013-01-04 03:31:40.713148 IP 113.12.81.228.6000 > xx.xxx.xxx.41.3306: S 1497366528:1497366528(0) win 16384
2013-01-04 03:31:40.713446 IP 113.12.81.228.6000 > xx.xxx.xxx.43.3306: S 1451098112:1451098112(0) win 16384
2013-01-04 03:31:40.714230 IP 113.12.81.228.6000 > xx.xxx.xxx.35.3306: S 1948647424:1948647424(0) win 16384
2013-01-04 03:31:40.714538 IP 113.12.81.228.6000 > xx.xxx.xxx.44.3306: S 426704896:426704896(0) win 16384
2013-01-04 03:31:40.720639 IP 113.12.81.228.6000 > xx.xxx.xxx.37.3306: S 941686784:941686784(0) win 16384
2013-01-04 03:31:40.722979 IP 113.12.81.228.6000 > xx.xxx.xxx.34.3306: S 1111621632:1111621632(0) win 16384
2013-01-04 03:31:40.724846 IP 113.12.81.228.6000 > xx.xxx.xxx.40.3306: S 762511360:762511360(0) win 16384
2013-01-04 03:31:40.725780 IP 113.12.81.228.6000 > xx.xxx.xxx.38.3306: S 194183168:194183168(0) win 16384
2013-01-04 03:31:40.727344 IP 113.12.81.228.6000 > xx.xxx.xxx.42.3306: S 847904768:847904768(0) win 16384
2013-01-04 03:31:40.728747 IP 113.12.81.228.6000 > xx.xxx.xxx.39.3306: S 162725888:162725888(0) win 16384
You can do this in the my.cnf file by uncommenting the "skip-networking" directive:
Code:
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
# 
#skip-networking
An alternative is to only allow the 127.0.0.1 loopback address by using something like this in your /etc/rc.conf.local:
Code:
mysqld_flags="--bind-address=127.0.0.1"
A netstat now will only show mysqld on loopback instead of *.3306

Code:
 netstat -an -f inet -p tcp 
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp          0      0  192.168.222.20.14527   178.33.235.5.80        ESTABLISHED
tcp          0      0  192.168.222.20.36847   80.255.10.121.80       TIME_WAIT
tcp          0      0  127.0.0.1.3306         *.*                    LISTEN
tcp          0      0  192.168.222.20.47431   174.133.121.34.1022    ESTABLISHED
tcp          0      0  *.6000                 *.*                    LISTEN
tcp          0      0  127.0.0.1.587          *.*                    LISTEN
tcp          0      0  127.0.0.1.25           *.*                    LISTEN
tcp          0      0  *.515                  *.*                    LISTEN
tcp          0      0  *.22                   *.*                    LISTEN
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #6   (View Single Post)  
Old 6th January 2013
ershiba ershiba is offline
Loading, please wait...
 
Join Date: Dec 2012
Posts: 34
Default

hi J65nko,
Code:
mysqld_flags="--bind-address=127.0.0.1"
thanks for the tips on more secure setting, but such approach would just block all MySQL gui manager to access it from outside right? except program that run on that particular OpenBSD box,

so, what kind of setting in your opinion for an environment that run MySQL or PostgreSQL database server, but using those windows GUI tools to manage them from internet or local network?

i was thinking about something like tightvnc server setup, (if am not wrong, it got something like only allow only 127.0.0.1 loopback display)
Reply With Quote
  #7   (View Single Post)  
Old 6th January 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

On the FreeBSD webserver I used pf to block port 3306 for external access. But people can do still access phpMyAdmin from their homes. Remember that phpMyAdmin is running on the webserver locally and thus can access 127.0.0.1:3306 or it can use the Unix domain socket:
Code:
$  netstat -an -f unix | grep mysql 
0xfffffe802fa5f988 stream      0      0 0xfffffe8020b08080                0x0
  0x0                0x0 /var/run/mysql/mysql.sock
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
phpMyAdmin problems werwer OpenBSD General 5 16th July 2010 10:53 AM
Mysql server instaliaton from ports edvinus OpenBSD Packages and Ports 2 23rd June 2009 11:46 AM
problem phpmyadmin Nk2Network OpenBSD Packages and Ports 6 14th May 2009 08:15 PM
phpMyAdmin Unaccessable Nk2Network OpenBSD Packages and Ports 2 20th April 2009 09:13 PM
Mysql-server adventures in 4.3 ai-danno OpenBSD Packages and Ports 6 12th June 2008 05:01 PM


All times are GMT. The time now is 08:18 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick