WEBINAR
MariaDB 101: Learning the Basics of MariaDB
Learn how to connect to MariaDB Server. This section details various methods and tools for establishing secure and efficient connections to your database from different applications and environments.
Identify and resolve common connection problems, including server status checks, authentication errors, and network configuration.
If you are completely new to MariaDB and relational databases, you may want to start with the MariaDB Primer. Also, make sure you understand the connection parameters discussed in the Connecting to MariaDB article.
There are a number of common problems that can occur when connecting to MariaDB.
If the error you get is something like:
or
the server is either not running, or not running on the specified port, socket or pipe. Make sure you are using the correct host, port, pipe, socket and protocol options, or alternatively, see , or .
The socket file can be in a non-standard path. In this case, the socket option is probably written in the my.cnf file. Check that its value is identical in the [mysqld] and [client] sections; if not, the client will look for a socket in a wrong place.
If unsure where the Unix socket file is running, it's possible to find this out, for example:
Usually, the MariaDB server does not by default accept connections from a remote client or connecting with tcp and a hostname and has to be configured to permit these.
To solve this, see
The is enabled by default on Unix-like systems. This uses operating system credentials when connecting to MariaDB via the local Unix socket file. See for instructions on connecting and on switching to password-based authentication as well as for an overview.
Authentication is granted to a particular username/host combination. user1'@'localhost', for example, is not the same as user1'@'166.78.144.191'. See the article for details on granting permissions.
Passwords are hashed with function. If you have set a password with the statement, the PASSWORD function must be used at the same time. For example, SET PASSWORD FOR 'bob'@'%.loc.gov' = PASSWORD('newpass') rather than just SET PASSWORD FOR 'bob'@'%.loc.gov' = 'newpass' .
If you can run regular queries but get an authentication error when running the , or statements, you do not have permission to write files to the server. This requires the FILE privilege. See the article.
If you can connect to the server, but not to a database, for example:
or can connect to a particular database, but not another, for examplemariadb -uname -p -u name db1 works but not mariadb -uname -p -u name db2, you have not been granted permission for the particular database. See the article.
It's possible that option files or environment variables may be providing incorrect connection parameters. Check the values provided in any option files read by the client you are using (see and the documentation for the particular client you're using - see ).
Option files can usually be suppressed with no-defaults option, for example:
If you are unable to connect to a server, for example because you have lost the root password, you can start the server without using the privilege tables by running the option, which gives users full access to all tables. You can then run to resume using the grant tables, followed by to change the password for an account.
You may have created a user with something like:
This creates a user with the '%' wildcard host.
However, you may still be failing to login from localhost. Some setups create anonymous users, including localhost. So, the following records exist in the user table:
Since you are connecting from localhost, the anonymous credentials, rather than those for the 'melisa' user, are used. The solution is either to add a new user specific to localhost, or to remove the anonymous localhost user.
CC BY-SA / Gnu FDL
mariadb -uname -p -uname -p
ERROR 2002 (HY000): Can't connect to local MySQL server through
socket '/var/run/mysqld/mysqld.sock' (2 "No such file or directory")mariadb -uname -p --port=3307 --protocol=tcp
ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost'
(111 "Connection refused")netstat -ln | grep mysqld
unix 2 [ ACC ] STREAM LISTENING 33209505 /var/run/mysqld/mysqld.sock(/my/maria-10.4) ./client/mysql --host=myhost --protocol=tcp --port=3306 test
ERROR 2002 (HY000): Can't connect to MySQL server on 'myhost' (115)
(/my/maria-10.4) telnet myhost 3306
Trying 192.168.0.11...
telnet: connect to address 192.168.0.11: Connection refused
(/my/maria-10.4) perror 115
OS error code 115: Operation now in progressUSE test;
ERROR 1044 (42000): Access denied for user 'ian'@'localhost' to database 'test'mariadb-import --no-defaults ...CREATE USER melisa IDENTIFIED BY 'password';SELECT user,host FROM mysql.user WHERE user='melisa';
+--------+------+
| user | host |
+--------+------+
| melisa | % |
+--------+------+SELECT user,host FROM mysql.user WHERE user='melisa' OR user='';
+--------+-----------+
| user | host |
+--------+-----------+
| melisa | % |
| | localhost |
+--------+-----------+Configure MariaDB to accept remote connections by adjusting the bind-address directive and granting appropriate user privileges.
Some MariaDB packages bind MariaDB to 127.0.0.1 (the loopback IP address) by default as a security measure using the bind-address configuration directive. Old MySQL packages sometimes disabled TCP/IP networking altogether using the skip-networking directive. Before going in to how to configure these, let's explain what each of them actually does:
skip-networking is fairly simple. It just tells MariaDB to run without any of the TCP/IP networking options.
bind-address requires a little bit of background information. A given server usually has at least two networking interfaces (although this is not required) and can easily have more. The two most common are a Loopback network device and a physical Network Interface Card (NIC) which allows
you to communicate with the network. MariaDB is bound to the loopback interface by default because it makes it impossible to connect to the TCP port on the server from a remote host (the bind-address must refer to a local IP address, or you will receive a fatal error and MariaDB will not start). This of course is not desirable if you want to use the TCP port from a remote host, so you must remove this bind-address directive or replace it either 0.0.0.0 to listen on all interfaces, or the address of a specific public interface.
Multiple comma-separated addresses can be given to bind_address to allow the server to listen on more than one specific interface while not listening on others.
If is bound to 127.0.0.1 (localhost), one can't connect to the MariaDB server from other hosts or from the same host over TCP/IP on a different interface than the loopback (127.0.0.1). This for example will not work (connecting with a hostname that points to a local IP of the host):
Using 'localhost' works when binding with bind_address:
Multiple comma-separated addresses cannot be given to bind_address . Use a single address.
To enable MariaDB to listen to remote connections, you need to edit your defaults file. See for more detail.
Common locations for defaults files:
You can see which defaults files are read and in which order by executing:
The last line shows which defaults files are read.
Once you have located the defaults file, use a text editor to open the file and try to find lines like this under the [mysqld] section:
The lines may not be in this particular order, but the order doesn't matter.
If you are able to locate these lines, make sure they are both commented out (prefaced with hash (#) characters), so that they look like this:
Again, the order of these lines don't matter.
Alternatively, just add the following lines at the end of your .my.cnf (notice that the file name starts with a dot) file in your home directory or alternative last in your /etc/my.cnf file.
This works as one can have any number of [mysqld] sections.
Save the file and restart the mariadbd daemon or service (see ).
You can check the options mariadbd is using by executing:
It doesn't matter if you have the original --bind-address left as the later --skip-bind-address will overwrite it.
Now that your MariaDB server installation is setup to accept connections from remote hosts, we have to add a user that is allowed to connect from something other than 'localhost' (Users in MariaDB are defined as 'user'@'host', so 'chadmaynard'@'localhost' and 'chadmaynard'@'1.1.1.1' (or 'chadmaynard'@'server.domain.local') are different users that can have different permissions and/or passwords.
To create a new user:
Log into the (or your favorite graphical client if you wish):
if you are interested in viewing any existing remote users, issue the following SQL statement on the table:
(If you have a fresh install, it is normal for no rows to be returned)
Now you have some decisions to make. At the heart of every grant statement you have these things:
list of allowed privileges
what database/tables these privileges apply to
username
host this user can connect from
It is common for people to want to create a "root" user that can connect from anywhere, so as an example, we'll do just that, but to improve on it we'll create a root user that can connect from anywhere on my local area network (LAN), which has addresses in the subnet 192.168.100.0/24. This is an improvement because opening a MariaDB server up to the Internet and granting access to all hosts is bad practice.
% is a wildcard.
For more information about how to use GRANT, please see the page.
At this point, we have accomplished our goal and we have a user 'root' that can connect from anywhere on the 192.168.100.0/24 LAN.
One more point to consider whether the firewall is configured to allow incoming request from remote clients:
On RHEL and CentOS 7, it may be necessary to configure the firewall to allow TCP access to MariaDB from remote hosts. To do so, execute both of these commands:
If your system is running a software firewall (or behind a hardware firewall or NAT) you must allow connections destined to TCP port that MariaDB runs on (by default and almost always 3306).
To undo this change and not allow remote access anymore, simply remove the skip-bind-address line or uncomment the line in your defaults file. The end result should be that you should have in the output from ./sql/mariadbd --print-defaults the option --bind-address=127.0.0.1 and no --skip-bind-address.
The initial version of this article was copied, with permission, from on 2012-10-30.
This page is licensed: CC BY-SA / Gnu FDL
Learn the various parameters and options for connecting to a MariaDB server using the command-line client and other tools.
This article covers connecting to MariaDB and the basic connection parameters. If you are completely new to MariaDB, take a look at first.
In order to connect to the MariaDB server, the client software must provide the correct connection parameters. The client software will most often be the , used for entering statements from the command line, but the same concepts apply to any client, such as a , a client to run backups such as , etc. The rest of this article assumes that the mariadb command line client is used.
If a connection parameter is not provided, it will revert to a default value.
For example, to connect to MariaDB using only default values with the mariadb client, enter the following from the command line:
In this case, the following defaults apply:
The host name is localhost
(/my/maria-10.11) ./client/mariadb --host=myhost --protocol=tcp --port=3306 test
ERROR 2002 (HY000): Can't connect to MySQL server on 'myhost' (115)
(/my/maria-10.11) telnet myhost 3306
Trying 192.168.0.11...
telnet: connect to address 192.168.0.11: Connection refused(my/maria-10.11) ./client/mariadb --host=localhost --protocol=tcp --port=3306 test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
...The user name is either your Unix login name, or ODBC on Windows.
No password is sent.
The client will connect to the server with the default socket, but not any particular database on the server.
These defaults can be overridden by specifying a particular parameter to use. For example:
In this case:
-h specifies a host. Instead of using localhost, the IP 166.78.144.191 is used.
-u specifies a user name, in this case username
-p specifies a password, password. Note that for passwords, unlike the other parameters, there cannot be a space between the option (-p) and the value (password). It is also not secure to use a password in this way, as other users on the system can see it as part of the command that has been run. If you include the -p option, but leave out the password, you are prompted for it, which is more secure.
The database name is provided as the first argument after all the options, in this case database_name.
It will connect with the default tcp_ip port, 3306
Connect to the MariaDB server on the given host. The default host is localhost. By default, MariaDB does not permit remote logins - see Configuring MariaDB for Remote Client Access.
The password of the MariaDB account. It is generally not secure to enter the password on the command line, as other users on the system can see it as part of the command that has been run. If you include the -p or --password option, but leave out the password, you are prompted for it, which is more secure.
On Windows systems that have been started with the --enable-named-pipe option, use this option to connect to the server using a named pipe.
The TCP/IP port number to use for the connection. The default is 3306.
Specifies the protocol to be used for the connection for the connection. It can be one of TCP, SOCKET, PIPE or MEMORY (case-insensitive). Usually you would not want to change this from the default. For example on Unix, a Unix socket file (SOCKET) is the default protocol, and usually results in the quickest connection.
TCP: A TCP/IP connection to a server (either local or remote). Available on all operating systems.
SOCKET: A Unix socket file connection, available to the local server on Unix systems only. If socket is not specified with --socket, in a config file or with the environment variable MYSQL_UNIX_PORT then the default /tmp/mysql.sock are used.
PIPE. A named-pipe connection (either local or remote). Available on Windows only.
MEMORY. Shared-memory connection to the local server on Windows systems only.
Only available on Windows systems in which the server has been started with the --shared-memory option, this specifies the shared-memory name to use for connecting to a local server. The value is case-sensitive, and defaults to MARIADB.
For connections to localhost, this specifies either the Unix socket file to use (default /tmp/mysql.sock), or, on Windows where the server has been started with the --enable-named-pipe option, the name (case-insensitive) of the named pipe to use (default MARIADB).
A brief listing is provided below. See Secure Connections Overview and TLS System Variables for more detail.
Enable TLS for connection (automatically enabled with other TLS flags). Disable with '--skip-ssl'
CA file in PEM format (check OpenSSL docs, implies --ssl).
CA directory (check OpenSSL docs, implies --ssl).
X509 cert in PEM format (implies --ssl).
TLS cipher to use (implies --ssl).
X509 key in PEM format (implies --ssl).
Certificate revocation list (implies --ssl).
Certificate revocation list path (implies --ssl).
Verify server's "Common Name" in its cert against hostname used when connecting. This option is disabled by default.
The MariaDB user name to use when connecting to the server. The default is either your Unix login name, or ODBC on Windows. See the GRANT command for details on creating MariaDB user accounts.
It's also possible to use option files (or configuration files) to set these options. Most clients read option files. Usually, starting a client with the --help option will display which files it looks for as well as which option groups it recognizes.
allows you to start MariaDB without GRANT. This is useful if you lost your root password.
This page is licensed: CC BY-SA / Gnu FDL
* /etc/my.cnf (*nix/BSD)
* $MYSQL_HOME/my.cnf (*nix/BSD) *Most Notably /etc/mysql/my.cnf
* SYSCONFDIR/my.cnf (*nix/BSD)
* DATADIR\my.ini (Windows)shell> mariadbd --help --verbose
mariadbd Ver 10.11.5-MariaDB for linux-systemd on x86_64 (MariaDB Server)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Starts the MariaDB database server.
Usage: ./mariadbd [OPTIONS]
Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf ~/.my.cnf[mysqld]
...
skip-networking
...
bind-address = <some ip-address>
...[mysqld]
...
#skip-networking
...
#bind-address = <some ip-address>
...[mysqld]
skip-networking=0
skip-bind-addressshell> ./sql/mariadbd --print-defaults
./sql/mariadbd would have been started with the following arguments:
--bind-address=127.0.0.1 --innodb_file_per_table=ON --server-id=1 --skip-bind-address ...Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 5.5.28-MariaDB-mariadb1~lucid mariadb.org binary distribution
Copyright (c) 2000, 2012, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';
+--------+-----------+
| User | Host |
+--------+-----------+
| daniel | % |
| root | 127.0.0.1 |
| root | ::1 |
| root | gandalf |
+--------+-----------+
4 rows in set (0.00 sec)GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.100.%'
IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;firewall-cmd --add-port=3306/tcp
firewall-cmd --permanent --add-port=3306/tcpmariadbmariadb -h 166.78.144.191 -u username -ppassword database_name--host=name
-h name--password[=passwd]
-p[passwd]--pipe
-W--port=num
-P num--protocol=name--shared-memory-base-name=name--socket=name
-S name--ssl--ssl-ca=name--ssl-capath=name--ssl-cert=name--ssl-cipher=name--ssl-key=name--ssl-crl=name--ssl-crlpath=name--ssl-verify-server-cert--user=name
-u nameWEBINAR
MariaDB 101: Learning the Basics of MariaDB