Maxscale authentication error

1,509 views
Skip to first unread message

geema...@gmail.com

unread,
Jul 19, 2017, 2:34:29 AM7/19/17
to MaxScale
2017-07-19 02:17:15 error : [firewall-service] Refresh rate limit exceeded for load of users' table.
2017-07-19 02:17:15 warning: [MySQLAuth] firewall-service: login attempt for user 'testsite1'@[127.0.0.1]:52206, authentication failed.

I am trying to run maxscale as an query sanitation service via tcp sockets. Connecting straight to the mysql server works, going through maxscale doesn't.

I am not sure why, but maxscale seems to be representing the ipv4 as a IPV6 addr

Markus Mäkelä

unread,
Jul 19, 2017, 2:51:32 AM7/19/17
to maxs...@googlegroups.com

Hi,

Starting with MaxScale 2.1, the default interface that MaxScale first attempts to listen on is the IPv6 version of the 0.0.0.0 address ( :: ) which causes client connections to be interpreted as IPv6. This should not be a problem as MaxScale can map IPv4 grants to IPv6-mapped-IPv4 addressed (e.g. ::ffff:127.0.0.1 for 127.0.0.1) and the IPv6 form is just used for uniform representation of both IPv4 and IPv6 addresses. You can tell MaxScale to bind to the IPv4 address by adding address=0.0.0.0 in the listener definitions.

The common steps to figuring out authentication problems are:

  1. Check that both the client IP and MaxScale IP are covered by a wildcard grant or that both IPs have the appropriate grants
  2. Check that no errors show up in the MaxScale logs and MaxScale can successfully connect to the backend databases
  3. Make sure the database doesn't have anonymous user accounts enabled
  4. Enable the info level logging by adding log_info=true under the [maxscale] section in maxscale.cnf and see which user MaxScale is interpreting the client as

If the authentication still fails after checking that all grants are OK and MaxScale fetches the database user information correctly, we might be looking at a bug. In this case, please open up a bug report on the MaxScale Jira with as much information as possible (logs, configuration files, client-side errors etc.).

Markus

-- 
Markus Mäkelä, Software Engineer
MariaDB Corporation
t: +358 40 7740484 | Skype: markus.j.makela

geema...@gmail.com

unread,
Jul 19, 2017, 5:17:59 AM7/19/17
to MaxScale
For anyone else having the same issues, please ensure that user has grant on 127.0.0.1, not just "localhost"

geema...@gmail.com

unread,
Jul 19, 2017, 5:18:24 AM7/19/17
to MaxScale, geema...@gmail.com
Issue solved

shre...@gmail.com

unread,
Jul 24, 2017, 11:18:20 AM7/24/17
to MaxScale, geema...@gmail.com
On Wednesday, July 19, 2017 at 2:48:24 PM UTC+5:30, geema...@gmail.com wrote:
> Issue solved

Hi Geema i am facing same issue in maxscale 2.1.3, can you tell me how can you solve this issue.

geema...@gmail.com

unread,
Jul 24, 2017, 1:34:41 PM7/24/17
to MaxScale, geema...@gmail.com, shre...@gmail.com

I added both 'user'@'localhost' and 'user'@'127.0.0.1' permissions

Reply all
Reply to author
Forward
0 new messages