LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-24-2010, 01:54 AM   #31
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16

OMG!!! I tried the localhost and root and it worked this time...I am certain I tried it as localhost and root and I swear it didn't work then! Now why the heck doesn't it work for server2.lambott.local or with my tklamb user name? Blue Ice mentioned something regarding remote login and servers. Perhaps he/she could elaborate?

Last edited by tklMe; 04-24-2010 at 02:06 AM.
 
Old 04-24-2010, 08:00 AM   #32
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
server2.lambott.local is a computername which should be registered at your dns server or should be added to the hosts file of the computer you are trying to access the server with. This is needed to resolve the ipaddress. Computers don't connect with the computername. A computername is translated to an ipaddress which is used to contact the computer with that specific ipaddress.

In MySQL you need to specify from which clients you allow a user to access the server. The wildcard used in MySQL is %, so don't confuse it with *. The root user by default can only access a from the localhost. Using the computername of the localhost is not considered to be the localhost. Again this has to do with resolving computernames to ipaddresses. If you create a user that should be able to log in remotely, then you need to specify from which clients (ipaddresses) the user is allowed to access the server.

For example:
Code:
GRANT ALL ON db.* TO 'tklamb'@'192.168.1.%';
This code will tell MySQL that user tklamb is allowed access to all objects in database db from clients whose ipaddress is in the format of 192.168.1.xxx (for other netmasks you should use something like 10.% or 172.138.%). If a user should only be allowed to connect from localhost, you should use something like:
Code:
GRANT ALL ON db.* TO 'tklamb'@'localhost';
When you need your client to be able to connect from everywhere, the query should look something like:
Code:
GRANT ALL ON db.* TO 'tklamb'@'%';
Be aware that I didn't set a password for this user. After you have executed the GRANT query you need flush the privileges with the command: FLUSH PRIVILEGES;. After this you should be able to use this user account. On the site of MySQL you can find a lot of interesting information regarding creating users.

Edit: If you have a problem with the current users then please run the query: SELECT Host, User FROM mysql.user WHERE User='tklamb'; and post the results here. No password information will be published here.
With this information we can tell what your problem might be with setting up the user accounts.

Last edited by Blue_Ice; 04-24-2010 at 08:05 AM.
 
Old 04-24-2010, 11:43 AM   #33
paulsm4
Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

1. I'm super-glad you didn't follow through on the source rebuild: as you well know, that wasn't the problem. MySQL was OK: the problem was permissions.

2. Don't worry about the "name resolution" problem, either. Since your Apache server is on the same host as your mySQL database, all you need is "localhost".

And from a "security" standpoint: every time you allow any external host you allow to use any service, you've introduced a new attack point that some "bad guy" can use to compromise your system. The fewer hosts you allow access, the fewer vulnerabilities to your system.

Restricting *any* access to *only* localhost is in fact the *safest* approach.

Sooooo ....

3. Here's your hosts list:
Code:
+-----------------------+---------+
| Host                  | User    | 
+-----------------------+---------+
| %                     | lambott |
| %                     | tklamb  |
| 127.0.0.1             | root    |
| localhost             |         |
| localhost             | root    |
| server2.lambott.local |         |
| server2.lambott.local | root    |
+-----------------------+---------+
7 rows in set (0.00 sec)
4. According to this list, it *should* work as either tklamb or lambott.

Provided:
a) you're using the correct username, password, and "localhost" in your mysql_connect()

b) you've also granted access privileges on the mySQL table to tklamb and/or lambott

c) the Linux user ("root", "nobody" - whoever) has OS-level privileges to use MySQL.

5. I would strongly suggest these commands:
Quote:
* mysql -utklamb -pTKLAMBS_MYSQL_PASSWD mysql

delete from user where Host='server2.lambott.local';
<= this should delete two rows

delete from user where User='';
<= this should delete one row

flush privileges;

exit;
6. Then I'd focus on getting "tklamb" working - locally - both from mysql, and from PHP.

Good luck - and please keep us posted!

Last edited by paulsm4; 04-24-2010 at 11:54 AM.
 
Old 04-24-2010, 12:57 PM   #34
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16
I've tried multiple variations and nothing worked. I then granted tklamb@localhost privileges and flushed them of course and made the appropriate changes in the php file and now I can go to my client and see the table with tklamb as the user. I still cannot get any of them to work with anything other than localhost. Why is that? Could it have something to do with the hosts file Blue mentioned? My client does have both server1 and 2 listed, server1 has server2 listed but server2 has nothing listed. Could that be the problem/reason?

PaulSM4: I did make certain to make the appropriate changes in the php code as suggested by your step 4. As for step 5, I'm not certain what that is suppose to do.I haven't tried it yet. Please explain it. Thanks.

Here is my user listing and as I mentioned only localhost works in the php coding none of the other hosts work:

mysql> select host, user from user;
+-----------------------+---------+
| host | user |
+-----------------------+---------+
| % | lambott |
| % | tklamb |
| 127.0.0.1 | root |
| 192.168.139.% | tklamb |
| localhost | |
| localhost | root |
| localhost | tklamb |
| server2.lambott.local | |
| server2.lambott.local | root |
+-----------------------+---------+
 
Old 04-24-2010, 02:51 PM   #35
paulsm4
Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi again, tklMe -

1. Cool - glad you've got things working.

2. I'm not sure how high your tolerance is for "theory", or to what extent you just want simple, clear-cut instructions to "make it work". Sorry if I'm heavy on the "theory", and sorry if stuff like "fred" and "barney" (meant in the same spirit as "X" and "Y" in algebra) confuses things.
... but ...
3. Your question about "why doesn't it work" hearkens back to "theory":

a) at the TCP/IP level, "localhost" and "127.0.0.1" and "loopback" are usually all equivalent - they all refer to the "same thing". PROVIDED the names are defined in your network stack's resolver: be it /etc/hosts, DNS or something else altogether.

b) Similarly, "server2" and "192.168.139.129" are equivalent. Provided "server2" is defined as "192.168.139.129" in /etc/hosts and/or DNS.

c) "server2.lambott.local" may or may not be equivalent to "server2" - that's a configuration issue on your part.

Try it! Try "ping server2" and see what you get (presumably"192.168.139.129"). Now try "ping server2.lambott.local" and see what you get (I'm guessing probably "host not found").

4. I don't want us to hijack this thread by turning it into a "DNS howto". Our goal is to get MySql working - I think you've achieved that goal.

5. If the only client for mySQL is PHP/Apache ... then the SIMPLEST and the MOST SECURE solution is to use localhost.

So in the name of BOTH "security" AND "expediency", I'm asking you to use "localhost".

I'm ALSO asking you to DELETE any mysql principals you DON'T need.

Yes, that level of paranoia is "overkill" for a simple VM.

But it's an EXCELLENT habit to get into now, before you start deploying stuff in the "real world".

And, as an added benefit, it'll make troubleshooting, configuration ... and make learning MySQL and PHP ... soooooooo much easier for you!

IMHO .. PSM

PS:
Please feel free to click "thanks" for Ice_cube and me if you think we helped.

PPS:
Please do feel free to keep asking questions, in this thread, or in new threads.

PPS:
Please be sure to delete the row with "192.168.139.%", too.

Last edited by paulsm4; 04-24-2010 at 02:53 PM.
 
Old 04-24-2010, 03:24 PM   #36
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16
I actually was going to thank you both when I was done, but I went ahead and thanked you guys ahead of time.
Server2 actually has an IP of 192.168.139.133; client system has an IP of 192.168.139.129; Server1 (the DNS server) has an IP of 192.168.139.130. Did I mention I have Bind installed on Server1 where I have set up who the web server is (server2) and who the dns server is (server1). I am able to ping from all systems to the other systems (even same system to same system)using IP and name and finds and transmits the packets just fine with no packet loss. I am able to do an nslookup on the other systems with the names and it comes back with the IPs and vice versa. It still doesn't make sense why server2.lambott.local doesn't work. That is where the mysql is installed, along with apache and php. I put 192.168.139.133 server2.lambott.local the hosts file on server2 but that didn't do anything. I suppose since localhost works I shouldn't worry about server2.lambott.local not working but darn I really would like that one to work...unless in reality it isn't suppose to work.
 
Old 04-24-2010, 03:55 PM   #37
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Well, there might be one other issue that you haven't addressed yet and that is the firewall. Have you opened port 3306 (default port MySQL runs on) on server2? If not, that could generate the same error.
 
Old 04-24-2010, 04:19 PM   #38
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16
Blue Ice: Well, no, I didn't realize I needed that port open. So if you mean I need to open that port and then server2.lambott.local will work for the mysql connect statement (server2.lambott.local, root, rootspassword), well, it didn't--I just tried it. Perhaps it isn't suppose to work that way? I do have http and https ports open. Maybe it is something in selinux...naw, I just set it to allow users and that didn't do anything. Again, maybe server2.lambott.local isn't suppose to be listed and it is just suppose to be localhost. I'm tired of messing with it. I got the tklamb to work using localhost and I really appreciate all of your help. Thank you very much! Now I have to figure out how to adjust my httpd.conf file or whatever file it is to point https to another directory or index file (just not the same site as the http is-->/var/www/html. Don't tell me tho...unless I ask for assistance later this evening. I want to be able to figure it out on my own and I don't think it will be hard to do! (I hope)
 
Old 04-24-2010, 04:53 PM   #39
paulsm4
Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

Blue_Ice is absolutely correct about the firewall.

Quote:
GENERAL TROUBLESHOOTING SUGGESTION:
1. Make sure you can "ping" a host (name resolution)
... then ...
2. "telnet HOST PORT#"
Quote:
EXAMPLE:
ping localhost
<= should respond "127.0.0.1"

ping server2
<= should respond "192.168.139.129"

ping server2.lambott.local
<= Don't know
I think you're saying you tried this, and it DID respond: 192.168.139.129

telnet server2 3306
<= This is one quick/easy way to see if port 3306 is open on interface 192.168.139.129 or not
It's entirely possible it IS open on 127.0.0.1, but not 192.168.139.129 (because of the firewall)
Make sense?

Again - congratuations on getting things working thus far. Good job !

PS:
Hint: Apache "virtual hosts" are your friend (in the context of serving multiple web sites from the same host)
 
Old 04-24-2010, 05:34 PM   #40
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16
PaulSM: The IP of server2 is 192.168.139.133 so if I were to "ping server2" then it would come back with "from server2.lambott.local (192.168.139.133)" on the same system or on server1, or on the client system. Thanks for the hint!

I tried the telnet and it said connected to server2.lambott.local (192.168.139.133) escape character is.....then some weird mumbo-jumbo and connection closed by foreign host.

I tried adding the <VirtualHost 192.168.139.133:443>
DocumentRoot /var/www/html2
ServerName server2.lambott.local:443
</VirtualHost>

But obviously I've done something wrong cuz it doesn't do anything. When I go to https://server2.lambott.local:443 it still brings up my original web page in my /var/www/html folder.

Okay I have discovered the ssl.conf file and made the adjustments in there....but that isn't working either. I was only able to get to the alternate website if I adjusted the httpd.conf file and used port 8080 instead of the 443 (listed above). Well, that isn't a secure site and I need to make an alternate web site that is just for secure entry. I'm getting tired of this. This whole LAMP installation has been a pain. Any hints might be nice...

Last edited by tklMe; 04-25-2010 at 01:50 AM.
 
Old 04-25-2010, 03:21 AM   #41
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Before you start to configure Apache, you need to install mod_ssl and openssl on the webserver. After that adjust the configuration:
Code:
Listen 80 #this should already exist
# the following line might not be needed as it could be included in the mod_ssl config
Listen 443

NameVirtualHost server2.lambott.local:443
<VirtualHost server2.lambott.local:443>
        ServerAdmin x@y.com
        DocumentRoot /var/www/html2
        ServerName server2.lambott.local
        SSLEngine on
        SSLCertificateFile /etc/httpd/cert/httpd.crt
        SSLCertificateKeyFile /etc/httpd/cert/httpd.key
</VirtualHost>
Edit: If I remember correctly, configuring apache like this allows you to have only one VirtualHost using ssl. In case you need more, you will have to setup another apache process with its own configuration specifically for port 443.

Last edited by Blue_Ice; 04-25-2010 at 03:28 AM.
 
1 members found this post helpful.
Old 04-25-2010, 01:40 PM   #42
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16
Blue_Ice: are you setting that up in ssl.conf or in httpd.conf?
I do have the mod_ssl and openssl installed and I have set up the keys/certs.
The ssl.conf has the sslengine and sslcertifcatefile locations (etc/pki/tls/certs and etc/pki/tls/private) and they are ca.crt and ca.key.
I don't know what the SSLCertificateKeyFile is in your example.
I read that you need to put the virtualhost info in the ssl file...so again, is your example in the ssl.conf or the httpd.conf file? Also, 443 is listed in the ssl.conf.
(I did try to put most of your example into my httpd.conf file but that did not work...again the issue is with the engine and keys. Wouldn't it be redundant to put them in the httpd.conf when they are already in the ssl.conf file?)
 
Old 04-25-2010, 01:57 PM   #43
tklMe
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 16
Blue Ice..thank you...I got it to work...I understand the whole engine and key thing now. I guess you really do have to put them in the httpd.conf file even tho their locations and the "sslengine on" is in the ssl.conf file. Anyhow, thanks again you have really been very helpful..as has PaulSM!
 
1 members found this post helpful.
Old 04-25-2010, 02:05 PM   #44
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
You're welcome. Glad we were able to help you out!

A little bit about the certificates... Depending on your intentions with the server you should get certificates from organizations like Verisign. You can also create your own.

In my example I created new certificates for testing purposes. I wanted them to be specific for that VirtualHost. Where you put VirtualHost doesn't really matter. In httpd.conf there is a directive that points to ssl.conf. So ssl.conf will be loaded when httpd.conf is loaded. I prefer to put my VirtualHost definitions all at the same place, so I can see them all at once and don't need to look through tons of files to find the right definition.

Anyway, happy developing and don't hesitate to post your questions when in need for help.
 
1 members found this post helpful.
  


Reply

Tags
configuration, lamp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing LAMP, easier said than done? rjo98 Linux - Newbie 4 08-24-2009 10:52 AM
Need help configuring YUM zak4u Linux - Newbie 5 03-23-2009 06:32 AM
Installing lamp umwai Linux - Newbie 3 09-16-2008 11:58 PM
Configuring YUM taborekle Fedora 3 02-23-2006 01:35 PM
help configuring yum J0sep Fedora 1 01-13-2005 02:00 PM


All times are GMT -5. The time now is 05:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration