41

Today, I wanted to create a database in PMA. It said: "Cannot log in to the MySQL server". I tried via a terminal, same problem, and it is because my password is wrong. And I can't understand why.

I tried the usual method to reset the root password (skip grant tables mounting and reset the passord) but it seems it doesn't works.

See that:

morgan@rakija:~$ sudo mysqld_safe --skip-grant-tables &
[1] 14016
morgan@rakija:~$ 150802 19:07:25 mysqld_safe Can't log to error log and syslog at the same time.  Remove all --log-error configuration options for --syslog to take effect.
150802 19:07:25 mysqld_safe Logging to '/var/log/mysql/error.log'.
150802 19:07:25 mysqld_safe A mysqld process already exists

[1]+  Terminé 1               sudo mysqld_safe --skip-grant-tables
morgan@rakija:~$ mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.0.20-MariaDB-0ubuntu0.15.04.1 (Ubuntu)

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> update user set password=PASSWORD("newPass") where user='root';
Query OK, 4 rows affected (0.00 sec)
Rows matched: 4  Changed: 4  Warnings: 0

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit
Bye
morgan@rakija:~$ sudo service mysql restart
morgan@rakija:~$ mysql -uroot -pnewPass
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
Improve this question

4 Answers 4

Reset to default
62

I have found a solution that is as strange as the problem itself.

Reboot MySQL/MariaDB using --skip-grant-tables (search for tutorials on the web). (not necessary at all, read my edits at the end of the post)

Look at the plugin field into the mysql.user table:

MariaDB [mysql]> SELECT user, plugin FROM user;
+------+-------------+
| user | plugin      |
+------+-------------+
| root | unix_socket |
| root | unix_socket |
| root | unix_socket |
| root | unix_socket |
+------+-------------+

I had to reset the plugin field of each entry to a blank string.

UPDATE user SET plugin="";   // without WHERE clause

Also, make sure that a password is defined, because sometimes it seems to be erased (select on user, password fields). If not, update it with:

UPDATE user SET password=PASSWORD("my_password") WHERE user="root";

Privileges parameters need to be saved explicitly:

FLUSH PRIVILEGES;

Then, restart MySQL in normal mode and you should be able to connect to the root account.

This will not necessarily disable the connection via Unix socket. After my MySQL va repaired, in PMA, I can see that the connection is established through an Unix socket.

EDIT, some months later: I'm now used to have this problem come back frequently, I think at each update of MariaDB (or something like that). So I've got a better comprehension of the probem ; there's an UNIX_SOCKET plugin that can let you log in a MariaDB account without having to create a password, because it uses the shell's credentials to trust you, without having to enter any password. In fact, this plugin is an authentication plugin and not a method of communication with the SQL server. So you can safely disable it if you don't use unix socket as a logging-in method. The only thing I can't explain is why the UNIX_SOCKET plugin is regularly set on each account of the database, without any action on my side.

This has the nice side effect that, when it happens, you can login to the SQL server without having to restart MariaDB with --skip-grant-tables: just log-in to the system's root account, then just connect with mysql -u root without password, then reset the plugin field in the way it is explained above.

EDIT 2: Confirmed, it happens on each MariaDB upgrade on Ubuntu.

Improve this answer
6
  • 1
    This breaks the maintenance cron job on Ubuntu 16.04 (at least) because that script is expecting to log in without a password using the socket plug-in. See superuser.com/questions/957708/… for details.
    – colan
    Commented Jul 21, 2016 at 20:24
  • Okay, interesting, but this does not happen anymore (my legacy passwords setup does not break randomly now). Maybe the Unix socket plugin is set on the root user only, now? Couldnt' check that right now. But I don't like the idea that the OS decides for me what authentication setup to use.
    – Morgan Touverey Quilling
    Commented Jul 21, 2016 at 20:45
  • This problem sucks, it happened on Debian 9, no root password was asked when I installed MariaDB and I could not even reset it. I hope it will not happen again after an upgrade. Should we replace MariaDB with MySQL to avoid such problems?
    – baptx
    Commented Nov 30, 2017 at 16:03
  • Not sure it still happens, it may have been fixed now (I can edit the post if anyone knows). Maybe it happens only at the installation, which would be a good default setup.
    – Morgan Touverey Quilling
    Commented Nov 30, 2017 at 22:20
  • 1
    I just noticed that if we don't use the unix socket plugin for the root user, it will fail to install phpmyadmin package on latest Debian: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO). So the best solution is to keep using the default unix socket authentication with command sudo mysql -u root, which I think is also more secure and performant.
    – baptx
    Commented Dec 1, 2017 at 12:31
6

From this answer, http://ubuntuforums.org/showthread.php?t=2275033&p=13272227#post13272227.

Mysql tries to authenticate root using plugin, not password. You need to disable plugin usage for root.

shell$ sudo mysql -u root

[mysql] use mysql;
[mysql] update user set plugin='' where User='root';
[mysql] flush privileges;
[mysql] \q
Improve this answer
3
  • 2
    That's exactly what I posted as an answer.
    – Morgan Touverey Quilling
    Commented Jan 18, 2016 at 11:22
  • 1
    It's a slightly more concise rollup with your update.
    – ponies
    Commented Jan 18, 2016 at 19:27
  • I can't even get a mysql shell, so this won't work in my case, even though I'm seeing Could not open mysql.plugin table. in the error log.
    – Dave Everitt
    Commented Aug 18, 2019 at 13:12
1

Connect as previously described:

mysqld_safe --skip-grant-tables

Log file will be showed:

160518 23:21:01 mysqld_safe Logging to '/usr/local/mysql/data/ab123456.domain.com.err'.
160518 23:21:01 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data

Search log listed (in this case: /usr/local/mysql/data/ab123456.domain.com.err) for right socket:

cat /usr/local/mysql/data/ab123456.domain.com.err | grep "socket: "
Version: '5.5.49-MariaDB'  socket: '/tmp/mysql.sock'  port: 3306  MariaDB Server

and use it in mysql connection:

mysql --socket /tmp/mysql.sock -u root
root@ab123456:~# /usr/local/mysql/bin/mysql --socket /tmp/mysql.sock -u root

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 1
Server version: 5.5.49-MariaDB MariaDB Server
Improve this answer
1
  • I just get $ mysqld_safe --skip-grant-tables 190818 14:13:35 mysqld_safe Logging to '/usr/local/var/mylaptop.local.err'. 190818 14:13:35 mysqld_safe Starting mysqld daemon with databases from /usr/local/var but am just thrown back to the bash prompt.
    – Dave Everitt
    Commented Aug 18, 2019 at 13:16
1

By default marriadb uses "unix_socket" authentication plugin to set passwords this should be "mysql_native_password" so

switch database..

use mydatabase;

first see witch plugin is set..

SELECT user, plugin FROM user;

set it to "mysql_native_password" 

UPDATE user SET plugin="mysql_native_password";

set new password...

update user set authentication_string=password('My@Password'), plugin='mysql_native_password' where user='root';
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .