[MXS-2891]  access denied Intermittently for a particular user while trying to connect through Maxscale. Created: 2020-02-14  Updated: 2020-12-08  Resolved: 2020-04-28

Status: Closed
Project: MariaDB MaxScale
Component/s: mariadbmon
Affects Version/s: 2.3.2, 2.4.6
Fix Version/s: 2.4.8

Type: Bug Priority: Major
Reporter: Pramod Mahto Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None

Attachments: File maxscale.cnf    
Sprint: MXS-SPRINT-100, MXS-SPRINT-101

 Description   

Setup : Master --> Slave

The passwords for users in the database are the same on all nodes. Still authentication issue for user access denied intermittently for this particular user while trying to connect through Maxscale.

Scenario :- 

Scenario 1 with ID testuser: Updated the application configuration to connect to database through maxscale (UserID & Password not changed, only IP/SLB) - Intermittent Access Denied Issue


Scenario 2 with ID testuser: Updated the application configuration to connect to database directly i.e Master Server xxx.xxx.xxx.xxx (UserID & Password not changed, only IP/SLB) - No Issue
 



Scenario 3 with ID testuser02: Updated the application configuration to connect to database through maxscale (UserID & Password not changed, only IP/SLB) - Intermittent Access Denied Issue
 



Scenario 4 with ID testuser02: Updated the application configuration to connect to database directly i.e Master Server xxx.xxx.xxx.xxx (UserID & Password not changed, only IP/SLB) - No Issue

Direct Connection from App Server to Master and Slave

 
 
mysql -h <Master-IP> -testuser02 -p -P 6603
 
Enter password:
 
Welcome to the MariaDB monitor. Commands end with ; or \g.
 
Your MariaDB connection id is 6170995
 
Server version: 10.2.14-MariaDB-log MariaDB Server
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
MariaDB [(none)]>
 
 
 
-sh-4.2$ mysql -h <slave-IP> -testuser02 -p -P 6603
 
Enter password:
 
Welcome to the MariaDB monitor. Commands end with ; or \g.
 
Your MariaDB connection id is 343111
 
Server version: 10.2.14-MariaDB-log MariaDB Server
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
MariaDB [(none)]>

Error log :-
---------------------------------------------------------------------------------------

 
 
2020-02-05 20:20:55   notice : syslog logging is enabled.
 
2020-02-05 20:20:55   notice : maxlog logging is enabled.
 
2020-02-05 20:20:55   notice : Using up to 4.69GiB of memory for query classifier cache
 
2020-02-05 20:20:55   notice : Working directory: /maxscale/logs/maxscale_logs
 
2020-02-05 20:20:55   notice : The collection of SQLite memory allocation statistics turned off.
 
2020-02-05 20:20:55   notice : Threading mode of SQLite set to Multi-thread.
 
2020-02-05 20:20:55   notice : MariaDB MaxScale 2.4.6 started (Commit: 714dece7ddb025d2ed2cca945a607a02b80bc7a2)
 
2020-02-05 20:20:55   notice : MaxScale is running in process 104967
 
..
 
.....
 
........


2020-02-11 13:28:14   warning: (218168) [MariaDBAuth] ReadWriteMasterService: login attempt for user 'XXXXXX'@[XX.XX.XXX.XXX]:XXXXX to database 'XXXX', authentication failed. Wrong password.

Is this due to delay in validation of users at the backend from Maxscale or something else ?



 Comments   
Comment by markus makela [ 2020-03-05 ]

Added authenticator_options=log_password_mismatch=true to the mariadbauth module. By adding this to the listeners, the password the client sends and the one stored in MaxScale is logged in the authentication failure message.

Comment by markus makela [ 2020-03-17 ]

The new option will be in 2.4.8. Once the release is out, please add authenticator_options=log_password_mismatch=true to the listeners that clients connect to.

Generated at Thu Feb 08 04:17:26 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.