MySQL User – Create a Domain Account User in MySQL

MySQL

I am from MSSQL background and trying to learn MYSQL on a windows server 2012 VM. I want to create a user in MYSQL and the user is also a domain account. Please give me the script to get it done or is it a limitation of MYSQL.

CREATE USER 'domain\abc'@'%' IDENTIFIED BY 'password';

If I try the above command then it's creating a user by name 'domainabc' in mysql

Best Answer

By default, MySQL server accounts, with the default authentication plugin, are completely unrelated to system or network users. That means that (again, stress on by default), whenever you run: CREATE USER you are creating a mysql-only account, no matter if it has the same name than other system (os) or authentication methods.

However, MySQL has available authentication plugins, which you can enable on a per-account basis, and link it, for example, to OS accounts or LDAP/domain network accounts.

I am personally not familiar with Microsoft Authentication methods (I am myself a Linux administrator, so I only familiar with plugins such as unix_socket and PAM) but a quick search tells me that such plugins indeed exist:

https://dev.mysql.com/doc/refman/5.5/en/windows-pluggable-authentication.html

I can even see MySQL installed on Linux servers using PAM to authenticate using windows servers:

https://runops.wordpress.com/2015/03/19/how-to-setup-active-directory-authentication-in-mysql-running-on-linux/

If you were unsuccessful with trying those, or don't want to pay for them, you could setup an external utility to sync domain users with MySQL local users.

Related Solutions

Thesql user creation with % to host , can only log on from remote host

When connecting to your localhost it's going you use sockets instead of ports to connect. Those grants need a specific 'localhost' grant. To use your % grant locally connect specifying you want to connect via TCP

mysql -u user -p --proto=TCP

MySQL – Is mysqladmin User Account Secure?

Before you continue playing with mysqladmin, you need to make sure your installation is not intentionally giving away access.

For starters, can you login to mysql like this?

# mysql <hit enter>

If you can get just like that, run this command:

SELECT USER(),CURRENT_USER();

USER() reports how you attempted to authenticate in MySQL
CURRENT_USER() reports how you were allowed to authenticate in MySQL

If CURRENT_USER() return a user and host where the user is blank, then you were allowed in as an anonymous user. At that point, you can remove anonymou users with this:

DELETE FROM mysql.user WHERE user='';
FLUSH PRIVILEGES;

Now, locate all users with no password with this:

SELECT user,host,password FROM mysql.user;

If any users have no password, you can issue new passwords for user using mysqladmin or you could just assign them as follows:

UPDATE mysql.user SET password=PASSWORD('whateverpassword') WHERE user='...' AND host='...';
FLUSH PRIVILEGES;

Now, check for remote users

SELECT user,host FROM mysql.user WHERE host='%';

If you see any, run this:

DELETE FROM mysql.user WHERE host='%';
FLUSH PRIVILEGES;

Make sure when all is said and done that at least root@localhost and/or root@127.0.0.1 exist and have a password

SELECT user,host,password FROM mysql.user WHERE user='root';

I could probably go on. Here are other posts I have about stuff like this:

Best Answer

Related Solutions

Thesql user creation with % to host , can only log on from remote host

MySQL – Is mysqladmin User Account Secure?

Related Question