This error occurs when a MySQL client connects from a host that lacks user privileges in the mysql.user table. The fix involves granting appropriate privileges to the user for that specific host or using wildcard permissions with FLUSH PRIVILEGES.
MySQL Error 1130 (HY000) is a privilege-based authentication error that occurs at the connection stage, before any database operations. Unlike "Access denied" errors that occur after authentication, Error 1130 prevents the connection from being established entirely. MySQL security uses a combination of username and hostname (user@host) to authenticate connections. When a client attempts to connect from a host that does not have a matching entry in the mysql.user table, MySQL rejects the connection with this error. This is a critical distinction: the username might be correct, but if the specific host is not authorized, the connection fails.
Connect to MySQL as root or another privileged user and query the mysql.user table to see what hosts the user is allowed to connect from:
SELECT Host, User FROM mysql.user WHERE User = 'your_username';If you only see 'localhost' or '127.0.0.1', this explains why remote connections are rejected. The user needs explicit host entries or a wildcard entry.
To allow a user to connect from a specific IP address, execute this command (replace placeholders):
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'192.168.1.100' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;Or if the user already exists, update permissions without changing the password:
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'192.168.1.100';
FLUSH PRIVILEGES;Replace 192.168.1.100 with the actual client IP address.
To allow a user to connect from any host, use the wildcard character (%):
CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'%';
FLUSH PRIVILEGES;Or grant to existing user:
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'%';
FLUSH PRIVILEGES;WARNING: Using '%' for all hosts increases your security surface. Only use this if necessary, and consider combining it with REQUIRE SSL for encrypted connections:
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'%' REQUIRE SSL;
FLUSH PRIVILEGES;After granting privileges, verify that the user can now connect from the intended host:
SELECT Host, User FROM mysql.user WHERE User = 'username';You should now see the new host entry (either the specific IP or '%'). Test the connection from the client machine:
mysql -h mysql_server_ip -u username -p database_nameIf the MySQL server is not listening on the correct network interface, no remote connections will work. Edit the MySQL configuration file:
- On Linux: /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf
- On macOS: /usr/local/etc/my.cnf or /opt/homebrew/etc/my.cnf
- On Windows: C:\ProgramData\MySQL\MySQL Server 8.0\my.ini
Locate the [mysqld] section and check the bind-address setting:
[mysqld]
bind-address = 127.0.0.1To listen on all interfaces, change it to:
[mysqld]
bind-address = 0.0.0.0Or to listen on a specific IP:
[mysqld]
bind-address = 192.168.1.50After editing, restart MySQL:
sudo systemctl restart mysqlEnsure that the client can reach the MySQL server on the correct port (default 3306):
telnet mysql_server_ip 3306
nc -zv mysql_server_ip 3306If the connection times out, check firewall rules on the server:
# On Linux (iptables)
sudo iptables -L -n | grep 3306
# Or check with ufw if enabled
sudo ufw status
sudo ufw allow 3306On cloud platforms (AWS, GCP, Azure), verify security group rules or network ACLs allow inbound traffic on port 3306 from your client IP.
PRIVILEGE SPECIFICITY: MySQL matches privileges from most specific to least specific. A user'@'192.168.1.100' entry takes precedence over 'user'@'%'. PROXY AND NAT: If your client is behind a proxy, VPN, or NAT, MySQL sees the proxy/NAT IP address, not your local IP. Use SHOW PROCESSLIST; on the MySQL server to see what IP is connecting. HOSTNAME RESOLUTION: You can use hostnames instead of IPs in grant statements, but ensure your DNS is properly configured: GRANT ALL ON db.* TO 'user'@'client.example.com';. REMOVING USERS: If you created a user with the wrong host, remove it first: DROP USER 'username'@'old_host'; FLUSH PRIVILEGES;. LEAST PRIVILEGE: Avoid using GRANT ALL on all databases. Instead, grant only the specific databases and privileges needed: GRANT SELECT, INSERT, UPDATE ON database_name.* TO 'username'@'%';. MYSQL 8.0+ CHANGES: MySQL 8.0+ requires separate CREATE USER and GRANT statements. CREATE USER creates the account, then GRANT assigns privileges.
EE_WRITE (3): Error writing file
How to fix "EE_WRITE (3): Error writing file" in MySQL
CR_PARAMS_NOT_BOUND (2031): No data supplied for parameters
How to fix "CR_PARAMS_NOT_BOUND (2031): No data supplied for parameters" in MySQL
CR_DNS_SRV_LOOKUP_FAILED (2070): DNS SRV lookup failed
How to fix "CR_DNS_SRV_LOOKUP_FAILED (2070): DNS SRV lookup failed" in MySQL
ERROR 1146: Table 'database.table' doesn't exist
How to fix "ERROR 1146: Table doesn't exist" in MySQL
ERROR 1040: Too many connections
How to fix "ERROR 1040: Too many connections" in MySQL