I have upgraded MySQL to the latest version (by accident). I tried to upgrade SafeLinx but I am getting an error about the caching sha2 password as shown below so SafeLinx won't connect to MySQL. This is all installed on a single Linux server.
DBManager: Failed connecting to database wgdata with instance wgdb
(Generic error -- -1)
5725:1978947328 (Mar 12 2025/13:38:55.8530)[DEBUG] SQLGetDiagRec returns SQL_NO_DATA
5725:1978947328 (Mar 12 2025/13:38:55.8530)[ERROR] DBManager::get_sql_error --- database error report ---
SQL ERROR -1 (FATAL ERROR) occurred for SQLConnect.
SQLSTATE: HY000
Native Error Code: 2061
[MySQL][ODBC 8.3(w) Driver]Authentication plugin 'caching_sha2_password' reported error: Failed to generate scramble
--- end error report ---
I beleive that the latest version of SafeLinx supports this so I ran the MySQL config change so that the wgdb user would be switched over to use the caching password but it is still failing. Does anyone have a walk through or any ideas if upgrading is possible or is this supposed to be a wipe and re-install?
I did also try forcing it to use the default-authentication-plugin=mysql_native_password in the config but if I do this then the admin client won't connect I get an xml parser error.
Hello Richard,
Refer the below KB article and see if that helps.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0102948
Thank you
Regards
Shrikant J
Thanks for your reply but thats for when using MySQL against an older version of SafeLinx. I am using the latest version so as far as I understand it the sha2 caching should work.
Hello Richard,
May I know the Linux version you are using ?
SafeLinx have limitations with RHEL7/CENTOS7 due to OpenSSL version. Please refere System Requirements for details.
If Linux version is recent one, can you try updating mysql-odbc-connector drivers ?
Thanks & Regards,
Kandarpa
Of course it is Rocky Linux 8.10. MySQL is version 8.0.41 and the connector is 9.2.0
Can you try with MySQL Connector ODBC 8.0.33 driver (available at here) once and let me know the results ?
Regards,
Kandarpa
Hello Richard,
I had a similar issue after changing the password for the user which is used to connect to the database. If so you also have to change the cached password for this user: https://brandlrainer.info/2024/05/22/hcl-safelinx-password-change-for-wgdb-user/
Best regards
Rainer
Thanks for your response, I didn't change the password but tried that anyway and still same thing. I have checked and the server has all the keys and caching password seems to be configured correctly and the MySQL server isn't moaning in the logs it is purely when SafeLinx starts and tries to connect to MySQL so looks like the issue is on the SafeLinx side.
I ran a force re-install / upgrade of SafeLinx and I am seeing this -
Performing an upgrade install
Saving configuration files...
Removing version 1.4.3.0...
Removed /etc/systemd/system/sockets.target.wants/wgmgrd.socket.
Removed /etc/systemd/system/sockets.target.wants/wgmgrsd.socket.
warning: file /opt/hcl/SafeLinx/lib/legacy.so: remove failed: No such file or directory
SafeLinx requires DB2 client version 11.1.0.0 (or newer), DataDirect Connect for ODBC 7.1.1 with the Oracle Wire Protocol driver, unixODBC with MySQL client and driver versions 8.0.20 (or newer), or unixODBC with Microsoft ODBC Driver for SQL Server.
Checking for DB2 client
DB2 client was not found on this machine or an older version is installed.
Now checking for libodbc.so file for MySQL or Oracle installations
Now checking for MySQL ODBC unicode driver and client
MYSQL ODBC drivers were found on this machine and will be used by the Connection Manager. MySQL Client was found with version: 8.0.41
Installing the SafeLinx server package...
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:HCL-SafeLinx-1.4-3.0 ################################# [100%]
Linking systemctl service files
cp /opt/hcl/SafeLinx/systemd/safelinx.service /etc/systemd/system/safelinx.service
systemctl enable safelinx
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:HCL-SafeLinx-saml-1.4-3.0 ################################# [100%]
cp /opt/hcl/SafeLinx/systemd/safelinx-saml.service /etc/systemd/system/safelinx-saml.service
systemctl enable safelinx-saml.service
Start SafeLinx when the system boots? [y]
Restoring configuration...
Configuration files have been restored with the exception of any
customized HTTP access services login or error screens. These
files have been saved to:
/opt/hcl/SafeLinx/install_backup/http
Would you like to remove the backup files?[n]
/opt/hcl/SafeLinx/bin/mkwg -Z
DBManager: Failed connecting to database wgdata with instance wgdb
(Generic error -- -1)
DBManager::get_sql_error --- database error report ---
SQL ERROR -1 (FATAL ERROR) occurred for SQLConnect.
SQLSTATE: HY000
Native Error Code: 2061
[MySQL][ODBC 9.2(w) Driver]Authentication plugin 'caching_sha2_password' reported error: Failed to generate scramble
--- end error report ---
ODBC_Datastore: DBManager connect failed
Failed to open data store (No such file or directory -- ENOENT)
It is basically what I am seeing in the logs when SafeLinx starts but I am wondering if SafeLinx just isn't configuring properly as it is failing to change some config over to us the cached password feature