I need snort compiled with the mysql 4.1.x.  Does anyone have this?

Why do you need MySQL v4.1.x on the client (snort) side ?

ERROR: database: mysql_error: Client does not support authentication protocol requested by server; consider upgrading MySQL client

This means that the client side doesn't have the proper ( 4.1.x ) libs to connect.  This is why I need the updated mysql libs compiled into the binary.  I'd do this myself, but I really don't want to waste my time learning something that I'm going to replace in a few months anyway.

No, that means that the server is misconfigured and does not allow older clients to connect.

I won't waste mine neither in this case.

I was looking into the same issue I'm having. Since 4.1 is using a new type of authentication method, I can't get into it with this build of snort.

At first I saw your idea about configuring the server, but a google search showed a bunch of other snort users having the same problem. Any possible way to get a build of snort with MySQL 4.1 (or even better--5.0) support?

MySQL 4.1 Reference Manual :: A Problems and Common Errors :: A.2 Common Errors When Using MySQL Programs :: A.2.3 Client does not support authentication protocol

http://dev.mysql.com/doc/refman/4.1/en/old-client.html

Googling for "Client does not support authentication protocol requested by server; consider upgrading MySQL client" will show you the link above on the first page.

Ok, first off, Nico, I do appricate your help on this.  I have to admit that I am a bit of an elitist snob when it comes to IDS systems and such.  Personally I'm much more in favor of the heavy, bloated solution of a managed ( foundry/cisco/compaq/etc... ) switch with one or more 1U servers managing everything.  But that's just me, and like I said, I'm all about the elitist snob thing, so try not to take that personally.

Anyhoo, here is why I think this is a client library problem and not just me being a moron and not having the server conf'd right:

When I change the username to something that I know won't work I get:
ERROR: database: mysql_error: Access denied for user 'n0rt'@'10.0.1.1' (using password: YES)
Which tells me that the access denied problem is coming back fine.

Getting the other error that I mentioned before leads me to believe that authentication does work since I've tested the account on another box that has the 4.1.x libs and it does in fact work.  So, I know the authentication works, I know the account is solid, I know that on some level the authentication from the WRT box to the server does work, but isn't finishing. 

My only conclusion in this matter is that the static libs that snort was compiled with are not the upgraded libs that are required for the newer ( 4.1 ) series authentication mechs.  I've checked various boards and postings via google searches and that seems to be the general concent umong the public.  All of this information together with the error message itself ( "Client does not support authentication protocol requested by server; consider upgrading MySQL client" ) makes me think that it is the libraries that are causing the problem.

Again, thanks for any help you or anyone else can provide, much appriciated.

Right, so the solutions listed are:
Upgrade all client programs to use a 4.1.1 or newer client library.
This is what I've been asking for, but haven't been getting.

When connecting to the server with a pre-4.1 client program, use an account that still has a pre-4.1-style password.
Server is a new install ( as of about 4 hours ago ), so, I doubt this is the problem.

Tell the server to use the older password hashing algorithm:
No, I'm not doing this just because WRT can't supprt the NEWER Mysql libs.

krogebry,

did you actually follow the link I submitted and read about the password issue ?

Sigh...

OK, you're too fast for me.

It's not that it can't, it's that someone has to do it.

Right, so, is there someone I can talk to about getting that done?  Can you point me to someone, maybe an email, or IM or something?

I could have done it, since I ported the old libs, but - hey try not to take that personally - I won't do it for you right now.

Well, I won't take it personally, but thanks anyway for the help.  Guess I'll have to RTFM and do this one on my own.  One last question, when I do have a working package where do I post it?

Sorry, the reason why I didn't see this as a solution is because it is more of a hack to change the passwords. If I'm on the route to MySQL5, is the legacy password hack going to still work? If this is the only way to do it, I guess that can be done for now, but I'd like to have a package that won't break when I upgrade MySQL in the future.

Thanks for your time. I can understand if you don't have time to build it... I just don't have a linux box right now to use (OS X currently), so I'm pretty much relying on somone hopefully in this community who has already built or can build Snort+MySQL4.1/5 support

Send us a patch at openwrt-devel@openwrt.org

A ticket has been opened for this issue.

(Last edited by Nico on 6 Nov 2005, 06:08)