The explicit client source seems to be what is making it fail.
MySQL default setting is to only allow connections from localhost. To enable your mates to connect, open the MySQL configuration file. The typical location on macOS is /usr/local/etc/my.cnf.
sudo vim /usr/local/etc/my.cnf
Add or modify the following lines in the [mysqld] section of the configuration file to allow MySQL to listen on all network interfaces:
[mysqld]
bind-address = 0.0.0.0
On macOS, MySQL is often managed using brew services or launchctl.
If installed via Homebrew:
brew services restart mysql
If using launchctl:
sudo launchctl unload -F /Library/LaunchDaemons/com.oracle.oss.mysql.mysqld.plist
sudo launchctl load -F /Library/LaunchDaemons/com.oracle.oss.mysql.mysqld.plist
Then open the MySQL command line interface and check the user privileges:
mysql -u root -p
Grant privileges to the user to connect from any IP address.
Replace workmate_user with the actual username and workmate_password with the user's password.
GRANT ALL PRIVILEGES ON *.* TO 'workmate_user'@'%' IDENTIFIED BY 'workmate_password';
FLUSH PRIVILEGES;
Add more users if needed.
That should do it!
Now, the answer to your question:
The general query log can log all SQL queries received from clients, including failed login attempts, it is very verbose.
Verify:
SHOW VARIABLES LIKE 'general_log%';
- Enable Error Log (Recommended)
Edit your MySQL configuration file. The typical location on macOS is /usr/local/etc/my.cnf. If this file does not exist, you might need to create it.
sudo vim /usr/local/etc/my.cnf
Add or edit the following lines under the [mysqld] section:
[mysqld]
log_error = /usr/local/var/mysql/error.log
log_warnings = 2
Restart the services.
Check the error log file to ensure it is capturing the necessary details:
tail -f /usr/local/var/mysql/error.log
Furthermore, you could enable audit logging (for detailed security auditing), but I think by now you've already figured out what was wrong.
Good luck!
using password: YES
— which password do you supply? Also, yourGRANT
command uses hostname; do you have a working reverse name resolution in your network, so the IP address the client is connecting from resolves into this name,machine4.localdomain
?