I have taken over undocumented Mongo 4.4.8 cluster (PSA). I am trying to tidy it up and test thouroughly.
An original connection string:
MONGODB_URI=mongodb://${USER}:${PASS}#10.0.0.3:27017,10.0.0.6:27017,10.0.0.2:27017/bud?replicaSet=bud-replica&authSource=admin
I have enabled localhost and socket connection. I can log in from cmdline with
mongo -u ${USER} -p ${PASS}
MongoDB shell version v4.4.8
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("492e331b-417e-458a-83c7-9db6eaae0869") }
MongoDB server version: 4.4.8
I can switch db to bud and perform the queries. But if I run just
mongo
then the authentication with the same credentials does not work:
bud-replica:PRIMARY> db.auth('admin','admin');
Error: Authentication failed.
0
I tried to search for users but shows there arent any:
bud-replica:PRIMARY> db.getUsers()
[ ]
bud-replica:PRIMARY> use bud
switched to db bud
bud-replica:PRIMARY> db.getUsers()
[ ]
This is mongod.conf security part:
security:
authorization: enabled
keyFile: "/etc/bud-rs"
Finally I need to export my data before doing experiments. Though the cmd line interface looks similar, mongoexport cannot fetch the data, regardless I set user/password or skip these arguments.
mongoexport -h localhost --db=bud -u ${USER} -p ${PASS} -c=accidents --jsonArray > accidents.json
2021-08-25T19:30:30.631+0200 could not connect to server: connection() error occured during connection handshake: auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed.
mongoexport -h localhost --db=bud -u ${USER} -p ${PASS} -c=accidents --jsonArray --authenticationDatabase “admin” > accidents.json
2021-08-25T19:36:18.738+0200 could not connect to server: connection() error occured during connection handshake: auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed.
root#10:~# mongoexport -h localhost --db=bud -u ${USER} -p ${PASS} -c=accidents --jsonArray --authenticationDatabase “bud” > accidents.json
2021-08-25T19:38:21.174+0200 could not connect to server: connection() error occured during connection handshake: auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed.
I am really confused and I failed to find a solution on Google or SO.
Second relevant question:
If I need to create new user, shall I do it on all replicas or it is automatically synchronized?
1st update
This is the workaround, but my questions are still valid. I want to understand.
root#10:~# mongoexport --db=bud -u ${USER} -p ${PASS} -c=accidents --jsonArray "mongodb://admin:admin#10.0.0.3:27017/bud?authSource=admin" > accidents.json
2021-08-25T20:46:54.777+0200 connected to: mongodb://[**REDACTED**]#10.0.0.3:27017/bud?authSource=admin
2021-08-25T20:46:55.778+0200 [........................] bud.accidents 0/4379 (0.0%)
2021-08-25T20:46:56.497+0200 [########################] bud.accidents 4379/4379 (100.0%)
2021-08-25T20:46:56.497+0200 exported 4379 records
2nd update
bud-replica:PRIMARY> use admin
bud-replica:PRIMARY> show collections
system.keys
system.users
system.version
bud-replica:PRIMARY> db.system.users.find()
{ "_id" : "admin.admin", "userId" : UUID("769e4f5c-6f46-4153-857e-47d7d8730066"), "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "32/AP4019eome36j8n
The user credential was created in the admin database.
When connecting with the mongo shell, switch with use admin before running db.auth
The mongoexport command that worked used authSource=admin in the connection string.
Add --authenticationDatabase=admin to the other command line to direct it to use the admin database for auth as well.
whole example command as below worked for me.
Mongodb version: 5.x.x, also for Mongodb version: 8.x.x
mongodump --authenticationDatabase=admin --uri mongodb://username:password#mongodb-host/db-name?ssl=false&authSource=admin
Related
I've just followed this guide on setting up Auth with Mongo DB, as well as this guide to get a user set up as an administrator.
Running mongo > use admin > show users prints the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
After this, I run the server again with --auth and use the following command:
mongo -u "root" -p "xxx" --authenticationDatabase "admin"
This prints the following:
MongoDB shell version: 3.2.19
connecting to: test
2018-03-29T15:52:32.329+0200 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1441:20
#(auth):6:1
#(auth):1:2
exception: login failed
Trying to run this without the --auth parameter lets me log in just fine.
The --auth parameter also gives me the following output in the server console:
I ACCESS [conn1] note: no users configured in admin.system.users, allowing localhost access
But I'm actually unsure about why it isn't picking up any root/admin user I create. When trying to connect with Robo 3T, the terminal prints the following:
I NETWORK [initandlisten] connection accepted from xxx:44924 #2 (2 connections now open)
I ACCESS [conn2] SCRAM-SHA-1 authentication failed for root on admin from client xxx ; UserNotFound: Could not find user root#admin
I NETWORK [conn2] end connection xxx:44924 (1 connection now open
Solution by OP.
Issue fixed by following this article.
It seems that, despite using --auth when connecting to the server, by not commenting out the line bindIp: 127.0.0.1 and adding authorization: 'enabled' to the security section in /etc/mongod.conf, I was only allowing access to the local machine - the server itself. The error messages could have been worded a bit better, but that's security. I guess.
Whilst this was a very silly oversight, no documentation I had previously looked at had covered this issue.
I have a mongo db setup on mlab for use with meteor running on Galaxy. I can succesfully export from this database using mongoexport on my windows 8.1 64-bit laptop. I also want to connect with the mongo shell, but I get "not authorized" error messages, using the exact same mongo user and password.
In more detail - this works just fine, using mongoexport version r3.4.7:
mongoexport --host ds121225.mlab.com:21225 -d quarule-db01 --collection Quarule -u xxxxx -p xxxx -q "{vocabularyName: 'qre'}" --out QRE.json
while this fails:
mongo ds121225.mlab.com:21225/quarule-db01 -u xxxx -p xxxxx
MongoDB shell version v3.4.7
connecting to: mongodb://ds121225.mlab.com:21225/quarule-db01
MongoDB server version: 3.4.9
rs-ds121225:PRIMARY> show dbs
2017-10-30T19:50:37.795-0700 E QUERY [thread1] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs#src/mongo/shell/mongo.js:62:1
shellHelper.show#src/mongo/shell/utils.js:769:19
shellHelper#src/mongo/shell/utils.js:659:15
I have checked and rechecked that I am specifying the userid and password the same way in both commands.
Why would the export succeed and the shell fail?
I've created a new user on a clean database, but can't connect with it. I can, however, connect with no credentials.
PS C:\Program Files\MongoDB\Server\3.0\bin> .\mongo.exe localhost/test
MongoDB shell version: 3.0.11
connecting to: localhost/test
> var me = { user: 'dave', pwd: 'password', roles: [ 'userAdminAnyDatabase'] }
> use admin
switched to db admin
> db.createUser(me)
Successfully added user: { "user" : "dave", "roles" : [ "userAdminAnyDatabase" ] }
> ^C
bye
PS C:\Program Files\MongoDB\Server\3.0\bin> .\mongo.exe -u dave -p password
MongoDB shell version: 3.0.11
connecting to: test
2016-04-27T15:40:38.185+0100 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1271:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1271
exception: login failed
I believe that you are connecting to the test database. But the user was created in the admin database.
Try to create the user in test. use test.
Or specify in the login which scheme to connect to
I need to connect to to my MongoDB remotely. So I've commented out the line bind_ip in the mongod.conf and set there also auth=true. Now I was able to connect remotely.
Then I typed following on the machine running mongodb:
use admin
db.addUser("myadmin", "mypw")
Was created successfully but now when I try to connect remotely or even on the local machine and I try to execute anything it sais: not authorized on admin to execute command
Even that I try to connect like this: mongo -u myadmin -p mypw (locally)
I get following error:
MongoDB shell version: 2.6.9
connecting to: test
2015-04-08T15:25:53.425+0200 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1260
exception: login failed
Maybe because he tries to connect to the test db? How can I specify which db. Remotely it doesn't work with mongo --host myurl -u myadmin-p mypw
with following error:
2015-04-08T14:31:00.373+0200 E QUERY Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 }
at DB._authOrThrow (src/mongo/shell/db.js:1236:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1236
exception: login failed
Please try to use --authenticationDatabase while connecting to mongo shell, like in the following:
mongo -u myadmin -p mypw --authenticationDatabase admin
I'm trying to create a mongoDB user on a DigitalOcean droplet. I tried a lot of combinations, but basically, I can't make this work.
To start the service, I use mongod --noauth. Below is the command I used:
use admin
db.createUser( { user: "userhere", pwd: "passhere", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
I restarted the service and tried to connect using:
mongo admin --port 61370 --host <host> -u userhere -p
Enter password:
2015-01-21T13:30:17.279-0500 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
It doesn't connect.
Does anyone know the step-by-step on how to create a user on MongoDB?
You must create the user with the appropriates privileges. So you should connect to your mongo instance with :
mongo -u siteUserAdmin -p password
See the documentation as well : http://docs.mongodb.org/manual/tutorial/add-user-to-database/
Try specifying -authenticationDatabase option
mongo -u mongoadmin -p password -authenticationDatabase admin