I've created an user on mongo db this is the comnand and the output
db.createUser({user:"appuser",pwd:"12345",roles: [ { role: "readWrite", db: "mydb" }]})
Successfully added user: {
"user" : "appuser",
"roles" : [
{
"role" : "readWrite",
"db" : "mydb"
}
]
}
but when I try to enter with this command
mongo --port 27017 -u "appuser" --authenticationDatabase "mydb" -p
I get this error
MongoDB shell version v4.4.4
Enter password:
connecting to: mongodb://127.0.0.1:27017/?authSource=mydb&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:374:17
#(connect):2:6
exception: connect failed
exiting with code 1
I created a root user and setted this option in /etc/mongod.conf
security:
authorization: enabled
is something wrong?
From the official document of mongodb here
The database where you create the user (in this example, test) is that user's authentication database.
The database where we create the user will be used in the command to connect to MongoDB. We need to run use [nameofdatabase] to select the database before creating the user.
So, if you want to use mydb as the authentication database, you need to run these commands :
use mydb;
db.createUser({user:"appuser",pwd:"12345",roles: [ { role: "readWrite", db: "mydb" }]});
Then you can connect to your MongoDB with : mongo --port 27017 -u "appuser" --authenticationDatabase "mydb" -p
Related
I am having an issue that I cannot figure out. When I do a backup from the primary the dump works. When I do it from the secondary it always get the error "listDatabases requires authentication".
If I connect with mongo using the same user I can run this on both primary and secondary. (rs.slaveOk() needed for secondary)
db.adminCommand( { listDatabases: 1 } )
The user has these roles.
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
}
I can see the user has these roles on both the primary and secondary.
However this command fails when run on secondary:
mongodump --archive=dump.gz --gzip --oplog --port xxxxx --username xx --password xx --authenticationDatabase=admin
Failed: error creating intents to dump: error getting database names: (Unauthorized) command listDatabases requires authentication
I noticed that I get the same error even if I enter invalid passwords / user.
However on primary a bad password will get this error:
Failed: can't create session: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-256": (AuthenticationFailed) Authentication failed.
This tells me that the secondary is not trying to authenticate.
How can I get the secondary to perform the database dump when authentication is required?
Thank you
I am trying to launch a Mongodb instance as follows and running into error as below, how do I debug this?please provide guidance on how to fix this error
mongo automation --host machine40.scv.company.com -u admin -p passd
2018-05-15T21:11:30.346-0700 I ACCESS [conn3] SCRAM-SHA-1 authentication failed for admin on automation from client 17.xxx.xxx.x:54756 ; UserNotFound: Could not find user admin#automation
Please refer below step.
1) log into mongo console as super admin user.
mongo admin --host machine40.scv.company.com -u admin -p passd
2) Then check, is there any user call admin who can authenticate to access "automation" DB.
Sample output given below
{
"_id" : "XXXXXX",
"user" : "admin",
"db" : "automation",
"roles" : [
{
"role" : "root",
"db" : "automation"
}
]
}
I created an admin user:
> db.createUser(
... {
... user: "administrator",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "administrator",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
and now i'm trying to use it for enter with:
ubuntu#***ip number***:/etc$ sudo mongo --port 27017 -u administrator -p password --authenticationDatabase admin
This is what returns:
MongoDB shell version: 3.0.7
connecting to: 127.0.0.1:27017/test
2015-10-27T15:33:25.670+0000 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1271:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1271
Mongo is installed into an Amazon EC2 machine with Ubuntu.
What is missing?
The userAdminAnyDatabase role allows the user to grant access (for itself, or any other users) to any other database, however, that does not automatically grant that admin user read/write permission on all those databases (though it can bestow them upon themselves). You can resolve your authentication issue by granting the user the additional role readAnyDatabase.
db.createUser(
{
user: "test1",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, {role:"readAnyDatabase",db:"admin"} ]
}
)
Link to MongoDB docs: Create a User Administrator
Change on mongod.conf ( stop first mongod service. Ex: sudo service mongod stop):
bindIp: 127.0.0.1
for:
bindIp: 0.0.0.0
Now you can restart (Ex:sudo service mongod start)
Now you can enter in the same machine normally typing mongo, but for example, if you try to do it with robomongo gui before makes the test success the ip but don't success the user login. The user and login was created before with a pwd and roles for userAdminAnyDatabase and readAnyDatabase.
Now just type in your machine:
mongo --host (ip number here) --port 27017 -u username -p password --authenticationDatabase admin
And connect to remote Database.
I'm trying to create a mongoDB user on a DigitalOcean droplet. I tried a lot of combinations, but basically, I can't make this work.
To start the service, I use mongod --noauth. Below is the command I used:
use admin
db.createUser( { user: "userhere", pwd: "passhere", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
I restarted the service and tried to connect using:
mongo admin --port 61370 --host <host> -u userhere -p
Enter password:
2015-01-21T13:30:17.279-0500 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
It doesn't connect.
Does anyone know the step-by-step on how to create a user on MongoDB?
You must create the user with the appropriates privileges. So you should connect to your mongo instance with :
mongo -u siteUserAdmin -p password
See the documentation as well : http://docs.mongodb.org/manual/tutorial/add-user-to-database/
Try specifying -authenticationDatabase option
mongo -u mongoadmin -p password -authenticationDatabase admin
I'm trying to create a user in mongo who can do anything in any db.
According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator
This is the code:
use admin
db.addUser( { user: "try1",
pwd: "hello,
roles: [ "userAdminAnyDatabase" ] } )
Then I stopped mongo, enabled the auth and restarted mongo.
Then I tried to create a database with his user.
According with this guide: http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/
use fragola
db.users.save( {username:"fragolino"} )
And I get this: "not authorized for insert on fragola.users"
Anyone can help me?
from docs.mongodb.org-superuser-roles
Lets write answer that looks simple & also simple to implement
Steps :
1 : sudo apt-get install mongodb-org - in new terminal
2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb
3 : mongo --port 27017 - in new terminal
4 : use admin
5 : As #drmirror said a user should have all 4 roles to be superuser
For Mongo Version 2.
db.createUser(
{
user: "tom",
pwd: "jerry",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
For Mongo Version 3.
db.createUser(
{
user: "tom",
pwd: "jerry",
roles:["root"]
})
6 : sudo /etc/init.d/mongod stop OR sudo service mongod stop - in new terminal
7 : sudo /etc/init.d/mongod start OR sudo service mongod start
8 : restart your pc
9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb - in new terminal
10: mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin" - in new terminal
Note : step 10 is most important step .
it will give Output on terminal like
MongoDB shell version: 2.6.11
connecting to: 127.0.0.1:27017/test
>
The role userAdminAnyDatabase gives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).
However, the userAdminAnyDatabase role by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:
readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin
A user who has the above three rights and userAdminAnyDatabase is a true super-user and can do anything.