Mongorestore problem Authentication failed - mongodb

mongorestore -h ds121312.mlab.com:21312 -d heroku_jzxndzbk -u heroku_jzxndzbk -p xxxxxxxxxxxxxxx dump/Loc8r
Error:
2019-12-20T11:36:55.931-0500 error connecting to host: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRA
M-SHA-1": (AuthenticationFailed) Authentication failed.
I am following along "Getting MEAN" text by Holmes/Harber - pg 152.
Any suggestions? Thank you

You must also specify which database you are using for authentication, e.g., --authenticationDatabase admin.
Reference: https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-authenticationdatabase

Related

Is "realm-amin" enouth for admin-cli?

I'm using a client "admin-cli" in order to create users in my application.
Recently, I've deployed to the production environnement.
I've recreated my keycloak configuration from scratch. Bur the admin-cli can't add users in the environnement.
In order to understand this issue, I've create in my developpemnt environnment a new client myClientAdmin and assign the same rigth as the admin-cli.
And I reproduce the same issue as in my production environnement.
Then I try with kcadm to solve or have a better understanding of this issue.
kcadm.sh config credentials --server http://localhost:8080/auth --realm mira --client admin-cli --secret secret1
kcadm.sh get-roles -r mira --uusername service-account-admin-cli --cclientid realm-management
---> "name" : "realm-admin"
kcadm.sh get users -r mira -q role=XXX --fields "username" --> works fine
kcadm.sh config credentials --server http://localhost:8080/auth --realm mira --client myClientAdmin --secret secret2
kcadm.sh get-roles -r mira --uusername service-account-myClientAdmin --cclientid realm-management
---> "name" : "realm-admin"
kcadm.sh get users -r mira -q role=XXX --fields "username" --> doesn't works
---> Logs of keycloak
13:07:46,001 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (default task-45) Error response 403: org.keycloak.services.ForbiddenException
at org.keycloak.keycloak-services#16.0.0//org.keycloak.services.resources.admin.permissions.UserPermissions.requireQuery(UserPermissions.java:283)
at org.keycloak.keycloak-services#16.0.0//org.keycloak.services.resources.admin.UsersResource.getUsers(UsersResource.java:275)
at jdk.internal.reflect.GeneratedMethodAccessor551.invoke(Unknown Source)
I don't undestand this issue the two clients seems to have the same client roles : real-admin
Can anyone help me ?
Keycloak 16.0.0
best regards

Kafka connect mongoDB sink with TLS

I set up my mongoDB cluster with TLS authentication.
I can successfully connect on a mongos instance using :
/opt/cluster/stacks/mongoDB/bin/mongosh --tls --host $(hostname).domain.name -tlsCAFile /opt/cluster/security/ssl/cert.pem --port 27017
I have a Kafka connect mongoDB sink that has the following configuration :
{
"name": "client-order-request-mongodb-sink",
"config": {
"connector.class": "com.mongodb.kafka.connect.MongoSinkConnector",
"database":"Trading",
"collection":"ClientOrderRequest",
"topics":"ClientOrderRequest",
"connection.uri":"mongodb://hostname1.domain.name:27017,pre-hostname2.domain.name:27017",
"mongo.errors.tolerance": "all",
"mongo.errors.log.enable": "true",
"errors.log.include.messages": "true",
"writemodel.strategy":"com.mongodb.kafka.connect.sink.writemodel.strategy.ReplaceOneBusinessKeyStrategy",
"document.id.strategy": "com.mongodb.kafka.connect.sink.processor.id.strategy.PartialValueStrategy",
"document.id.strategy.overwrite.existing": "true",
"document.id.strategy.partial.value.projection.type": "allowlist",
"document.id.strategy.partial.value.projection.list": "localReceiveTime,clientId,orderId"
}
}
It is working fine if I redeploy mongoDB without authentication, but now when I try to instantiate it with the following curl command :
curl -X POST -H "Content-Type: application/json" --data '#connect-task-sink-mongodb-client-order-request.json' $KAFKA_CONNECT_LEADER_NODE/connectors/
I have the following error:
{"error_code":400,"message":"Connector configuration is invalid and contains the following 1 error(s):\nUnable to connect to the server.\nYou can also find the above list of errors at the endpoint /connector-plugins/{connectorType}/config/validate"}
From the mongoDB kafka connect sink documentation I found that I needed to set up global variable of the KAFKA_OPTS so before starting the distributed connect server I do:
export KAFKA_OPTS="\
-Djavax.net.ssl.trustStore=/opt/cluster/security/ssl/keystore.jks \
-Djavax.net.ssl.trustStorePassword=\"\" \
-Djavax.net.ssl.keyStore=/opt/cluster/security/ssl/keystore.jks \
-Djavax.net.ssl.keyStorePassword=\"\""
Notice that I put an empty password because when I list the entry of my keystore with:
keytool -v -list -keystore key.jks
Then I just press enter when the password is prompted.
So the issue was that the ssl connection wasn't enabled on the client side.
If you want to do so with the mongoDB kafka connect plugin you need to state it in the connection.uri config parameter such as:
"connection.uri":"mongodb://hostname1.domain.name:27017,pre-hostname2.domain.name:27017/?ssl=true"

Authentication Issues (KRB5\GSS)

We are looking to migrate some systems away from MSSQL. We have our first few environments built and currently using LDAP, which is OK but has a good number of flaws.
I followed this link to setup Kreberos\GSS for the most part: https://info.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication
Off the bat I got the below error when trying to connect:
psql: error: SSPI continuation error: The specified target is unknown or unreachable
I believe the SPN is setup properly:
setspn -S POSTGRES/server.domain.local domain\service_account
I suspect something is wrong in the keytab file, as there is an extra "" between the server FQDN and domain:
Keytab name: FILE:/opt/pgsql/server.keytab
KVNO Principal
---- --------------------------------------------------------------------------
5 postgres#server.domain.local\#DOMAIN.LOCAL
Server side error:
2020-12-28 18:37:43.820 EST [64534] user#DOMAIN.LOCAL#postgres FATAL: GSSAPI authentication failed for user "user#DOMAIN.LOCAL"
2020-12-28 18:37:43.820 EST [64534] user#DOMAIN.LOCAL#postgres DETAIL: Connection matched pg_hba.conf line 95: "host all all 0.0.0.0/0 gss"
I'd appreciate any feedback and thank you!

user authentication not working on mongodb 3.6.5

I have installed mongodb 3.6.5 on aws ec2 server and setup following in .conf file
net:
port: 27017
bindIp: serverIP
security:
authorization: 'enabled'
then created user with following command in admin db and restarted mongodb
db.createUser(
{
user: "mydbuser",
pwd: "mydbpass",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
now when I try to access db from console with following command if doesnt allow me and gives me error of authentication.
mongo serverIP --port 27017 -u "mydbuser" -p "mydbpass" --authenticationDatabase "admin"
Can someone help me what is wrong with it.
getting following error
MongoDB server version: 3.6.5
2019-01-11T08:46:50.245+0000 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1608:20
#(auth):6:1
#(auth):1:2
exception: login failed
The method you are following is correct but there is some variations in mongodb while accepting credentials as string. You might need to enclose your username and password within single quote instead of double quote as follows.
mongo serverIP --port 27017 -u 'mydbuser' -p 'mydbpass' --authenticationDatabase 'admin'
Double quotes will work if you dont have special characters in your username/password.
For more details on mongo Check here https://docs.mongodb.com/manual/reference/program/mongo/

wget proxy authentication error

I get the following error when trying to connect to a http URL through a proxy using wget
the error:
wget "http://pro.fastmarkets.com/feeds/default.aspx?usr=anzbank&pwd=587345bv98735vb2b56&feed=physicals-csv" -O /tmp/test.csv
**wget: Error in /home/acdbaqa/.wgetrc at line 3.**
--06:04:15-- http://pro.fastmarkets.com/feeds/default.aspx?usr=anzbank&pwd=587345bv98735vb2b56&feed=physicals-csv
=> `/tmp/test.csv'
Connecting to 59.154.134.109:80... connected.
Proxy request sent, awaiting response... 407 Proxy Authentication Required
06:04:15 ERROR 407: Proxy Authentication Required.
my .wgetrc file contents:
http_proxy=59.154.134.109:80
proxy_user=ACPROXYPROD
proxy_password=test
#password='Ev*luti*n0456789'
#proxy-password='Ev*luti*n0456789'
ftp_proxy=204.2.23.10:80
line 3 is the password. am i missing anything here? not sure why it says error at line 3
Τhis was solved by changing the .wgetrc file with the below parameters
proxy-user=ACPROXYPROD
proxy-passwd=test1245
it is NOT proxy_user and proxy_password.
You are using an older wget release where the password setting used the following syntax (note the missing "or" in password):
proxy_passwd=test