MongoExport SASL authentication step: Authentication failed - mongodb

I am having trouble running the mongoexport on my server in regards to the error SASL authentication step: Authentication failed.
The command i'm using is:
mongoexport --db database --collection users --out /var/www/test.json -u username -p password --authenticationDatabase 'database'
I am able to get into mongo using this command:
mongo -u username -p password -authenticationDatabase database`
When I go into the user roles, my user has "ReadWrite" access.
I've tried adding role "backup" to the user, but always receive the error
"No role named dbAdminAnyDatabase#database"
"No role named backup#database"
I'm using Mongo version 3.4.6.
Can anybody help me? What am I doing wrong?

Related

Windows Batch Script for Automated Mongodb Backup

I have setup a superuser in mongodb and I am able to do a backup manually in the command line or connect to the database with the username and password in the console or in Compass, but if I move that command to a batch script and run the script, I always get the error:
Failed: can't create session: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-256": (AuthenticationFailed) Authentication failed.
The command is:
mongodump --username myusername --password mypassword --out C:\backups --db mydb --authenticationDatabase admin
I have updated the bindIp to 0.0.0.0 and added security: authorization: "enabled".
Any thoughts on why I can't run this in the batch script. I am using Mongo 4.2
Thanks

Log in to mongo shell without declaring authentication DB

Is it possible to login on mongo shell without declaring the authentication DB? Here's an example, i log in to our mongo server using this command
[localhost$] mongo servername:27117 -u username -p passwd admin
Is there a way to log in without explicitly adding the admin db on the command?
Each user is associated with an authentication database. So if your user is declared in admin database (and authorization activated, what MUST be done in all environment server), it's mandatory to add this param in your login command.
See authentication, and more generally security for more details and explanations.
EDIT
In case of using Connection String URI Format, you can skip authentication database param, in this case 'admin' will be used by default for authentication database, and 'test' by default as target database.
Example : (your user is created in 'admin' database.)
Here's different behaviors :
authentication against 'admin', database targeted is 'test'
$ mongo --host mongodb://user:pwd#myhost:27000
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=admin
$ mongo --host mongodb://user:pwd#myhost:27000/?authSource=admin
authentication against 'admin', database targeted is 'admin'
$ mongo --host mongodb://user:pwd#myhost:27000/admin
$ mongo --host mongodb://user:pwd#myhost:27000/admin?authSource=admin
authentication against 'test', database targeted is 'test' (will not succeed)
$ mongo --host mongodb://user:pwd#myhost:27000/test
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=test
EDIT 2
As you really need to use mongo -h -u -p notation, create your user in your 'test' database, which will be used by default in this case :
this will authenticate against 'test' database, and target 'test' database
mongo -h 199.99.99.99:27000 -u user -p pwd

Issues with mongoRestore [listCollections requires authentication]

I am trying to restore a MongoDB on an EC2 instance. I am currently running Mongo 4.0. I am restoring a .tgz, which I then unzip, and it contains a directory with all of my files. I previously used this command:
sudo mongorestore --db newDB mongoDump-2018-07-25-0200/viboDB/
Now that I am trying to update our database, I am getting the following error.
building a list of collections to restore from mongoDump-2018-07-25/0200 dir
Failed: viboBI2.Songs: error reading database: command listCollections requires authentication
I have logged into the mongo shell, and used db.auth() to authenticate as an admin. I have tried restarting mongo as well. Any help would be appreciated!
For restoring the Database you need to provide authentication.
mongorestore -u USERNAME -p PASSWORD --authenticationDatabase admin -d dbNAME PATH/TO/DIRECTORY
you can also provide host and port by adding -h and --port

How to get backup with mongodb

When I want to take a back up I confront to this command
mongodump -d databasename -u admin -p -o /home
I encounter an error Errmsg: "auth faild",code:18}
But with this user and pass I can connect to database
But while I would prefer to disconnect authentication
I will Get backup
Thanks
This message indicates that mongodump couldn't authenticate against the mongod. There are a few possible causes. Looking at the docs we can see the following note about the -p option.
Changed in version 3.0.0: If you do not specify an argument for
--password, mongodump returns an error.
Changed in version 3.0.2: If you wish mongodump to prompt the user for
the password, pass the --username option without --password or specify
an empty string as the --password value, as in --password "" .
In the example command you provided, there is just a -p which means it is expecting a password.
Additionally, the --authenticationDatabase option is missing. Looking at the docs for mongodump:
Specifies the database in which the user is created. See
Authentication Database.
If you do not specify an authentication database, mongodump assumes
that the database specified to export holds the user’s credentials.
If you do not specify an authentication database or a database to
export, mongodump assumes the admin database holds the user’s
credentials.
Since the -d parameter is specified, mongodump will try to authenticate against that database. It is more likely that the user exists in the admin database.
Taking all of this into account, please try the following command:
mongodump -d <databasename> -u <user> --authenticationDatabase admin -o /home
This command will prompt you for a password via stdin. If you want to specify the password on the command line, the command changes to
mongodump -d <databasename> -u <user> --authenticationDatabase admin -p <password> -o /home
Please replace <databasename>, <user>, and <password> with the appropriate values for your environment.

Use mongorestore to restore a database to MongoDB (3.4) with --auth enabled, SASL error

Using mongorestore, I am trying to restore a MongoDB database to a new server (both version are 3.4). The new server has -auth enabled, so you are required to login. The database does not exist so I want mongorestore to create it using the --db option. This works when authorization is not enabled but if I enable authorization the restore fails with the following error:
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I am using an admin account with the root role when I attempt the restore.
Backing up prod and restoring to dev is a fairly regular activity for us, but we can't just drop the existing database and recreate it because of the error above, not unless we disable authorization which doesn't make much sense. Is there a better way to do this/avoid the SASL errors/not have to disable auth?
I was getting the same error and while I couldn't figure out what was wrong restoring with my admin user (my hunch is a ! in the password which escaping did not help) I was able to restore by creating a new user specifically for the role.
In mongo shell:
>use admin;
>db.createUser({
user: 'restoreuser',
pwd: 'restorepwd',
roles: ['restore']
});
In terminal:
$mongorestore --host databasehost:12345 --username restoreuser --password restorepwd --authenticationDatabase admin --db targetdb ./path/to/dump/
Thanks to Adamo Tonete over at Percona, he helped us solve this problem. If you want to restore a database using your admin user with the root role, you need to specify the authentication database and user in the mongorestore command.
mongorestore --host hostname:27017 -u adminuser -p pass --authenticationDatabase admin -d TargetDatabase /Data/TargetDatabaseRestore
That tells mongo to use the admin database to authenticate the user you are passing in. If that user has the correct rights assigned, it will be able to create the new database.
First Access your db to 4366 port then run this command
mongorestore --port 4366 -u admin -p password --authenticationDatabase admin -d dealmoney /home/yash/Desktop/prodDump/teatingToProductionLastDump/dealmoney .