From the documentation:
The localhost exception allows you to enable access control and then
create the first user in the system. With the localhost exception,
after you enable access control, connect to the localhost interface
and create the first user in the admin database. The first user must
have privileges to create other users, such as a user with the
userAdmin or userAdminAnyDatabase role.
So I run the latest mongo with enabled access control (--auth):
docker run -p 27017:27017 mongo --auth
connect with my shell and try to create the admin user:
mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> use admin
switched to db admin
> db.createUser(
... {
... user: "admin",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
... }
... )
2018-10-03T15:29:30.234+0200 E QUERY [js] Error: couldn't add user: command createUser requires authentication :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createUser#src/mongo/shell/db.js:1491:15
#(shell):1:1
What am I doing wrong?
You are not connecting to localhost but to the exported port.
For the exception to work you need to connect to localhost from within the container.
E.g.:
docker exec -it `docker ps --filter ancestor=mongo --format "{{.ID}}"` mongo
Related
Ive downloaded a project using MongoDB and im having trouble getting set up. From the terminal where ive run mongod I see this error:
2017-05-26T14:51:22.908+0800 I ACCESS [conn21] SCRAM-SHA-1 authentication failed for user on wesbostest from client 127.0.0.1:51653 ; UserNotFound: Could not find user user#wesbostest
From my npm start terminal mongoose logs out this error: Authentication failed.
My environment file has this line:
DATABASE=mongodb://user:pass#localhost:27017/wesbostest
Ive got MongoDB Compass installed. It successfully connects with these settings:
Hostname: localhost
Port: 27017
Authentication: None
SSL: Off
SSH Tunnel: Off
So I think the user:pass part of the environment file is wrong? How can I see what local username and password are and/or set them if no authentication is set up?
I solved this by setting a username and password for MongoDB:
MongoDB what are the default user and password?
Procedure
Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db1
Connect to the instance.
mongo --port 27017
Create the user administrator.
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db1
Authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" \
--authenticationDatabase "admin"
I firstly installed MongoDB 3.4.1 today. But when I start it and use MongoDB shell, it gave me these warnings below:
C:\Users\hs>"C:\Program Files\MongoDB\Server\3.4\bin\mongo.exe
MongoDB shell version v3.4.1
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.1
Server has startup warnings:
2017-01-12T21:19:46.941+0800 I CONTROL [initandlisten]
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten]
my computer is Microsoft Windows [version 10.0.14393].
Mongodb v3.4
You need to do the following to create a secure database:
Make sure the user starting the process has permissions and that the directories exist (/data/db in this case).
1) Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db
2) Connect to the instance.
mongo --port 27017
3) Create the user administrator (in the admin authentication database).
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
4) Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db
5) Connect and authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
6) Create additional users as needed for your deployment (e.g. in the test authentication database).
use test
db.createUser(
{
user: "myTester",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "test" },
{ role: "read", db: "reporting" } ]
}
)
7) Connect and authenticate as myTester.
mongo --port 27017 -u "myTester" -p "xyz123" --authenticationDatabase "test"
I basically just explained the short version of the official docs here: https://docs.mongodb.com/master/tutorial/enable-authentication/
OMG, what a gas plant, that top answer!
All you need to do is to:
Edit your config, e.g. C:\Program Files\MongoDB\Server\4.4\bin\mongodb.cfg
Turn the security: authorization: to enabled, as illustrated; note that this sub-entry may be missing completely. Just add it then.
Restart your MongoDB Server service from the Windows Services control panel.
Obviously, if, following this, set up a read/readWrite role-based policy, that will make much more sense.
Ref: https://docs.mongodb.com/manual/tutorial/configure-scram-client-authentication/
I've just tested this using phpunit, works as expected.
you can create an admin user or another role.
run it on mongo shell.
db.createUser({user: "username", pwd: "password", roles: ["dbAdmin"]})
if you get SCRAM-SHA-256error you can set the SHA-1 mechanism.
db.createUser({user: "username", pwd: "password", roles: ["dbAdmin"], mechanisms: ["SCRAM-SHA-1"]})
You need to delete your old db folder and recreate new one. It will resolve your issue.
I have mongod server up and running as a service on ubuntu 14.04, i started mongo shell and created a user.
db.createUser( {
user: "testAdmin",
pwd: "12345678",
roles: [ { role: "userAdmin", db: "students" } ]
} )
after that I changed edit the mongod.conf and set auth=true and restarted the mongod server as a service.
After all this, when I want to start the mongo shell with user testAdmin .
mongo -u testAdmin -p 12345678 --authenticationDatabase students
But I am not able to login and it is giving me error.
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:25018/test
2016-10-13T05:56:27.500+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:25018, reason: errno:111 Connection refused
2016-10-13T05:56:27.500+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:25018, connection attempt failed :
First when I am specifying database students why it is trying to connect to test? Second I know that userAdmin role in mongodb is not for read/write in database with userAdmin I can only manage user roles. But to manage other users i still need to login in mongo shell.
It is working when I turn off the auth in mongod.conf, so other things are fine, only authentication is not working.
First when I am specifying database students why it is trying to connect to test?
You are not specifying the database (students) you want to connect to here.
The --authenticationDatabase is used to specify the database where the user had been created and which is used for the authentication process.
You should also specify students as the db option you want to connect to. If you omit it, the shell automatically tries to connect to test database:
mongo students -u testAdmin -p 12345678 --authenticationDatabase students
Note the addition of students just after mongo.
This is assuming the user has been created in the students database (and not admin or other). Note that in that case the db declaration within role is redundant:
roles: [ { role: "userAdmin", db: "students" } ]
could have also been specified as:
roles: [ "userAdmin" ]
I'm rather new with MongoDB and I'm trying to add a admin account into my MongoDB whithout any users at this point.
Using this command: mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I receive this error:
Kind regards.
Let me explain the reason why its not working. mongo db refers to users collection to validate the login user.
By default mongodb doesnt provide any user login like manager, using which your were trying to login
Thus the below command is not working
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
To make the below command to work. You need to add user "manager" to mongodb user collection.
To create user run the below command:
db.addUser( { user: "manager",
pwd: "123456",
roles: [ "userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
] } )
Once you have the user created, below command work.
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I use the latest mongo, and try to set the SuperUserAdmin as described in the Mongo Doc.
1) Start ./mongod --dbpath ../data without auth
2) Run ./mongo
3) [mongo shell]: use admin
4) [mongo shell]: db.addUser( { user: "admin",
pwd: "abcde1234",
roles: [ "userAdminAnyDatabase" ] } )
5) [mongo shell]: db.shutdownServer()
then i restart mongod with auth:
6) ./mongod --auth --dbpath ../data
7) Run mongo (as localhost) again: ./mongo -u admin -p abcde1234
Then i get this error:
Javascript executiion failed: Error: 18 {code:18, ok:0.0, errmsg: 'auth fails'} at src/mongo/shell/db.js:L228
I tried different username &password, same thing..
what am i missing? I'm running on my Mac.
anyone has any idea?
Role userAdminAnyDatabase allows for users administration only. This is why if new account has only this role, it can be authenticated only to database "admin", i.e. mongo -u admin -p abcde1234 localhost/admin should work.
You probably want to add role dbAdminAnyDatabase as well.
try
mongo admin -u admin -p abcde1234
otherwise you will connect to test database and admin can't.