Mongodb cannot authenticate via commandline - mongodb

Having the strangest issue, and I've done this a million times before in other server environments. I can authenticate like so:
use admin
db.auth('user', 'pass')
This works fine and I can authenticate on the admin db. However I try this:
mongodump --authenticationDatabase admin -u user -p pass
It fails and the logs tell me AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch. I have no idea what is going on, but it's extremely annoying because I need to pass the username and password into the mongodump command in my backup script.

Related

mongodump: "there are no users authenticated" but authentication is disabled

I have MongoDB 4.2 on localhost with authentication disabled. I have never even created any users. But When I try to use mongodump like this: mongodump --uri mongodb://localhost:27017 --out dump I get there are no users authenticated.
I am on Windows and all I did was run mongod.exe with no options. I never enabled authentication, and I never created any users.
I am able to connect perfectly fine with no credentials using the mongo shell, and Compass. So why is mongodump giving me a problem?

MongoDB read-only user not authenticating

I'm currently attempting to create a read-only user in MongoDB for a grader. The MongoDB instance is hosted remotely on AWS EC2, and the security groups are all set up properly.
I can SSH onto the remote machine and authenticate with the read-only account there, like so:
# On remote machine
mongo -u <read-only username> -p <read-only-pwd> <database>
However, as soon as I try to connect to that same instance from my local machine using mongo, I encounter authentication errors.
# On local machine
mongo -u <read-only username> -p <read-only pwd> <host>/<database>
What gives?
The read-only user exists on <database>, and has "read" permissions.
Check that you're not trying to authenticate with the wrong machine.
I'm an idiot.

Use mongorestore to restore a database to MongoDB (3.4) with --auth enabled, SASL error

Using mongorestore, I am trying to restore a MongoDB database to a new server (both version are 3.4). The new server has -auth enabled, so you are required to login. The database does not exist so I want mongorestore to create it using the --db option. This works when authorization is not enabled but if I enable authorization the restore fails with the following error:
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I am using an admin account with the root role when I attempt the restore.
Backing up prod and restoring to dev is a fairly regular activity for us, but we can't just drop the existing database and recreate it because of the error above, not unless we disable authorization which doesn't make much sense. Is there a better way to do this/avoid the SASL errors/not have to disable auth?
I was getting the same error and while I couldn't figure out what was wrong restoring with my admin user (my hunch is a ! in the password which escaping did not help) I was able to restore by creating a new user specifically for the role.
In mongo shell:
>use admin;
>db.createUser({
user: 'restoreuser',
pwd: 'restorepwd',
roles: ['restore']
});
In terminal:
$mongorestore --host databasehost:12345 --username restoreuser --password restorepwd --authenticationDatabase admin --db targetdb ./path/to/dump/
Thanks to Adamo Tonete over at Percona, he helped us solve this problem. If you want to restore a database using your admin user with the root role, you need to specify the authentication database and user in the mongorestore command.
mongorestore --host hostname:27017 -u adminuser -p pass --authenticationDatabase admin -d TargetDatabase /Data/TargetDatabaseRestore
That tells mongo to use the admin database to authenticate the user you are passing in. If that user has the correct rights assigned, it will be able to create the new database.
First Access your db to 4366 port then run this command
mongorestore --port 4366 -u admin -p password --authenticationDatabase admin -d dealmoney /home/yash/Desktop/prodDump/teatingToProductionLastDump/dealmoney .

Mongo "auth failed" Only for Remote Connections. Local Works fine

I have a Bitnami MEAN instance running on EC2. After much finagling, I've been able to successfully connect to the DB using the local shell. I created authenticated users with all of the permissions necessary to access the data, and when I run the below code -- I am able to access the DB with no problem.
sudo mongo admin -u <USERNAME-p <PASSWORD>
That said, when I try to repeat this using a remote connection I am repeatedly given an "auth failed" error from MongoDB.
mongo <HOST>:<PORT>/<DATABASE> -u <USERNAME> -p <PASSWORD>
...
This is strange because I am using the exact same credentials as I do in running the local shell. The only difference is I'm including the host and port information. I've since also confirmed that my remote connection DOES work if I disable the auth parameter in mongodb.config.
mongo <HOST>:<PORT>/<DATABASE>
Obviously, in production I want to be able to authenticate. Do any of you have suggestions as to why there is a discrepancy between remote and local authentication?
I was facing the same issue.
The problem for me:
My local mongo shell was v2.6.10. It uses an authentication method called MONGODB-CR that has been deprecated.
My server version is v3.0.4. It uses an authentication method called SCRAM-SHA-1.
Try to check your local shell and remote server versions with:
mongo --version
mongod --version
If they are different, upgrade your local shell to v3. (I had to uninstall and install it again.)
I had previously be installing MongoDB version 3.2.12 and was able to connect to a remote instance using:
mongo -u ‘<USERNAME>’ -p ‘<PASSWORD>’ --host <REPLICA_SET>/<HOST>:<PORT> admin
I am creating a new cluster with version 3.4.2 and was not able to connect with the same command. After trying many different options I was finally able to figure out that I needed to add --authenticationDatabase before the admin database.
mongo -u ‘<USERNAME>’ -p ‘<PASSWORD>’ --host <REPLICA_SET>/<HOST>:<PORT> --authenticationDatabase admin
If you're using more recent versions of MongoDB (server version 4.2.6 / shell version v3.6.9 in my case) you don't have to force them to match like in #Alexandre's example. For instance, if you're getting this error:
[thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1608:20
You can connect with this syntax:
mongo --host mongodb://username:password#IP:PORT/ --authenticationDatabase admin
Install the same version both on the server and on the client solved the problem for me.
As #Alexandre explained above, it is probably a problem of password encryption.
MongoDB version 3.2.7
I tried successfully with the two methods:
mongo --host "your_host" --port "your_port" --username "your_user" --password "your_pass" --authenticationDatabase "your_admin_db"
mongo "your_host:your_port/your_db" --username "your_user" --password "your_pass" --authenticationDatabase "your_admin_db"
Besides, make sure that your server is available for remote accesses. See details about net.bindIp at https://docs.mongodb.com/v3.2/reference/configuration-options/
This is mainly due to security reasons.
When you have access to the local environment, it is easy to supposed that you are an administrator of the system or a developer because you have access to the machine itself.
If you don't have access to the local machine, you can't guarantee this, and since a database security is really important (in most cases), it makes sense not to enable remote access. You can, of course, disable this, but it is not recommended.
Hope I helped.
Just in case someone bumps into the same problem, the authenticationDatabase is only required if you created the user in ANOTHER database. If you create the user in the database you connect to, no problems.
So be careful : use then create user .
If you happen to create your user in the admin database then yes you need the authenticationDatabase flag.

mongodb global authentication

I have set up a global admin with many roles such as clusterAdmin, any DB admin etc. However, I can only authenticate when inside the admin database.
For that reason, mongo -u admin -p does not work. I get auth fails error. However, when I just launch the mongo shell and then switch to the admin db and authenticate, it works.
mongo
> use admin
> db.auth('admin', <my password>)
What I want to do is
mongo
> db.auth('admin', <my password>)
How can I authenticate without having to use the admin db? Is there such a thing? I followed the mongodb documentation, read several guides and I can't seem to get this to work.
I want to use the mongodump to backup all databases, but it won't work because it cannot authenticate.
Thanks
Ok figured it out.. Using --authenticationDatabase admin works.