I have mongod server up and running as a service on ubuntu 14.04, i started mongo shell and created a user.
db.createUser( {
user: "testAdmin",
pwd: "12345678",
roles: [ { role: "userAdmin", db: "students" } ]
} )
after that I changed edit the mongod.conf and set auth=true and restarted the mongod server as a service.
After all this, when I want to start the mongo shell with user testAdmin .
mongo -u testAdmin -p 12345678 --authenticationDatabase students
But I am not able to login and it is giving me error.
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:25018/test
2016-10-13T05:56:27.500+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:25018, reason: errno:111 Connection refused
2016-10-13T05:56:27.500+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:25018, connection attempt failed :
First when I am specifying database students why it is trying to connect to test? Second I know that userAdmin role in mongodb is not for read/write in database with userAdmin I can only manage user roles. But to manage other users i still need to login in mongo shell.
It is working when I turn off the auth in mongod.conf, so other things are fine, only authentication is not working.
First when I am specifying database students why it is trying to connect to test?
You are not specifying the database (students) you want to connect to here.
The --authenticationDatabase is used to specify the database where the user had been created and which is used for the authentication process.
You should also specify students as the db option you want to connect to. If you omit it, the shell automatically tries to connect to test database:
mongo students -u testAdmin -p 12345678 --authenticationDatabase students
Note the addition of students just after mongo.
This is assuming the user has been created in the students database (and not admin or other). Note that in that case the db declaration within role is redundant:
roles: [ { role: "userAdmin", db: "students" } ]
could have also been specified as:
roles: [ "userAdmin" ]
Related
We are creating a MongoDB container with Azure IoT Deployments where we are able to create an admin user and password using environment variables. It's a Ubuntu 20.04 machine.
Later, by user interaction or messaging, we will obtain new DB and user information and need to set up users and databases based on the received information.
Can we run a bash script passing the user-pwd-DB information so the script can create them interacting with the MongoDB running in the container? We can run the script on a background process on the same machine but we cannot have the user open a console, login into the MongoDB shell within the container, and create users.
Found a way to run scripts to perform MongoDB shell operations.
Install MongoDB client - apt install mongodb-client
Run command like so (assuming you have exposed the port on MongoDB server running inside container):
mongo testdb --port 27017 --authenticationDatabase admin <<EOF
use admin;
db.createUser(
{
user: 'user1',
pwd: 'pass1',
roles: [
{
role: 'readWrite',
db: 'testdb'
}
],
passwordDigestor:'server'
}
)
EOF
I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test
Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so:
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID(\"a1d5bc0d-bc58-485e-b232-270758a89455\") }, $db: \"admin\" }"
I have been on many online sources to help fix this issue but no luck, is there a way to resolve this issue? Seems like my user can't access the admin database, is there a way to grant this access to my user so I can run the necessary commands like show dbs?
Any help is much appreciated! :)
In order to run show dbs command and if the user has access to multiple databases, first the user should be created on the admin database (this is because listDatabases action is a cluster wide operation). Also the user should be given access to this operation. In order to do that, a new role should be created with the action. Below are the steps for the same:
//login as admin with --authenticationDatabase "admin" (assumption is that admin user is with root privileges) and then run the below:
use admin;
db.runCommand({ createRole: "listDatabases", privileges: [{ resource: { cluster : true }, actions: ["listDatabases"]} ], roles: [] });
db.createUser({user:"testUser", pwd:"passwd", roles:[{role:"read", db:"db1"},{role:"read", db:"db2"},{ role: "listDatabases", db: "admin" }]});
//exit as admin user and login as testUser: note the --authenticationDatabase "admin"
mongo -u "testUser" -p --authenticationDatabase "admin"
after logging in run the command below and it should list all the databases:
show dbs;
The below will work fine even though user is not given access to admin database:
use admin;
But then the below will give error:
show collections;
The problem is related the database you are using with the --authenticationDatabase parameter.
You are connecting to mongo with the user of your test database who has no privileges to execute listDatabase commands.
Let's do this using the admin db as auth db
mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase admin
and then run the command
show dbs
From the documentation:
The localhost exception allows you to enable access control and then
create the first user in the system. With the localhost exception,
after you enable access control, connect to the localhost interface
and create the first user in the admin database. The first user must
have privileges to create other users, such as a user with the
userAdmin or userAdminAnyDatabase role.
So I run the latest mongo with enabled access control (--auth):
docker run -p 27017:27017 mongo --auth
connect with my shell and try to create the admin user:
mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> use admin
switched to db admin
> db.createUser(
... {
... user: "admin",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
... }
... )
2018-10-03T15:29:30.234+0200 E QUERY [js] Error: couldn't add user: command createUser requires authentication :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createUser#src/mongo/shell/db.js:1491:15
#(shell):1:1
What am I doing wrong?
You are not connecting to localhost but to the exported port.
For the exception to work you need to connect to localhost from within the container.
E.g.:
docker exec -it `docker ps --filter ancestor=mongo --format "{{.ID}}"` mongo
I am having an issue with mongo db 3.0.4 that randomly started happening today. The authentication stopped working randomly without any user action on our part. Our setup is easy. One application, one database. I take the application out of the equation and I still get the same result. Here are the steps I am taking. Reinstalled mongo and pointed the logpath and dbpath to a new folder to start from scratch.
Create the config file.
logpath=c:\data\logs\mongod.log
dbpath=c:\data\db
Log in to mongo shell and run this command.
db.createUser({user: "admin",pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" }]})
Add the auth=true in the config file.
auth=true
Restart the mongodb service.
Start up mongo shell with
mongo -u admin -p admin --authenticationDatabase admin
Then I get the Error 18 Authentication failed.
I am really lost for words. Any help would be greatly appreciated.
Thanks
i think user doesn't have efficient privileges. try with this role.
use admin
{user:"admin",pwd:"admin",roles:["root"]}
Before create the user, you need to change the db and create it in admin db.
Disable auth
Enter to mongo shell
Change db to admin ('use admin')
now create the user.
Enable the auth again (with auth or mongodb-keyfile)
Enter mongo shell with:
mongo -u admin -p admin --authenticationDatabase admin
UPDATE
I also tried this to connect:
mongo -u root -p 1234 localhost:27017/anotherDB
But again, I can't connect.
END OF UPDATE
I am having problems on connecting to my mongodb server using another DB.
Here's what I did so far:
With auth=False in /etc/mongod.conf, I connected to my server and created a root user in admin db with this command:
db.addUser({ user: "root", pwd: "1234", roles: [{role:"root",db:"admin"}] }
Stop mongod service, set auth=true in the mongod.conf and restarted mongod service.
I connected to my mongod server using this command:
mongo -u root -p 1234 localhost:27017/admin
And I was able to connect. I then, switched to another db and created another user with these commands:
use anotherDB
db.createUser(
{
user: "anotheruser",
pwd: "1234",
roles: ["readWrite"]
}
Creation was successful. I then ended my current connection and tried to connect using this
command:
mongo -u anotheruser -p 1234 localhost:27017/anotherDB
But I can't connect and receiving this error:
Error while trying to show server startup warnings: not authorized on admin to execute command {getLog: "startupWarnings"}
What am I doing wrong? Any ideas are greatly appreciated. Thanks in advance!
I believe you are running into this issue:
https://jira.mongodb.org/browse/SERVER-13588
As of the this time, the fix is already in the master branch and is scheduled to be backported to 2.6.2.