I've created a new user on a clean database, but can't connect with it. I can, however, connect with no credentials.
PS C:\Program Files\MongoDB\Server\3.0\bin> .\mongo.exe localhost/test
MongoDB shell version: 3.0.11
connecting to: localhost/test
> var me = { user: 'dave', pwd: 'password', roles: [ 'userAdminAnyDatabase'] }
> use admin
switched to db admin
> db.createUser(me)
Successfully added user: { "user" : "dave", "roles" : [ "userAdminAnyDatabase" ] }
> ^C
bye
PS C:\Program Files\MongoDB\Server\3.0\bin> .\mongo.exe -u dave -p password
MongoDB shell version: 3.0.11
connecting to: test
2016-04-27T15:40:38.185+0100 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1271:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1271
exception: login failed
I believe that you are connecting to the test database. But the user was created in the admin database.
Try to create the user in test. use test.
Or specify in the login which scheme to connect to
Related
I've created an user on mongo db this is the comnand and the output
db.createUser({user:"appuser",pwd:"12345",roles: [ { role: "readWrite", db: "mydb" }]})
Successfully added user: {
"user" : "appuser",
"roles" : [
{
"role" : "readWrite",
"db" : "mydb"
}
]
}
but when I try to enter with this command
mongo --port 27017 -u "appuser" --authenticationDatabase "mydb" -p
I get this error
MongoDB shell version v4.4.4
Enter password:
connecting to: mongodb://127.0.0.1:27017/?authSource=mydb&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:374:17
#(connect):2:6
exception: connect failed
exiting with code 1
I created a root user and setted this option in /etc/mongod.conf
security:
authorization: enabled
is something wrong?
From the official document of mongodb here
The database where you create the user (in this example, test) is that user's authentication database.
The database where we create the user will be used in the command to connect to MongoDB. We need to run use [nameofdatabase] to select the database before creating the user.
So, if you want to use mydb as the authentication database, you need to run these commands :
use mydb;
db.createUser({user:"appuser",pwd:"12345",roles: [ { role: "readWrite", db: "mydb" }]});
Then you can connect to your MongoDB with : mongo --port 27017 -u "appuser" --authenticationDatabase "mydb" -p
I am new to Mongod, and have to get up a cluster. The db is started with --replSet=Data and I have created the cluster with rs.Initiate beforehand. But this question is about user administration.
This replica set was set up with this command:
rs.initiate({ _id : "Data",members: [
{ _id: 0, host: "srv1:27017" },
{ _id: 1, host: "srv2:27017" },
{ _id: 2, host: "srv3:27017" , arbiterOnly: true }
})
And the server was started with $ /usr/bin/mongod -f /etc/mongod.conf --replSet=rs0
Note that I have not yet configured the other nodes/added these into the cluster as far as I am aware, but I did distribute the keyFile: /etc/mongod/keyfile to each server.
An rs.status says it's not running.
> rs.Status();
{
"ok : 0"
"errmsg" : no replset config has been received",
"code" : 94,
"codename" : "NotYetInitialized"
}
I have run into some nib problems.
I created a user before called mgdb with the command :
# mongo admin -port 27017
> db.createUser ( {
user : 'mgdb', pwd: 'password', roles: [ { roles: root, db: admin } ]
})
This returned ok.
Next I tried with,
$ mongo --authenticationDatabase admin --username "mgdb" --password "password"
but got an error
E QUERY [js] Error authentication failed.
Next I tried to see the user list,
> show users;
not authorizeed on admin to execute on admin to execute command { UserInfo: 1.0}, lsid: { id: UID"xxxxxxxx") }. $db: "admin" } DB.prototy[e.getUsers#.....
So, I am bit lost. I used mysql a few years ago, but have not used it since. My dB experience is very little.
Although I can connect as the admin user, the admin user does not seem to have rights to do basic "show users;"
Where can I look in the dB to find out what went wrong?
Environment: RHEL 7.6 SELinux Enforcing, MOngdodB 4.2.9
In MongoDB you can create users per database. Usually users are create in database admin (I wouldn't know any reason to create them somewhere else):
use admin
db.createUser(...
or
db.getSiblingDB("admin").createUser(...
When you connect to Mongo then you need to specify the authentication database, i.e. the database where user was created:
mongo --usermame=mgdb --password 'password' --authenticationDatabase admin
See Authentication failure while trying to save to mongodb
In order to deploy a sharded cluster have a look at Deploy a Sharded Cluster or Deploy a Replica Set tutorial.
I created an admin user:
> db.createUser(
... {
... user: "administrator",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "administrator",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
and now i'm trying to use it for enter with:
ubuntu#***ip number***:/etc$ sudo mongo --port 27017 -u administrator -p password --authenticationDatabase admin
This is what returns:
MongoDB shell version: 3.0.7
connecting to: 127.0.0.1:27017/test
2015-10-27T15:33:25.670+0000 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1271:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1271
Mongo is installed into an Amazon EC2 machine with Ubuntu.
What is missing?
The userAdminAnyDatabase role allows the user to grant access (for itself, or any other users) to any other database, however, that does not automatically grant that admin user read/write permission on all those databases (though it can bestow them upon themselves). You can resolve your authentication issue by granting the user the additional role readAnyDatabase.
db.createUser(
{
user: "test1",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, {role:"readAnyDatabase",db:"admin"} ]
}
)
Link to MongoDB docs: Create a User Administrator
Change on mongod.conf ( stop first mongod service. Ex: sudo service mongod stop):
bindIp: 127.0.0.1
for:
bindIp: 0.0.0.0
Now you can restart (Ex:sudo service mongod start)
Now you can enter in the same machine normally typing mongo, but for example, if you try to do it with robomongo gui before makes the test success the ip but don't success the user login. The user and login was created before with a pwd and roles for userAdminAnyDatabase and readAnyDatabase.
Now just type in your machine:
mongo --host (ip number here) --port 27017 -u username -p password --authenticationDatabase admin
And connect to remote Database.
I'm trying to create a mongoDB user on a DigitalOcean droplet. I tried a lot of combinations, but basically, I can't make this work.
To start the service, I use mongod --noauth. Below is the command I used:
use admin
db.createUser( { user: "userhere", pwd: "passhere", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
I restarted the service and tried to connect using:
mongo admin --port 61370 --host <host> -u userhere -p
Enter password:
2015-01-21T13:30:17.279-0500 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
It doesn't connect.
Does anyone know the step-by-step on how to create a user on MongoDB?
You must create the user with the appropriates privileges. So you should connect to your mongo instance with :
mongo -u siteUserAdmin -p password
See the documentation as well : http://docs.mongodb.org/manual/tutorial/add-user-to-database/
Try specifying -authenticationDatabase option
mongo -u mongoadmin -p password -authenticationDatabase admin
I'm trying to set password for mongodb to prevent access to db with empty login and pass (set by default).
I'm statring mongo server:
sudo ./mongod
Starting client:
./mongo
Setting password:
use admin
db.addUser("root", "root")
exit
The output is:
MongoDB shell version: 2.2.0
connecting to: test
> use admin
switched to db admin
> db.addUser("root", "root")
{
"user" : "root",
"readOnly" : false,
"pwd" : "2a8025f0885adad5a8ce0044070032b3",
"_id" : ObjectId("50c90b94e28c41a388104f64")
}
> exit
Hoever, wheh I try to auth with empty credentials (I use mViever admin UI), it still works. Otherwise, access with root/root is not avialable. What I'm doing wrong?
Also tried to start mongo server with -auth parameter, the same result:
./mongod -auth
UPD: After starting with -auth parameter can't login with any pass. Getting:
Thu Dec 13 03:27:38 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
Update: I dont know what's goin on...
> db.auth("root","root");
1
> ^C
bye
It can login. Let's restart ./mongod --auth and ./mongo:
MacBook-Pro-Ilya:bin ilyarusanen$ ./mongo
MongoDB shell version: 2.2.2
connecting to: test
> db.auth("root","root")
Error: { errmsg: "auth fails", ok: 0.0 }
0
> db.test.insert({"yeah":"2342"})
Fri Dec 14 08:52:05 uncaught exception: getlasterror failed: { "errmsg" : "need to login", "ok" : 0 }
> use admin
switched to db admin
> db.addUser("root","root")
Fri Dec 14 08:52:14 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
> db.auth("root","root")
1
Why at first it can login? Why after restarting mongo is not able to login? And why after FAILED attempt to addUser, it becomes able to login? Thanks.
UPDATE2: MongoHub seems to auth ok. However, from NodeJS I still can't login: I use such code:
mongo_db.open(function(err,data){
if(data){
data.authenticate("root", "root",function(err2,data2){
if(data2){
console.log("Database opened");
}
else{
console.log(err2);
}
});
} else {
console.log(err);
}
});
And I get:
{ [MongoError: auth fails] name: 'MongoError', errmsg: 'auth fails', ok: 0 }
But mention, MongoHub with same credentials works fine.
From your comment you mention that you are using mViewer. Version 0.9.1 of mViewer does not support authentication. According to this issue on the mViewer GitHub, this is resolved in version 0.9.2, which was targeted for release in Oct.
Before starting the node with authentication, log on to the node and add a user. Then start the node with --auth and connect to the shell without mViewer.
At this point you can connect to the admin database and authenticate your admin user:
use admin
db.auth('root', 'root')
Since you set up an admin user, which will have access to all the databases, you need to authenticate against the admin database. Once you have done this you will have access to all the databases. You will also be able to create new users on any database, or create new read only users for all the databases.
If you create a new user that has access to only one database, that user would need to use that database and db.auth(name, pass) against it.
If you create a new user that has read only access to all databases, they would use admin and then db.auth(name, pass) to gain their read only access to all databases
You can find more information on setting up authentication here and more information about setting up users here
Note: When you start a node without --auth then no authentication is enabled. This means you can connect with the shell and db.auth('root','root') but it won't do anything as far as access is concerned. MongoDB will not deny access to the databases without --auth command line option (--keyFile in sharded setups or replica sets)