I am having an issue with mongo db 3.0.4 that randomly started happening today. The authentication stopped working randomly without any user action on our part. Our setup is easy. One application, one database. I take the application out of the equation and I still get the same result. Here are the steps I am taking. Reinstalled mongo and pointed the logpath and dbpath to a new folder to start from scratch.
Create the config file.
logpath=c:\data\logs\mongod.log
dbpath=c:\data\db
Log in to mongo shell and run this command.
db.createUser({user: "admin",pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" }]})
Add the auth=true in the config file.
auth=true
Restart the mongodb service.
Start up mongo shell with
mongo -u admin -p admin --authenticationDatabase admin
Then I get the Error 18 Authentication failed.
I am really lost for words. Any help would be greatly appreciated.
Thanks
i think user doesn't have efficient privileges. try with this role.
use admin
{user:"admin",pwd:"admin",roles:["root"]}
Before create the user, you need to change the db and create it in admin db.
Disable auth
Enter to mongo shell
Change db to admin ('use admin')
now create the user.
Enable the auth again (with auth or mongodb-keyfile)
Enter mongo shell with:
mongo -u admin -p admin --authenticationDatabase admin
Related
We are creating a MongoDB container with Azure IoT Deployments where we are able to create an admin user and password using environment variables. It's a Ubuntu 20.04 machine.
Later, by user interaction or messaging, we will obtain new DB and user information and need to set up users and databases based on the received information.
Can we run a bash script passing the user-pwd-DB information so the script can create them interacting with the MongoDB running in the container? We can run the script on a background process on the same machine but we cannot have the user open a console, login into the MongoDB shell within the container, and create users.
Found a way to run scripts to perform MongoDB shell operations.
Install MongoDB client - apt install mongodb-client
Run command like so (assuming you have exposed the port on MongoDB server running inside container):
mongo testdb --port 27017 --authenticationDatabase admin <<EOF
use admin;
db.createUser(
{
user: 'user1',
pwd: 'pass1',
roles: [
{
role: 'readWrite',
db: 'testdb'
}
],
passwordDigestor:'server'
}
)
EOF
I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test
Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so:
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID(\"a1d5bc0d-bc58-485e-b232-270758a89455\") }, $db: \"admin\" }"
I have been on many online sources to help fix this issue but no luck, is there a way to resolve this issue? Seems like my user can't access the admin database, is there a way to grant this access to my user so I can run the necessary commands like show dbs?
Any help is much appreciated! :)
In order to run show dbs command and if the user has access to multiple databases, first the user should be created on the admin database (this is because listDatabases action is a cluster wide operation). Also the user should be given access to this operation. In order to do that, a new role should be created with the action. Below are the steps for the same:
//login as admin with --authenticationDatabase "admin" (assumption is that admin user is with root privileges) and then run the below:
use admin;
db.runCommand({ createRole: "listDatabases", privileges: [{ resource: { cluster : true }, actions: ["listDatabases"]} ], roles: [] });
db.createUser({user:"testUser", pwd:"passwd", roles:[{role:"read", db:"db1"},{role:"read", db:"db2"},{ role: "listDatabases", db: "admin" }]});
//exit as admin user and login as testUser: note the --authenticationDatabase "admin"
mongo -u "testUser" -p --authenticationDatabase "admin"
after logging in run the command below and it should list all the databases:
show dbs;
The below will work fine even though user is not given access to admin database:
use admin;
But then the below will give error:
show collections;
The problem is related the database you are using with the --authenticationDatabase parameter.
You are connecting to mongo with the user of your test database who has no privileges to execute listDatabase commands.
Let's do this using the admin db as auth db
mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase admin
and then run the command
show dbs
Using mongorestore, I am trying to restore a MongoDB database to a new server (both version are 3.4). The new server has -auth enabled, so you are required to login. The database does not exist so I want mongorestore to create it using the --db option. This works when authorization is not enabled but if I enable authorization the restore fails with the following error:
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I am using an admin account with the root role when I attempt the restore.
Backing up prod and restoring to dev is a fairly regular activity for us, but we can't just drop the existing database and recreate it because of the error above, not unless we disable authorization which doesn't make much sense. Is there a better way to do this/avoid the SASL errors/not have to disable auth?
I was getting the same error and while I couldn't figure out what was wrong restoring with my admin user (my hunch is a ! in the password which escaping did not help) I was able to restore by creating a new user specifically for the role.
In mongo shell:
>use admin;
>db.createUser({
user: 'restoreuser',
pwd: 'restorepwd',
roles: ['restore']
});
In terminal:
$mongorestore --host databasehost:12345 --username restoreuser --password restorepwd --authenticationDatabase admin --db targetdb ./path/to/dump/
Thanks to Adamo Tonete over at Percona, he helped us solve this problem. If you want to restore a database using your admin user with the root role, you need to specify the authentication database and user in the mongorestore command.
mongorestore --host hostname:27017 -u adminuser -p pass --authenticationDatabase admin -d TargetDatabase /Data/TargetDatabaseRestore
That tells mongo to use the admin database to authenticate the user you are passing in. If that user has the correct rights assigned, it will be able to create the new database.
First Access your db to 4366 port then run this command
mongorestore --port 4366 -u admin -p password --authenticationDatabase admin -d dealmoney /home/yash/Desktop/prodDump/teatingToProductionLastDump/dealmoney .
I have set up a global admin with many roles such as clusterAdmin, any DB admin etc. However, I can only authenticate when inside the admin database.
For that reason, mongo -u admin -p does not work. I get auth fails error. However, when I just launch the mongo shell and then switch to the admin db and authenticate, it works.
mongo
> use admin
> db.auth('admin', <my password>)
What I want to do is
mongo
> db.auth('admin', <my password>)
How can I authenticate without having to use the admin db? Is there such a thing? I followed the mongodb documentation, read several guides and I can't seem to get this to work.
I want to use the mongodump to backup all databases, but it won't work because it cannot authenticate.
Thanks
Ok figured it out.. Using --authenticationDatabase admin works.
For the purpose of wanting to create a MongoDB database in a Capistrano task, I need to figure out how to create a new database via the MongoDB shell when MongoDB is running with auth turned on.
With auth turned on the MongoDB shell can't do anything without first authenticating, but authenticating has to happen while using the admin database as far as I'm aware. So I've been connecting to it for starters like:
sudo -u mongodb mongo admin --eval "db.auth(username, password)"
And that authenticates me for further action but...at that point I need to create the database, and a user for it in the same shell session. I can't however:
sudo -u mongodb mongo admin --eval "db.auth(username, password);use new_database"
Because use database can't be used in eval. So I've tried instead:
sudo -u mongodb mongo admin --eval "db.auth(username, password);db = connect('localhost:27017/new_database')"
And that will actually get me an instance of the new database I want created but if I try to:
sudo -u mongodb mongo admin --eval "db.auth(username, password);connect('localhost:27017/new_database').addUser(new_user, new_password)"
I get an authentication error, so apparently using the connect() command forgets that I've authenticated before.
So this is where I'm stuck, trying to create a database in one line with MongoDB using auth and an admin user.
Any suggestions on how I can do this?
You can use db.getSiblingDB(name) to reference the new database and add a new account, eg:
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').addUser('new_user', 'new_password');"
Now you should be able to authenticate from the command line using -u and -p:
mongo -u new_user -p new_password new_database
Beware of the fact that addUser function got deprecated since version 2.6.
Use db.createUser() and db.updateUser() instead of db.addUser() to add users to MongoDB.
Your code should be like below :
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').createUser({ user : 'new_user', pwd : 'new_password', roles : [{ role: 'readWrite', db: 'new_database'}]});"