MongoDB shell command line authentication fails - mongodb

I set up replica set with authentication. I used this tutorial. I set up keyfile, admin user and other users. It all works fine - anonymous access is disabled and I can login
$ mongo
MongoDB shell version: 2.6.1
connecting to: test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.auth("USERNAME","PASSWORD")
1
rs0:PRIMARY>
using credentials of users I created.
But I can't login from command line
$ mongo -u 'USERNAME' -p 'PASSWORD'
MongoDB shell version: 2.6.1
connecting to: test
2014-05-18T14:23:47.324+0200 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
using the same credentials. I haven't find anything helpful in the documentation or here on SO.

The in-shell authentication performed in your example is against the admin database. The command line posted above does not specify a database and is therefore authenticating against the default database which is test. Try this instead to authenticate via command line against the admin db:
mongo admin -u 'USERNAME' -p 'PASSWORD'
if the server is not on the local host then you can use this:
mongo your_host_name:your_port/admin -u 'USERNAME' -p 'PASSWORD'

Perhaps different now because of an update since this question was originally answered, but authentication only succeeds when wrapping username/password in double quotes.
e.g.,
mongo admin -u "myName" -p "myPassword"

Related

Windows Batch Script for Automated Mongodb Backup

I have setup a superuser in mongodb and I am able to do a backup manually in the command line or connect to the database with the username and password in the console or in Compass, but if I move that command to a batch script and run the script, I always get the error:
Failed: can't create session: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-256": (AuthenticationFailed) Authentication failed.
The command is:
mongodump --username myusername --password mypassword --out C:\backups --db mydb --authenticationDatabase admin
I have updated the bindIp to 0.0.0.0 and added security: authorization: "enabled".
Any thoughts on why I can't run this in the batch script. I am using Mongo 4.2
Thanks

Log in to mongo shell without declaring authentication DB

Is it possible to login on mongo shell without declaring the authentication DB? Here's an example, i log in to our mongo server using this command
[localhost$] mongo servername:27117 -u username -p passwd admin
Is there a way to log in without explicitly adding the admin db on the command?
Each user is associated with an authentication database. So if your user is declared in admin database (and authorization activated, what MUST be done in all environment server), it's mandatory to add this param in your login command.
See authentication, and more generally security for more details and explanations.
EDIT
In case of using Connection String URI Format, you can skip authentication database param, in this case 'admin' will be used by default for authentication database, and 'test' by default as target database.
Example : (your user is created in 'admin' database.)
Here's different behaviors :
authentication against 'admin', database targeted is 'test'
$ mongo --host mongodb://user:pwd#myhost:27000
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=admin
$ mongo --host mongodb://user:pwd#myhost:27000/?authSource=admin
authentication against 'admin', database targeted is 'admin'
$ mongo --host mongodb://user:pwd#myhost:27000/admin
$ mongo --host mongodb://user:pwd#myhost:27000/admin?authSource=admin
authentication against 'test', database targeted is 'test' (will not succeed)
$ mongo --host mongodb://user:pwd#myhost:27000/test
$ mongo --host mongodb://user:pwd#myhost:27000/test?authSource=test
EDIT 2
As you really need to use mongo -h -u -p notation, create your user in your 'test' database, which will be used by default in this case :
this will authenticate against 'test' database, and target 'test' database
mongo -h 199.99.99.99:27000 -u user -p pwd

Use mongorestore to restore a database to MongoDB (3.4) with --auth enabled, SASL error

Using mongorestore, I am trying to restore a MongoDB database to a new server (both version are 3.4). The new server has -auth enabled, so you are required to login. The database does not exist so I want mongorestore to create it using the --db option. This works when authorization is not enabled but if I enable authorization the restore fails with the following error:
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I am using an admin account with the root role when I attempt the restore.
Backing up prod and restoring to dev is a fairly regular activity for us, but we can't just drop the existing database and recreate it because of the error above, not unless we disable authorization which doesn't make much sense. Is there a better way to do this/avoid the SASL errors/not have to disable auth?
I was getting the same error and while I couldn't figure out what was wrong restoring with my admin user (my hunch is a ! in the password which escaping did not help) I was able to restore by creating a new user specifically for the role.
In mongo shell:
>use admin;
>db.createUser({
user: 'restoreuser',
pwd: 'restorepwd',
roles: ['restore']
});
In terminal:
$mongorestore --host databasehost:12345 --username restoreuser --password restorepwd --authenticationDatabase admin --db targetdb ./path/to/dump/
Thanks to Adamo Tonete over at Percona, he helped us solve this problem. If you want to restore a database using your admin user with the root role, you need to specify the authentication database and user in the mongorestore command.
mongorestore --host hostname:27017 -u adminuser -p pass --authenticationDatabase admin -d TargetDatabase /Data/TargetDatabaseRestore
That tells mongo to use the admin database to authenticate the user you are passing in. If that user has the correct rights assigned, it will be able to create the new database.
First Access your db to 4366 port then run this command
mongorestore --port 4366 -u admin -p password --authenticationDatabase admin -d dealmoney /home/yash/Desktop/prodDump/teatingToProductionLastDump/dealmoney .

Authentication failed when using mongo to connect mlab.com

I have a account on mlab.com.
mlab-hosted deployment is running MongoDB 3.0.
I install MongoDB 3.0.10 in my computer.
I connect to mlab.com using this command:
mongo ds019480.mlab.com:<port>/<database> -u <username> -p <password>
But I get error message:
MongoDB shell version: 3.0.10-4-gbd56c2f
connecting to: ds019480.mlab.com:19480/larry-database
2016-04-08T08:45:27.101+0800 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1271:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1271
exception: login failed
How do I connect to mlab.com successfully?
remove any signs/symbols from your password. in particular '!' and '$'.
Aside from the common mistake of using your Heroku or mLabs username/password, another one may be using "double quotes".
mongo ds012345.mlab.com:<port>/<database> -u "username" -p "password"
exception: login failed
mongo ds012345.mlab.com:<port>/<database> -u 'username' -p 'password'
rs-ds012345:PRIMARY>
What’s the Difference Between Single and Double Quotes in the Bash Shell?
Conclusion: All characters within single quotes are interpreted as a string character.

How do I create a new MongoDB from the command line with auth turned on?

For the purpose of wanting to create a MongoDB database in a Capistrano task, I need to figure out how to create a new database via the MongoDB shell when MongoDB is running with auth turned on.
With auth turned on the MongoDB shell can't do anything without first authenticating, but authenticating has to happen while using the admin database as far as I'm aware. So I've been connecting to it for starters like:
sudo -u mongodb mongo admin --eval "db.auth(username, password)"
And that authenticates me for further action but...at that point I need to create the database, and a user for it in the same shell session. I can't however:
sudo -u mongodb mongo admin --eval "db.auth(username, password);use new_database"
Because use database can't be used in eval. So I've tried instead:
sudo -u mongodb mongo admin --eval "db.auth(username, password);db = connect('localhost:27017/new_database')"
And that will actually get me an instance of the new database I want created but if I try to:
sudo -u mongodb mongo admin --eval "db.auth(username, password);connect('localhost:27017/new_database').addUser(new_user, new_password)"
I get an authentication error, so apparently using the connect() command forgets that I've authenticated before.
So this is where I'm stuck, trying to create a database in one line with MongoDB using auth and an admin user.
Any suggestions on how I can do this?
You can use db.getSiblingDB(name) to reference the new database and add a new account, eg:
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').addUser('new_user', 'new_password');"
Now you should be able to authenticate from the command line using -u and -p:
mongo -u new_user -p new_password new_database
Beware of the fact that addUser function got deprecated since version 2.6.
Use db.createUser() and db.updateUser() instead of db.addUser() to add users to MongoDB.
Your code should be like below :
mongo -u username -p password admin --eval "db.getSiblingDB('new_database').createUser({ user : 'new_user', pwd : 'new_password', roles : [{ role: 'readWrite', db: 'new_database'}]});"