Mongo authentication issues - mongodb

Hello i have a new AWS server with a Bitnami MEAN stack.
I'm root user on the server, and i started up mongo on the command line.
when i try to do anything (other than "use test" , or "use admin"), such as "show dbs"
I get the following error:
show dbs
listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
I know i'm doing something wrong with regard to permissions, i just dont' know what it is.
when I looked at the mongodb.config, everything looks ok, but i see:
# Turn on/off security. Off is currently the default
#noauth = true
auth = true
Also, possibly relevant, when i try to run mongod, I get errors about "/data/db" doesn't exist, or if i make the directory, I get "not enough space issues"
thank you for your time.

You should not need to run mongod again if it is already running, and chances are that it already is. You are also not saying how you are trying to connect, which is likely your problem.
I would suggest reading the relevant documentation which explains what the default user authentication is and how to connect:
$ mongo admin --username root --pasword YOURPASSWORD
Where the default password is contained in the documentation page. There is also information on setting up new user for your application.
For more information, see the official MongoDB documentation which has many examples:
http://docs.mongodb.org/manual/administration/security-access-control/

You are able to successfully connect to database but you does not have admin privilege for this.
If you know the admin user id and password,You can authenticate by
db.auth("user_name",'passwd');

Related

cannot connect to mongo cluster - user is not allowed to do action [getLog] on [admin.]

I have created a user and added my IP to whitelist.
when trying to connect to a cluster through mongo shell, i am required to enter the following line: mongo "mongodb+srv://cluster0.****.mongodb.net/" --username --password
I have filled in credentials for username and password and replaced dbname with my database name(tried using non-existing one as well in case that was the problem). it connects to the shell, but then crashes with the following error:
Error while trying to show server startup warnings: user is not allowed to do action [getLog] on [admin.]
MongoDB Enterprise atlas-7cwf8s-shard-0:PRIMARY>
tried googling and youtubing the issue, but cannot find the match on how to fix it.
Many thanks
That message says that the shell is unable to show you server startup warnings. It's expected in Atlas environment.
Supposing that's your own cluster, then:
Check the user in Atlas > Database Access
Check the MongoDB Roles header in the table.
If it's not atlas Admin, you can't issue this command:
db.adminCommand({getLog:"startupWarnings"})
Or any admin command, which is issued or tested automatically in the connection, hence the error.
Edit MongoDB Roles to the highest privileges (atlas Admin)
But you can still work anyways.
If you're accessing someone else's cluster, then there isn't much to do.

Forgot mongodb admin database credentials. Reset everything

I forgot the credentials of my admin user.
Hence i am not able to connect to cluster mongo shell.
Now i want to delete all users and and credentials or even if reset of mongodb is possible then it will be a lot help.
I tried following commands but got "authentication required error".
db.createUser(), db.dropDatabase().
I expect to create new admin user with credentials.
you can do it by logging in to your Atlas Cluster here: https://www.mongodb.com. Then, on the left sidebar, you click on 'Database Access'. There you can manage the users and you can even delete them and create new ones.

MongoDB-CR Authentication failed

I am getting following error while authenticating user : purchase_user#purchase failed. MongoDB-CR Authentication failed. Missing credentials in user document when I access webservice through browser.
But I am able to authenticate purchase_user from mongo it returns 1 .
go to mongoDB console and delete your current user & set authSchema version to 3 instead of 5 , follow these commands in mongo console -
mongo
use admin
db.system.users.remove({}) <== removing all users
db.system.version.remove({}) <== removing current version
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
Now restart the mongod and create new user then it should work fine.
Note: use remove commands in test db only, if in production use update.
Authentication information for Kubernetes Helm Chart
If you delete the all users and authentication is enabled in the configuration (or --auth param which is set per default on the Kubernetes helm chart), it's not possible to access MongoDB any more. Its required to disable authentication, create a new user and then re-enable it.
On Kubernetes you need to edit the parameters and add --noauth as argument, since it's not the default there as on a classic installed MongoDB. Please see the CLI documentation for more information about --noauth and the corresponding --auth.
Had the same issue. What was happening to me was that when I use MongoDB 3 to create my user, it was using SCRAM-SHA-1 as it's authentication mechanism instead of MongoDB-CR. What I had to do was:
List item
Delete the created user.
Modify the collection admin.system.version such that the authSchema's currentVersion is 3 instead of 5 (3 is using MongoDB-CR).
Recreate your user.
Should work without problems now.
The step number 2. above is not detailed explicitly, I found this solution and worked for me.
var schema = db.system.version.findOne({"_id" : "authSchema"})
schema.currentVersion = 3
db.system.version.save(schema)
I think this is the answer you need:
1) Start 3.0 without auth enabled. (Auth needs to be disabled otherwise you'll get the not authorized error).
2) Run (after selecting "admin"use db):
var schema = db.system.version.findOne({"_id" : "authSchema"})
schema.currentVersion = 3
db.system.version.save(schema)
3) restart mongodb with auth enabled.
4) Create a new admin user (the old one, the one you created before this workaround won't work).
Things should work now. This issue was driving me crazy as well.
Answer came from here: https://jira.mongodb.org/browse/SERVER-17459
Adding to above solution by Vivek & explanation taken from here
use admin
db.system.users.remove({}) <== removing all users
db.system.version.remove({}) <== removing current version
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
you only need to downgrade the schema to create MONGODB-CR users.
Once they are there the old drivers will work regardless of the value
of authSchemaVersion. However if you run authSchemaUpgrade to change
from "3" to "5" the users will obviously be upgraded.
My comment regarding new users was that if you have existing SCRAM
users and change the schema manually to "3" the user documents won't
be consistent with the new schema. This is not enforced however but
the SCRAM users will still work for any driver supporting SCRAM.
Upgrade mongo-java-driver to 3.0.3 and use :-
MongoCredential.createScramSha1Credential instead of MongoCredential.createMongoCRCredential
MongoCredential createMongoCRCredential = MongoCredential.createScramSha1Credential(mongoConfiguration.getDatabaseUserName(), mongoConfiguration.getAuthenticationDatabase(),mongoConfiguration.getDatabasePassword().toCharArray());
http://docs.mongodb.org/master/release-notes/3.0-scram/
For me I was using a mongo 2 client trying to connect to a mongo 3 server. Upgrading the client fixed the issue.
I was getting this error as well.
Check your Spring Config file.. I had a constructor arg named "MONGODB-CR" which I swapped to "SCRAM-SHA-1" and it fixed my issue.
tailing the mongodb log file helped me diagnose this.
uninstall mongodb-clients packages provided by Ubuntu
install mongodb-org-shell provided by official MongoDB
This solved the problem, because The unofficial mongodb package provided by Ubuntu is not maintained by MongoDB. You should always use the official MongoDB mongodb-org packages, which are kept up-to-date with the most recent major and minor MongoDB releases.
Probably old news, and problem solved, but adding my experience with the same error:
I had the exact same problem (using MongoDB 3.0), and a C# driver that was setup to use a pre 3.0 db.
In C# I used "MongoDB.Driver.CreateMongoCRCredentials()", which caused the error the OP was getting.
The fix (for me), was to switch the command above to "MongoDB.Driver.CreateCredential()".
I guess this could be caused by using "old" users (from pre 3.0) on an upgraded system. Which either forces you to upgrade your users to the new authentication mechanism, or downgrade the authentication mechanism on your server.
June 2018 I got this error after trying to connect to my Mongodb version 3.6 from an ancient client installed in /usr/bin. I installed the mongo DB in a separate folder outside of the OS standard directory, and so my installation was conflicting with the ancient version installed by the package manager.
For those who is struggling to update auth schema (see the accepted answer) in MongoDB 3.6 due to the not authorized on admin to execute command and removing FeatureCompatibilityVersion document is not allowed errors, this is what's worked for me.
To resolve the first error:
> db.system.version.remove({})
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on admin to execute command { update: \"system.version\", ordered: true, lsid: { id: UUID(\"58e86006-d889-440a-bd83-ad09fcd81747\") }, $db: \"admin\" }"
}
})
I had to create a custom role that permits any action on any resource and a user with this role, then login to the admin database with that new user:
mongo admin
db.createUser({user: 'admin', pwd: 'mypwd', roles: ['root']})
exit
mongo admin -u admin -p
db.createRole({role: 'fullaccess', privileges: [{resource: {anyResource: true}, actions: ["anyAction"]}], roles: []})
db.createUser({user: 'superadmin', pwd: 'mypwd', roles: ['fullaccess']})
exit
mongo admin -u superadmin -p
(Just using the admin user with root role or disabling security.authorization in config didn't work for me and still had the same error when trying to update the system.version table.)
After that I had another error:
> db.system.version.remove({})
WriteResult({
"nRemoved" : 0,
"writeError" : {
"code" : 40670,
"errmsg" : "removing FeatureCompatibilityVersion document is not allowed"
}
})
To resolve it, we should only update the authSchema document instead of removing the whole collection.
(Generally speaking, you shouldn't blindly remove everything from system tables in production and always check what would be the implications of updating them, so that's another reason to update the needed record only.)
db.system.version.update({"_id": "authSchema"}, {currentVersion: 3})
Now you should be able to create a user with the old authentication mechanism. You also might need to switch to your database first, so that the user is created in that database rather than in admin one. Otherwise you'd have to use the authSource=admin parameter in your connection string.
(I'm actually lying here - it still will be created in admin database, just with mydb.myuser id instead of admin.myuser. But I use the same way of describing these things that's being used in MongoDB documentation. I suppose this is how it actually used to work in previous versions and in general we shouldn't care about the internal implementation details.)
use mydb
db.createUser({user: 'myuser', pwd: 'mypwd', roles: [{role: 'dbOwner', db: 'mydb'}]})
And don't forget to cleanup:
use admin
db.system.version.update({"_id": "authSchema"}, {currentVersion: 5})
exit
mongo admin -u admin -p
db.dropUser('superadmin')
db.dropRole('fullaccess')
You may want to keep the admin user - I was not able to create it again even with security.authorization setting disabled. It looks like if there are any records in admin.system.users table, the setting does not work anymore and mongo requires authentication to do something.
I had the same error with a Spring Boot app using a new MongoDB 3.2.8 database. By upgrading to the latest version of the Java Mongo driver (3.2.2) and then adding the authentication mechanism param to the URI in my application.properties, I was able to get it working:
spring.data.mongodb.uri=mongodb://myusername:mypassword#localhost/?authSource=admin&authMechanism=SCRAM-SHA-1
spring.data.mongodb.database=test

Can't insert anything in MongoHQ database

I registered for a free sandbox database on MongoHQ.
As I am starting to use mongoDB I thought it would be a good idea to connect to MongoHQ database from the mongo console and run some commands before using it in any program.
I tried connecting to my database using:
Here testuser is my username and 123456 is my password (I know posting user id and passowrd on forums is bad, this user is temporary and will be deleted by me later).
mongo oceanic.mongohq.com:10076/tnh_data -u testUser -p 123456
and I got this:
MongoDB shell version: 2.4.9
connecting to: oceanic.mongohq.com:10076/tnh_data
Hoping that everything is running fine I tried running a few commands, but I am getting a not authorized error.
> show dbs
Sat Apr 19 22:00:18.090 listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
> use learn
switched to db learn
> db.collection0.insert({name: 'Harry', gender: 'Male'})
not authorized for insert on learn.collection0
Please help me what am I doing wrong ?
Just for the information. I created the users using the web interface on mongoHQ.
When using MongoHQ sandbox plans and logging in from the console, there are a couple of things that are at play:
When you connected, using the string above, you are already in your database (tnh_data)
You do not have admin-level access, so "show dbs" will not work in MongoDB console.
So, in MongoDB console, connect again using the same string you started with and, once connected, run this command: "show collections".
Also, without trying to switch to another database, run your insert again. It should work normally this time.
Hope this information is helpful!

Unable to add authenticated shard to mongos

I'm trying to add a shard which is authenticated. So when I try to use this command
mongos> sh.addShard("xxx.xxx.xxx:27018")
I'm getting the following error.
{
"ok" : 0,
"errmsg" : "failed listing xxx.xxx.xxx:27018's
databases:{ ok: 0.0, errmsg: \"unauthorized\" }"
}
Please share your thoughts?
It is not clear on what authenticated user you are using and what all authorizations it is entitled to for your session.
I would suggest you provide following information to complete the question:
User you have authenticated with in mongo. i.e. user being used for starting mongo session or any db.auth(..) after that in the mongo shell.
db.isMaster() to confirm you are connected to appropriate mongos. i.e. in mongo shell output of following:
db.isMaster()
Assigned roles for this user in admin / config database i.e. in mongo shell output of following (by replacing the user id):
use admin
db.system.users.find({user: "ReplaceYourUserIdHere"}).pretty()
use config
db.system.users.find({user: "ReplaceYourUserIdHere"}).pretty()
This should help figure out what roles you may be missing and are required for sh.addShard operation.
Some of the operations need specific privileges and sh.addShard is one of them. You can find detailed privilege / role requirements for various operations at http://docs.mongodb.org/manual/reference/user-privileges/ .