Unable to add authenticated shard to mongos - mongodb

I'm trying to add a shard which is authenticated. So when I try to use this command
mongos> sh.addShard("xxx.xxx.xxx:27018")
I'm getting the following error.
{
"ok" : 0,
"errmsg" : "failed listing xxx.xxx.xxx:27018's
databases:{ ok: 0.0, errmsg: \"unauthorized\" }"
}
Please share your thoughts?

It is not clear on what authenticated user you are using and what all authorizations it is entitled to for your session.
I would suggest you provide following information to complete the question:
User you have authenticated with in mongo. i.e. user being used for starting mongo session or any db.auth(..) after that in the mongo shell.
db.isMaster() to confirm you are connected to appropriate mongos. i.e. in mongo shell output of following:
db.isMaster()
Assigned roles for this user in admin / config database i.e. in mongo shell output of following (by replacing the user id):
use admin
db.system.users.find({user: "ReplaceYourUserIdHere"}).pretty()
use config
db.system.users.find({user: "ReplaceYourUserIdHere"}).pretty()
This should help figure out what roles you may be missing and are required for sh.addShard operation.
Some of the operations need specific privileges and sh.addShard is one of them. You can find detailed privilege / role requirements for various operations at http://docs.mongodb.org/manual/reference/user-privileges/ .

Related

Error 13 when trying to authenticate to MongoDB

I'm trying to connect to MongoDB through JDBC. The connection string is like below,
mongodb://localhost:27017/games?authSource=admin
However I'm getting the following trace:
{ "ok" : 0.0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1 }", "code" : 13 }
My intention is not listing all the databases, but the user has to authenticate against admin database and can read/write on games database. What mistake I'm making here?
I want user X to authenticate against admin DB but read just games DB so not sure why it asks for listDatabase privilege.
First, I assume you are using the MongoDB Java Driver, which is actually not JDBC.
It would be helpful for you to share:
How you created your user
The Java code that you are executing
The version of mongo-java-driver and MongoDB that you are using
But based on the error, it appears that you are successfully authenticating. I strongly suspect that you are either directly calling listDatabases() or listDatabaseNames().
The other thing that does not look quite right is the fact that you are specifying authSource=admin in your MongoClientURI. But that issue should have given you an Autentication Failed error. You should be either leaving the authSource off of the connection string or specify authSource=games.
Based on what you described, when you created your user, you should have created the user in the games database (users will actually be stored in the admin database, but you would be authenticating against the games database).

MongoDB: how do I authenticate when executing the `copydb` command

I have a replica set on a remote host which requires authentication in order to connect. The original (root) user was created in the admin database which I have used in order to remotely connect. I building some sort of a "backup" script which copies a db into the replica set and in a later time I should be able to copy a db from the remote location into other MongoDB instances.
So I wrote the script to copy a database by connecting TO the remote location, authenticating and then running the db.runCommand using copydb: 1. It works great, no problems here.
When I try to copy a db back into my local machine that's when things go wrong, mainly because I have to authenticate as part of the copydb command. I originally tried to use the same technique (db.runCommand) but since the nonce and key authentication are messy by themselves I tried to solve the problem first by writing the commands manually into mongo's shell using db.copyDatabase, according to the documentation it should do this process for me.
This is the command:
db.copyDatabase('from_db', 'to_db', 'remote.host.example.com', 'my_user', 'my_password')
Which responds with:
{ "ok" : 0, "errmsg" : "Authentication failed.", "code" : 18 }
I tried switching roles (root, userAdmin, readWrite, ...) but nothing works. I tried creating another user inside the db I am trying to copy, but that didn't seems to do much other than change the response a little into:
{
"ok" : 0,
"errmsg" : "unable to login { ok: 0.0, code: 18, errmsg: \"Authentication failed.\" }"
}
I searched everywhere, went over anything in the manual which seemed remotely relevant and I still can't figure it out.
How am I suppose to copy a db from a remote location which requires an authentication??

not authorized for query on orion.*

I have some issue with orion db, which outputs errors like:
time=2015-01-13T14:42:19.272UTC | lvl=ERROR |
trans=1421070784-640-00000009856 | function=processContextElement |
comp=Orion | msg=MongoCommonUpdate.cpp[1604]: Database Error (error
retrieving _id field
in doc: { $err: "not authorized for query on orion.entities", code: 16550 })
Also I can produce similar error in this way:
> use orion
switched to db orion
> db.csubs.find()
error: { "$err" : "not authorized for query on orion.csubs", "code" : 16550
}
The context broker configuration seems to be without any authentication to
orion database.
/etc/sysconfig/contextBroker has user name and password hashed to database:
#BROKER_DATABASE_USER=orion
#BROKER_DATABASE_PASSWORD=orion
Unhashed config not works with db.
It seems that your MongoDB instance runs with authentication enabled. Thus, there are two solutions:
Run MongoDB without authentication, e.g. without --auth option. Please, check MongoDB official documentation about this. If you can secure MongoDB access by other means (e.g. fiwarelling) or if security is not relevant at all in your environment (e.g. testing environment), this is probably the simpler option.
Set the BROKER_DATABASE_USER and BROKER_DATABASE_PASSWORD parameters to the ones with access permissions to the Orion DB (typically the databased named orion if you run CB with default settings). I guess the right user/password should be provided by your database administrator.
Thanks for suggestion. Indeed mongo was configred with auth. I hashed auth=true option in mongodb.conf and now it works correctly.
Thank You

MongoDB not authorized for query admin.system.users

I am bit new to MongoDb and I am using MongoDb v.2.4.Here the problem is that when I run the mongod with --auth parameter, even after authenticating I am not able to perform simple operations such as "show users". But works fine if I run mongod without --auth parameter.
> use admin
switched to db admin
> db.auth("dbadmin","mypassword")
1
> show users
**Thu Feb 27 16:50:17.695 error: { "$err" : "not authorized for query on admin.sys
tem.users", "code" : 16550 } at src/mongo/shell/query.js:128**
> use admin
switched to db admin
> db.grantRolesToUser("your_admin_name" ,[ "root"])
This command will give you all privileges on any db as admin.
Firstly you should to run mongod on localhost without --auth and create user with necessary roles that you needed. In your case you should add userAdminAnyDatabase or userAdmin role. Than you could run mongod with --auth and authenticate by this user for have remote access to system.users collections.
You could read about it here.
I think your admin user has not been configured as mongo says.
I have just answer a question in another thread with explanation step by step :
Not authorized for query on admin.system.namespaces on mongodb
try it.
Not for the OP, but for those of you landing here on an internet search for
Failed: error counting admin.system.users: not authorized on admin to execute command { count: "system.users", query: {}, $db: "admin" }
The answer, most likely, is that you need to specify the database name in the connection string. For example, in my case, I was doing a mongorestore, like so
mongorestore --uri=mongodb+srv://[username]:[password]#[mongo-server] --dir=[backup-file]
And what I needed to do was
mongorestore --uri=mongodb+srv://[username]:[password]#[mongo-server]/[database-name] --dir=[backup-file]
The same thing would apply to a mongodump. The point is that it tries to connect to the admin DB by default, and that might not be what you're trying to do.

Mongo authentication issues

Hello i have a new AWS server with a Bitnami MEAN stack.
I'm root user on the server, and i started up mongo on the command line.
when i try to do anything (other than "use test" , or "use admin"), such as "show dbs"
I get the following error:
show dbs
listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
I know i'm doing something wrong with regard to permissions, i just dont' know what it is.
when I looked at the mongodb.config, everything looks ok, but i see:
# Turn on/off security. Off is currently the default
#noauth = true
auth = true
Also, possibly relevant, when i try to run mongod, I get errors about "/data/db" doesn't exist, or if i make the directory, I get "not enough space issues"
thank you for your time.
You should not need to run mongod again if it is already running, and chances are that it already is. You are also not saying how you are trying to connect, which is likely your problem.
I would suggest reading the relevant documentation which explains what the default user authentication is and how to connect:
$ mongo admin --username root --pasword YOURPASSWORD
Where the default password is contained in the documentation page. There is also information on setting up new user for your application.
For more information, see the official MongoDB documentation which has many examples:
http://docs.mongodb.org/manual/administration/security-access-control/
You are able to successfully connect to database but you does not have admin privilege for this.
If you know the admin user id and password,You can authenticate by
db.auth("user_name",'passwd');