When I try to clone my mongo database from other machine, I see the following on client
db.cloneDatabase('10.10.124.110')
{ "errmsg" : "query failed staging.system.namespaces", "ok" : 0 }
and on server I see
Thu Nov 10 11:29:01 [conn10] assertion 10057 unauthorized db:staging lock type:-1 client:10.10.124.110 ns:staging.system.namespaces query:{}
How can I resolve this issue?
That error seems a lot like this one https://jira.mongodb.org/browse/SERVER-2846 where an error is thrown because copyDatabase() ... which cloneDatabase() uses ... requires Admin privileges. In that case the user is using a hosted MongoDB instance where they didn't have admin privileges.
You can see some more about how to use the copyDatabase() command here and here.
So, for example if you are using -auth a username/password you'll need to run the copyDatabase() command like this:
> db.copyDatabase(from_db, to_db, from_host, username, password);
I was able to just resolve this error by querying the PRIMARY host in a replicaSet, rather than the SECONDARY.
Related
I'm up-the-middle MongoDB with authentication localhost. I have the mongod configured to bind a specific user to a specific database and from the mongo shell and my Java programs, everything works great. When I log in as that user I can do all the mongo stuff on the mongo db I bound that user to.
$ mongo -u totallyLegitUser --authenticationDatabase admin
MongoDB shell version v4.4.3
Enter password:
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("2ba7a3f6-2ca1-49b7-8241-8133ceb3d842") }
MongoDB server version: 4.4.3
> use mfg-plan;
switched to db mfg-plan
> show collections;
activity
...
When I try to set up the same user through IntelliJ's "Database" thing, the "Test Connection" says everything is fine, but I can't run any queries through the console and the "explorer" drop down thing doesn't show collections I know are in the database.
This is what shows up when I look in the console after I've try to run the db.activity.findOne(); from the cli session...
com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=SCRAM-SHA-256, userName='totallyLegitUser', source='mfg-plan', password=<hidden>, mechanismProperties=<hidden>} com.mongodb.MongoCommandException: Command failed with error 17 (ProtocolError): 'Attempt to switch database target during SASL authentication.' on server localhost:27017. The full response is {"ok": 0.0, "errmsg": "Attempt to switch database target during SASL authentication.", "code": 17, "codeName": "ProtocolError"}
I have confirmed that the username, password, and database are all correct.
How do I get IntelliJ to connect to my authenticating mongos?
Problem solved. In the "Data Sources and Drivers" dialog for my mongo hosts it asks for a Database. I was giving it the database I wanted to connect to on the host (mfg-plan). What it wants is the authenticationDatabase for the host (usually 'admin'). When I change that to 'admin', all is well.
I've just followed this guide on setting up Auth with Mongo DB, as well as this guide to get a user set up as an administrator.
Running mongo > use admin > show users prints the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
After this, I run the server again with --auth and use the following command:
mongo -u "root" -p "xxx" --authenticationDatabase "admin"
This prints the following:
MongoDB shell version: 3.2.19
connecting to: test
2018-03-29T15:52:32.329+0200 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1441:20
#(auth):6:1
#(auth):1:2
exception: login failed
Trying to run this without the --auth parameter lets me log in just fine.
The --auth parameter also gives me the following output in the server console:
I ACCESS [conn1] note: no users configured in admin.system.users, allowing localhost access
But I'm actually unsure about why it isn't picking up any root/admin user I create. When trying to connect with Robo 3T, the terminal prints the following:
I NETWORK [initandlisten] connection accepted from xxx:44924 #2 (2 connections now open)
I ACCESS [conn2] SCRAM-SHA-1 authentication failed for root on admin from client xxx ; UserNotFound: Could not find user root#admin
I NETWORK [conn2] end connection xxx:44924 (1 connection now open
Solution by OP.
Issue fixed by following this article.
It seems that, despite using --auth when connecting to the server, by not commenting out the line bindIp: 127.0.0.1 and adding authorization: 'enabled' to the security section in /etc/mongod.conf, I was only allowing access to the local machine - the server itself. The error messages could have been worded a bit better, but that's security. I guess.
Whilst this was a very silly oversight, no documentation I had previously looked at had covered this issue.
I am trying to shutdown one of the mongodb instance in a 3 node replica set. The config file has auth set to 1. I have a admin account that has userAdminAnyDatabase role and I logged to admin database with that account. However when I run db.shutdownServer() I get the following error
db.shutdownServer()
assert failed : unexpected error: "shutdownServer failed: unauthorized"
Error: Printing Stack Trace
at printStackTrace (src/mongo/shell/utils.js:37:15)
at doassert (src/mongo/shell/assert.js:6:5)
at assert (src/mongo/shell/assert.js:14:5)
at DB.shutdownServer (src/mongo/shell/db.js:346:9)
at (shell):1:4
Mon Jun 23 12:52:51.839 assert failed : unexpected error: "shutdownServer failed: unauthorized" at src/mongo/shell/assert.js:7
I created another user that has both dbAdminAnyDatabase and userAdminAnyDatabase roles and that also gets the same error.
Can someone help me with this error?
If running MongoDB 2.4 a user with the clusterAdmin role is needed to run db.shutdownServer(). A full list of user roles for MongoDB 2.4 is available here: http://docs.mongodb.org/v2.4/reference/user-privileges/
If on MongoDB 2.6 you would use the hostManager role instead. See the following page for 2.6 roles: http://docs.mongodb.org/manual/reference/built-in-roles/
I'm trying to set password for mongodb to prevent access to db with empty login and pass (set by default).
I'm statring mongo server:
sudo ./mongod
Starting client:
./mongo
Setting password:
use admin
db.addUser("root", "root")
exit
The output is:
MongoDB shell version: 2.2.0
connecting to: test
> use admin
switched to db admin
> db.addUser("root", "root")
{
"user" : "root",
"readOnly" : false,
"pwd" : "2a8025f0885adad5a8ce0044070032b3",
"_id" : ObjectId("50c90b94e28c41a388104f64")
}
> exit
Hoever, wheh I try to auth with empty credentials (I use mViever admin UI), it still works. Otherwise, access with root/root is not avialable. What I'm doing wrong?
Also tried to start mongo server with -auth parameter, the same result:
./mongod -auth
UPD: After starting with -auth parameter can't login with any pass. Getting:
Thu Dec 13 03:27:38 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
Update: I dont know what's goin on...
> db.auth("root","root");
1
> ^C
bye
It can login. Let's restart ./mongod --auth and ./mongo:
MacBook-Pro-Ilya:bin ilyarusanen$ ./mongo
MongoDB shell version: 2.2.2
connecting to: test
> db.auth("root","root")
Error: { errmsg: "auth fails", ok: 0.0 }
0
> db.test.insert({"yeah":"2342"})
Fri Dec 14 08:52:05 uncaught exception: getlasterror failed: { "errmsg" : "need to login", "ok" : 0 }
> use admin
switched to db admin
> db.addUser("root","root")
Fri Dec 14 08:52:14 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
> db.auth("root","root")
1
Why at first it can login? Why after restarting mongo is not able to login? And why after FAILED attempt to addUser, it becomes able to login? Thanks.
UPDATE2: MongoHub seems to auth ok. However, from NodeJS I still can't login: I use such code:
mongo_db.open(function(err,data){
if(data){
data.authenticate("root", "root",function(err2,data2){
if(data2){
console.log("Database opened");
}
else{
console.log(err2);
}
});
} else {
console.log(err);
}
});
And I get:
{ [MongoError: auth fails] name: 'MongoError', errmsg: 'auth fails', ok: 0 }
But mention, MongoHub with same credentials works fine.
From your comment you mention that you are using mViewer. Version 0.9.1 of mViewer does not support authentication. According to this issue on the mViewer GitHub, this is resolved in version 0.9.2, which was targeted for release in Oct.
Before starting the node with authentication, log on to the node and add a user. Then start the node with --auth and connect to the shell without mViewer.
At this point you can connect to the admin database and authenticate your admin user:
use admin
db.auth('root', 'root')
Since you set up an admin user, which will have access to all the databases, you need to authenticate against the admin database. Once you have done this you will have access to all the databases. You will also be able to create new users on any database, or create new read only users for all the databases.
If you create a new user that has access to only one database, that user would need to use that database and db.auth(name, pass) against it.
If you create a new user that has read only access to all databases, they would use admin and then db.auth(name, pass) to gain their read only access to all databases
You can find more information on setting up authentication here and more information about setting up users here
Note: When you start a node without --auth then no authentication is enabled. This means you can connect with the shell and db.auth('root','root') but it won't do anything as far as access is concerned. MongoDB will not deny access to the databases without --auth command line option (--keyFile in sharded setups or replica sets)
I am trying to get started with the salat plugin in playframework. I have configured the database in application.conf and added all the dependencies to Build.scala and added salat to the play.plugins file. I haven't actually added any code to the project yet, I just followed the instructions on the github page, and then tried to run the project. I am getting the following error message
(Server started, use Ctrl+D to stop and go back to the console...)
[info] play - mongodb [default] connected at heroku_app4620908#ds031907.mongolab.com:31907/heroku_app4620908
[error] application -
! #6bchnaacn - Internal server error, for request [GET /] ->
play.api.Configuration$$anon$1: Configuration error [couldn't connect to [ds031907.mongolab.com/107.21.153.211:31907]]
at play.api.Configuration$.play$api$Configuration$$configError(Configuration.scala:71) ~[play_2.9.1-2.0.3.jar:2.0.3]
at play.api.Configuration.reportError(Configuration.scala:258) ~[play_2.9.1-2.0.3.jar:2.0.3]
at se.radley.plugin.salat.SalatPlugin$$anonfun$onStart$1.apply(SalatPlugin.scala:105) ~[play-plugins-salat_2.9.1-1.0.8.jar:1.0.8]
at se.radley.plugin.salat.SalatPlugin$$anonfun$onStart$1.apply(SalatPlugin.scala:98) ~[play-plugins-salat_2.9.1-1.0.8.jar:1.0.8]
at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:194) ~[scala-library.jar:0.11.3]
at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:194) ~[scala-library.jar:0.11.3]
Caused by: com.mongodb.CommandResult$CommandFailure: command failed [listDatabases]: { "serverUsed" : "db-uri" , "errmsg" : "need to login" , "ok" : 0.0}
at com.mongodb.CommandResult.getException(CommandResult.java:88) ~[mongo-java-driver-2.8.0.jar:na
at com.mongodb.CommandResult.throwOnError(CommandResult.java:134) ~[mongo-java-driver-2.8.0.jar:na]
at com.mongodb.Mongo.getDatabaseNames(Mongo.java:356) ~[mongo-java-driver-2.8.0.jar:na]
at com.mongodb.casbah.MongoConnection.getDatabaseNames(MongoConnection.scala:190) ~[casbah-core_2.9.1-2.4.1.jar:2.4.1]
at se.radley.plugin.salat.SalatPlugin$$anonfun$onStart$1.apply(SalatPlugin.scala:103) ~[play-plugins-salat_2.9.1-1.0.8.jar:1.0.8]
at se.radley.plugin.salat.SalatPlugin$$anonfun$onStart$1.apply(SalatPlugin.scala:98) ~[play-plugins-salat_2.9.1-1.0.8.jar:1.0.8]
I am stumped because I added my password and everything to the conf file. From the log it looks as though whatever is trying to connect to the database for me, is not logging in first, using the info I provided.
As you say, it looks like the root issue is that MongoDB is rejecting the command "listDatabases". This command requires administrator access to the MongoDB process since it reveals information about the other databases hosted there.
Unfortunately, the message it returns, "need to login", is a little misleading. You have logged in! You just don't have permission to list the databases.
Here's a simple experiment you can try yourself with the MongoDB shell. See that "show dbs" fails with the same error message you got in your app, but "show collections", which doesn't require access to any other databases outside your own, succeeds?
% mongo ds031907.mongolab.com:31907/heroku_app4620908 -u heroku_app4620908 -p your_password
MongoDB shell version: 2.0.7
connecting to: ds031907.mongolab.com:31907/heroku_app4620908
> show dbs
Fri Aug 17 13:12:10 uncaught exception: listDatabases failed:{ "errmsg" : "need to login", "ok" : 0 }
> show collections
system.indexes
system.users
(Note: I did this with my own MongoLab account and modified the text when copying and pasting here so you could just copy it into your terminal.)
Is there a way to avoid making the listDatabases call? I'm not familiar with the framework you're using.
I've the problem as well...
it should come with the SalatPlugin's onStart method that is requesting all database names: source._2.connection.getDatabaseNames().
This code is just testing the aliveness of the server...
I'm gonna check with leon how we could this differently! Sadly, you won't be able to connect until this will be fixed!
Stay tuned on this issue https://github.com/leon/play-salat/issues/23
This is fixed in the latest version of play-salat, it now uses getCollectionNames instead
use admin
db.addUser('userName', 'userPassword')
db.auth('userName', 'userPassword')
show dbs
java:
DB db = mongo.getDB("YouDBName") ;
db.authenticate("userName", "userPassword".toCharArray()) ;
System.out.println(mongo.getDatabaseNames()) ;