MongoDB 3.2 authentication failed

Tags:

mongodb

authorization

I create a user with the following set of commands. This should create user in both admin db as well as my target db (c2d):

# mongo 127.0.0.1:27017
MongoDB shell version: 3.2.6-29-g5c19788
connecting to: 127.0.0.1:27017/test
> use admin
switched to db admin
> show collections
system.users
system.version
> db.system.users.find()
> db.createUser({user:"cd2", pwd:"cd2", roles:[{role:"dbOwner", db: "c2d"}]})
Successfully added user: {
    "user" : "cd2",
    "roles" : [
        {
            "role" : "dbOwner",
            "db" : "c2d"
        }
    ]
}
> db.system.users.find()
{ "_id" : "admin.cd2", "user" : "cd2", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "4g6t9kC+godz7k6QQOfD+A==", "storedKey" : "m3tDZBQDU2Tlb1lIjLGyTHmr2QQ=", "serverKey" : "GSA4OXSod1s8mBuZBtfmXq2tlTo=" } }, "roles" : [ { "role" : "dbOwner", "db" : "c2d" } ] }
> use c2d
switched to db c2d
> db.createUser({user:"cd2", pwd:"cd2", roles:[{role:"dbOwner", db: "c2d"}]})
Successfully added user: {
    "user" : "cd2",
    "roles" : [
        {
            "role" : "dbOwner",
            "db" : "c2d"
        }
    ]
}
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.cd2", "user" : "cd2", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "4g6t9kC+godz7k6QQOfD+A==", "storedKey" : "m3tDZBQDU2Tlb1lIjLGyTHmr2QQ=", "serverKey" : "GSA4OXSod1s8mBuZBtfmXq2tlTo=" } }, "roles" : [ { "role" : "dbOwner", "db" : "c2d" } ] }
{ "_id" : "c2d.cd2", "user" : "cd2", "db" : "c2d", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "vnMjnjfykVQS8ujQXeWaYw==", "storedKey" : "OYXivkmIwuTavlwTGfjrspT6j2E=", "serverKey" : "lw8xqzAaW8V4IQ9wOmQrG2VSp88=" } }, "roles" : [ { "role" : "dbOwner", "db" : "c2d" } ] }

If I try to login, I'm welcomed with an error message:

# mongo 127.0.0.1:27017/c2d -u c2d -p c2d
MongoDB shell version: 3.2.6-29-g5c19788
connecting to: 127.0.0.1:27017/c2d
2016-05-22T10:35:41.862+0100 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2

exception: login failed

Then I enable security features in the conf file and restart the server:

security:
  authorization: enabled

Error is still the same:

# mongo 127.0.0.1:27017/c2d -u c2d -p c2d
MongoDB shell version: 3.2.6-29-g5c19788
connecting to: 127.0.0.1:27017/c2d
2016-05-22T10:37:43.713+0100 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2

exception: login failed

344

asked May 22 '16 09:05

NarūnasK

2 Answers

Well, you'll need to take couple of steps in sequence to create user successfully.

First of all, you need to create an administrator user. I prefer creating super user.

> use admin
> db.createUser({user: "root", pwd: "123456", roles:["root"]})

Restart your MongoDB server and enable authentication with --auth flag.

> mongod --auth --port 27017 --dbpath /var/lib/mongodb

Once your server is up, connect to it as administrator

> mongo <host:port> -u "root" -p "123456" --authenticationDatabase "admin"

Once you are connected, create normal user. Assuming your user database name is cd2.

> use cd2
> db.createUser({user: "cd2", pwd: "cd2", roles:["dbOwner"]})

If you see success messsage, disconnect from mongo shell and reconnect with new user credentials.

> mongo <host:port>/cd2 -u "cd2" -p "cd2"

answered Oct 22 '22 22:10

Saleem

If you log in through shell, make sure your create user under db "admin", NOT under a customized db. In your case you switched to "c2d".

Here is what I have tried (Log in as "admin")

1. This one will work:

$ mongo -u admin -p --authenticationDatabase "admin"
> use admin
> db.createUser(
  {
    user: "user007",
    pwd: "YourP@ssw0rd",
    roles: [
       { role: "readWrite", db: "yourdb" },
    ]
  }
)

Output 1:

root@mongo-server:/# mongo -u admin -p --authenticationDatabase "admin"
MongoDB shell version v4.0.6
Enter password:
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&gssapiServiceName=mongodb
MongoDB server version: 4.0.6
----
> use admin
switched to db admin
> db.createUser(
...   {
...     user: "user007",
...     pwd: "YourP@ssw0rd",
...     roles: [
...        { role: "readWrite", db: "yourdb" },
...     ]
...   }
... )
Successfully added user: {
        "user" : "user007",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "yourdb"
                }
        ]
}

root@mongo-server:/# mongo -u user007 -p YourP@ssw0rd

connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("ceabf440-c584-4518-90f5-cc845eaec3b3") }
MongoDB server version: 4.0.6
---
>

2. This one will fail:

$ mongo -u admin -p --authenticationDatabase "admin"
> use yourdb
> db.createUser(
  {
    user: "user007",
    pwd: "YourP@ssw0rd",
    roles: [
       { role: "readWrite", db: "yourdb" },
    ]
  }
)

Output 2:

root@mongo-server:/# mongo -u admin -p --authenticationDatabase "admin"
MongoDB shell version v4.0.6
Enter password:
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&gssapiServiceName=mongodb
MongoDB server version: 4.0.6
----
> use yourdb
switched to db yourdb
> db.createUser(
...   {
...     user: "user007",
...     pwd: "YourP@ssw0rd",
...     roles: [
...        { role: "readWrite", db: "yourdb" },
...     ]
...   }
... )
Successfully added user: {
        "user" : "user007",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "yourdb"
                }
        ]
}
>

root@mongo-server:/# mongo -u user007 -p YourP@ssw0rd
MongoDB shell version v4.0.6
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
2019-12-06T04:28:34.630+0800 E QUERY    [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:343:13
@(connect):1:6
exception: connect failed