Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9226

Cannot authenticate in 2.4.1

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • 2.4.1
    • Security
    • None
    • UNIX Deb
    • Linux
    • Hide

      1. Start first set of core mongod nodes using auth and keyFile:
      mongod --replSet s1 --logpath /data/logmongo/s1-a.log --dbpath /data/datamongo/s1-a --port 37017 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
      mongod --replSet s1 --logpath /data/logmongo/s1-b.log --dbpath /data/datamongo/s1-b --port 37018 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
      mongod --replSet s1 --logpath /data/logmongo/s1-c.log --dbpath /data/datamongo/s1-c --port 37019 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt

      2. Setup replica set s1:
      mongo --port 37017
      config =

      {"_id": "s1", "members" : [ {"_id" : 0, "host" : "localhost:37017"}

      ,

      {"_id" : 1, "host" : "localhost:37018"}

      ,

      {"_id" : 2, "host" : "localhost:37019"}

      ]
      }
      rs.initiate(config);

      3. Start second set of core mongod nodes using auth and keyFile:
      mongod --replSet s2 --logpath /data/logmongo/s2-a.log --dbpath /data/datamongo/s2-a --port 47017 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
      mongod --replSet s2 --logpath /data/logmongo/s2-b.log --dbpath /data/datamongo/s2-b --port 47018 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt
      mongod --replSet s2 --logpath /data/logmongo/s2-c.log --dbpath /data/datamongo/s2-c --port 47019 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt

      4. Setup replica set s2:
      mongo --port 47017
      config =

      {"_id": "s2", "members" : [ {"_id" : 0, "host" : "localhost:47017"}

      ,

      {"_id" : 1, "host" : "localhost:47018"}

      ,

      {"_id" : 2, "host" : "localhost:47019"}

      ]
      }
      rs.initiate(config);

      5. Start config servers using --auth and --keyFile:
      mongod --logpath /data/logmongo/cfg-1.log --dbpath /data/configmongo/cfg-a --port 57017 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt
      mongod --logpath /data/logmongo/cfg-2.log --dbpath /data/configmongo/cfg-b --port 57018 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt
      mongod --logpath /data/logmongo/cfg-3.log --dbpath /data/configmongo/cfg-c --port 57019 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt

      6. Start mongos process:
      mongos --port 27017 --fork --logpath "mongos-1.log" --configdb localhost:57017,localhost:57018,localhost:57019

      7. Add shards:
      mongos> db.adminCommand(

      {"addshard" : "s1/localhost:37017"}

      );
      mongos> db.adminCommand(

      {"addshard" : "s2/localhost:47017"}

      );

      8. Switch to use admin database:
      mongos> use admin;

      9. Add user (I try to add an admin user with full access for testing purposes):
      mongos> db.addUser(

      {user: "admin",pwd: "admin",roles: ["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"], otherDBRoles: { config:["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"], admin: ["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"] }}

      );

      10. Attempt to log in as the user I just created. This is where the problem seems to be, mongo will not authenticate the user and returns an error
      mongos> db.auth("admin","admin");
      Error: 18 { code: 13106, ok: 0.0, errmsg: "exception: nextSafe():

      { $err: "not authorized for query on admin.system.users", code: 16550 }

      " }

      Show
      1. Start first set of core mongod nodes using auth and keyFile: mongod --replSet s1 --logpath /data/logmongo/s1-a.log --dbpath /data/datamongo/s1-a --port 37017 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt mongod --replSet s1 --logpath /data/logmongo/s1-b.log --dbpath /data/datamongo/s1-b --port 37018 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt mongod --replSet s1 --logpath /data/logmongo/s1-c.log --dbpath /data/datamongo/s1-c --port 37019 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt 2. Setup replica set s1: mongo --port 37017 config = {"_id": "s1", "members" : [ {"_id" : 0, "host" : "localhost:37017"} , {"_id" : 1, "host" : "localhost:37018"} , {"_id" : 2, "host" : "localhost:37019"} ] } rs.initiate(config); 3. Start second set of core mongod nodes using auth and keyFile: mongod --replSet s2 --logpath /data/logmongo/s2-a.log --dbpath /data/datamongo/s2-a --port 47017 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt mongod --replSet s2 --logpath /data/logmongo/s2-b.log --dbpath /data/datamongo/s2-b --port 47018 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt mongod --replSet s2 --logpath /data/logmongo/s2-c.log --dbpath /data/datamongo/s2-c --port 47019 --oplogSize 200 --fork --shardsvr --auth --keyFile /data/keyFile.txt 4. Setup replica set s2: mongo --port 47017 config = {"_id": "s2", "members" : [ {"_id" : 0, "host" : "localhost:47017"} , {"_id" : 1, "host" : "localhost:47018"} , {"_id" : 2, "host" : "localhost:47019"} ] } rs.initiate(config); 5. Start config servers using --auth and --keyFile: mongod --logpath /data/logmongo/cfg-1.log --dbpath /data/configmongo/cfg-a --port 57017 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt mongod --logpath /data/logmongo/cfg-2.log --dbpath /data/configmongo/cfg-b --port 57018 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt mongod --logpath /data/logmongo/cfg-3.log --dbpath /data/configmongo/cfg-c --port 57019 --oplogSize 200 --fork --configsvr --auth --keyFile /data/keyFile.txt 6. Start mongos process: mongos --port 27017 --fork --logpath "mongos-1.log" --configdb localhost:57017,localhost:57018,localhost:57019 7. Add shards: mongos> db.adminCommand( {"addshard" : "s1/localhost:37017"} ); mongos> db.adminCommand( {"addshard" : "s2/localhost:47017"} ); 8. Switch to use admin database: mongos> use admin; 9. Add user (I try to add an admin user with full access for testing purposes): mongos> db.addUser( {user: "admin",pwd: "admin",roles: ["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"], otherDBRoles: { config:["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"], admin: ["read","readWrite","dbAdmin","userAdmin","clusterAdmin","readAnyDatabase","readWriteAnyDatabase","userAdminAnyDatabase","dbAdminAnyDatabase"] }} ); 10. Attempt to log in as the user I just created. This is where the problem seems to be, mongo will not authenticate the user and returns an error mongos> db.auth("admin","admin"); Error: 18 { code: 13106, ok: 0.0, errmsg: "exception: nextSafe(): { $err: "not authorized for query on admin.system.users", code: 16550 } " }

    Description

      I cannot log into mongos (authenticate) after creating a user.

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            ddumais@dyn.com Donald Dumais
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: