[SERVER-19922] Unable to authenticate in shell via mongos after upgrade. Created: 13/Aug/15  Updated: 06/Apr/23  Resolved: 14/Aug/15

Status: Closed
Project: Core Server
Component/s: Admin, Security
Affects Version/s: 2.6.10
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Scott Lowe Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Debian 7


Issue Links:
Duplicate
Operating System: Linux
Steps To Reproduce:
  • Start shell on app server, connecting to local mongos with {{ mongo --port <ourmongosport> }}
  • In shell, do {{ db.auth(<ouruser>, <ouruserpass>) }}
  • Observer error {{ { errmsg: "auth failed", code: 18 }

    }}, and log error Failed to authenticate xxxuser@xxxdb with mechanism MONGODB-CR: AuthenticationFailed UserNotFound User "xxxuser@xxxdb" not found

  • Repeat above connected directly to primary, and observer normal authentication, with no errors.
Participants:

 Description   

I've been upgrading our sharded cluster, (from 2.4 to 2.6.10, and then 2.6.10 to 3.0.5). I had finished the 2.6.10 upgrade, and everything was working well. I had started the v3 upgrade, and had got to step for of the guide [ http://docs.mongodb.org/manual/release-notes/3.0-upgrade/#upgrade-sharded-clusters ] and had upgraded one of the mongos instances when I realised there was a problem - my app was no longer able to authenticate via this new v3 mongos.

I then checked the v2.6.10 mongos instances, and realised that, although me app (via the js driver) was able to authenticate via these instances, I was not able to properly authenticate using the shell (via either the -u -p method, or the db.auth() method).{{ [ errmsg: "auth failed", code: 18 ] }}.

The log entry for this error was Failed to authenticate xxxuser@xxxdb with mechanism MONGODB-CR: AuthenticationFailed UserNotFound User "xxxuser@xxxdb" not found

If I conect a shell to the replica set primary, I'm able to authenticate with this user normally (using either -u -p or db.auth() ).

One thing (not sure if relevant), but if I do 'show dbs' via the 2.6.10 mongos, the admin db is showing as '(empty)'.

I'm at a dead end now, and stuck half way through the upgrade, so any ideas you might have would be very gratefully received.



 Comments   
Comment by Ramon Fernandez Marina [ 14/Aug/15 ]

Hi sosh, I see you've already found the mongodb-user group, which is the right venue to discuss these issues. Since the SERVER project is for reporting bugs or feature suggestions for the MongoDB server I'm going to close this ticket. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag, where your question will reach a larger audience.

Thanks,
Ramón.

Comment by Scott Lowe [ 13/Aug/15 ]

One other bit of info that might be important - out setup is a bit unusual, in that it only has one shard. (We wanted to get sharding set up ready for capacity, but don't need the second shard yet). It makes me wonder if perhaps I have been adding users in the wrong way.

Comment by Scott Lowe [ 13/Aug/15 ]

Small correction - the second sentence in description should read "and had got to step four of the guide".

Comment by Scott Lowe [ 13/Aug/15 ]

Hi Ramon,

I'm pretty sure that I did, but good to check!

Running:
db.getSiblingDB('admin').system.version.find(

{ _id: "authSchema" }

)

on shell connected to replica set primary gives: "currentVersion" : 3
Running it on shell connected to one of the 2.6.10 mongos gives no result.

Is that correct?

Comment by Ramon Fernandez Marina [ 13/Aug/15 ]

Hi sosh, did you upgrade the auth schema as well?

Generated at Thu Feb 08 03:52:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.