[SERVER-32215] authenticationRestrictions Authentication failed Created: 08/Dec/17  Updated: 07/Jan/18  Resolved: 11/Dec/17

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: SuperSuJJ [X] Assignee: Mark Agarunov
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

mongodb version :3.6.0
os version : centos 7.2

when i create user in 3.6.0 use authenticationRestrictions,but still Authentication failed.
server ip:172.16.10.115
client ip:172.16.10.115

create user scripts:

> db.createUser(
...    {
...      user: "restricted",
...      pwd: "password",
...      roles: [ ],
...      authenticationRestrictions: [ {
...         clientSource: ["172.16.10.0"],
...         serverAddress: ["172.16.10.0"]
...      } ]
...    }
... )
Successfully added user: {
        "user" : "restricted",
        "roles" : [ ],
        "authenticationRestrictions" : [
                {
                        "clientSource" : [
                                "172.16.10.0"
                        ],
                        "serverAddress" : [
                                "172.16.10.0"
                        ]
                }
        ]
}

but auth failed:
> db.auth("restricted","password")
Error: Authentication failed.
0

is it some wrong?



 Comments   
Comment by Mark Agarunov [ 11/Dec/17 ]

Hello Su,

Thank you for the information. Looking over this, it seems like the reason the authentication is not working is that the value you have specified for the restriction is set to a single ip address of 172.16.10.0, while it appears that you're attempting to restrict it to the subnet, not just that specific ip address. To accomplish this you would need to use the CIDR format of the subnet, in this case 172.16.10.0/24.

Thanks,
Mark

Comment by SuperSuJJ [X] [ 11/Dec/17 ]

hi,mark
thank you for help! my connection string is like this:

mongo 172.16.10.66:27017/admin -uadmin -p

is it right?

Comment by Mark Agarunov [ 08/Dec/17 ]

Hello Su,

Thank you for the report. When connecting to mongodb, what is the connection string you are using? If you are connecting via localhost, this will not satisfy the authentication restriction that has been set.

Thanks,
Mark

Generated at Thu Feb 08 04:29:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.