[SERVER-5368] can not authenticate an admin user Created: 22/Mar/12 Updated: 15/Aug/12 Resolved: 06/Apr/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Admin |
| Affects Version/s: | 2.0.4 |
| Fix Version/s: | None |
| Type: | Question | Priority: | Minor - P4 |
| Reporter: | George Nikopoulos | Assignee: | Adam Comerford |
| Resolution: | Done | Votes: | 0 |
| Labels: | replicaset | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
My question might be stupid, but I am very new to mongodb. An admin ID was created by our mongodb administrator. The id ex. is("george","password") on mongos server: db.system.users.find() { "_id" : ObjectId("4f6b4a667f1a1c7f7842bee0"), "user" : "george", "readOnly" : false, "pwd" : "d962c58450d4df2a3eb94b944e292bde" }can run commands of cource the db.printReplicationInfo() can not be run here. I need to go down to my replica set connecting to: 127.0.0.1:27018/test PS _ We use a keyFile What am I doing wrong here. |
| Comments |
| Comment by Adam Comerford [ 06/Apr/12 ] | ||||||
|
Try this, connect to the mongos and run:
Take a look at the output for the admin DB, it will say something like this:
That is, it is just a regular, unsharded database. If you connect to that host (listed as the primary for the admin DB) you should be able to run the commands there - that host has the same admin database and knows about the user. Whenever you connect to the mongos, any queries are routed to and run against that primary, hence success. Basically, you've run into one of the quirks with sharding and authentication. Every host in the shard that is the primary for the admin DB will know about the user you added via mongos, because it is replicated inside the shards, however none of the other hosts in other shards will know about it - it is not replicated between shards. This makes sense if you just think of it as an un-sharded collection. If you want to run authenticated commands on shards that are not the primary for the admin DB you are going to have to add the user individually to each shard that is not listed as the primary for the admin DB. Any changes to the user (passwords etc.) will have to also be sync'ed out to each shard also. I would recommend scripting it rather than doing it manually. |