Im trying to learn about mongo and how to secure it. I manage to make it work using command line but when I try to use a conf file I get erros on authentication.
I have created an admin user like:
use admin
var admin = {
user:"admin",
pwd:"123456",
roles:[
{
role: "userAdminAnyDatabase",
db:"admin"
}
]
}
db.createUser(admin)
Starting mongod mongod --auth
and connecting to it using mongo 127.0.0.1:27017 --authenticationDatabase admin -u admin -p
works.
I would like to move from command line to a conf file.
For that purpose, I create the following mongod.conf
file:
mongod.conf
systemLog:
destination: file
path: /Users/me/Web/blog/setup/logs/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
port: 27017
bindIp: 127.0.0.1
security:
authorization: enabled
I run the daemon by invoking mongod -f mongod.conf
.
I try to authenticate in mongo by invoking the previous command that used to work but this time it does not work:
mongo 127.0.0.1:27017 --authenticationDatabase admin -u admin -p
MongoDB shell version: 3.2.5
Enter password:
connecting to: 127.0.0.1:27017/test
2018-05-11T08:50:53.908+0300 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2
exception: login failed
Am I typing something wrong? I dont see what is the issue in here. Something missing in the conf file or wrong params invoking mongo
?
Best Answer
As per your log statement it seems like that you are committing mistake in your authentication statement such as in your statement
As per MongoDB BOL documentation here With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database. This user can administrate user and roles such as: create users, grant or revoke roles from users, and create or modify customs roles.
Connect and authenticate as the user administrator
Using the mongo shell, you can:
Connect with authentication by passing in user credentials, or
Connect first withouth authentication, and then issue the db.auth()
method to authenticate.
For example, the following creates the user
myUserAdmin
in theadmin
database:To authenticate during connection
Start a mongo shell with the -u , -p , and the --authenticationDatabase command line options:
To authenticate after connecting
Connect the mongo shell to the mongod:
Switch to the authentication database (in this case, admin), and use
db.auth(<username>, <pwd>)
method to authenticate:As I am able to see that in your below mention
mongod.conf
file theauthorization : enable
. It's means your authentication is enable. So, there is no issue in yourmongod.conf
file.For your further ref here and here