Authentication Failure after enabling keyfile security on replica set

198 views
Skip to first unread message

Greg Lane

unread,
Jul 14, 2016, 5:06:40 PM7/14/16
to mongodb-user
I am pretty new to mongodb and I'm having a hell of time getting the security to work correctly.
I'm working with chef to automate the installs, initialize a cluster, create the first users. and check rs.status.
This is all without security enabled. So I'm logging into my cluster and show user and dbs and all is good as well as rs.status check.
I have 2 secondaries and primary. I also do a db.auth on the admin user i created initially.
So i shutdown the servers and edit the mongo.conf to enable keyfile security. i create the keyfile. restart the servers.
Everything seems good. I have 2 secondaries and 1 primary. I login to the primary using the credentials I created and authentication fails.
I try db.auth again with failure. I try using the local exception and create a user and get failure.

What am I doing wrong?

Should I not create the user first? I have followed the process in documentation other than I have the replica set already in place. I don't see why what I'm doing is failing.

Chris Cunningham

unread,
Jul 21, 2016, 9:08:19 PM7/21/16
to mongodb-user

Hi Greg,

For instructions on how to enable keyfile on an existing replica set, please see Enforce Keyfile Access Control in Existing Replica Set.

Can you answer the following :

  • How did you add the keyfile and create the user?

  • Did you create the Administrator user before or after restarting with the keyfile?

  • Verify that the permissions on the keyfile and the keyfile location are correct when the keyfile was copied to the members of the replica set as noted in step #2. Ensure that the user running the mongod instances can access the keyfile.

  • As detailed in step #5, make sure that you are connecting to the replica set over the localhost interface after restarting the replica set with access control enforced and before creating the users. You must run the mongo shell on the same physical machine as the mongod instance. The localhost interface is only available since no users have been created for the deployment. The localhost interface closes after the creation of the first user.

  • What privileges does the “admin” user have? They must, at a minimum, have the role userAdminAnyDatabase assigned to them as described in the Create user Administrator, step #6 of the documentation.

  • Please send the terminal output from the steps where the administrator user is created and when you try to authenticate as that user.

  • Please connect to the mongo shell and issue the command db.version() and send me the results.

Thanks,

Chris


Reply all
Reply to author
Forward
0 new messages