Mongodb Authentication - cannot connect to mongod shards

[Daniel S]

Hi

 

I'm running mongo v2.4 and have enabled mongodb authentication following the procedure at the below URL

 

https://docs.mongodb.com/v2.4/tutorial/enable-authentication-in-sharded-cluster/

 

I have a sharded configuration, where each shard is a replica set.

 

In summary, these are the steps I followed:

 

1. Created a user in the "admin" database by connecting to my mongos router. This user has full admin privileges.

2. Restarted every mongos, mongo config and mongod instance by specifying the keyfile.

3. Confirmed successful authentication to the mongos router. Successfully ran sh.status() and similar commands

 

I'm able to successfully authenticate to the mongos router, but I cannot access the individual shards (mongod instances) via mongo shell. Whilst all our applications appear to be able to access this data fine via the mongos router, I want to login to each mongod sharded replica set to view the replication status etc.

 

When I connect to the mongos instance (running on port 27017) I use the below command and it works fine:

 

mongo server:27017/admin --username <user> -p <password>

 

When I attempt to connect to a mongod instance (running on port 27001), I use the following command:

 

mongo server:27001/admin --username <user> -p <password>

 

I receive the following error:

 

Sat Jul  9 11:07:08.616 Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" } at src/mongo/shell/db.js:228
exception: login failed

This occurs whether I specify the user credentials or not.

 

Can anyone help? How do I connect to my replica sets after authentication has been enabled in this fashion?

 

Thanks

[Amar]

Hi Daniel,

When I attempt to connect to a mongod instance (running on port 27001), I use the following command:

mongo server:27001/admin —username -p

I receive the following error:

Sat Jul 9 11:07:08.616 Error: 18 { code: 18, ok: 0.0, errmsg: “auth fails” } at src/mongo/shell/db.js:228
exception: login failed
This occurs whether I specify the user credentials or not.

I want to login to each mongod sharded replica set to view the replication status etc.

In a MongoDB sharded cluster, users for the cluster as a whole (e.g. for connecting using mongos) are stored in the config servers. To connect and authenticate directly to a specific shard, users with relevant privileges must also be created in that specific shard. Please see Access Control Privileges in Sharded Clusters for more information.

To create a user on a specific shard, you need to create a Shard Local Users by connecting to the server directly (e.g. using ssh) and using Full Administrative Access via Localhost to connect to the MongoDB instance locally and create an admin user. Please note that this localhost exception will be disabled once you created one user in the server, so please ensure that the first user you add is capable of administering the server, otherwise you could lose access to the server permanently.

As with any major changes in deployment, please ensure that all data are backed up and all procedures tested before applying them to production environment.

Please note that MongoDB 2.4 was released on March 2013 and reached its end-of-life on March 2016. I would recommend upgrading to the latest version 3.2.7, keeping in mind that with auth enabled, you must upgrade in the prescribed sequence (2.4 -> 2.6 -> 3.0 -> 3.2). Otherwise, you risk rendering your deployment inaccessible due to changes in auth between the versions.

—

Regards,

Amar

​

[Nitin Garg]

Hi Amar,

I would like to thank you for this suggestion. I was going mad as to why the mongod login is not working while the mongos login was working fine on the same box. Your solution saved my day. You are a genius. Thank you very much. Keep contributing keep inspiring :)