Cannot authenticate into mongo, "auth fails"

Question

I've created an admin user for mongo using these directions:

http://docs.mongodb.org/manual/tutorial/add-user-administrator/

From the mongo client it looks like I can authenticate:

> use admin
switched to db admin
> db.auth('admin','SECRETPASSWORD');
1
>

But I can't connect any other way. For example:

mongo -u admin -p SECRETPASSWORD

gives the error:

JavaScript execution failed: Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" } at src/mongo/shell/db.js:L228

I have auth = true in etc/mongod.conf.

What am I missing?

Answer 1

There are these two ways to authenticate with mongo. I've been through this in the past.

mongo admin -u root -p root
 
mongorestore -u root  --authenticationDatabase admin --db rtp_new mongo

Answer 2

I created the same in kubernetes with a password and for some reason, I changed the password, but the mongo checks the password with the first created one. So deleted/created the deployment of mongo in kubernetes and then it started working.

Answer 3

I was getting this error because I was forgetting to remove the angled brackets in the <password> of the mongoURI. Removing them worked like a charm.

Answer 4

I know this may seem obvious but I also had to use a single quote around the u/n and p/w before it worked

mongo admin -u 'user' -p 'password'

Answer 5

I also received this error, what I needed was to specify the database where the user authentication data was stored:

mongo -u admin -p SECRETPASSWORD --authenticationDatabase admin

Update Nov 18 2017:

mongo admin -u admin -p

is a better solution. Mongo will prompt you for your password, this way you won't put your cleartext password into the shell history which is just terrible security practice.

Answer 6

Check for the mongo version of the client from where we are connecting to mongo server.

My case, mongo server was of version Mongo4.0.0 but my client was of version 2.4.9. Update the mongo version to update mongo cli.

Answer 7

Another possibility: When you created the user, you may have accidentally been useing a database other than admin, or other than the one you wanted. You need to set --authenticationDatabase to the database that the user was actually created under.

mongodb seems to put you in the test database by default when you open the shell, so you'd need to write --authenticationDatabase test rather than --authenticationDatabase admin if you accidentally were useing test when you ran db.createUser(...).

Assuming you have access to the machine that's running the mongodb instance, y could disable authorization in /etc/mongod.conf (comment out authorization which is nested under security), and then restart your server, and then run:

mongo
show users

And you might get something like this:

{
    "_id" : "test.myusername",
    "user" : "myusername",
    "db" : "test",
    "roles" : [
        {
            "role" : "dbOwner",
            "db" : "mydatabasename"
        }
    ],
    "mechanisms" : [
        "SCRAM-SHA-1",
        "SCRAM-SHA-256"
    ]
}

Notice that the db value equals test. That's because when I created the user, I didn't first run use admin or use desiredDatabaseName. So you can delete the user with db.dropUser("myusername") and then create another user under your desired database like so:

use desiredDatabaseName
db.createUser(...)

Hopefully that helps someone who was in my position as a noob with this stuff.

Answer 8

You can also try this :-

mongo localhost:27017/admin -u admin -p SECRETPASSWORD

Found it in this post

Here obviously the localhost can be some other host and the /admin can be some other database on which authentication has been applied

Answer 9

Authentication is managed at a database level. When you try to connect to the system using a database, mongo actually checks for the credentials you provide in the collection <database>.system.users. So, basically when you are trying to connect to "test", it looks for the credentials in test.system.users and returns an error because it cannot find them (as they are stored in admin.system.users). Having the right to read and write from all db doesn't mean you can directly connect to them.

You have to connect to the database holding the credentials first. Try:

mongo admin -u admin -p SECRETPASSWORD

For more info, check this http://docs.mongodb.org/manual/reference/privilege-documents/

Answer 10

This fixed my issue:

Go to terminal shell and type mongo.

Then type use db_name.

Then type:

 db.createUser(
   {
     user: "mongodb",
     pwd: "dogmeatsubparflavour1337",
     roles: [ { role: "dbOwner", db: "db_name" } ]
   }
 )

Also try: db.getUsers()

Quick sample:

const MongoClient = require('mongodb').MongoClient;

// MongoDB Connection Info
const url = 'mongodb://mongodb:dogmeatsubparflavour1337@stackoverflow.com:27017/?authMechanism=DEFAULT&authSource=db_name';
// Additional options: https://docs.mongodb.com/manual/reference/connection-string/#connection-string-options

// Use Connect Method to connect to the Server
MongoClient.connect(url)
  .then((db) => {
    console.log(db);
    console.log('Casually connected correctly to server.');
    // Be careful with db.close() when working asynchronously
    db.close();
  })
  .catch((error) => {
    console.log(error);
  });

Answer 11

The proper way to login into mongo shell is

mongo localhost:27017 -u 'uuuuu' -p '>xxxxxx' --authenticationDatabase dbname

Answer 12

In MongoDB 3.0, it now supports multiple authentication mechanisms.

1. MongoDB Challenge and Response (SCRAM-SHA-1) - default in 3.0
2. MongoDB Challenge and Response (MONGODB-CR) - previous default (< 3.0)

If you started with a new 3.0 database with new users created, they would have been created using SCRAM-SHA-1.

So you will need a driver capable of that authentication:

http://docs.mongodb.org/manual/release-notes/3.0-scram/#considerations-scram-sha-1-drivers

If you had a database upgraded from 2.x with existing user data, they would still be using MONGODB-CR, and the user authentication database would have to be upgraded:

http://docs.mongodb.org/manual/release-notes/3.0-scram/#upgrade-mongodb-cr-to-scram

Now, connecting to MongoDB 3.0 with users created with SCRAM-SHA-1 are required to specify the authentication database (via command line mongo client), and using other mechanisms if using a driver.

$> mongo -u USER -p PASSWORD --authenticationDatabase admin

In this case, the "admin" database, which is also the default will be used to authenticate.

Answer 13

You may need to upgrade your mongo shell. I had version 2.4.9 of the mongo shell locally, and I got this error trying to connect to a mongo 3 database. Upgrading the shell version to 3 solved the problem.

Answer 14

This is kind of a specific case, but in case anyone gets here with my problem:

In MongoHQ, it'll show you a field called "password", but it's actually just the hash of the password. You'll have to add a new user and store the password elsewhere (because MongoHQ won't show it to you).

Answer 15

It appears the problem is that a user created via the method described in the mongo docs does not have permission to connect to the default database (test), even if that user was created with the "userAdminAnyDatabase" and "dbAdminAnyDatabase" roles.