Meteor and MongoDB: Authentication failures

Question

If I run Meteor locally it works perfectly. If I call Meteor with a MONGO_URL that has no username:password it works perfectly too. However, if I turn on the MongoDB authentication and restart and then run Meteor with the username:password set, as in MONGO_URL="mongodb://username:password@127.0.0.1:27017/meteor", then I get an authentication failure as Meteor loads. I have checked that the username and password are correct. I have read that there maybe problems with Meteor and MongoDB authentication so does anyone have any information on this? I am using the following versions:

Meteor - 1.0.3.2 MongoDB - 2.6.7 (installed via brew)

I20150304-21:48:00.597(1)? Exception in callback of async function: MongoError: auth failed
I20150304-21:48:00.598(1)?     at Object.toError (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/utils.js:110:11)
I20150304-21:48:00.598(1)?     at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1128:31
I20150304-21:48:00.598(1)?     at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1843:9
I20150304-21:48:00.598(1)?     at Server.Base._callHandler (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/base.js:445:41)
I20150304-21:48:00.598(1)?     at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:468:18
I20150304-21:48:00.598(1)?     at [object Object].MongoReply.parseBody (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)
I20150304-21:48:00.599(1)?     at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:426:20)
I20150304-21:48:00.599(1)?     at [object Object].emit (events.js:95:17)
I20150304-21:48:00.599(1)?     at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:201:13)
I20150304-21:48:00.599(1)?     at [object Object].emit (events.js:98:17)

=================================================

I thought I had an answer to the above but alas not, I made suggested changes and I still could not authenticate. So, to provide more details:

1. I have upgraded to MonogoDB 3.0.0
2. I delete the database so that a brand new one was created.

3. My config file is as follows:

    systemLog:
    destination: file
    path: /usr/local/var/log/mongodb/mongo.log
    logAppend: true
    storage:
    dbPath: /usr/local/var/mongodb
    net:
    bindIp: 127.0.0.1
    security:
    authorization: enabled
   

4. On the "admin" database a "super user" has been created as follows:

      use admin
      db.createUser({user: "superuser", pwd: "password", roles:["root"]})use admin
   

5. I then created a user on the "meteor" database

      db.auth("superuser", "password")
      use meteor
      db.createUser({user: "meteor", pwd: "password", roles: [{ role: "readWrite", db: "meteor"}]})
   

6. The above step generates:

   Successfully added user: {
       "user" : "meteor",
       "roles" : [
           {
               "role" : "readWrite",
               "db" : "meteor"
           }
       ]
   }
   

7. If I perform a db.getUsers() I get the message:

   [
       {
           "_id" : "meteor.meteor",
           "user" : "meteor",
           "db" : "meteor",
           "roles" : [
               {
                   "role" : "readWrite",
                   "db" : "meteor"
               }
           ]
       }
   ]
   

If I comment out the two security lines in the config then I can access MongoDB from Meteor or RoboMongo without a problem - using mongodb:127.0.0.1:27017/meteor. If I uncomment the two security lines in the config then I can no longer access MongoDB from either Meteor or MongoDB - using mongodb://meteor:password@127.0.0.1:27017/meteor. In the last instance I continue to get the message that authentication failed. In the MongoDB logs I have:

authenticate db: meteor { authenticate: 1, nonce: "xxx", user: "meteor", key: "xxx" }
2015-03-08T14:34:44.909+0100 I ACCESS   [conn7] Failed to authenticate meteor@meteor with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user meteor@meteor

Update

The answer below and the configuration above work on v2.6.7

Answer 1

it turns out for me was just about having special chars on the password and a dash on the username, once i made it simpler it all worked like magic :(

Answer 2

I had the same issue when I deployed on my new VPS. On this new VPS, mongo version is 3.0.1 To solve the problem, a meteor update before building the package and it works (meteor version: 1.0.4.1)

Answer 3

I haven't seen the issues you describe and without seeing code or knowing how you "turned on" MongoDB authentication I need to guess - so let's focus on what made things work for me.

You should check where the user was created. In MongoDB there are multiple databases, each having their own users. When using your connection string

mongodb://username:password@127.0.0.1:27017/meteor

you are authenticating against the meteor database. Using a tool such as RoboMongo I'd check if the user is actually inside that database or whether you created it inside the admin (or any other) database.

As a quick rundown: When securing MongoDB you need to set an admin account, change the mongodb.conf file that it contains the line auth = true and restart. Then using the admin account you create a new (low-privilege) db user that has only access to the meteor database. You can do this using the command line like this (code for 2.6 as this was in your questions and will be default for next Meteor version):

db.createUser(
  { user: "username",
    pwd: "password",
    roles: [
      { role: "readwrite", db: "meteor" } 
    ]
})

If you run mongod on the same box as Meteor I think we can safely rule out any issues with net.port or net.bindIpconfig settings where the DB would simply not listen to requests.

If you did all this and restarted MongoDB, perhaps a meteor reset inside your projects can help fix anything.