Can't authenticate against Mongodb 3.0.1 member added to a 2.6.8 replica set

Question

We have a replica set running 2.6.8, and I'm trying to add a member running 3.0.1 with the WiredTiger engine. I'm attempting to do a rolling update of the replica set to 3.0.1 by replacing one member at a time. The data seems to have replicated, but I am unable to authenticate using the mongo shell.

MongoDB shell version: 3.0.1
connecting to: test
rs:SECONDARY> use admin
switched to db admin
rs:SECONDARY> db.auth("admin", "password")
Error: 18 Authentication failed.
0

The log is also full of the following:

Failed to authenticate admin@admin with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user admin@admin
Failed to authenticate user@collection with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user user@collection

I'm not sure if the users didn't replicate along with the data, or if this is something to do with the authentication mechanism changing in 3.0.

I'm only seeing this issue on our production replica set. I first tried in on our testing replica set and had no issues. I've tried it multiple times in production, each time launching a new clean AWS instance, and each time I have the same issue. The only difference between production and testing are the IPs and the amount of data. Production has >2TB of data, while testing has a <1GB. Monogdb is running on Amazon Linux, using packages from the http://repo.mongodb.org/yum/redhat/6/mongodb-org/3.0/x86_64/ yum repository.

Answer 1

The problem was that the authorization schema was still using the version 2.4 schema, even though all members of the replica set were running 2.6.

Mongodb < 3.0.2 doesn't check this before syncing, but they changed it in 3.0.2 to give an error before trying to sync.

Run db.getSiblingDB("admin").runCommand({authSchemaUpgrade: 1 }); on the primary of the replica set before adding the version 3 member.