HW 1.6, Test ok but mongo auth failed

Hi guys!

I have no idea why my testsaslauthd work but my mongo ldap auth fails :frowning:

here my steps:

vagrant@database:~ mkdir -p ~/M310-HW-1.6/r0 ~/M310-HW-1.6/r1 ~/M310-HW-1.6/r2 vagrant@database:~
vagrant@database:~ vagrant@database:~ sudo testsaslauthd -u adam -p password -f /var/run/saslauthd/mux
0: OK “Success.”
vagrant@database:~ vagrant@database:~
vagrant@database:~ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --replSet myReplSet --dbpath ~/M310-HW-1.6/r0 --logpath ~/M310-HW-1.6/r0/mongod.log --port 31160 --fork about to fork child process, waiting until server is ready for connections. forked process: 3680 child process started successfully, parent exiting vagrant@database:~
vagrant@database:~ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --replSet myReplSet --dbpath ~/M310-HW-1.6/r1 --logpath ~/M310-HW-1.6/r1/mongod.log --port 31161 --fork about to fork child process, waiting until server is ready for connections. forked process: 3707 child process started successfully, parent exiting vagrant@database:~
vagrant@database:~ vagrant@database:~ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --replSet myReplSet --dbpath ~/M310-HW-1.6/r2 --logpath ~/M310-HW-1.6/r2/mongod.log --port 31162 --fork
about to fork child process, waiting until server is ready for connections.
forked process: 3734
child process started successfully, parent exiting
vagrant@database:~ vagrant@database:~
vagrant@database:~$ mongo --port 31160
MongoDB shell version: 3.2.22
connecting to: 127.0.0.1:31160/test
MongoDB Enterprise >
MongoDB Enterprise >
MongoDB Enterprise > rs.initiate()
{
“info2” : “no configuration specified. Using a default configuration for the set”,
“me” : “database:31160”,
“ok” : 1
}
MongoDB Enterprise myReplSet:OTHER>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY> rs.status()
{
“set” : “myReplSet”,
“date” : ISODate(“2021-01-29T02:57:27.128Z”),
“myState” : 1,
“term” : NumberLong(1),
“heartbeatIntervalMillis” : NumberLong(2000),
“members” : [
{
“_id” : 0,
“name” : “database:31160”,
“health” : 1,
“state” : 1,
“stateStr” : “PRIMARY”,
“uptime” : 88,
“optime” : {
“ts” : Timestamp(1611888996, 1),
“t” : NumberLong(1)
},
“optimeDate” : ISODate(“2021-01-29T02:56:36Z”),
“infoMessage” : “could not find member to sync from”,
“electionTime” : Timestamp(1611888995, 2),
“electionDate” : ISODate(“2021-01-29T02:56:35Z”),
“configVersion” : 1,
“self” : true
}
],
“ok” : 1
}
MongoDB Enterprise myReplSet:PRIMARY>

MongoDB Enterprise myReplSet:PRIMARY> db.getSiblingDB("$external").createUser({user: ‘adam’,roles: [{role: ‘root’,db:‘admin’}]})
Successfully added user: {
“user” : “adam”,
“roles” : [
{
“role” : “root”,
“db” : “admin”
}
]
}
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY> db.getSiblingDB(“external”).auth({mechanism: “PLAIN”, user:‘adam’, pwd: ‘password’,digestPassword:false})
Error: Authentication failed.
0
MongoDB Enterprise myReplSet:PRIMARY> db.getSiblingDB("$external").auth({mechanism: “PLAIN”, user:‘adam’, pwd: ‘password’,digestPassword:false})
Error: Authentication failed.
0
MongoDB Enterprise myReplSet:PRIMARY>

Can you give me a clue?

Thanks

You started 3 mongod’s.So your rs.status() should show 3 members
Please check if you have missed any step

I haven’t added the other nodes yet, first I’m trying to auth with the new user but I can’t

ok
Then it must be with mongod options/params you used
LDAP is an external auth mechanism.You still need internal auth between members

Ok, I’ll add keyfile, but I tought that was an ldap problem,

I got exactly the same error using the keyFile, I can’t add another member until get authenticated and there is where I got the error

vagrant@database:~$ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --replSet myReplSet --dbpath ~/M310-HW-1.6/r0 --logpath ~/M310-HW-1.6/r0/mongod.log --port 31160 --fork --keyFile ~/rs_keyfile
about to fork child process, waiting until server is ready for connections.
forked process: 9240
child process started successfully, parent exiting
vagrant@database:~$
vagrant@database:~$
vagrant@database:~$ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --replSet myReplSet --dbpath ~/M310-HW-1.6/r1 --logpath ~/M310-HW-1.6/r1/mongod.log --port 31161 --fork --keyFile ~/rs_keyfile
about to fork child process, waiting until server is ready for connections.
forked process: 9267
child process started successfully, parent exiting
vagrant@database:~$
vagrant@database:~$
vagrant@database:~$ mongod --auth --setParameter authenticationMechanisms=PLAIN --setParameter saslauthdPath="/var/run/saslauthd/mux" --replSet myReplSet --dbpath ~/M310-HW-1.6/r2 --logpath ~/M310-HW-1.6/r2/mongod.log --port 31162 --fork --keyFile ~/rs_keyfile
about to fork child process, waiting until server is ready for connections.
forked process: 9294
child process started successfully, parent exiting
vagrant@database:~$
vagrant@database:~$
vagrant@database:~$
vagrant@database:~$ mongo --port 31160
MongoDB shell version: 3.2.22
connecting to: 127.0.0.1:31160/test
MongoDB Enterprise >
MongoDB Enterprise >
MongoDB Enterprise > rs.initiate()
{
        "info2" : "no configuration specified. Using a default configuration for the set",
        "me" : "database:31160",
        "ok" : 1
}
MongoDB Enterprise myReplSet:OTHER>
MongoDB Enterprise myReplSet:SECONDARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY> db.getSiblingDB("$external").createUser({user: 'adam',roles: [{role: 'root',db:'admin'}]})
Successfully added user: {
        "user" : "adam",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY> db.getSiblingDB("external").auth({mechanism: "PLAIN", user:'adam', pwd: 'password',digestPassword:false})
Error: Authentication failed.
0
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY> rs.add("database.m310.mongodb.university:31161")
2021-01-29T22:30:47.337+0000 E QUERY    [thread1] Error: count failed: {
        "ok" : 0,
        "errmsg" : "not authorized on local to execute command { count: \"system.replset\", query: {}, fields: {} }",
        "code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBQuery.prototype.count@src/mongo/shell/query.js:370:11
DBCollection.prototype.count@src/mongo/shell/collection.js:1713:12
rs.add@src/mongo/shell/utils.js:1163:1
@(shell):1:1

MongoDB Enterprise myReplSet:PRIMARY>

Is your testsaslauthd still working.Sometimes between stop/starts permissions would have changed or saslauthd not running

Did you start afresh with keyfile or just included that param and started the mongods?

Better to start from scratch cleaning all the dirs

Yes is still working and I started my replica from scratch, but I had no changes

why sudo while testing testsaslauthd?
Is it working without sudo?

Please show contents of /etc/saslauthd.conf

Don’t work without sudo

vagrant@database:~$ testsaslauthd -u adam -p password -f /var/run/saslauthd/mux
connect() : Permission denied
vagrant@database:~$ sudo testsaslauthd -u adam -p password -f /var/run/saslauthd/mux
0: OK "Success."
vagrant@database:~$   

saslauthd.conf

vagrant@database:~$ cat /etc/saslauthd.conf
ldap_servers: ldap://infrastructure.m310.mongodb.university:389
ldap_search_base: ou=Users,dc=mongodb,dc=com
ldap_filter: (cn=%u)
vagrant@database:~$

It should work without sudo
The fact it is working with sudo but not as vagrant user indicates permission issue with your dir
Did you chmod as per instructions?

Show output of ls -lrt /var/run/saslauthd/

vagrant@database:~ sudo ls -lrt /var/run/saslauthd/ total 968 -rw------- 1 root root 5 Jan 28 23:59 saslauthd.pid -rw------- 1 root root 0 Jan 28 23:59 mux.accept srwxrwxrwx 1 root root 0 Jan 28 23:59 mux -rw------- 1 root root 986112 Jan 28 23:59 cache.mmap -rw------- 1 root root 0 Jan 28 23:59 cache.flock vagrant@database:~

Why it is showing Jan 28th timestamp?

Try sudo chmod 755 /var/run/saslauthd/ and test again

vagrant@database:~ sudo chmod 755 /var/run/saslauthd/ vagrant@database:~
vagrant@database:~ vagrant@database:~
vagrant@database:~ testsaslauthd -u adam -p password -f /var/run/saslauthd/mux 0: OK "Success." vagrant@database:~ mongo --port 31160
MongoDB shell version: 3.2.22
connecting to: 127.0.0.1:31160/test
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY>
MongoDB Enterprise myReplSet:PRIMARY> db.getSiblingDB(“external”).auth({mechanism: “PLAIN”, user:‘adam’, pwd: ‘password’,digestPassword:false})
Error: Authentication failed.
0
MongoDB Enterprise myReplSet:PRIMARY>

authentication failed means wrong user id/pwd or configuration
Did you change pwd of adam?
Sometimes small typo in the config file or in command line params can cause issues
Instead of authenticating after connecting to mongodb try to authenticate while connecting

mongo --host --authenticationMechanism PLAIN --authenticationDatabase ‘$external’ -u -p

No, I haven’t changed the adam password

vagrant@database:~$ mongo --host "database.m310.mongodb.university" --port 31160 --authenticationMechanism PLAIN --authentica
tionDatabase "$external" -u adam -p password
MongoDB shell version: 3.2.22
connecting to: database.m310.mongodb.university:31160/test
2021-02-02T03:07:49.062+0000 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):7:1
@(auth):1:2

exception: login failed

Password changed

[vagrant@infrastructure shared]$ python ldapconfig.py passwd -u adam -op password -np webscale
[vagrant@infrastructure shared]$


vagrant@database:~$ testsaslauthd -u adam -p webscale -f /var/run/saslauthd/mux
0: OK "Success."
vagrant@database:~$
vagrant@database:~$
vagrant@database:~$
vagrant@database:~$ mongo --host "database.m310.mongodb.university" --port 31160 --authenticationMechanism PLAIN --authenticationDatabase "$external" -u adam -p webscale
MongoDB shell version: 3.2.22
connecting to: database.m310.mongodb.university:31160/test
2021-02-02T03:11:07.817+0000 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):7:1
@(auth):1:2

exception: login failed
vagrant@database:~$

Are you still facing issues?
Normally we create root user and add other users
So create a root user and add adam on $external db
Don’t give root to adam.just useradminanydatabase or dbadminanydatabase type roles

or
start mongods without --auth and LDAP.create user adam on external db and authenticate
Then shutdown db’s and start with auth & LDAP

yes I still have issues with this particular task, I’m working in the rest of the course and when I’ve finished all tasks then will get back to this one.