Login/Register
mongo db docker image authentication failed
Asked Answered
Solved mongodbdocker
C

8

30

I'm using https://hub.docker.com/_/mongo mongo image in my local docker environment, but I'm getting Authentication failed error. In docker-compose I add it like:

 my-mongo:
    image: mongo
    restart: always
    container_name:  my-mongo
    environment:
      MONGO_INITDB_ROOT_USERNAME: mongo
      MONGO_INITDB_ROOT_PASSWORD: asdfasdf
    networks:
      - mynet

I also tried to run mongo CLI from inside the container but still getting the same error:

root@76e6db78228b:/# mongo
MongoDB shell version v4.2.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("c87c0f0e-fe83-41a6-96e9-4aa4ede8fa25") }
MongoDB server version: 4.2.3
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
        http://docs.mongodb.org/
Questions? Try the support group
        http://groups.google.com/group/mongodb-user
> use translations
switched to db translations  
> db.auth("mongo", "asdfasdf")
Error: Authentication failed.
0

Also, I'm trying to create a separate user:

> use admin
switched to db admin
db.auth("mongo", "asdfasdf")
1
> db.createUser({
    user: "user",
    pwd: "asdfasdf",
    roles: [  {role: "readWrite", db: "translations" }  ]
    })
Successfully added user: {
        "user" : "user",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "translations"
                }
        ]
}
> use translations
switched to db translations  
> db.auth("user", "asdfasdf")
Error: Authentication failed.
0

and the same, what I'm doing wrong???

Updated:

root@8bf81ef1fc4f:/# mongo -u mongo -p asdfasdf --authenticationDatabase admin
MongoDB shell version v4.2.3
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("02231489-eaf4-40be-a108-248cec88257e") }
MongoDB server version: 4.2.3
Server has startup warnings: 
2020-02-26T16:24:12.942+0000 I  STORAGE  [initandlisten] 
2020-02-26T16:24:12.943+0000 I  STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2020-02-26T16:24:12.943+0000 I  STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).

The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.

To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---

> db.createUser({user: "someuser", pwd: "asdfasdf", roles: [{role: "readWrite", db: "translations"}]})
Successfully added user: {
        "user" : "someuser",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "translations"
                }
        ]
}
> use translations
switched to db translations
> db.auth("someuser", "asdfasdf")
Error: Authentication failed.
0
>
Curiosity answered 25/2, 2020 at 12:7 Comment(0)
D
12

as stated in the Docs

These variables, used in conjunction, create a new user and set that user's password. This user is created in the admin authentication database and given the role of root, which is a "superuser" role.

so you need to add --authenticationDatabase admin to your command since the mongod will be started with mongod --auth

example:

mongo -u mongo -p asdfasdf --authenticationDatabase admin
Drud answered 25/2, 2020 at 12:52 Comment(3)
still can't add new user. See CLI outpur in updates for original questionCuriosity
I want to add non-admin user add permissions for that user to the database I needCuriosity
actually you are right I should but I need switch to the database I need before adding user. Not sure why I need to do it as I still setting database in the use rolesCuriosity
P
25

After some time, I figured out.

  • On the same folder, create docker-compose.yml and init-mongo.js

docker-compose.yml

version: '3.7'
services:
  database:
    image: mongo
    container_name : your-cont-name
    command: mongod --auth
    environment:
      - MONGO_INITDB_DATABASE=my_db
      - MONGO_INITDB_ROOT_USERNAME=admin
      - MONGO_INITDB_ROOT_PASSWORD=root
    ports:
      - '27017-27019:27017-27019'
    volumes: 
      - mongodbdata:/data/db
      - ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
      
volumes:
  mongodbdata:
    driver: local

init-mongo.js

db.createUser(
    {
        user: "your_user",
        pwd: "your_password",
        roles: [
            {
                role: "readWrite",
                db: "my_db"
            }
        ]
    }
);
db.createCollection("test"); //MongoDB creates the database when you first store data in that database

Auth

First, execute the bash inside the container

docker exec -it your-cont-name bash

Now we can login. For the admin

mongo -u admin -p root

For the your_user you have to specify the db (with the --authenticationDatabase) otherwise you'll have an auth error

mongo -u your_user -p your_password --authenticationDatabase my_db

After that, you should switch to the right db with

use my_db

If you don't execute this command, you'll be on test db

Note

For being sure of having the right config, i prefer to

docker-compose stop
docker-compose rm
docker volume rm <your-volume>
docker-compose up --build -d
Presurmise answered 26/5, 2021 at 9:34 Comment(2)
So you if you don't create a user with db.createUser() in the entrypoint ( - ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro ) you can't login as the root user defined in the env variables ( MONGO_INITDB_DATABASE=my_db, MONGO_INITDB_ROOT_USERNAME=admin , MONGO_INITDB_ROOT_PASSWORD=root ) ? So what are these environment variables for ? do they not create an user with a password for that initdb ? Another question, how do you hide your password from git, you have it inside this .js file ?Symposiac
This worked like a charm to me, but you really don't need to change the commandDwarfish
P
21

i have the same issue, after google two hours finally sovled; solution:find out the host machine direcory mounted into mongodb container, delete it,then re-create the mongodb container.

mongo db container create by docker-compose.yaml mount a diretory from host mechine to the container for save the mongo datbases. when you remove the container the mouted direcotry do not deleted, so the default username and password pass by env var could be long time ago you set, now you change the user name and password. just do not work,cause recreate the container will not recreate the "admin" database .

Premiership answered 11/4, 2022 at 16:54 Comment(4)
That really helped. Could have never thought this.Morea
Thanks that was my problemHelico
I was struggling for days, then I read this answer and then I realized the issue. My problem was more subtle: I changed laptop and, being lazy, I just copy-pasted the whole folder. The old volume was a hidden sub-folder, but the docker-compose.yaml still used it, and the authentication failed. After removing it, it worked like a charm!Felloe
great. it works on k8s either. I removed the pvc assigned to pod that installed at my first time. then reinstall it. solve the problem!Fullgrown
D
12

as stated in the Docs

These variables, used in conjunction, create a new user and set that user's password. This user is created in the admin authentication database and given the role of root, which is a "superuser" role.

so you need to add --authenticationDatabase admin to your command since the mongod will be started with mongod --auth

example:

mongo -u mongo -p asdfasdf --authenticationDatabase admin
Drud answered 25/2, 2020 at 12:52 Comment(3)
still can't add new user. See CLI outpur in updates for original questionCuriosity
I want to add non-admin user add permissions for that user to the database I needCuriosity
actually you are right I should but I need switch to the database I need before adding user. Not sure why I need to do it as I still setting database in the use rolesCuriosity
R
6

I've fallen in this trap and wasted a day while everything was correct.

I'm writing this for future me(s) because it wasn't mentioned anywhere else and also to avoid my mistake while setting up user/pass combination to connect to their database from other services.

Assuming everything is right:👇

If you are mounting some local folder of yours as storage for your database like below:


services:
  your_mongo_db:
    // ...some config

    volumes:
      - ./__TEST_DB_DATA__:/data/db
      - ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
    environment:
      - "MONGO_INITDB_ROOT_USERNAME=root"
      - "MONGO_INITDB_ROOT_PASSWORD=pass"

    //...more config

Please remember to remove this folder before re-running your compose file. I think when you run the docker-compose command for the first time, Mongo will create and store the user data there (like any other collections) and then reuse it for the next time (since you mounted that volume).

Revolutionize answered 11/7, 2022 at 21:27 Comment(0)
C
3

I had the same problem myself,

Please first remove the username and password from credentials.

environment:
      MONGO_INITDB_ROOT_USERNAME: mongo
      MONGO_INITDB_ROOT_PASSWORD: asdfasdf

after you remove the credentials you may check dbs or users on your mongodb.

show dbs
show users

Those commands also needs auth, so if you can see them, can be null, then you fix your issue.

Than, then create a admin user,

use admin
db.createUser({user: "root", pwd: "root", roles:["root"]})

then you can logout and try to connect with credentials to the shell as an admin.

In addition if you are still having some issues about creating new user, In my case I changed mechanisms to SCRAM-SHA-1 than it worked like a charm.

{
  user: "<name>",
  pwd: passwordPrompt(),      // Or  "<cleartext password>"
  customData: { <any information> },
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
     {
       clientSource: ["<IP>" | "<CIDR range>", ...],
       serverAddress: ["<IP>" | "<CIDR range>", ...]
     },
     ...
  ],
  mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
  passwordDigestor: "<server|client>"
}
Cyprio answered 13/5, 2021 at 14:1 Comment(1)
So you if you don't create a user with db.createUser() in the entrypoint ( - ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro ) you can't login as the root user defined in the env variables ( MONGO_INITDB_DATABASE=my_db, MONGO_INITDB_ROOT_USERNAME=admin , MONGO_INITDB_ROOT_PASSWORD=root ) ? So what are these environment variables for ? do they not create an user with a password for that initdb ?Symposiac
E
3

I had the same problem myself, follows this steps: Steps 1 and 2 are to delete de old configuration, and set and apply the new configuration, its so important:

  1. Delete to the containers mongo: docker rm mongo -f
  2. If you have created volumes, delete them: docker volume rm $(docker volume ls -q) -f
  3. In ports field of docker-compose.yml set: - 27018:27017 -> Its so important that ports is not 27017:27017, in my case it was generating conflict.
  4. Up docker compose: docker-compose up
  5. Try now the connection with authentication!

Example of docker-compose.yml:

mongo:
    container_name: mongo
    image: mongo:4.4
    restart: always
    environment:
      TZ: "Europe/Madrid"
      MONGO_INITDB_ROOT_USERNAME: "user"
      MONGO_INITDB_ROOT_PASSWORD: "admin1"
    volumes:
      - ./mongoDataBase:/data/db        
    ports:
      - 27018:27017

Best regards!

Ezaria answered 4/11, 2022 at 19:26 Comment(2)
I couldn't find out what is the problem but as you mentioned deleting mongo container and volume helps :)Gelsenkirchen
Deleting the container and volume helped me too!Howenstein
I
1

the error maybe related with docker volumes, try to remove old ones and create a new volume in docker-compose.yaml. I think it's related with initial scripts that set your username and pass to static files, so you need recreate that

Impractical answered 1/7, 2023 at 12:14 Comment(1)
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.Forwhy
H
0

For my situation, all the answers mentioning removing the docker volumes seemed like they would work because I am pretty sure that when I initially created my mongo container I didn't have the root user environment variables set. I could connect without authentication, but the credentials I had in my docker-compose weren't working.

I deleted the volumes over and over in different ways - through docker desktop, through windows explorer - but every time I created my container I still saw the old databases in there, so I knew the underlying data still hadn't been deleted.

I finally thought that maybe the container was using data from an existing installation of MongoDB on my host machine. I didn't need that installation anymore so I uninstalled it. I then made sure that my docker volumes were also deleted (I wanted no trace of previous data). I created the mongo container again and, finally, the old databases were gone and the authentication was working.

Hypoderm answered 17/7 at 19:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.