Discussion:
[mongodb-user] Can not authenticate via mongo's official node.js driver (MongoDB Cloud Manager replica deployment)
Pedro Diogo
2015-12-22 13:36:06 UTC
Permalink
Hello everybody,

I am trying to authenticate to my replica set, which was deployed via Mongo
Cloud Manager, but I can not figure out why it fails.

Here are my users on database *abcd*:

abcdRepliaSet:PRIMARY> use abcd
switched to db abcd
show users
abcdRepliaSet:PRIMARY> show users
{
"_id" : "abcd.abcdAppUser",
"user" : "abcdAppUser",
"db" : "abcd",
"roles" : [
{
"role" : "readWrite",
"db" : "abcd"
}
]
}


and I can successfully connect to it via mongo shell:

mongo adbcd-mongo-mms.cloudapp.net:57002 -u adbcd AppUser -p hidden --authenticationDatabase
adbcd

However, I can not using this simple code:

MongoClient.connect("mongodb://abcd
AppUser:***@abcd-mongo-mms.cloudapp.net:57001,abcd-mongo-mms.cloudapp.net:57002,abcd-mongo-mms.cloudapp.net:57003/abcd?replicaSet=
abcdRepliaSet&authSource=abcd&authMechanism=SCRAM-SHA-1",
function(err, db) {
if(err) throw err;
else console.log(db);
});


I am also pretty sure my authMechanism is SCRAM-SHA-1 as I've added the
user using mongoldb v. 3.0.7 and I've also confirmed it using:

db.system.users.find({user:"abcdAppUser"}).pretty()


Here is mongod's log when I try to auth via the nodejs app:

2015-12-22T13:31:33.823+0000 I ACCESS [conn30286] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:33.894+0000 I ACCESS [conn30288] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.051+0000 I ACCESS [conn30287] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.124+0000 I ACCESS [conn30289] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.206+0000 I ACCESS [conn30290] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.263+0000 I NETWORK [conn30288] end connection 94.61.
85.76:53102 (17 connections now open)
2015-12-22T13:31:34.264+0000 I NETWORK [conn30286] end connection 94.61.
85.76:61293 (17 connections now open)
2015-12-22T13:31:34.263+0000 I NETWORK [conn30287] end connection 94.61.
85.76:58194 (17 connections now open)
2015-12-22T13:31:34.263+0000 I NETWORK [conn30289] end connection 94.61.
85.76:58537 (17 connections now open)
2015-12-22T13:31:34.264+0000 I NETWORK [conn30290] end connection 94.61.
85.76:57720 (13 connections now open)
2015-12-22T13:31:37.185+0000 I NETWORK [conn30281] end connection 10.0.0.8:
34322 (12 connections now open)


I also made sure my node.js driver was compatible with SCRAM and it is. At
this point, I can't really understand why it fails... Any help would be
most welcome!

Thank you in advance.

Regards,
Pedro
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/7265afc0-a6a1-4cf1-b142-81fcedd79c70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pedro Diogo
2016-01-03 16:43:02 UTC
Permalink
I still can not authenticate and I don't know what else I should do...
Could you please take a look at this user?

{
"_id" : "abcd. abcdAppUser",
"user" : "abcdAppUser",
"db" : "abcd",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "90Ay1lAKpaq2GoEHh3hzkQ==",
"storedKey" : "hidden=",
"serverKey" : "alsoHidden="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "abcd"
}
]
}

Why am I getting the storedKey mismatch error only when connecting via the
driver ?! I'm using node.js driver version 2.1.2 so it should work as per
https://docs.mongodb.org/v3.0/release-notes/3.0-scram/#upgrade-drivers

I really am in the dark here.......
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/8c34b325-739e-4866-8273-c22c11f5ce65%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Wan Bachtiar
2016-01-04 06:57:35 UTC
Permalink
and I can successfully connect to it via mongo shell:
mongo adbcd-mongo-mms.cloudapp.net:57002 -u adbcd AppUser -p hidden
—authenticationDatabase adbcd

Hi Pedro,

For the shell connection test you have posted a slightly different
information:

- user: “adbcd AppUser” vs “abcdAppUser”
- database: adbcd vs abcd
- host: “adbcd-mongo-mms.cloudapp.net” vs “abcd-mongo-mms.cloudapp.net”

Can you please confirm whether the above are just a typing error when
posting ?


I am also pretty sure my authMechanism is SCRAM-SHA-1 as I’ve added the
user using mongoldb v. 3.0.7

Can you confirm that your deployment is still running MongoDB v3.0.7 ?


Also can you run a couple of tests:

1.

Try changing the connection string to a single node :
MongoClient.connect("mongodb://abcdAppUser:***@abcd-mongo-mms.cloudapp.net:57001/abcd",
function(err, db) ...
2.

Try connecting with a different username/password. i.e. admin



Regards,

Wan.
​
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/70ebe6bb-6f67-45e1-a231-fe4dc8aca2da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pedro Diogo
2016-01-04 12:39:16 UTC
Permalink
Thank you very much, Wan, for your input!

It was all typos, yes - database is *abcd, *user is *abcdAppUser *and host
is *abcd-mongo-mms.cloudapp.net <http://abcd-mongo-mms.cloudapp.net>*

I've also already tried all of what you said and nothing worked. I do have
an Admin account which I can also access via mongo shell, but not via
node.s's driver and I've also tried, unsuccessfully, to connect to a
single host.

I've also updated mongodb to v. 3.2.0 using Mongo Cloud Manager.

Any other feedback? Please just let me know!

Will also try to connect using a different driver (C or JAVA).
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/f45d1697-5fea-4358-ba7b-084f2d210b13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Wan Bachtiar
2016-01-05 02:55:45 UTC
Permalink
Hi Pedro,

Unfortunately I can’t replicate the authentication problem that you are
seeing. My test environment is:
node v5.10, mongodb driver v2.1.2, MongoDB replica set v3.2.0 (auth
SCRAM-SHA-1).

Did you start a new v3.0.7 installation without any users ?
Or did you upgrade from v2.6 with existing users and then create new users
in v3.0.7?

If you are upgrading from v2.6 with existing users, to use SCRAM-SHA-1
please follow the upgrade steps for v2.6 MONGODB-CR Users to SCRAM-SHA-1
<https://docs.mongodb.org/v3.0/release-notes/3.0-scram/#upgrade-mongodb-cr-to-scram>.



Another test that you should try is separating the connection code with the
authentication code. See code snippet below for an example:

var Db = require('mongodb').Db;var Server = require('mongodb').Server;var dbname = 'abcd';var host = 'abcd-mongo-mms.cloudapp.net';var port = 57001;var user = 'abcdAppUser';var pwd = 'hidden';
var db = new Db(dbname, new Server(host, port));
db.open(function(err, db){
if (err) throw err;
console.log('Connected');

db.authenticate(user, pwd, function(err, result){
if (err) throw err;
console.log('Authenticated');
db.close();
});
});

If you are able to connect but not authenticate, please check that your
username and password are correct.

The below log entry normally indicates that the password is incorrect.
Incorrect database or user would result in a different log entry.

2016-01-05T13:21:38.127+1100 I ACCESS [conn75] SCRAM-SHA-1 authentication failed for abcdAppUser on abcd from client 10.8.1.191 ; AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch

Regards,

Wan.
​
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/bd3d9b92-e3d0-4c0c-839f-0931471293de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pedro Diogo
2016-01-05 17:06:08 UTC
Permalink
Hello Wan,

Looks like we had the same environment, except for nodes version (still on
v0.12.6). I had already tested that type of authentication and have also
taken a look at that specific docs page.

It works now. :) Don't ask me why, though. I just simply deleted my old
user, made sure I've upgraded my schema (I was sure it was on v. 5, but oh
well...) and then added the exact same user with the exact same password
and roles. Magic. I wish I could understand what was causing the problem...
I don't really remember, but I think I've installed v. 3.0 and added some
users back afterwards. My guess is that I'm wrong and something must have
conflicted with Cloud Manager's way of doing things as I've added some
users before enabling authentication via that same service. I might even
have upgraded to v. 3.0 afterwards. I seriously don't know. This was a test
environment I had setup just for development and testing purposes. I know
understand how I should have configured it and will make sure I keep
logging every action even when in development environment.

Thank you very much, Wan, for your help!

Regards,
Pedro
Post by Pedro Diogo
Hello everybody,
I am trying to authenticate to my replica set, which was deployed via
Mongo Cloud Manager, but I can not figure out why it fails.
abcdRepliaSet:PRIMARY> use abcd
switched to db abcd
show users
abcdRepliaSet:PRIMARY> show users
{
"_id" : "abcd.abcdAppUser",
"user" : "abcdAppUser",
"db" : "abcd",
"roles" : [
{
"role" : "readWrite",
"db" : "abcd"
}
]
}
mongo adbcd-mongo-mms.cloudapp.net:57002 -u adbcd AppUser -p hidden --authenticationDatabase
adbcd
MongoClient.connect("mongodb://abcd
abcd-mongo-mms.cloudapp.net:57002,
abcd-mongo-mms.cloudapp.net:57003/abcd?replicaSet=abcd
RepliaSet&authSource=abcd&authMechanism=SCRAM-SHA-1",
function(err, db) {
if(err) throw err;
else console.log(db);
});
I am also pretty sure my authMechanism is SCRAM-SHA-1 as I've added the
db.system.users.find({user:"abcdAppUser"}).pretty()
2015-12-22T13:31:33.823+0000 I ACCESS [conn30286] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:33.894+0000 I ACCESS [conn30288] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.051+0000 I ACCESS [conn30287] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.124+0000 I ACCESS [conn30289] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.206+0000 I ACCESS [conn30290] SCRAM-SHA-1
authentication failed for abcdAppUser on abcd from client 10.0.0.10 ;
AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
2015-12-22T13:31:34.263+0000 I NETWORK [conn30288] end connection 94.61.
85.76:53102 (17 connections now open)
2015-12-22T13:31:34.264+0000 I NETWORK [conn30286] end connection 94.61.
85.76:61293 (17 connections now open)
2015-12-22T13:31:34.263+0000 I NETWORK [conn30287] end connection 94.61.
85.76:58194 (17 connections now open)
2015-12-22T13:31:34.263+0000 I NETWORK [conn30289] end connection 94.61.
85.76:58537 (17 connections now open)
2015-12-22T13:31:34.264+0000 I NETWORK [conn30290] end connection 94.61.
85.76:57720 (13 connections now open)
2015-12-22T13:31:37.185+0000 I NETWORK [conn30281] end connection 10.0.
0.8:34322 (12 connections now open)
I also made sure my node.js driver was compatible with SCRAM and it is. At
this point, I can't really understand why it fails... Any help would be
most welcome!
Thank you in advance.
Regards,
Pedro
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/57fc0541-37a5-4549-91bd-1c2279af9c09%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...