Not authorized for command: addShard on database admin

Question

I'm building a MongoDB cluster using shards of replica sets and have the first replica set setup and three config servers running (all on Linux servers) with a mongos instance running pointing to the three config servers, but when connecting to the mongos instance on the application server (on Windows Server 2012 Standard x64) via the mongo shell and issuing the sh.addShard() command as per the docs , I get the following response:

> sh.addShard("rs1/xxx:xxx")
{
        "note" : "not authorized for command: addShard on database admin",
        "ok" : 0,
        "errmsg" : "unauthorized"
}

Does anyone know what I'm doing wrong? I'm running all Mongo instances using a keyfile for security. The keyfile is a Windows compatible one as per these docs .

Answer 1

My results:

If your data nodes use keyfile based authentication, all the mongod and mongos instances (data, config, etc) need to use --keyFile as well and point to an exact copy of the keyfile.

Secondly, make sure you "use admin" after connecting to config servers using mongos. If this doesn't get you there then add an admin user at the mongos prompt, authenticate with those credentials and try again.

Answer 2

I've since solved this. It was because authentication was enabled by virtue of the keyfile and using the localhost connection wasn't enough to authenticate. After disabling keyfile usage across the cluster, creating an admin account and using that to connect, it worked.

Answer 3

in addition to bisharkha's answer, here is one more clue to use keyfile.

after use admin command, also make sure you have authenticated with: db.auth("user", "passwd")

Answer 4

如果您为集合指定了错误的名称，也会发生这种情况。