This won’t help with the ACL entries in the log. We either need to make an ACL file or wait for the feature to be disabled by default.
So solution is not to update from 4.0 to 4.1…
It just fills the log, it still works ok for me
and how are your setting … in config or directly via GUI?
Can you paste your code from GUI or config (if you have still there) which is working in 4.1…
I have no Mqtt settings in configuration.yaml not even mqtt: section. I have default settings in the mosquito add-on. I have set a user name and password in the add-on configuration.
Default settings are here
@Crhass assuming you have setup mqtt in the integrations?
And…
Add the following configuration to enable ACLs:
- Set the
active
flag within thecustomize
section totrue
in your configuration.- Create a file in
/share/mosquitto
namedacl.conf
with the following contents:acl_file /share/mosquitto/accesscontrollist
- Create a file in
/share/mosquitto
namedaccesscontrollist
and add contents according to your requirements.
Is it possible to make a sort of generic or wildcard/catchall ACL so that we don’t get the errors?
All my clients use the same account to login. Can I write an ACL that allows it to use all topics without specifying them all?
You can add the following to your accesscontrollist file. It will allow a specific user to read and write to any topic.
# This only affects clients with username "bobby"
user bobby
topic #
If you create a home assistant user with the same username and password as your local MQTT user, you can delete the user from the broker as it will use a Home Assistant user. (If you do this then you don’t need to reconfigure any settings in your devices)
I have been running like this since v3 of the broker - all default settings in broker and the MQTT integration I have discovery enabled. I do not have ANY manual device configuration at all and no MQTT: section in config yaml.
Do you make the UN and PW blank in the mosquito add-on config or do you remove the whole login section?
This is different to the ACL config we have been discussing though.
Just make them blank… or tap on default and save.
It was getting my crazy after this new release…Thank you very much for the info!! It worked like a charm!
Hi. I have the same problem, except, initially Hassio stopped working with Mosquito. I had to add my Mosquito username and password to the MQTT: entry in my configuration.yaml.
It now works, but I get the ACL messages you describe.
What did you actually do to resolve this please?
That worked - thank you!
I switched to the Community MQTT & HiveMQ add on and it seems to be more reliable again. I have a couple of clients that refused to stay connected to the official 4.1 release now. After removing and reconfiguring to the community add-on, all my old stuff started working immediately again.
I added users to HA, removed MQTT config from config.yaml, works OK.
Then I enabled acl as described above and log flood disapeared, but with each connection log show client user name and password in clear text, which “security expert” programed it???
Blockquote
1552674144: |-- mosquitto_auth_unpwd_check(hasscore) 1552674144: |-- ** checking backend http 1552674144: |-- url=http://127.0.0.1:8080/login 1552674144: |-- data=username=…name…&password=…pwd…&topic=&acc=-1&clientid= [INFO] found hasscore on Home Assistant 1552674146: |-- getuser(hasscore) AUTHENTICATED=1 by http
Blockquote
HI, you sure is that? Somewhere else I red its
topic readwrite #
also you know how to allow access without username?
Also how to put if you have 2 usernames
user bobby
topic readwrite #
user paul
topic readwrite #
?
user bobby
topic #
This format works for me.
It’s not a breaking change and didn’t break anything for my system… Perhaps instead of ranting you can post the broker config here?