Hi,
I have just installed home assistant on a pi using the OS image file.
I have installed Mosquitto via the UI, however the log shows me:
Socket error on client , disconnecting.
1639159576: New connection from 192.168.1.31 on port 1883.
Looking into this, it appears that mosquito is not allowing unauthenticated connections - but my attempts so far to disable authentication have failed. Any ideas?
I’m pretty sure that the addon uses home assistant users for authentication. So the easiest thing for you to do - is add a new Home Assistant user specifically for mqtt.
I had assumed the issue here was that devices were trying to connect to mosquito and having their connections refused. Unfortunately not all of my devices support authentication, which isn’t generally a problem on a closed network…I know I can configure standalone mosquito to allow unathenticated connections. But so far I haven’t managed it with HA:
Thanks - I tried the above, along with this suggestion (very similar to yours):
Bizzarely, I do now get a single device connecting. However, all other devices - including HA itself connecting from localhost, are rejected
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] mosquitto.sh: executing...
[18:25:11] INFO: SSL is not enabled
[cont-init.d] mosquitto.sh: exited 0.
[cont-init.d] nginx.sh: executing...
[cont-init.d] nginx.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[18:25:12] INFO: Starting NGINX for authentication handling...
[18:25:12] INFO: Starting mosquitto MQTT broker...
1639160712: mosquitto version 1.6.12 starting
1639160712: |-- *** auth-plug: startup
[18:25:13] INFO: Successfully send discovery information to Home Assistant.
[18:25:13] INFO: Successfully send service information to the Supervisor.
1639160712: Config loaded from /etc/mosquitto/mosquitto.conf.
1639160712: Loading plugin: /usr/share/mosquitto/auth-plug.so
1639160712: ├── Username/password checking enabled.
1639160712: ├── TLS-PSK checking enabled.
1639160712: └── Extended authentication not enabled.
1639160712: Opening ipv4 listen socket on port 1883.
1639160712: Opening ipv6 listen socket on port 1883.
1639160712: Opening websockets listen socket on port 1884.
1639160712: Warning: Mosquitto should not be run as root/administrator.
1639160712: mosquitto version 1.6.12 running
1639160712: New connection from 127.0.0.1 on port 1883.
1639160712: Socket error on client <unknown>, disconnecting.
1639160748: New client connected from 192.168.1.153 as OTGW2C:F4:32:57:D8:CD (p2, c1, k15).
1639160782: New connection from 192.168.1.48 on port 1883.
401: Unauthorized1639160782: Socket error on client <unknown>, disconnecting.
Because you are using an ACL file, any device now that has a username and password, either needs to be connecting anonymously - or there needs to be a line in the ACL file for that user:
user device-username
topic readwrite #
If the user does not exist in the ACL file, then it will be rejected.
Interesting.
Most of my devices are Tasmota. Setting a blank username and password via the Tasmota web UI for does not work - they reset to their (non blank) defaults. However, disabling both at the command line:
MqttUser 0
MqttPasswqord 0
Does allow the devices to connect.
This workaround works in that case - once I have configured all the devices.
I know if this was a standalone install of mosquitto, I could enable anonymous logins, at which point mosquitto would simply ignore any auth - and let clients connect whatever credentials they passed. Is this something that can be enabled when using the HA installed mosquito?
A default standalone install of Mosquitto does not have any auth enabled by default, you have to run a bundled tool in order to add users and passwords to (standalone) Mosquitto. If you attempt to connect with a username that does not exist, it will still reject the connection. It’s not really anonymous as such - it just doesn’t have any users configured out-of-the-box.
Ah thanks.
I have just run a script to blank all my MQTT device credentials, which has done the trick.
It would be nice were there a way to run HA mosquito such that it would accept any connections, whether auth was provided or not - which I did have working with my standalone install, but there may be good reasons this is not possible, and for now all is working!
Thanks for your help with this one, and have a good weekend!
I may not be correct when it comes to how it handles usernames being passed to it on a default install, it’s been a while. I know that I have to Google just to remember how to add a new user to it haha.