Yeah but if you try and use active: true it falls in a heap… There’s also a lot of noise in the logs…
I put full logs and stuff here https://community.home-assistant.io/t/acl-with-mqtt-broker-4-1-hass-io/
I haven’t found a need for restricting topics using acl I guess. I don’t have a lot of mqtt devices so there may be some benefit I am missing.
I was more interested in eliminating the shit flooding the logs… my MQTT isn’t exposed externally anyway
1 Like
We were on mosquitto 1.4 and this is 1.5.6 https://mosquitto.org/blog/
I think the logs have seen more changes and become more verbose through all the version we have…missed.
1 Like
Interesting. A bugfix in 1.5.8 is possible relevant to the issue I’m seeing…
Yes I just noticed that too because I was skimming older updates and working backwards.
- Fix clients being disconnected when ACLs are in use. This only affects the case where a client connects using a username, and the anonymous ACL list is defined but specific user ACLs are not defined. Closes #1162.
1 Like
I tagged @pvizeli in the other thread… hopefully he can shed some light on it.
I am using a Home Assistant User and someone else said they have it working if they define a local user for MQTT… Dunno… I always assume I’m screwing something up but maybe not.
Finally v4.1 works!!
My MQTT devices uses user & password, I was crazy touching conf file and customize files, rebooting, changing over and over…
Mosquitto Browser add-on config set as default:
{
"logins": [],
"anonymous": false,
"customize": {
"active": false,
"folder": "mosquitto"
},
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
}
Don’t need to create custom files.
An you need to create your MQTT users in ‘Configuration -> Users’ section. Restart Mosquitto Browser add-on and voila!
EDIT:
Same solution as @cogneato
Good God I don’t think I’ve ever had a good experience from hitting the Update button for a Hassio addon.
I also updated to 4.1, lost all MQTT control, ensured I had the config set correctly (set up a user, correct configuration.yaml, used the Integrations page etc) but no joy.
Thankfully I had a snapshot to restore 4.0, so I’m back in business. Will wait 6 - 8 weeks upon the next addon update before I proceed with the update myself.
The addon works exactly like it did before unless you try and use the acl and set active to true… then it falls in a hole unless you are using a local user for some reason.
I have the below configuration, if I put on a device the HASSIO users/password (those setup under Configuration/Users) as MQTT user/password, the device is not connecting
Is this a bug? (I know I should not use “”, but I have a couple of devices already flashed like this and for me is very difficult to reflash them)
{
"logins": [
{
"username": "",
"password": ""
},
{
"username": "test",
"password": "test"
}
],
"anonymous": true,
"customize": {
"active": true,
"folder": "mosquitto"
},
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
}
this the HASSIO log
1552645215: New connection from 192.168.1.3 on port 1883.
1552645215: |-- mosquitto_auth_unpwd_check(xxxx)
1552645215: |-- ** checking backend http
1552645215: |-- url=http://127.0.0.1:8080/login
1552645215: |-- data=username=xxxx&password=xxxx&topic=&acc=-1&clientid=
1552645215: |-- http req fail url=http://127.0.0.1:8080/login re=Couldn't connect to server
1552645215: |-- url=http://127.0.0.1:8080/login
Strange thing is that if I put the USer/Password (of Configuration/User) also in the HASSIO Aaddon config, I receive a different error, but still an error
{
"logins": [
{
"username": "",
"password": ""
},
{
"username": "test",
"password": "test"
},
{
"username": "xxx",
"password": "yyy"
}
],
"anonymous": true,
"customize": {
"active": true,
"folder": "mosquitto"
},
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
}
log
1552645566: New connection from 192.168.1.3 on port 1883.
1552645566: |-- mosquitto_auth_unpwd_check(xxx)
1552645566: |-- ** checking backend http
1552645566: |-- url=http://127.0.0.1:8080/login
1552645566: |-- data=username=xxx&password=yyy&topic=&acc=-1&clientid=
/bin/auth_srv.sh: line 37: LOCAL_DB["${username}"]: bad array subscript
2019/03/15 11:26:06 socat[36] E waitpid(): child 37 exited with status 1
1552645870: |-- http req fail url=http://127.0.0.1:8080/login re=Server returned nothing (no headers, no data)
1552645870: |-- getuser(test) AUTHENTICATED=0 by none
1552645870: |-- getuser(test) AUTHENTICATED=N HAS_ERROR=Y => ERR_UNKNOWN
You don’t need to reflash them to change the username and password… in any case, most likely, your problem is that you have active set to true… try false and delete the username/password as you have anonymous setup.
Then, put in a real username and password in everything!
With the below configuration in HASSIo (keeping mqtt username/password as “” in the devices) tey connect, but the command are not sent/received
{
"logins": [],
"anonymous": true,
"customize": {
"active": false,
"folder": "mosquitto"
},
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
}
If I use in the device my Configuration/User password xxx/yyy) I recieve another type of error
1552653357: New client connected from 192.168.1.176 as oven (c1, k10, u'xxx').
1552653357: |-- mosquitto_auth_acl_check(..., client id not available, xxx, tele/oven/LWT, MOSQ_ACL_WRITE)
1552653357: |-- url=http://127.0.0.1:8080/superuser
1552653357: |-- data=username=xxx&password=&topic=&acc=-1&clientid=
1552653357: |-- aclcheck(xxx, tele/oven/LWT, 2) SUPERUSER=Y by http
1552653357: |-- Cached [49BB42F66FDED0458ABA68CE158C9B794D5375FF] for (client id not available,xxx,2)What happens if you configure one of the switches with a Home Assistant user? (The one you use to login to Home Assistant)?
just did, and edited my previous message: I receive another type of error shown in previous post
Please note the
mosquitto_auth_acl_check(..., client id not available
in the log, but acl should be disabled (active=false in addon config)
Now it gets interesting: I created a new User/password in Configuration/User … I put this User/password in a MQTT client (Windows MQTTFx) and it works!!!
Then I created another User/password in Configuration/User … I put this User/password on a tasmotized Sonoff (Tasmota 6.3.0) under MQTT username and password and … shit … error STRANGE!
See the log it says it found mqtt_oven (my MQTT User in the tasmotized switch which I added in Configuration/User) but then it says Client id not available
1552654496: New connection from 192.168.1.176 on port 1883.
1552654496: |-- mosquitto_auth_unpwd_check(mqtt_oven)
1552654496: |-- ** checking backend http 1552654496: |-- url=http://127.0.0.1:8080/login
1552654496: |-- data=username=mqtt_oven&password=tyyy&topic=&acc=-1&clientid= [INFO] found mqtt_oven on Home Assistant
1552654497: |-- getuser(mqtt_oven) AUTHENTICATED=1 by http
1552654497: New client connected from 192.168.1.176 as Oven power plug (c1, k10, u'mqtt_oven'). 1552654497: |-- mosquitto_auth_acl_check(..., client id not available, mqtt_oven, tele/oven/LWT, MOSQ_ACL_WRITE)
1552654497: |-- url=http://127.0.0.1:8080/superuser
1552654497: |-- data=username=mqtt_oven&password=&topic=&acc=-1&clientid= 1552654497: |-- aclcheck(mqtt_oven, tele/oven/LWT, 2) SUPERUSER=Y by http
1552654497: |-- Cached [E5559032A0E63158A1F7E8F16DB9946439D1C3E5] for (client id not available,mqtt_oven,2)
1 Like
Someone yesterday didn’t have the right broker IP address in their switch???
I did the same when I updated and this was fix for me.
Sorry I do not understand, whch fix? IP address of mqtt server is correct