Mosquitto 6.1.x with mosquitto-go-auth spams "error: received null username, ..." #2474
Comments
|
Do you use the tasmota integration by any chance? |
|
No, i don't have tasmota integration
|
|
Hm ok. Was chatting with another user seeing something similar from tasmota so I figured I'd ask. Do you know which device/integration/application is trying to publish those messages which causes those errors? If so can you link so I can look at how it is connecting? |
|
I have two smart controllers Wiren Board with debian9 based system and some custom services. MQTT is the main message bus on the controller. It's also mosquitto used as MQTT broker, version 1.4.15 (with some modification, sources on GitHub). The settings on both controllers are the same (just topic names are differ), but messages from one of controllers have no issues, while from another produce errors. Settings of mosquitto from "buggy" controller: mosquitto.conf conf.d/bridge.conf On Mosquitto HA add-on side settings are default. Just added HA user for authorization. |
|
So you shouldn't have to do this but if you uninstall and reinstall the addon what happens? Does that fix the error? In chatting with another user about this I'm getting the impression there is something cached about auth that's creating issues with the acl check. I'm working on adding some debug logging to help but after reinstalling they were able to eliminate the error. |
|
I was also experiencing this issue and found that it was due to retained or cached but unavailable mqtt entities which were being pulled in to the mqtt integration. I removed both the add-on and the mqtt integration, rebooted, and then installed the add-on and mqtt integration and the errors stopped appearing. |
|
im use espurino https://github.com/espruino/EspruinoHub project. it can't connect with mosquitto too? after upgrade |
Well, I uninstalled addon, restart HA core, installed addon back and reconfigured MQTT integration (wrote new password for 'homeassistant' user). Connection to addon's mosquitto server works well but there is nothing about new connections in the addon's log. Is it cached somewhere in the docker container? All I see in the log for now is: It's about 1 hour from addon start, 3 external clients connected since (and also internal from HA integration). It the addon /etc/mosquitto/mosquitto.conf has such lines: But now there is no spam from mosquitto-go-auth, it's good! :) |
|
@tayanov From the installation notes for espurino:
Seems like this software requires anonymous connections be allowed on the broker to function. I don't know why they would make it this way but this won't work anymore. Anonymous connections were supposed to be disabled a while ago with #2007 but apparently there was a bug that still allowed them. Now they are actually disabled in the latest version because Mosquitto came to the same conclusion we did: allowing anonymous connections is a bad security practice. You can enable this for yours by using the customize option to set |
|
So to summarize for anyone coming here facing this issue. I'm gathering that its somehow caused by old retained messages on the broker sent by software you don't use anymore but used to. Particular software that supported Home Assistant discovery as those messages are always posted with I don't really know why this is as I'm not familiar enough with the internal workings of Mosquitto. I would guess some part of the credentials used to post the message are cached in these somehow but I'm really not sure. The simple fix appears to be this:
You might be able to fix this without an uninstall if you connect to the broker with something like MQTT Explorer and specifically delete the stale retained messages. But you'd have to know which ones were stale and I'm not certain this will work as so far all users have gone the uninstall and reinstall route. Sorry about this. Wish I knew more about why exactly this happens but at least the solution is fairly simple. |
Is it still possible to explicitely allow anonymous access to the MQTT broker? However, after updating to 6.1.1 I no longer can get anonymous access working. #2007 says: "Support for anonymous logins has been removed", not that it is now disabled by default. |
|
Hi, I am experiencing the same issue, have multiple devices, connecting from: room-assistant, tasmota and pisomfy these all work, however I have some dotnet containers I coded using mqttnet library and these are all failing on authentication now. I have removed, re-installed the add-on and the integration, but it is still failing. The containers fail with " (Connecting with MQTT server failed (NotAuthorized).)" and there is an error in the mosquito add-on log of "error: received null username or password for unpwd check". Just realised I can roll back with a Hassio backup, I have gone back to 6.0.1 and it all works |
|
Just to update, and hopefully this may help, I forgot to uncheck the auto update so after rolling back it updated overnight and it broke again. After spending a bit of time going through code, I had been using the .WithUserProperty("username","password") as part of the MqttClientOptionsBuilder from the mqttnet library, instead I used the .WithCredentials("username","password") and it now works. |
|
@JohanBraeken Yes the intent of that PR was actually to remove anonymous logins but as I noted it didn't actually remove that support until this release. This was a mistake that turned this one into a breaking change but the intent all along was to remove a security issue. That being said if you really want to use anonymous logins you should be able to using the customize option. This option lets you customize your mosquitto configuration file with additional options not in the addon config. Using this you should be able to add |
|
So a device needs to know the ip address of the ha, the user name, and the password, then the device can be "autodiscovered", if you have a fleet, then they need to do this via dhcp. |
|
I'm still getting this error on 6.1.2, is there a fix planned for this? I'm not sure i understand the workarounds in the chat, and I can't go back to an old backup since it's a fresh home assistant |
|
I ended up here also: |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Also having this issue! |
|
I added allow_anonymous: true and still getting same errors. |
|
I have this issue on HAOS but cannot find config file. It is nowhere.. |
HI, can you tell me please what about this realtion between this problem and Tasmota ?? I have arround 40 devices in Tasmota, and I havce this problen in my mosquitto server as well. Thanks |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
I upgrade my HA to last version today and actually i have this issue. 1 of my 6 mqqt equipaments stops working. It's possible to listen all in mosquitto broker but 1 of 6 equipment doesn't show on equipments list |
mdegat01, thank you for the tip, it solved the problem for me and I only de- and reinstalled the add-on mqtt. |
Describe the issue you are experiencing
After upgrade Mosquitto add-on to 6.1.1 I've got a spam in add-on's log with a line:
I enabled debug output for mosquitto and found after a message from one of external devices I always got this error. Second devices with the same bridge configuration works well. There are two lines in the debug mode:
It's interesting I anyway got the data to 'wb1/#' topic, but also have a huge spam as I have continuous flow of data especially from wirenboard-A4JBKLBD.wb2hass ('wb1/#').
I found this error text in the mosquitto-go-auth plugin sources but see no reason to get this message as have no difference between device with 'wb1/#' and one with 'wb2/#' messages.
I've tried to add usernames for mqtt clients in the add-on config, before I used HA accounts. mosquitto spams the error anyway.
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Mosquitto broker
What is the version of the add-on?
6.1.1
Steps to reproduce the issue
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: