You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using a client certificate to publish to Mosquitto, with use_identity_as_username true so I shouldn't need to enter a username and password (eg. can just use certificate authentication).
This works fine when I setup and test just locally. I cannot get it to work with the Mosquitto broker add-on in Home Assistant.
It works with the Mosquitto add-on, if I specify the username and password of a valid user, but this should not be necessary. When I test locally (setting up a local mosquitto broker), it works fine (eg. authenticating using just the client certificate/key, username/password is not necessary). As best as I can see, the use_identity_as_username true setting is not effectuated.
Using mosquitto_pub with -d option, I get the following output:
Client null sending CONNECT
Client null received CONNACK (5)
Connection error: Connection Refused: not authorised.
Error: The connection was refused.
On the Mosquitto add-on logs I see this (full log below):
2022-11-18 13:21:28: New connection from 10.0.20.82:50311 on port 8883.
error: received null username or password for unpwd check
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Mosquitto broker
What is the version of the add-on?
6.1.3
Steps to reproduce the issue
Create a set of CA, server and client certificates/keys
Configure the add-on: set require_certificate: true, customize.active: true and specify ca_file, cert_file and key_file
In /share/mosquitto place a custom configuration file eg. mosquitto.conf with use_identity_as_username true
Restart add-on
Use mosquitto_pub --cafile ca.crt --cert client.crt --key client.key -d -h <hostname> -p 8883 -t test -m "hello there"
System Health information
System Information
version
core-2022.11.3
installation_type
Home Assistant OS
dev
false
hassio
true
docker
true
user
root
virtualenv
false
python_version
3.10.7
os_name
Linux
os_version
5.15.74
arch
x86_64
timezone
Europe/Copenhagen
config_dir
/config
Home Assistant Community Store
GitHub API
ok
GitHub Content
ok
GitHub Web
ok
GitHub API Calls Remaining
4985
Installed Version
1.28.3
Stage
running
Available Repositories
1142
Downloaded Repositories
2
Home Assistant Cloud
logged_in
false
can_reach_cert_server
ok
can_reach_cloud_auth
ok
can_reach_cloud
ok
Home Assistant Supervisor
host_os
Home Assistant OS 9.3
update_channel
stable
supervisor_version
supervisor-2022.10.2
agent_version
1.4.1
docker_version
20.10.18
disk_total
30.8 GB
disk_used
4.8 GB
healthy
true
supported
true
board
ova
supervisor_api
ok
version_api
ok
installed_addons
Let's Encrypt (4.12.7), Studio Code Server (5.4.1), Terminal & SSH (9.6.1), Mosquitto broker (6.1.3)
Dashboards
dashboards
1
resources
0
mode
auto-gen
Recorder
oldest_recorder_run
November 11, 2022 at 16:31
current_recorder_run
November 18, 2022 at 11:18
estimated_db_size
35.93 MiB
database_engine
sqlite
database_version
3.38.5
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/mosquitto.sh
[13:21:18] INFO: Setting up user ams
[13:21:18] INFO: Certificates found: SSL is available
cont-init: info: /etc/cont-init.d/mosquitto.sh exited 0
cont-init: info: running /etc/cont-init.d/nginx.sh
cont-init: info: /etc/cont-init.d/nginx.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun mosquitto (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
[13:21:18] INFO: Starting NGINX for authentication handling...
s6-rc: info: service legacy-services successfully started
[13:21:18] INFO: Starting mosquitto MQTT broker...
1668774078: Loading config file /share/mosquitto/mosquitto.conf
2022-11-18 13:21:18: Warning: Mosquitto should not be run as root/administrator.
time="2022-11-18T13:21:18+01:00" level=debug msg="got 3 users from passwords file"
time="2022-11-18T13:21:18+01:00" level=debug msg="got 0 lines from acl file"
time="2022-11-18T13:21:18+01:00" level=info msg="Backend registered: Files"
time="2022-11-18T13:21:18+01:00" level=debug msg="new hasher: pbkdf2"
time="2022-11-18T13:21:18+01:00" level=info msg="Backend registered: HTTP"
time="2022-11-18T13:21:18+01:00" level=info msg="registered acl checker: files"
time="2022-11-18T13:21:18+01:00" level=info msg="registered user checker: files"
time="2022-11-18T13:21:18+01:00" level=info msg="registered superuser checker: files"
time="2022-11-18T13:21:18+01:00" level=info msg="registered acl checker: http"
time="2022-11-18T13:21:18+01:00" level=info msg="registered user checker: http"
time="2022-11-18T13:21:18+01:00" level=info msg="registered superuser checker: http"
time="2022-11-18T13:21:18+01:00" level=info msg="redisCache activated"
time="2022-11-18T13:21:18+01:00" level=info msg="started go-cache"
[13:21:19] INFO: Successfully send discovery information to Home Assistant.
[13:21:19] INFO: Successfully send service information to the Supervisor.
2022-11-18 13:21:18: mosquitto version 2.0.11 starting
2022-11-18 13:21:18: Config loaded from /etc/mosquitto/mosquitto.conf.
2022-11-18 13:21:18: Loading plugin: /usr/share/mosquitto/go-auth.so
2022-11-18 13:21:18: ├── Username/password checking enabled.
2022-11-18 13:21:18: ├── TLS-PSK checking enabled.
2022-11-18 13:21:18: └── Extended authentication not enabled.
2022-11-18 13:21:18: Opening ipv4 listen socket on port 8885.
2022-11-18 13:21:18: Opening ipv4 listen socket on port 1883.
2022-11-18 13:21:18: Opening ipv6 listen socket on port 1883.
2022-11-18 13:21:18: Opening websockets listen socket on port 1884.
2022-11-18 13:21:18: Opening ipv4 listen socket on port 8883.
2022-11-18 13:21:18: Opening ipv6 listen socket on port 8883.
2022-11-18 13:21:18: Opening websockets listen socket on port 8884.
2022-11-18 13:21:18: mosquitto version 2.0.11 running
2022-11-18 13:21:18: New connection from 127.0.0.1:39048 on port 1883.
2022-11-18 13:21:18: Client <unknown> closed its connection.
2022-11-18 13:21:28: New connection from 10.0.20.82:50311 on port 8883.
error: received null username or password for unpwd check
Additional information
No response
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe the issue you are experiencing
I'm using a client certificate to publish to Mosquitto, with
use_identity_as_username true
so I shouldn't need to enter a username and password (eg. can just use certificate authentication).This works fine when I setup and test just locally. I cannot get it to work with the Mosquitto broker add-on in Home Assistant.
It works with the Mosquitto add-on, if I specify the username and password of a valid user, but this should not be necessary. When I test locally (setting up a local mosquitto broker), it works fine (eg. authenticating using just the client certificate/key, username/password is not necessary). As best as I can see, the
use_identity_as_username true
setting is not effectuated.Using mosquitto_pub with -d option, I get the following output:
On the Mosquitto add-on logs I see this (full log below):
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Mosquitto broker
What is the version of the add-on?
6.1.3
Steps to reproduce the issue
require_certificate: true
,customize.active: true
and specify ca_file, cert_file and key_fileuse_identity_as_username true
mosquitto_pub --cafile ca.crt --cert client.crt --key client.key -d -h <hostname> -p 8883 -t test -m "hello there"
System Health information
System Information
Home Assistant Community Store
Home Assistant Cloud
Home Assistant Supervisor
Dashboards
Recorder
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
Additional information
No response
The text was updated successfully, but these errors were encountered: