MQTT - Authentication

This Forum is about the Opentherm gateway (OTGW) from Schelte

Moderator: hvxl

Post Reply
nickyb2
Starting Member
Starting Member
Posts: 7
Joined: Mon Nov 09, 2015 4:51 pm

MQTT - Authentication

Post by nickyb2 »

Hello,

I'm trying to connect my OTmonitor to a MQTT bus (mosquitto). When i configure mosquitto to use NO AUTHENTICATION it works like a charm, however when i wish to use authentication to message are not sent to mosquitto.
My username/password combination is correct, since when i use mosquitto_pub/sub it all works.

My config for otmonitor:

Code: Select all

mqtt {
  enable true
  broker 192.168.153.1
  port 1883
  devicetype central_heating
  deviceid otmonitor
  format simple
  username otmonitor
  password [redacted]
  retransmit 10
  qos 1
  keepalive 120
  messages false
  client zonnestroom-otmonitor
}
And i get these errors:

Code: Select all

./otmonitor-ahf --daemon -f /opt/zonnestroom/otgw/etc/otmonitor.conf
can not find channel named ""
    while executing
"read $fd 1"
    (class "::mqtt" method "receive" line 3)
    invoked from within
"my receive"
    (class "::mqtt" method "listen" line 26)
    invoked from within
"my listen"
    (class "::mqtt" method "init" line 9)
    invoked from within
"my init $host $port"
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro connect sock13d4780"
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro receive"
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 20"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 21"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 22"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 23"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 24"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 25"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 26"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 27"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 28"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 29"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 30"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 31"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 32"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 33"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 34"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 35"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 36"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 37"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 38"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 39"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 40"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 41"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 42"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 43"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 44"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 45"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 46"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 47"
    ("after" script)
invalid command name "::oo::Obj12_coro"
    while executing
"::oo::Obj12_coro retransmit SUBSCRIBE 48"
    ("after" script)
Is this a bug, or did i configure it wrong?

Thanks.
Nicky
hvxl
Senior Member
Senior Member
Posts: 1965
Joined: Sat Jun 05, 2010 11:59 am
Contact:

Re: MQTT - Authentication

Post by hvxl »

You should never get a stack trace like that, so there is a bug somewhere. However, looking at the source code I cannot imagine how this error can happen. Also, MQTT with authentication works fine when I try it myself.

Would it be possible for you to run mosquitto with the -v option and report (the first part of) the log it produces?
Schelte
nickyb2
Starting Member
Starting Member
Posts: 7
Joined: Mon Nov 09, 2015 4:51 pm

Re: MQTT - Authentication

Post by nickyb2 »

mosquitto.conf

Code: Select all

pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
password_file /etc/mosquitto/passwd
allow_anonymous false
log_type all
There is not much info in it. The 192.168.153.7 is a PI which runs the otmonitor-afh
mosquitto.log

Code: Select all

1466771999: mosquitto version 1.4.8 terminating
1466772000: mosquitto version 1.4.8 (build date Fri, 19 Feb 2016 12:03:16 +0100) starting
1466772000: Config loaded from /etc/mosquitto/mosquitto.conf.
1466772000: Opening ipv4 listen socket on port 1883.
1466772000: Opening ipv6 listen socket on port 1883.
1466772021: New connection from 192.168.153.7 on port 1883.
1466772021: Sending CONNACK to 192.168.153.7 (0, 5)
1466772021: Socket error on client <unknown>, disconnecting.
1466772021: New connection from 192.168.153.7 on port 1883.
1466772021: Sending CONNACK to 192.168.153.7 (0, 5)
1466772021: Socket error on client <unknown>, disconnecting.
1466772021: New connection from 192.168.153.7 on port 1883.
hvxl
Senior Member
Senior Member
Posts: 1965
Joined: Sat Jun 05, 2010 11:59 am
Contact:

Re: MQTT - Authentication

Post by hvxl »

That log indicates that mosquitto doesn't have the username in its password file (CONNACK return code 5). So either you made a typo there, or otmonitor is sending the wrong username. You can check that last possibility by switching off authentication on mosquitto and run it with -v again. It will then report the username that the client connects with. In your case that should be something like:
  • 1466784084: New client connected from 192.168.153.7 as zonnestroom-otmonitor (c1, k60, u'otmonitor').
If that's what you get, the problem must be in your password file.
Schelte
nickyb2
Starting Member
Starting Member
Posts: 7
Joined: Mon Nov 09, 2015 4:51 pm

Re: MQTT - Authentication

Post by nickyb2 »

Lots more logs, just trying to supply a lot of info.

First, all the logs of when it goes wrong.. WITH authentication.

As you can see, the otmonitor user exists and it works with mosquitto_sub.

Code: Select all

pi@zonnestroom:~ $ mosquitto_sub -d -t '$SYS/broker/load/bytes/sent/1min' -v -h 192.168.153.1 -u otmonitor -P 'iGIzbBvCnAskg96wu3Gt'
Client mosqsub/10940-zonnestro sending CONNECT
Client mosqsub/10940-zonnestro received CONNACK
Client mosqsub/10940-zonnestro sending SUBSCRIBE (Mid: 1, Topic: $SYS/broker/load/bytes/sent/1min, QoS: 0)
Client mosqsub/10940-zonnestro received SUBACK
Subscribed (mid: 1): 0
Client mosqsub/10940-zonnestro received PUBLISH (d0, q0, r1, m0, '$SYS/broker/load/bytes/sent/1min', ... (7 bytes))
$SYS/broker/load/bytes/sent/1min 2841.09
Client mosqsub/10940-zonnestro received PUBLISH (d0, q0, r0, m0, '$SYS/broker/load/bytes/sent/1min', ... (7 bytes))
$SYS/broker/load/bytes/sent/1min 2412.69
^C
My otmonitor.conf, just so that we can verify i have the correct values filled in for username and password.

Code: Select all

pi@zonnestroom:~ $ more /opt/zonnestroom/otgw/etc/otmonitor.conf | grep -A 14 mqtt
mqtt {
  enable true
  broker 192.168.153.1
  port 1883
  devicetype central_heating
  deviceid otmonitor
  format simple
  username otmonitor
  password iGIzbBvCnAskg96wu3Gt
  retransmit 10
  qos 1
  keepalive 120
  messages false
  client zonnestroom-otmonitor
}
The otmonitor errors.

Code: Select all

pi@zonnestroom:~ $ /opt/zonnestroom/otgw/bin/otmonitor-ahf --daemon -f /opt/zonnestroom/otgw/etc/otmonitor.conf
can not find channel named ""
    while executing
"read $fd 1"
    (class "::mqtt" method "receive" line 3)
    invoked from within
"my receive"
    (class "::mqtt" method "listen" line 26)
    invoked from within
"my listen"
    (class "::mqtt" method "init" line 9)
    invoked from within
"my init $host $port"
invalid command name "::oo::Obj12_coro"
    while executing
Mosquitto log with log_type all.

Code: Select all

root@bijmij:/etc/mosquitto# tail -f /tmp/mosquitto.log
1466831777: New connection from 192.168.153.7 on port 1883.
1466831777: Sending CONNACK to 192.168.153.7 (0, 5)
1466831777: Socket error on client <unknown>, disconnecting.
1466831777: New connection from 192.168.153.7 on port 1883.
It this point i turned authentication off as you suggested by commenting out the following two lines:

#allow_anonymous false
#password_file /etc/mosquitto/passwd

And then it starts to work.

Code: Select all

1466832002: New connection from 192.168.153.7 on port 1883.
1466832002: New client connected from 192.168.153.7 as zonnestroom-otmonitor (c1, k120, u'otmonitor').
1466832002: Sending CONNACK to zonnestroom-otmonitor (0, 0)
1466832002: Received SUBSCRIBE from zonnestroom-otmonitor
1466832002:     actions/otmonitor/+ (QoS 2)
1466832002: zonnestroom-otmonitor 2 actions/otmonitor/+
1466832002: Sending SUBACK to zonnestroom-otmonitor
1466832003: Received PUBLISH from zonnestroom-otmonitor (d0, q1, r1, m2, 'events/central_heating/otmonitor/returnwatertemperature', .
It seems that otmonitor is indeed using the user otmonitor... but, if the problem is in my password file why does the mosquitto_sub work?
I would have expected that mosquitto_sub would also not work if there was an error in my password file.

Any more ideas? Since i'm at a loss here.
hvxl
Senior Member
Senior Member
Posts: 1965
Joined: Sat Jun 05, 2010 11:59 am
Contact:

Re: MQTT - Authentication

Post by hvxl »

Strange indeed. One thing I notice is that on your mosquitto_sub command you specify the exact same value that is also stored in otmonitor.conf as the password. Did you edit otmonitor.conf by hand to set the password in there? OTmonitor stores passwords in otmonitor.conf in an encoded form, so they shouldn't be the same.

The CONNACK return code is 5, which usually points to a wrong username. But putting the configured password through the decoding algorithm produces binary data, which the MQTT specs allow, but it may not be handled correctly by my code. Maybe mosquitto also returns code 5 if the CONNECT message is corrupt.

[EDIT]: I just checked. OTmonitor correctly handles the binary data, but mosquitto indeed sends a return code of 5 in the CONNACK in this situation.
Schelte
nickyb2
Starting Member
Starting Member
Posts: 7
Joined: Mon Nov 09, 2015 4:51 pm

Re: MQTT - Authentication

Post by nickyb2 »

We solved it then. It never occurred to me that the otmonitor.conf is written by otmonitor, so yes the password in my config file was unencrypted. When i 'save' the otmonitor.conf by otmonitor i get an encrypted password which works as expected when i turn on the authentication on mosquitto..

Thanks for your help.
Post Reply

Return to “Opentherm Gateway Forum”