MQTT ACL Gateway Stats


#1

Hi There,

I just got the MQTT auth plugin working, I have configured my first gateway as a user on the loraserver and can see it connecting and authenticating. However it appears it fails the ACL check,

mosquitto_1               | 1552652006: |-- getuser(gateway1) AUTHENTICATED=1 by postgres
mosquitto_1               | 1552652006: New client connected from 10.50.24.123 as 031599e1-a71f-4a36-be36-aeb9f890eadc (c1, k30, u'gateway1').
mosquitto_1               | 1552652006: |-- mosquitto_auth_acl_check(..., client id not available, gateway1, gateway/fcc23dfffe0f36bd/tx, MOSQ_ACL_WRITE)
mosquitto_1               | 1552652006: |-- SUPERUSER: gateway1
mosquitto_1               | 1552652006: |-- user is 0
mosquitto_1               | 1552652006: |-- USERNAME: gateway1, TOPIC: gateway/fcc23dfffe0f36bd/tx, acc: 4
mosquitto_1               | 1552652006: |-- aclcheck(gateway1, gateway/fcc23dfffe0f36bd/tx, 4) AUTHORIZED=0 by none
mosquitto_1               | 1552652006: |--  Cached  [002D8EE1B761B053D6F6B99F91815B6C05BF65D2] for (client id not available,gateway1,4)
mosquitto_1               | 1552652006: |-- mosquitto_auth_acl_check(..., client id not available, gateway1, gateway/fcc23dfffe0f36bd/config, MOSQ_ACL_WRITE)
mosquitto_1               | 1552652006: |-- SUPERUSER: gateway1
mosquitto_1               | 1552652006: |-- user is 0
mosquitto_1               | 1552652006: |-- USERNAME: gateway1, TOPIC: gateway/fcc23dfffe0f36bd/config, acc: 4
mosquitto_1               | 1552652006: |-- aclcheck(gateway1, gateway/fcc23dfffe0f36bd/config, 4) AUTHORIZED=0 by none
mosquitto_1               | 1552652006: |--  Cached  [CB8DE6E843585E3531DEE3C88432C913C83ED3D2] for (client id not available,gateway1,4)

It would appear the SQL doesnt work for the ACL check to authorise access to the gateway topics. Is this even possible? Do I need to use static passwords with the gateways instead?

Thanks


#2

Yes, gateways use static auth as they are not a user at lora-app-server, which is what gets checked on Postgres ACLs.