Mqtt connection with acl does not register chirpstack

I have a rak 7268 configured to connect by authenticated mqtt to a chirpstack, where I have mosquito with authentication and acl`s.
In the mosquito configuration file /etc/mosquito/config/auth.conf, I indicate the path to the acl file, and in this acl file, I indicate that the user used by the gateway has full rights on all topics.
No matter what you put, the moment I activate the acl control in mosquito, the gateway does register in mosquito, but then in chirspack it does not connect.
Thanks and best regards

I am having the same issue! Did you manage to solve it?

Only if use the same user/password that used in module bridge gateway of chirpstack

Hello man, sorry, but I didnt understand your answer :frowning: Can you help me?

I have 3 users/passwords: chirpstack_ns, chirpstack_as and chirpstack_gw. And I added the path to them in auth.conf and in their respectively toml files. My problem is the same you have. When I restart mosquitto with this config, my gateway and device turn off on chirpstack and I stop receiving their data. (with no acls and password, the datas works fine).

I dont know where my mistake is, once I followed MQTT authentication & authorization - ChirpStack open-source LoRaWAN<sup>®</sup> Network Server

sorry for the brevity of the previous message … it was on the phone and without a translator :))

I tell you more specifically … what I am referring to is that the user / password that you indicate in the mosquito acl file, the one you use in the toml file corresponding to the chirpstack_gw module, that user and password is the one you have to indicate in the mtqq configuration section of the gateway.

In short, if in the toml file of the chirpstack module you indicate to use the user “chirpstack_gw” and passwor “123456”, then in the gateway you have to use that same user / password

I hope you understand me

Hello @dcuadras
Actually, I forgot to configure my chirpstack-gateway-bridge.toml file with user/password, but now I’m having another problem hahaha

When I run “tail -f /var/log/syslog”, I have this logs:

Jul 16 17:00:07 inovfablab chirpstack-gateway-bridge[1144]: time=“2021-07-16T17:00:07.830741227-03:00” level=info msg=“integration/mqtt: subscribing to topic” qos=0 topic=“gateway/b827ebfffe2debef/command/#”

Jul 16 17:00:07 inovfablab chirpstack-gateway-bridge[1144]: time=“2021-07-16T17:00:07.830847147-03:00” level=error msg=“integration/mqtt: subscribe gateway error” error=“subscribe topic error: not currently connected and ResumeSubs not set” gateway_id=b827ebfffe2debef

I know that this line: “gateway/b827ebfffe2debef/command/#” is about the gateway-bridge toml, but what is causing this issue I really dont know.

Any thoughts?


That error gives you having control of acl activated in mosquito? …
If so, you have to indicate a username / password in all toml files, otherwise it will not connect and it will not subscribe.

You can try to indicate
in the file (/etc/mosquitto/conf.d/auth.conf)
the line “allow_anonymous false”, which will allow connections to mosquito with and without authenticating.

All the best

hello @dcuadras

Yes, without acls and password, my whole network works well! my chirpstack app server shows the data of my devices, gateway etc. My “mosquitto_sub -t “topic”” shows data too. But when I configure mosquitto, everything goes down.

I dont know what Im doing wrong, because everything seems to be right!

My gateway-bridge toml file has:
user: chirpstack_gw
password: 1234 (this is not the password, only for demo)

application-server toml:
user: chirpstack_as
psswd: 1234

user: chirpstack_ns
psswd: 1234

my acls file:

user chirpstack_gw
topic write gateway/+/event/+
topic read gateway/+/command/+

user chirpstack_ns
topic read gateway/+/event/+
topic write gateway/+/command/+

user chirpstack_as
topic write application/+/device/+/event/+
topic read application/+/device/+/command/+

my auth.conf:

allow_anonymous false
password_file /etc/mosquitto/passwd
acl_file /etc/mosquitto/acls

@dcuadras and now I’m having this logs:

Jul 20 16:49:45 inovfablab chirpstack-gateway-bridge[1130]: time=“2021-07-20T16:49:45.459729195-03:00” level=error msg=“integration/mqtt: connection error” error=“not Authorized”

Jul 20 16:49:45 inovfablab chirpstack-gateway-bridge[1130]: time=“2021-07-20T16:49:45.459667017-03:00” level=error msg="[client] Failed to connect to a broker" module=mqtt

Jul 20 16:49:45 inovfablab chirpstack-gateway-bridge[1130]: time=“2021-07-20T16:49:45.459591947-03:00” level=error msg="[client]
Connecting to tcp:// CONNACK was not CONN_ACCEPTED, but rather Connection Refused: Not Authorised" module=mqtt

well it’s weird … everything seems correct …
One thing, in mosquito, the creation of user / password I suppose you do it with the command:
“” mosquitto_passwd -c / etc / mosquitto / passwd chirpstack_ns “”
“” mosquitto_passwd / etc / mosquitto / passwd chirpstack_as “”

(Attention to the “-c” of the first line, only put it the first time, otherwise, it will overwrite the entries in the password file)

Yes, I used this command to generate all my users. I followed this guide and added my users to their toml files. I really dont know what I can do more to discover whats wrong

Anyway, tks for the help! If I figure it all, I come back here to show the solution