[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 --- Comment #22 from Aleksei --- (In reply to muddlehead from comment #21) > Thanks, Aleksei! > > That point me in the right direction. In my case I had to add an additional > rule (see below). I assume that both might be needed, the first one in case > you want to store the connections system-wide and the second for user-only > connections (but I'm not really sure about that). > With the following rules everything works fine now (thanks to everyone here): > > cat > /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings. > modify.system.rules > // Let users in plugdev group modify NetworkManager > polkit.addRule(function(action, subject) { > > if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" > && subject.isInGroup("plugdev")) { > return yes"; > } > if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" && > subject.isInGroup("plugdev")) { > return "yes"; } > }); FYI, there is another example at a wiki page https://wiki.gentoo.org/wiki/NetworkManager#Fixing_nm-applet_insufficient_privileges -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 --- Comment #21 from muddleh...@gmx.net --- Thanks, Aleksei! That point me in the right direction. In my case I had to add an additional rule (see below). I assume that both might be needed, the first one in case you want to store the connections system-wide and the second for user-only connections (but I'm not really sure about that). With the following rules everything works fine now (thanks to everyone here): cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules // Let users in plugdev group modify NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev")) { return yes"; } if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" && subject.isInGroup("plugdev")) { return "yes"; } }); -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Jan Grulich changed: What|Removed |Added Resolution|--- |WONTFIX Status|REOPENED|RESOLVED --- Comment #20 from Jan Grulich --- In this case it's a problem system configuration and not in plasma-nm. You need access to modify your connections in NetworkManager in order to activate them. -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 --- Comment #19 from Aleksei --- Spent a few minutes to get logs. So the following rule activates polkit logging: // Let users in plugdev group control NetworkManager polkit.addRule(function(action, subject) { if (subject.isInGroup("plugdev")) { polkit.log("action=" + action); polkit.log("subject=" + subject); } }); I cannot connect to vpn and see in my syslogs: Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4: action=[Action id='org.freedesktop.NetworkManager.network-control'] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5: subject=[Subject pid=16321 user='user' groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session='' local=true active=false] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4: action=[Action id='org.freedesktop.NetworkManager.settings.modify.system'] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5: subject=[Subject pid=16244 user='user' groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session='' local=false active=false] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4: action=[Action id='org.freedesktop.NetworkManager.settings.modify.system'] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5: subject=[Subject pid=16244 user='user' groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session='' local=false active=false] The contents of default /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules in my Gentoo // Let users in plugdev group modify NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev") && subject.active) { return "yes"; } }); Have you noticed `&& subject.active` at the end of condition? Let's remove it! cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules // Let users in plugdev group modify NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev")) { return "yes"; } }); Finally I see another try to connect is successful! Have no idea how NM interacts with polkit, but hope it somehow helps for further investigation. -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 --- Comment #18 from Aleksei --- sorry, my bad the correct contents follow: cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.network-control.rules // Let users in plugdev group control NetworkManager polkit.addRule(function(action, subject) { if (subject.isInGroup("plugdev")) { return "yes"; } }); I'm not experienced with polkit, probably adding rules to log like: polkit.addRule(function(action, subject) { polkit.log("action=" + action); polkit.log("subject=" + subject); }); can help with this investigation. -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Aleksei changed: What|Removed |Added CC||alexo@gmail.com --- Comment #17 from Aleksei --- Hi, I added the following polkit rule as a workaround that helps me: cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.network-control.rules // Let users in plugdev group control NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.network-control" && subject.isInGroup("plugdev")) { return "yes"; } }); -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Michael Palimaka changed: What|Removed |Added CC||kensing...@gentoo.org -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Paul Moore changed: What|Removed |Added CC||pcmo...@umich.edu -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Jan Grulich changed: What|Removed |Added Summary|openconnect fails with |[Openconnect] openconnect |"Necessary secrets were not |fails with "Necessary |provided" |secrets were not provided" -- You are receiving this mail because: You are watching all bug changes.