[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176
--- Comment #22 from Aleksei ---
(In reply to muddlehead from comment #21)
> Thanks, Aleksei!
>
> That point me in the right direction. In my case I had to add an additional
> rule (see below). I assume that both might be needed, the first one in case
> you want to store the connections system-wide and the second for user-only
> connections (but I'm not really sure about that).
> With the following rules everything works fine now (thanks to everyone here):
>
> cat
> /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.
> modify.system.rules
> // Let users in plugdev group modify NetworkManager
> polkit.addRule(function(action, subject) {
>
> if (action.id == "org.freedesktop.NetworkManager.settings.modify.system"
> && subject.isInGroup("plugdev")) {
> return yes";
> }
> if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" &&
> subject.isInGroup("plugdev")) {
> return "yes"; }
> });
FYI, there is another example at a wiki page
https://wiki.gentoo.org/wiki/NetworkManager#Fixing_nm-applet_insufficient_privileges
--
You are receiving this mail because:
You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176
--- Comment #21 from muddleh...@gmx.net ---
Thanks, Aleksei!
That point me in the right direction. In my case I had to add an additional
rule (see below). I assume that both might be needed, the first one in case you
want to store the connections system-wide and the second for user-only
connections (but I'm not really sure about that).
With the following rules everything works fine now (thanks to everyone here):
cat
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules
// Let users in plugdev group modify NetworkManager
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
subject.isInGroup("plugdev")) {
return yes";
}
if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" &&
subject.isInGroup("plugdev")) {
return "yes"; }
});
--
You are receiving this mail because:
You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Jan Grulich changed: What|Removed |Added Resolution|--- |WONTFIX Status|REOPENED|RESOLVED --- Comment #20 from Jan Grulich --- In this case it's a problem system configuration and not in plasma-nm. You need access to modify your connections in NetworkManager in order to activate them. -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176
--- Comment #19 from Aleksei ---
Spent a few minutes to get logs. So the following rule activates polkit
logging:
// Let users in plugdev group control NetworkManager
polkit.addRule(function(action, subject) {
if (subject.isInGroup("plugdev")) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
}
});
I cannot connect to vpn and see in my syslogs:
Oct 4 11:56:23 dev-host polkitd[2593]:
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4:
action=[Action id='org.freedesktop.NetworkManager.network-control']
Oct 4 11:56:23 dev-host polkitd[2593]:
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5:
subject=[Subject pid=16321 user='user'
groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session=''
local=true active=false]
Oct 4 11:56:23 dev-host polkitd[2593]:
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4:
action=[Action id='org.freedesktop.NetworkManager.settings.modify.system']
Oct 4 11:56:23 dev-host polkitd[2593]:
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5:
subject=[Subject pid=16244 user='user'
groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session=''
local=false active=false]
Oct 4 11:56:23 dev-host polkitd[2593]:
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4:
action=[Action id='org.freedesktop.NetworkManager.settings.modify.system']
Oct 4 11:56:23 dev-host polkitd[2593]:
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5:
subject=[Subject pid=16244 user='user'
groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session=''
local=false active=false]
The contents of default
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules
in my Gentoo
// Let users in plugdev group modify NetworkManager
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
subject.isInGroup("plugdev") && subject.active) {
return "yes";
}
});
Have you noticed `&& subject.active` at the end of condition? Let's remove it!
cat
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules
// Let users in plugdev group modify NetworkManager
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
subject.isInGroup("plugdev")) {
return "yes";
}
});
Finally I see another try to connect is successful! Have no idea how NM
interacts with polkit, but hope it somehow helps for further investigation.
--
You are receiving this mail because:
You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176
--- Comment #18 from Aleksei ---
sorry, my bad
the correct contents follow:
cat
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.network-control.rules
// Let users in plugdev group control NetworkManager
polkit.addRule(function(action, subject) {
if (subject.isInGroup("plugdev")) {
return "yes";
}
});
I'm not experienced with polkit, probably adding rules to log like:
polkit.addRule(function(action, subject) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
});
can help with this investigation.
--
You are receiving this mail because:
You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176
Aleksei changed:
What|Removed |Added
CC||alexo@gmail.com
--- Comment #17 from Aleksei ---
Hi,
I added the following polkit rule as a workaround that helps me:
cat
/usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.network-control.rules
// Let users in plugdev group control NetworkManager
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.network-control" &&
subject.isInGroup("plugdev")) {
return "yes";
}
});
--
You are receiving this mail because:
You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Michael Palimaka changed: What|Removed |Added CC||kensing...@gentoo.org -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Paul Moore changed: What|Removed |Added CC||pcmo...@umich.edu -- You are receiving this mail because: You are watching all bug changes.
[plasma-nm] [Bug 360176] [Openconnect] openconnect fails with "Necessary secrets were not provided"
https://bugs.kde.org/show_bug.cgi?id=360176 Jan Grulich changed: What|Removed |Added Summary|openconnect fails with |[Openconnect] openconnect |"Necessary secrets were not |fails with "Necessary |provided" |secrets were not provided" -- You are receiving this mail because: You are watching all bug changes.
