date:20180219

networkmanager permissions problem

2018-02-19 Thread John Frankish

I've previously compiled modemmanager and networkmanager from source on x86_64 
(non-systemd) and they work fine.

Using basically the same method on an RPi3 (non-systemd) - I get permissions 
problems.

I've compiled both (ModemManager-1.6.12, NetworkManager-1.4.6) with and without 
polkit, but both give a permissions error on starting nm-dispatcher.

I've tried starting nm-dispatcher and polkitd directly as root (the dbus and 
networkmanager daemons are running as root) and neither give errors.

Note also that eth0 is already running using udhcpc before starting 
networkmanager to enable an ssh connection.

Any trouble shooting suggestions would be much appreciated.

--

Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.5505] 
NetworkManager (version 1.4.6) is starting...
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.5507] 
Read config: /usr/local/etc/NetworkManager/nm-system-settings.conf
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.5766] 
manager[0xdd0028]: monitoring kernel firmware directory '/lib/firmware'.
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6028] 
dns-mgr[0xdda440]: init: dns=default, rc-manager=symlink
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6176] 
rfkill0: found WiFi radio killswitch (at 
/sys/devices/platform/soc/3f30.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1/ieee80211/phy0/rfkill0)
 (driver brcmfmac)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6183] 
manager[0xdd0028]: WiFi hardware radio set enabled
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6184] 
manager[0xdd0028]: WWAN hardware radio set enabled
Feb 18 05:55:02 box daemon.notice dbus[2961]: [system] Activating service 
name='org.freedesktop.nm_dispatcher' (using servicehelper)
Feb 18 05:55:02 box daemon.notice dbus[2961]: [system] Activated service 
'org.freedesktop.nm_dispatcher' failed: Failed to execute program 
org.freedesktop.nm_dispatcher: Permission denied
Feb 18 05:55:02 box daemon.err NetworkManager[2966]:  [1518933302.6487] 
dispatcher: could not get dispatcher proxy! Error calling StartServiceByName 
for org.freedesktop.nm_dispatcher: 
GDBus.Error:org.freedesktop.DBus.Error.Spawn.ExecFailed: Failed to execute 
program org.freedesktop.nm_dispatcher: Permission denied
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6495] 
settings: loaded plugin keyfile: (c) 2007 - 2015 Red Hat, Inc.  To report bugs 
please use the NetworkManager mailing list.
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6565] 
settings: hostname: couldn't get property from hostnamed
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6585] 
dhcp-init: Using DHCP client 'dhcpcd'
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6587] 
manager: WiFi enabled by radio killswitch; enabled by state file
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6589] 
manager: WWAN enabled by radio killswitch; enabled by state file
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6590] 
manager: Networking is enabled by state file
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6594] 
Loaded device plugin: NMVxlanFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6595] 
Loaded device plugin: NMVlanFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6596] 
Loaded device plugin: NMVethFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6598] 
Loaded device plugin: NMTunFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6599] 
Loaded device plugin: NMMacvlanFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6600] 
Loaded device plugin: NMIPTunnelFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6601] 
Loaded device plugin: NMInfinibandFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6603] 
Loaded device plugin: NMEthernetFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6604] 
Loaded device plugin: NMBridgeFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6605] 
Loaded device plugin: NMBondFactory (internal)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.6951] 
Loaded device plugin: NMWwanFactory 
(/usr/local/lib/NetworkManager/libnm-device-plugin-wwan.so)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.7082] 
Loaded device plugin: NMWifiFactory 
(/usr/local/lib/NetworkManager/libnm-device-plugin-wifi.so)
Feb 18 05:55:02 box daemon.info NetworkManager[2966]:   [1518933302.7240] 
Loaded device plugin: NMBluezManager 
(/usr/local/lib/NetworkManager/libnm-device-plugin-bluetooth.so)
Feb 18 05:55:02 box daemon.inf

nmcli can't astablish connection to radius server with wpa eap tls

2018-02-19 Thread Iris Fiedler

Debian: 9.3 
network-manager: 1.6.2-3

cat /etc/NetworkManager/system-connections/wlan0
[connection]
id=wlan0x0
uuid=ec4bcd13-d3e1-4707-b844-9b8c3821b7ac
type=wifi
interface-name=wlan0
permissions=

[wifi]
mac-address=80:1F:02:F2:2B:53
mac-address-blacklist=
mode=infrastructure
ssid=Linksys02355

[wifi-security]
auth-alg=open
key-mgmt=wpa-eap

[802-1x]
ca-cert=/var/opt/telemotive/etc/cert/ca.pem
client-cert=/var/opt/telemotive/etc/cert/client.p12
eap=tls;
identity=testUser1
password=testUser11
private-key=/var/opt/telemotive/etc/cert/client.p12
private-key-password=testCert1

[ipv4]
dns-search=
method=auto
never-default=true

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
never-default=true


freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3)
Konfigured as wpa-eap tls with identity and password.

radius-tls.log 
(35)   Invalid user: [testUser1/] (from client 
192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
(35)   Rejected in post-auth: [testUser1/] (from 
client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
(35)   Login incorrect: [testUser1/] (from client 
192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)

As you can see the User-Password attribute is missing. Although the password in 
nmcli was set.

This is what nmcli is responding with:
nmcli device connect wlan0 
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli 
cannot ask without '--ask' option.
Error: Connection activation failed: (7) Secrets were required, but not 
provided.

nmcli -a  device connect wlan0 
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Identity (802-1x.identity): testUser1
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Private key password (802-1x.private-key-password): 
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Identity (802-1x.identity): testUser1

Even here no user password is asked!!!

I created a new user without password. Although the radius server accepted the 
authentication no connection was established!!!

It confused me so I checkt if a wpa eap ttls-pap would work. 
After reconfiguration of nmcli and radius server it worked without problems.
So I think this is only a tls problem.
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

networkmanager permissions problem

nmcli can't astablish connection to radius server with wpa eap tls

2 matches

Site Navigation

Mail list logo

Footer information