I've been having this problem since 5.3.x. In my logs there's an error showing: Mar 6 17:40:30 Binge NetworkManager[2447]: <error> [1457304030.649898] [/mnt/gentoo/var/tmp/portage/net-misc/networkmanager-1.0.10-r1/work/NetworkManager-1.0.10/src/vpn-manager/nm-vpn-connection.c:1918] plugin_need_secrets_cb(): ([edited out]) final secrets request failed to provide sufficient secrets
Hi, I have exactly the same issue using plasma-nm 5.5.5 on Gentoo. VPN connection works from command line with nmcli with --ask option. The vpn secrets dialog does not save username and password in kwallet even when the according option is set.
Information from [1] would be helpful to identify your problem. [1] - https://techbase.kde.org/Projects/Solid/Plasma-nm#Plasma-nm_doesn.27t_remember_my_password
$> if `qdbus org.kde.kded5 /kded org.kde.kded5.loadedModules | grep networkmanagement > /dev/null`; then echo "running"; else echo "not running"; fi running
I need all the information (including NM log and also the debug output from kded as described in the link above).
Created attachment 97743 [details] Networkmanager messages from /var/log/messages Sorry for the delay. I'm using openrc instead of systemd so there is no journalctl. I copied the relevant messages from /var/log/messages instead. For creating the debug information in /var/log/messages I first connected to the vpn by nmcli. After closing the connection, I tried again with plasma-nm.
Created attachment 97744 [details] nmcli connection show
Created attachment 97745 [details] nm log I found out the if I kill/restart the kded5 service, plasma-nm is able to create the connection.
Created attachment 97747 [details] kded5 restart log plasma-nm worked after this kded5 restart. (attachment 97745 [details] was is the log of a plasmashell restart)
Hmm, that's interesting. Do other connections work with our kded5 module without restarting (e.g. wireless connections)?
My wifi connections work as expected. The passwords are fetched from my kwallet. If no kwallet is open, openconnect (or plasma-nm) initiates the kwallet password dialog, but does not read from/write to it.
Some more (hopefully useful) information: I deleted all vpn connections and recreated a new openconnect vpn in connection editor. Then I tried to connect (without success). After these steps, a config file was created (/etc/Networkmanager/system-connections/myvpn). sudo cat /etc/Networkmanager/system-connections/myvpn: [connection] id=myvpn uuid=3311d08e-e879-480e-b9aa-2a77ba88b227 type=vpn permissions=user:my-user:; secondaries= [vpn] lasthost-flags=0 xmlconfig-flags=0 pem_passphrase_fsid=no gwcert-flags=2 gateway-flags=2 autoconnect-flags=0 enable_csd_trojan=no certsigs-flags=0 cookie-flags=2 gateway=my-gateway service-type=org.freedesktop.NetworkManager.openconnect [ipv4] dns-search= method=auto [ipv6] dns-search= method=auto ** end of config file ** After I restarted kded5 and established a vpn-connection a section "[vpn-secrets]" was added to the config file: [vpn-secrets] form:main:username=my-user form:main:group_list=my-list lasthost=my-gateway autoconnect=no save_passwords=no If I try to reconnect now, the vpn secrets dialog correctly suggests my username (the password field is still empty as I did not select "save password"). The vpn connection is created successfully. After a logout/login cycle, the vpn connection again aborts with the above error. The username is NOT suggested in the vpn secrets dialog (the username is still saved in the config file).
Hi, today I updated to kde-frameworks-5.20 and kde-plasma-5.6. (networkmanager is still 1.0.10-r1) Unfortunately this did not solve the issue.
*** This bug has been marked as a duplicate of bug 356587 ***
Hi, I'm now using: kde-plasma-5.6.3 kde-frameworks-5.21 network-manager-1.0.12-r1 With this combination, the issue is still not solved. Getting still: NetworkManager[3485]: <error> [1461831813.021974] [/var/tmp/portage/net-misc/networkmanager-1.0.12-r1/work/NetworkManager-1.0.12/src/vpn-manager/nm-vpn-connection.c:1918] plugin_need_secrets_cb(): (xxxxxx) final secrets request failed to provide sufficient secrets
Please reopen. It's not a duplicate.
I still have this issue on several machines running kde. Is there some more information I could provide?
Hi, I added the following polkit rule as a workaround that helps me: cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.network-control.rules // Let users in plugdev group control NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.network-control" && subject.isInGroup("plugdev")) { return "yes"; } });
sorry, my bad the correct contents follow: cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.network-control.rules // Let users in plugdev group control NetworkManager polkit.addRule(function(action, subject) { if (subject.isInGroup("plugdev")) { return "yes"; } }); I'm not experienced with polkit, probably adding rules to log like: polkit.addRule(function(action, subject) { polkit.log("action=" + action); polkit.log("subject=" + subject); }); can help with this investigation.
Spent a few minutes to get logs. So the following rule activates polkit logging: // Let users in plugdev group control NetworkManager polkit.addRule(function(action, subject) { if (subject.isInGroup("plugdev")) { polkit.log("action=" + action); polkit.log("subject=" + subject); } }); I cannot connect to vpn and see in my syslogs: Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4: action=[Action id='org.freedesktop.NetworkManager.network-control'] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5: subject=[Subject pid=16321 user='user' groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session='' local=true active=false] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4: action=[Action id='org.freedesktop.NetworkManager.settings.modify.system'] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5: subject=[Subject pid=16244 user='user' groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session='' local=false active=false] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:4: action=[Action id='org.freedesktop.NetworkManager.settings.modify.system'] Oct 4 11:56:23 dev-host polkitd[2593]: /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.log.rules:5: subject=[Subject pid=16244 user='user' groups=user,wheel,uucp,audio,video,usb,users,plugdev,docker seat='' session='' local=false active=false] The contents of default /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules in my Gentoo // Let users in plugdev group modify NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev") && subject.active) { return "yes"; } }); Have you noticed `&& subject.active` at the end of condition? Let's remove it! cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules // Let users in plugdev group modify NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev")) { return "yes"; } }); Finally I see another try to connect is successful! Have no idea how NM interacts with polkit, but hope it somehow helps for further investigation.
In this case it's a problem system configuration and not in plasma-nm. You need access to modify your connections in NetworkManager in order to activate them.
Thanks, Aleksei! That point me in the right direction. In my case I had to add an additional rule (see below). I assume that both might be needed, the first one in case you want to store the connections system-wide and the second for user-only connections (but I'm not really sure about that). With the following rules everything works fine now (thanks to everyone here): cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules // Let users in plugdev group modify NetworkManager polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev")) { return yes"; } if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" && subject.isInGroup("plugdev")) { return "yes"; } });
(In reply to muddlehead from comment #21) > Thanks, Aleksei! > > That point me in the right direction. In my case I had to add an additional > rule (see below). I assume that both might be needed, the first one in case > you want to store the connections system-wide and the second for user-only > connections (but I'm not really sure about that). > With the following rules everything works fine now (thanks to everyone here): > > cat > /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings. > modify.system.rules > // Let users in plugdev group modify NetworkManager > polkit.addRule(function(action, subject) { > > if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" > && subject.isInGroup("plugdev")) { > return yes"; > } > if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" && > subject.isInGroup("plugdev")) { > return "yes"; } > }); FYI, there is another example at a wiki page https://wiki.gentoo.org/wiki/NetworkManager#Fixing_nm-applet_insufficient_privileges
Bulk transfer as requested in T17796