Re: Can I use NM applets in VNC session?

From: Dan Williams <dcbw redhat com>
To: paul mad-scientist net
Cc: networkmanager-list gnome org
Subject: Re: Can I use NM applets in VNC session?
Date: Mon, 12 Dec 2011 18:58:33 -0600

On Mon, 2011-12-12 at 18:30 -0500, Paul Smith wrote:
> I have a system which is usually headless, where I use VNC to get into
> it.  This system is running RHEL 6.2 (NetworkManager 0.8.1), and I
> configure VNC by creating a new virtual session using
> /etc/sysconfig/vncservers (not by exporting my "normal" desktop
> session... since I'm not logged into that system I don't have one).
> 
> Everything seems to be working OK, EXCEPT that my NetworkManager applet
> does not appear in the panel on my virtual desktop.  This is not good,
> because one of the things I need to do on this system is connect to a
> VPN (using openconnect) which is accessed through the NetworkManager
> applet on my desktop.
> 
> I haven't found any good way to get the VPN to connect via the CLI;
> following instructions found via the web regarding invoking openconnect
> directly doesn't work for me; I get authenticated but then it kicks me
> out.  However if I connect a monitor to my system and log in normally so
> I see the NM applet and start the VPN that way, it works like a charm.
> 
> There are lots of ways to go forward, such as working out how to invoke
> the VPN from the CLI, but ideally I'd like to be able to access the NM
> applet inside my VNC session.  When I start my session the VNC log shows
> these errors:
> 
> ** (nm-applet:19968): WARNING **: <WARN>  request_name(): Could not
> acquire the NetworkManagerUserSettings service.
>   Error: (9) Connection ":1.1681" is not allowed to own the service
> "org.freedesktop.NetworkManagerUserSettings" due to security policies in
> the configuration file
> 
> Searching for this on the web I came across various bugs, all of which
> were closed as won't fix saying, basically, that ConsoleKit doesn't work
> with VNC, *shrug* sorry about that.
> 
> 
> Can anyone provide any thoughts on this?

It looks like you're using NM 0.8, is that correct?  In any case, the
warning about "not allowed to own" comes from the NM dbus policy file
in /etc/dbus-1/system.d/, where you'll find an "at_console" section that
allows anything to own NetworkManagerUserSettings.  The problem is,
you're not "at_console" when you have this problem, because VNC sessions
are obviously remote.  So you  have two choices here...

(1) you can change copy the "at_console" section
of /etc/dbus-1/system.d/NetworkManager.conf into the <policy
context="default"> section, which *will* allow any user to own the
NetworkManagerUserSettings service and thus provide user connections to
NM.  This may be a security issue, but that depends on how you've set
the machine up.

(2) make the VPN connection a system connection.  This implies saving
the secrets with the connection data (though these can be restricted to
reading only by root) and then use nmcli to do "nmcli con up <uuid>"
where UUID is the UUID of the connection, which can be found in the
connection's file in /etc/NetworkManager/system-connections.  Note that
doing this means that any user on the system can start/stop the
connection.

If there's anything still unclear, let me know.  I'm 95% sure this
should work.  NM 0.9 makes all of this a *lot* easier, but of course
RHEL6 does not include NM 0.9.

Dan

References:
- Can I use NM applets in VNC session?
  - From: Paul Smith

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]