Re: Nm applet in gdm3

[Pavel Simerda <psimerda redhat com>]

----- Original Message -----
> From: "Mathieu Trudel-Lapierre" <mathieu tl gmail com>
> To: "Pavel Simerda" <psimerda redhat com>
> Cc: "Stefan Kauerauf" <mail stefankauerauf de>, networkmanager-list gnome org
> Sent: Tuesday, October 2, 2012 11:39:33 AM
> Subject: Re: Nm applet in gdm3
> 
> On Tue, Oct 2, 2012 at 9:50 AM, Pavel Simerda <psimerda redhat com>
> wrote:
> [...]
> >> I wont to be able to logon on my Laptops via ldap over Openvpn and
> >> Wifi. To make a connection to my vpn, and also from an new wifi, I
> >> must be able to configure and establish networking connections
> >> before login.
> >
> > You should be logged in for configuration, at least on the
> > command-line.
> >
> 
> Some people depend on LDAP to login or even a VPN to be able to reach
> an LDAP server. All of this depends on network connectivity, which
> may
> or may not be different between locations.
> 
> You could have one wired connection with DHCP and one with static for
> example.
> 
> While it's true that if wireless connections are preconfigured,
> things
> should work mostly well, it's still necessary to activate VPN
> connections manually. I'm guessing this is the case here.

With git master, it's currently possible to bind VPN to a connection
so that it will we considered required and will start automatically.

> Where you need a VPN to reach the LDAP server that will auth you (I
> guess there should be some caching to not need this, but whatever),

If you know how to refresh the cache on commandline, you could do it
with NM dispatcher scripts, too.

> you'll want to enable the VPN connection from within the "greeter",
> gdm or otherwise.

Correct.

> [...]
> 
> >> So I need the nm-applet icon in gdm to be able to choose
> >> system wide network connections (or create new in new wifis)
> >
> > Does that mean anyone who comes to the computer should be allowed
> > to
> > do the administration?
> 
> I'd recommend against allowing the creation of new wifi networks
> directly from the greeter without requiring admin auth (using a
> policykit dialog for example), but I can totally understand a case
> where you're in another city, want to check your email from your
> hotel room but first need to create the connection.

I haven't seen with a setup that won't allow him to use his computer offline.

> >> and connect to my vpn before log in as specific user against ldap
> >> (over
> >> the vpn connection).
> >>
> >> I'd try to start the nm-applet via copying the .desktop file to
> >> the
> >> gdm autostart directory as shown on several tutorials but it don't
> >> work.
> 
> This used to work, but if you're using GDM3 (at this point, I don't
> know) something could have changed in how the gdm session is started
> that makes some pieces required by nm-applet unavailable.

'nm-applet' is the old one and it's not normally used with Gnome 3.

> >> I am using arch linux 64bit with gnome 3.4 (updated) on all
> >> machines.
> >>
> >> Does anyone has a idea what to do?
> 
> I don't think you have a choice here but to start debugging things --
> start NetworkManager in debug mode, see what it says for the gdm
> session. Start nm-applet from the gdm session and check
> ~/.xsession-errors for hints, and look at the nm-applet code.
> 
> We spent a good amount of time making this work on Ubuntu with
> lightdm, but it needed a new policykit policy for the lightdm user,
> and some environment variables set by lightdm to establish a way for
> nm-applet to know it has to handle things slightly differently. I'll
> post patches here (those that can be upstreamed) shortly.
> 
> 
> Mathieu Trudel-Lapierre <mathieu tl gmail com>
> Freenode: cyphermox, Jabber: mathieu tl gmail com
> 4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93
>