search

scarygliders / X11RDP-o-Matic

Currently for Debian-based distributions only, X11rdp-o-Matic automaticallydownloads, compiles, installs, and configures the X11rdp back-end X server , and the latest version of xrdp. RDPsesman is a menu driven utility for system administrators to configure local system users's RDP desktop environments. Will automatically install packages if necessary.
http://scarygliders.net
ISC License
168 stars 75 forks source link

nm-applet says network-manager not working #5

Closed Necktwi closed 11 years ago

Necktwi commented 11 years ago

though network-manager is running and network communication is gud, when connected remotely nm-applet says network-manager is not working!

scarygliders commented 11 years ago

This is, I think, related to PolicyKit. Please see the articles I wrote on PolicyKit on my blog - you can click on the PolicyKit tags on the blog page.

Regards.

Necktwi commented 11 years ago

I want all sudoers able to control NetworkManager. should i have to turn all policies in org.freedesktop.NetworkManager action to yes or auth_admin? Ubuntu 13.04 dont have admin group rather it got sudo group.

Thanks for the clear tutorial on policy-kit. I will definitely donate when i am able to.

scarygliders commented 11 years ago

You should look at what is already there for "active" users, and have the same setting for "inactive".

rgds

Necktwi commented 11 years ago

i've set inactive value same as active value for all NetworkManager actions and rebooted the system, but no change in nm-applet behavior. when i login remotely, its not my default desktop i'm seeing. Does X11RDP-o-Matic install separate desktop?

Necktwi commented 11 years ago

now i've set inactive value same as active value for all actions! nm-applet behaves the same. My os is lubuntu 13.04.

scarygliders commented 11 years ago

I'm puzzled by this, and I'm looking into it... bear with me.

scarygliders commented 11 years ago

Can you try this for me:

1) log into RDP session

2) bring up a terminal

3) in terminal, type nm-applet - and paste the output here

I think I have an idea...

thanks

scarygliders commented 11 years ago

Also, in answer to your other question about the desktop - that's set by running the RDPsesconfig tool which is part of the X11RDP-o-matic suite - you'll find it in the same directory. Run it with sudo or as root.

Necktwi commented 11 years ago

$nm-applet * (nm-applet:2950): WARNING _: Could not initialize NMClient /org/freedesktop/NetworkManager: Rejected send message, 2 matched rules; type="method_call", sender=":1.42" (uid=1001 pid=2950 comm="nm-applet ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requestedreply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=767 comm="NetworkManager ") * Message: applet now removed from the notification area * Message: using fallback from indicator to GtkStatusIcon * Message: applet now embedded in the notification area

scarygliders commented 11 years ago

I suspect this is down to dbus. Apparently, from v0.7 of dbus, the policy was changed so that ONLY users at the console (i.e. non-remote users) have permission to do stuff with Network-Manager.

The dbus policies are defined (in Debian Sid at least) in /etc/dbus-1/system.d

There are many policy files there, but the one we're interested in is org.freedesktop.NetworkManager.conf

There's a specific policy for "at-console". I notice there's also a policy for the group called netdev

You could try adding your user(s) to the netdev group. If that doesn't work, then some editing of the org.freedesktop.NetworkManager.conf file might be required, and at this point in time, I know as much about that as you do :)

EDIT : Actually, try logging into the RDP session again, bring up a terminal, and type in ck-launch-session , then try running nm-applet .

scarygliders commented 11 years ago

Also, try editing /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf, Change <deny to <allow for the entries with "Sleep", "sleep", "wake", and send_destination="org.freedesktop.NetworkManager"/> in the section "policy context="default""

Necktwi commented 11 years ago

while editing the above file i made a spelling mistake and restarted the virtual machine. I could never ping the machine again! The VM is on office server(windows). when i try to connect to server i get a hung up screen! To get access to server physically I should come back on Monday. Good Night!

scarygliders commented 11 years ago

Ah, yes doing this remotely is always a huge risk ;)

Necktwi commented 11 years ago

i didn't notice any policy for the group called netdev. I've added user to netdev group. here is block of /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf

<policy context="default">
            <deny own="org.freedesktop.NetworkManager"/>

            <allow send_destination="org.freedesktop.NetworkManager"/>

            <allow send_destination="org.freedesktop.NetworkManager"
                   send_interface="org.freedesktop.NetworkManager.Settings"/>

            <allow send_destination="org.freedesktop.NetworkManager"
                   send_interface="org.freedesktop.NetworkManager.AgentManager"/>

            <deny send_destination="org.freedesktop.NetworkManager"
                   send_interface="org.freedesktop.NetworkManager"
                   send_member="SetLogging"/>

            <allow send_destination="org.freedesktop.NetworkManager"
                   send_interface="org.freedesktop.NetworkManager"
                   send_member="Sleep"/>

            <allow send_destination="org.freedesktop.NetworkManager"
                   send_interface="org.freedesktop.NetworkManager"
                   send_member="sleep"/>

            <allow send_destination="org.freedesktop.NetworkManager"
                   send_interface="org.freedesktop.NetworkManager"
                   send_member="wake"/>

            <deny own="org.freedesktop.NetworkManager.dnsmasq"/>
            <deny send_destination="org.freedesktop.NetworkManager"/>
</policy>

able to change the icon of nm-applet. when i click on "wired connection 1" see image image

I was now able to pop-up NetworkManager menu but all items in it or disabled. And there is no policy element for group="netdev". send your policy file.

scarygliders commented 11 years ago

Bear with me for a bit - I've installed Lubuntu 13 in a VM and I'm currently running o-matic v3.0beta3 to build/install xrdp/x11rdp - lets see if we can sort this out.

scarygliders commented 11 years ago

Okay so, here's the solution:

1) make a backup copy of /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy 2) edit /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy and change the "no" in all fields to whatever is in the "allow_active" fields. Save after editing. Note : those changes will not be permanent - they could be overwritten the next time polkit-1 is upgraded/updated - the more permanent way is to generate .pkla files which are kept in a different directory, but for the purposes of Getting Things Working Now, just alter that file. I think I'm going to make a new utility to generate these .pkla files, sometime in the nearish future, after I get o-matic v3.0 out (which is VERY close now) , and after I finish my other Super Secret Project[tm] - heheh...

3) make a backup copy of /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf

4) edit this file. COPY the complete section which is " policy at_console="true" " - that means all the permissions underneath it. Edit the file such that the copy goes underneath the original.

5) Still in the editor, CHANGE the "true" in the copied section, to "false" - then save. You have now duplicated the permissions for "local" users, and given the same permissions to "remote" users.

The file should look like this : 

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
        <policy user="root">
                <allow own="org.freedesktop.NetworkManager"/>
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.PPP"/>

                <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>

                <!-- Allow NM to talk to known VPN plugins; due to a bug in
                     the D-Bus daemon, when a plugin is installed and the user
                     immediately tries to use it, the VPN plugin's rules aren't
                     always loaded into dbus-daemon.  Those rules allow NM to
                     talk to the plugin.  Oops.  Work around that by explicitly
                     allowing NM to talk to VPN plugins here.
                  -->
                <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
                <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
                <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
                <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
                <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>

        <!-- Allow the custom name for the dnsmasq instance spawned by NM
             from the dns dnsmasq plugin to own it's dbus name, and for
             messages to be sent to it.
          -->
                <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
                <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
        </policy>
        <policy at_console="true">
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Introspectable"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Properties"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Modem"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Serial"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.IP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AgentManager"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="SetLogging"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="Sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="wake"/>
        </policy>
        <policy at_console="false">
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Introspectable"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Properties"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Modem"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Serial"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.IP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AgentManager"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="SetLogging"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="Sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="wake"/>
        </policy>
        <policy user="whoopsie">
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Introspectable"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Properties"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device"/>
        </policy>
        <policy context="default">
                <deny own="org.freedesktop.NetworkManager"/>

                <deny send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Settings"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AgentManager"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="SetLogging"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="Sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="wake"/>

                <deny own="org.freedesktop.NetworkManager.dnsmasq"/>
                <deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
        </policy>
</busconfig>

6) Reboot the system.

7) When you now log in via RDP, you should be able to access Network Manager.

Regards.

Necktwi commented 11 years ago

No luck :( For confirmation let me repeat what i've done...

  1. In /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy file, I set all allow_inactive values same as allow_active values and saved the file.
  2. Now backed up /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf file.
  3. Now in /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf, I pasted copy of the at_console="true" policy and set at_console="false" in the copy.
  4. I rebooted.
  5. Same error as in the picture in previous comment :(

Did it worked for you? any suggestions? should i have to make a fresh install?

scarygliders commented 11 years ago

Yes it definitely worked for me. This was a fresh install of Lubuntu 13. I also ran my v3.0beta3 o-matic script to set up x11rdp.

It might be better to reinstall then try that procedure again.

Necktwi commented 11 years ago

now its completely dead! I restored my vm to initial state(fresh install) and i reinstalled o-matic and changed all necessary files and restarted the vm. Now when i connect using RDP screenshot from 2013-07-02 15 25 05 i get this screen n RDP client window closes.

Necktwi commented 11 years ago

this is .xsession-errors file

Xsession: X session started for  at Tue Jul  2 14:30:07 IST 2013
X Error of failed request:  BadValue (integer parameter out of range for operation)
Major opcode of failed request:  109 (X_ChangeHosts)
Value in failed request:  0x5
Serial number of failed request:  6
Current serial number in output stream:  8
localuser:nmusr1 being added to access control list
X Error of failed request:  BadValue (integer parameter out of range for operation)
Major opcode of failed request:  109 (X_ChangeHosts)
Value in failed request:  0x5
Serial number of failed request:  6
Current serial number in output stream:  8
Script for cjkv started at run_im.
Script for default started at run_im.
Script for cjkv started at run_im.
Script for default started at run_im.
** Message: main.vala:63: Session is (null)
** Message: main.vala:64: DE is (null)
** Message: main.vala:68: No session set, fallback to LXDE session
** Message: main.vala:74: No desktop environnement set, fallback to LXDE
Xlib:  extension "RANDR" missing on display ":10.0".
** Message: environement.vala:49: Exporting variable
** Message: environement.vala:50: desktop_environnement XDG_CURRENT_DESKTOP
** Message: main.vala:120: log directory: /home/nmusr1/.cache/lxsession/LXDE
** Message: main.vala:121: log path: /home/nmusr1/.cache/lxsession/LXDE/run.log
Necktwi commented 11 years ago

should i have to install tightvncserver before running o-matic?

scarygliders commented 11 years ago

When logging in, did you you remember to select the "sesman-Xrdp" session type at the xrdp login screen? That's VERY important!

snapshot2

scarygliders commented 11 years ago

Here's the logged in RDP session, after I took all the steps I outlined earlier.

Note the Network Manager window is fully available.

Note that I can edit connections as well - just as if I was using it in a "local" session.

snapshot3 snapshot4

Necktwi commented 11 years ago

thats pretty I'll give another try. Is it vmware? did u install vmware guest drivers? I used vmware not virtualbox. I installed vmware guest drivers.

scarygliders commented 11 years ago

The Lubuntu system I set up is running in a virtualbox VM. But that's not relevant - it doesn't matter HOW the system is running - only that it is running.

scarygliders commented 11 years ago

I'm going to close this one - As far as I can see, the steps I outlined above should have solved his problem, and seeing as I don't know what's happened to his system, and also the problem is more to do with how polkit & dbus dish out permissions, I see no further relevance to my tools.

Necktwi commented 11 years ago

Installed a fresh lubuntu on real machine, updated it and followed all the steps... image image no working nm-applet... n where is my actual desktop? X( i wanna no if some one succeeded other than u! anyway Thanks, atleast i got a desktop with ur code!