[Freeipa-users] Problems with NetworkManager and FreeIPA Users
Jakub Hrozek
jhrozek at redhat.com
Tue Feb 11 10:18:51 UTC 2014
On Tue, Feb 11, 2014 at 10:05:37AM +0100, Christian Schmitt wrote:
> Hello, currently I have installed a IPA Server (CentOS 6.5) and have a Fedora
> 20 Heisenburg Client with ipa installed.
>
> Currently I have some strange problems with every user account from free IPA.
> They can't change the NetworkManager settings on the KDE Gui, like open a WLAN
> connection or connect to a VPN.
>
> The NetworkManager (nm-applet from KDE) has a Red X Icon in front and if i
> click on it there is only a message like "NetworkManager 0.9.8 required,
> found".
>
> If I open a shell and enter:
>
> > $ nm-connection-editor
>
> I get the following errors:
>
> > ** (nm-connection-editor:17166): WARNING **: Could not initialize NMClient
> /org/freedesktop/NetworkManager: Rejected send message, 3 matched rules;
> type="method_call", sender=":1.81" (uid=977800001 pid=17166 comm="nm-
> connection-editor ") interface="org.freedesktop.DBus.Properties"
> member="GetAll" error name="(unset)" requested_reply="0"
> destination="org.freedesktop.NetworkManager" (uid=0 pid=733
> comm="/usr/sbin/NetworkManager --no-daemon ")
> > ** (nm-connection-editor:17166): WARNING **:
> _nm_remote_settings_ensure_inited: (NMRemoteSettings) error initializing:
> Rejected send message, 3 matched rules; type="method_call", sender=":1.81"
> (uid=977800001 pid=17166 comm="nm-connection-editor ")
> interface="org.freedesktop.DBus.Properties" member="GetAll" error
> name="(unset)" requested_reply="0"
> destination="org.freedesktop.NetworkManager" (uid=0 pid=733
> comm="/usr/sbin/NetworkManager --no-daemon ")
>
> This is somehow really strange and looks like some DBus error. But currently
> The user is in the user group wheel, and local users working perfectly?
Looking at the NM DBus config at
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf it seems that
most rules including the org.freedesktop.DBus.Properties interface are
allowed for console users (with policy at_console="true"). Typically,
the console user is identified by pam_console. Can you check if the login
manager you used has pam_console in the session stack?
More information about the Freeipa-users
mailing list