[Freeipa-users] Problems with NetworkManager and FreeIPA Users

Jakub Hrozek jhrozek at redhat.com
Tue Feb 11 10:18:51 UTC 2014


On Tue, Feb 11, 2014 at 10:05:37AM +0100, Christian Schmitt wrote:
> Hello, currently I have installed a IPA Server (CentOS 6.5) and have a Fedora 
> 20 Heisenburg Client with ipa installed.
> 
> Currently I have some strange problems with every user account from free IPA. 
> They can't change the NetworkManager settings on the KDE Gui, like open a WLAN 
> connection or connect to a VPN.
> 
> The NetworkManager (nm-applet from KDE) has a Red X Icon in front and if i 
> click on it there is only a message like "NetworkManager 0.9.8 required, 
> found".
> 
> If I open a shell and enter:
> 
> > $ nm-connection-editor
> 
> I get the following errors:
> 
> > ** (nm-connection-editor:17166): WARNING **: Could not initialize NMClient     
> /org/freedesktop/NetworkManager: Rejected send message, 3 matched rules; 
> type="method_call", sender=":1.81" (uid=977800001 pid=17166 comm="nm-
> connection-editor ") interface="org.freedesktop.DBus.Properties" 
> member="GetAll" error name="(unset)" requested_reply="0" 
> destination="org.freedesktop.NetworkManager" (uid=0 pid=733 
> comm="/usr/sbin/NetworkManager --no-daemon ")
> > ** (nm-connection-editor:17166): WARNING **: 
> _nm_remote_settings_ensure_inited: (NMRemoteSettings) error initializing: 
> Rejected send message, 3 matched rules; type="method_call", sender=":1.81" 
> (uid=977800001 pid=17166 comm="nm-connection-editor ") 
> interface="org.freedesktop.DBus.Properties" member="GetAll" error 
> name="(unset)" requested_reply="0" 
> destination="org.freedesktop.NetworkManager" (uid=0 pid=733 
> comm="/usr/sbin/NetworkManager --no-daemon ")
> 
> This is somehow really strange and looks like some DBus error. But currently 
> The user is in the user group wheel, and local users working perfectly?

Looking at the NM DBus config at
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf it seems that
most rules including the org.freedesktop.DBus.Properties interface are
allowed for console users (with policy at_console="true"). Typically,
the console user is identified by pam_console. Can you check if the login
manager you used has pam_console in the session stack?




More information about the Freeipa-users mailing list