On Mon, 2011-12-12 at 18:30 -0500, Paul Smith wrote: > I have a system which is usually headless, where I use VNC to get into > it. This system is running RHEL 6.2 (NetworkManager 0.8.1), and I > configure VNC by creating a new virtual session using > /etc/sysconfig/vncservers (not by exporting my "normal" desktop > session... since I'm not logged into that system I don't have one). > > Everything seems to be working OK, EXCEPT that my NetworkManager applet > does not appear in the panel on my virtual desktop. This is not good, > because one of the things I need to do on this system is connect to a > VPN (using openconnect) which is accessed through the NetworkManager > applet on my desktop. > > I haven't found any good way to get the VPN to connect via the CLI; > following instructions found via the web regarding invoking openconnect > directly doesn't work for me; I get authenticated but then it kicks me > out. However if I connect a monitor to my system and log in normally so > I see the NM applet and start the VPN that way, it works like a charm. > > There are lots of ways to go forward, such as working out how to invoke > the VPN from the CLI, but ideally I'd like to be able to access the NM > applet inside my VNC session. When I start my session the VNC log shows > these errors: > > ** (nm-applet:19968): WARNING **: <WARN> request_name(): Could not > acquire the NetworkManagerUserSettings service. > Error: (9) Connection ":1.1681" is not allowed to own the service > "org.freedesktop.NetworkManagerUserSettings" due to security policies in > the configuration file > > Searching for this on the web I came across various bugs, all of which > were closed as won't fix saying, basically, that ConsoleKit doesn't work > with VNC, *shrug* sorry about that. > > > Can anyone provide any thoughts on this?
It looks like you're using NM 0.8, is that correct? In any case, the warning about "not allowed to own" comes from the NM dbus policy file in /etc/dbus-1/system.d/, where you'll find an "at_console" section that allows anything to own NetworkManagerUserSettings. The problem is, you're not "at_console" when you have this problem, because VNC sessions are obviously remote. So you have two choices here... (1) you can change copy the "at_console" section of /etc/dbus-1/system.d/NetworkManager.conf into the <policy context="default"> section, which *will* allow any user to own the NetworkManagerUserSettings service and thus provide user connections to NM. This may be a security issue, but that depends on how you've set the machine up. (2) make the VPN connection a system connection. This implies saving the secrets with the connection data (though these can be restricted to reading only by root) and then use nmcli to do "nmcli con up <uuid>" where UUID is the UUID of the connection, which can be found in the connection's file in /etc/NetworkManager/system-connections. Note that doing this means that any user on the system can start/stop the connection. If there's anything still unclear, let me know. I'm 95% sure this should work. NM 0.9 makes all of this a *lot* easier, but of course RHEL6 does not include NM 0.9. Dan _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
