You are not logged in.

#1 2019-08-08 17:29:22

jw0k
Member
Registered: 2019-08-08
Posts: 2

NetworkManager fails to auto-connect when using the GNOME keyring

By default the NetworkManager stores WiFi passwords in plain text in *.nmconnection files inside /etc/NetworkManager/system-connections/. This is not acceptable for me, so I decided to edit my connection by using nm-connection-editor. There I checked the Store the password only for this user option. This has the effect of storing the password in the GNOME Keyring instead of plain text.

But there is a problem with this solution: the NetworkManager is started as a systemd unit upon computer boot. At this time the GNOME Keyring isn't even started yet. It will be started later by my display manager upon successful login and automatically unlocked with my user password (which is the same as keyring's password). So, obviously, NetworkManager fails to fetch the password from the keyring, emmitting the following log:

NetworkManager[610]: <warn>  [1565208122.6857] device (wlp2s0): no secrets: No agents were available for this request.

After I login there is no WiFi connection. I have to click the nm-applet and choose my WiFi network. After this it is connected, but I would prefer if it happened automatically.

Is it a problem with my configuration? If so, how can I fix it?

For completeness here is my configuration:

  • Display Manager: SDDM

  • Window Manager: i3

Offline

#2 2019-08-08 21:21:13

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,431

Re: NetworkManager fails to auto-connect when using the GNOME keyring

nm-applet is what provides the keyring integration, does it not have an option to trigger connecting?

Offline

#3 2019-08-11 18:08:50

jw0k
Member
Registered: 2019-08-08
Posts: 2

Re: NetworkManager fails to auto-connect when using the GNOME keyring

After analyzing NetworkManager's source code I've found the problem. NetworkManager will block the connection from auto-connect if it can't get secrets from the keyring. It looks like this behavior is non-configurable and is hardcoded in nm-policy.c:

https://github.com/NetworkManager/Netwo … m-policy.c

Near line 1830 there is a following piece of code:

if (nm_device_state_reason_check (reason) == NM_DEVICE_STATE_REASON_NO_SECRETS) {
    /* ... */
    con_v = nm_settings_connection_get_last_secret_agent_version_id (sett_conn);
    if (   con_v == 0
        || con_v == nm_agent_manager_get_agent_version_id (priv->agent_mgr))
            block_no_secrets = TRUE;
}

if (block_no_secrets) {
    _LOGD (LOGD_DEVICE, "connection '%s' now blocked from autoconnect due to no secrets",
        nm_settings_connection_get_id (sett_conn));
        nm_settings_connection_autoconnect_blocked_reason_set (sett_conn, NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_NO_SECRETS, TRUE);
}

The easiest way to hack around this behavior and make NetworkManager NOT block the connection from auto-connect is to not set the block_no_secrets to TRUE (just set it to FALSE or remove the first if statement altogether).

I hope this helps someone as it took me almost 3 days to solve this problem smile

Offline

#4 2019-12-26 21:39:31

olocin
Member
Registered: 2018-01-03
Posts: 171

Re: NetworkManager fails to auto-connect when using the GNOME keyring

Observe that nm-applet is not just a gui, but also a secret-agent.
As suggested in gentoo wiki, adding to .xinitrc

# Ensure dbus is either already running, or safely start it
if [[ -z "${DBUS_SESSION_BUS_ADDRESS}" ]];
then
    eval $(dbus-launch --sh-syntax --exit-with-session)
fi
export $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
export SSH_AUTH_SOCK
nm-applet &

allows me to have wifi, ssh keys and vpn working in dwm.
When you edit a connection with nm-connection editor, you can check using seahorse that keyring now contains a new entry.

Offline

Board footer

Powered by FluxBB