NetworkManager fails to auto-connect when using the GNOME keyring

jw0k · 2019-08-08 17:29:22

By default the NetworkManager stores WiFi passwords in plain text in *.nmconnection files inside /etc/NetworkManager/system-connections/. This is not acceptable for me, so I decided to edit my connection by using nm-connection-editor. There I checked the Store the password only for this user option. This has the effect of storing the password in the GNOME Keyring instead of plain text.

But there is a problem with this solution: the NetworkManager is started as a systemd unit upon computer boot. At this time the GNOME Keyring isn't even started yet. It will be started later by my display manager upon successful login and automatically unlocked with my user password (which is the same as keyring's password). So, obviously, NetworkManager fails to fetch the password from the keyring, emmitting the following log:

NetworkManager[610]: <warn>  [1565208122.6857] device (wlp2s0): no secrets: No agents were available for this request.

After I login there is no WiFi connection. I have to click the nm-applet and choose my WiFi network. After this it is connected, but I would prefer if it happened automatically.

Is it a problem with my configuration? If so, how can I fix it?

For completeness here is my configuration:

Display Manager: SDDM
Window Manager: i3

V1del · 2019-08-08 21:21:13

nm-applet is what provides the keyring integration, does it not have an option to trigger connecting?

jw0k · 2019-08-11 18:08:50

After analyzing NetworkManager's source code I've found the problem. NetworkManager will block the connection from auto-connect if it can't get secrets from the keyring. It looks like this behavior is non-configurable and is hardcoded in nm-policy.c:

https://github.com/NetworkManager/Netwo … m-policy.c

Near line 1830 there is a following piece of code:

if (nm_device_state_reason_check (reason) == NM_DEVICE_STATE_REASON_NO_SECRETS) {
    /* ... */
    con_v = nm_settings_connection_get_last_secret_agent_version_id (sett_conn);
    if (   con_v == 0
        || con_v == nm_agent_manager_get_agent_version_id (priv->agent_mgr))
            block_no_secrets = TRUE;
}

if (block_no_secrets) {
    _LOGD (LOGD_DEVICE, "connection '%s' now blocked from autoconnect due to no secrets",
        nm_settings_connection_get_id (sett_conn));
        nm_settings_connection_autoconnect_blocked_reason_set (sett_conn, NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_NO_SECRETS, TRUE);
}

The easiest way to hack around this behavior and make NetworkManager NOT block the connection from auto-connect is to not set the block_no_secrets to TRUE (just set it to FALSE or remove the first if statement altogether).

I hope this helps someone as it took me almost 3 days to solve this problem

olocin · 2019-12-26 21:39:31

Observe that nm-applet is not just a gui, but also a secret-agent.
As suggested in gentoo wiki, adding to .xinitrc

# Ensure dbus is either already running, or safely start it
if [[ -z "${DBUS_SESSION_BUS_ADDRESS}" ]];
then
    eval $(dbus-launch --sh-syntax --exit-with-session)
fi
export $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
export SSH_AUTH_SOCK
nm-applet &

allows me to have wifi, ssh keys and vpn working in dwm.
When you edit a connection with nm-connection editor, you can check using seahorse that keyring now contains a new entry.

Arch Linux

#1 2019-08-08 17:29:22

NetworkManager fails to auto-connect when using the GNOME keyring

#2 2019-08-08 21:21:13

Re: NetworkManager fails to auto-connect when using the GNOME keyring

#3 2019-08-11 18:08:50

Re: NetworkManager fails to auto-connect when using the GNOME keyring

#4 2019-12-26 21:39:31

Re: NetworkManager fails to auto-connect when using the GNOME keyring

Board footer