Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
xrdp and KDE Plasma desktop
316 views
Skip to first unread message
Petric Frank
Jul 12, 2023, 10:00:06 AM7/12/23
to
Hello,
i'm not sure where to look for this problem. Entering here because the Debian
Bookworm is used.
Installed Debian with Plasma desktop. The installed xrdp anf tigervnc-
standalone-server to allow RDP connections.
If i connect to this machine using xfreerdp the desktop is correctly shown.
But immediately a password request popup window is displayed containing this
(freely translated from german):
------------- cut ----------------
Title: Authentication required
Action: Allow control of network connections
Identity: org.freedesktop.NetworkManager.network-control
...
------------- cut ----------------
If i look at the nmcli general permissions for the id i get:
org.freedesktop.NetworkManager.network-control auth
If i log in locally i get:
org.freedesktop.NetworkManager.network-control yes
It seems that something goes wrong - but what and how to fix it ?
I use the same userid both times.
kind regards
Petric
i'm not sure where to look for this problem. Entering here because the Debian
Bookworm is used.
Installed Debian with Plasma desktop. The installed xrdp anf tigervnc-
standalone-server to allow RDP connections.
If i connect to this machine using xfreerdp the desktop is correctly shown.
But immediately a password request popup window is displayed containing this
(freely translated from german):
------------- cut ----------------
Title: Authentication required
Action: Allow control of network connections
Identity: org.freedesktop.NetworkManager.network-control
...
------------- cut ----------------
If i look at the nmcli general permissions for the id i get:
org.freedesktop.NetworkManager.network-control auth
If i log in locally i get:
org.freedesktop.NetworkManager.network-control yes
It seems that something goes wrong - but what and how to fix it ?
I use the same userid both times.
kind regards
Petric
Max Nikulin
Jul 13, 2023, 6:30:07 AM7/13/23
to
On 12/07/2023 20:51, Petric Frank wrote:
> If i look at the nmcli general permissions for the id i get:
>
> org.freedesktop.NetworkManager.network-control auth
>
> If i log in locally i get:
>
> org.freedesktop.NetworkManager.network-control yes
>
> It seems that something goes wrong - but what and how to fix it ?
> I use the same userid both times.
Perhaps it is polkit that grants to local users more privileges than to
> If i look at the nmcli general permissions for the id i get:
>
> org.freedesktop.NetworkManager.network-control auth
>
> If i log in locally i get:
>
> org.freedesktop.NetworkManager.network-control yes
>
> It seems that something goes wrong - but what and how to fix it ?
> I use the same userid both times.
remote ones, e.g. to reboot or to power off. Moreover, it (or some other
daemon) may pass access e.g. to sound card on switch of currently active
session when several local users are logged in.
Likely it is possible to change default policy to give more rights to a
specific user even when a remote session is started.
Petric Frank
Jul 14, 2023, 2:10:07 AM7/14/23
to
I found the page
https://c-nergy.be/blog/?p=12073
which posts 2 possibilities for a similar problem on ubuntu.
The unsafe way (set Allow_Any = yes) works, but the safer one (define file in
/etc/polkit-1/localauthority.conf.d) not.
I created afiler named 02-networkmanager.conf containing:
--------------- cut ----------------
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.NetworkManager.network-control") &&
subject.isInGroup("{netdev}")) {
return polkit.Result.YES;
}
});
--------------- cut ----------------
I looks to me that either the directory is wrong and/or the file name is
wrong.
Any ideas ?
regards
Petric Frank
Jul 14, 2023, 1:10:07 PM7/14/23
to
Am Freitag, 14. Juli 2023, 08:08:41 CEST schrieb Petric Frank:
> Am Donnerstag, 13. Juli 2023, 12:27:22 CEST schrieb Max Nikulin:
> > On 12/07/2023 20:51, Petric Frank wrote:
> > > If i look at the nmcli general permissions for the id i get:
> > > org.freedesktop.NetworkManager.network-control auth
> > >
> > > If i log in locally i get:
> > > org.freedesktop.NetworkManager.network-control yes
> > >
> > > It seems that something goes wrong - but what and how to fix it ?
> > > I use the same userid both times.
> >
> > Perhaps it is polkit that grants to local users more privileges than to
> > remote ones, e.g. to reboot or to power off. Moreover, it (or some other
> > daemon) may pass access e.g. to sound card on switch of currently active
> > session when several local users are logged in.
> >
> > Likely it is possible to change default policy to give more rights to a
> > specific user even when a remote session is started.
>
> Thanks for the hint.
After some debugging i found a working solution. Allocated file in /etc/
> Am Donnerstag, 13. Juli 2023, 12:27:22 CEST schrieb Max Nikulin:
> > On 12/07/2023 20:51, Petric Frank wrote:
> > > If i look at the nmcli general permissions for the id i get:
> > > org.freedesktop.NetworkManager.network-control auth
> > >
> > > If i log in locally i get:
> > > org.freedesktop.NetworkManager.network-control yes
> > >
> > > It seems that something goes wrong - but what and how to fix it ?
> > > I use the same userid both times.
> >
> > Perhaps it is polkit that grants to local users more privileges than to
> > remote ones, e.g. to reboot or to power off. Moreover, it (or some other
> > daemon) may pass access e.g. to sound card on switch of currently active
> > session when several local users are logged in.
> >
> > Likely it is possible to change default policy to give more rights to a
> > specific user even when a remote session is started.
>
> Thanks for the hint.
polkit-1/rules.d/99-networkmanager.rules containing:
--------------- cut ------------------
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.network-control") {
if (subject.isInGroup("netdev")) {
return polkit.Result.YES;
}
}
});
--------------- cut ------------------
Hope that helps others.
kind regards
Petric
Max Nikulin
Jul 17, 2023, 11:40:05 PM7/17/23
to
On 15/07/2023 00:04, Petric Frank wrote:
> After some debugging i found a working solution. Allocated file in/etc/
> polkit-1/rules.d/99-networkmanager.rules containing:
>
> --------------- cut ------------------
> polkit.addRule(function(action, subject) {
> if (action.id == "org.freedesktop.NetworkManager.network-control") {
> if (subject.isInGroup("netdev")) {
> return polkit.Result.YES;
> }
> }
> });
> --------------- cut ------------------
>
> Hope that helps others.
"5.1.13. Changes to polkit configuration":
For consistency with upstream and other distributions, the polkit
(formerly PolicyKit) service, which allows unprivileged programs to
access privileged system services, has changed the syntax and location
for local policy rules. You should now write local rules for customizing
the security policy in JavaScript, and place them at
/etc/polkit-1/rules.d/*.rules. Example rules using the new format can be
found in /usr/share/doc/polkitd/examples/, and polkit(8) has further
information.
Previously, rules could be written in pkla format, and placed in
subdirectories of /etc/polkit-1/localauthority or
/var/lib/polkit-1/localauthority. However, .pkla files should now be
considered deprecated, and will only continue to work if the
polkitd-pkla package is installed. This package will usually be
installed automatically when you upgrade to bookworm, but it is likely
not to be included in future Debian releases, so any local policy
overrides will need to be migrated to the JavaScript format.
Petric Frank
Jul 18, 2023, 4:00:07 AM7/18/23
to
rules using the big "trash dump" like google and others. Finally i got it and
posted it here to help others with the same problem.
There are other services (device mount, etc.) affected by the "password
request" dialogs which also have to be covered this way when connecting via
xrdp. Maybe also driven by group membership.
0 new messages