NetworkManager VPN Openconnect (Cisco) doesn't ask for password

Bug #458595 reported by Pascal Bach on 2009-10-22
68
This bug affects 13 people
Affects Status Importance Assigned to Milestone
dbus (Ubuntu)
Undecided
Unassigned
Maverick
Undecided
Unassigned
network-manager (Ubuntu)
Medium
Unassigned
Maverick
Medium
Unassigned

Bug Description

Binary package hint: network-manager-openconnect

I configured OpenConnect via the NetworkManager interface to connect to my university.

I selected Set Type to: Password /SecureID

Unfotrunatly NetwrokManager doesn't ask for the password.

In the console it complains about "NeedSecrets". It may be important that via console via openconnect ... the connection gets established and username and password gets askd.

ct 23 00:08:31 Andromeda NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openconnect'...
Oct 23 00:08:31 Andromeda NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 4328
Oct 23 00:08:31 Andromeda NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openconnect' just appeared, activating connections
Oct 23 00:08:31 Andromeda NetworkManager: nm-vpn-connection.c.828: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.5" (uid=0 pid=1029 comm="NetworkManager) interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openconnect" (uid=0 pid=4328 comm="/usr/lib/network-manager-openconnect/nm-openconnec"))
Oct 23 00:08:31 Andromeda NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.5" (uid=0 pid=1029 comm="NetworkManager) interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openconnect" (uid=0 pid=4328 comm="/usr/lib/network-manager-openconnect/nm-openconnec"))
Oct 23 00:08:31 Andromeda NetworkManager: <info> Policy set 'Auto antarctica' (wlan0) as default for routing and DNS.
Oct 23 00:08:43 Andromeda NetworkManager: <debug> [1256249323.002371] ensure_killed(): waiting for vpn service pid 4328 to exit
Oct 23 00:08:43 Andromeda NetworkManager: <debug> [1256249323.002537] ensure_killed(): vpn service pid 4328 cleaned up

ProblemType: Bug
Architecture: i386
Date: Fri Oct 23 00:06:36 2009
DistroRelease: Ubuntu 9.10
Package: network-manager-openconnect 0.8~a~git.20090828t161429.dfe1b50-0ubuntu2
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-core2
SourcePackage: network-manager-openconnect
Uname: Linux 2.6.31-14-core2 i686

CVE References

Pascal Bach (pascal-bach) wrote :
net4home (net4home) wrote :

I'm getting simular error. All that was done was a fresh install of Ubuntu 9.10, I can still connect to the OpenVPN server with my laptop under Ubuntu 9.04

dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.2" (uid=0 pid=489 comm="NetworkManager) interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=19672 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic"))

dwmw2 (dwmw2) wrote :

Oct 23 00:08:31 Andromeda NetworkManager: nm-vpn-connection.c.828: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.5" (uid=0 pid=1029 comm="NetworkManager) interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openconnect" (uid=0 pid=4328 comm="/usr/lib/network-manager-openconnect/nm-openconnec"))

This is your problem. When NetworkManager tries to ask the NM-openconnect service for the 'Secrets' it needs, the request gets filtered away for some reason.

Had you only just installed the NetworkManager-openconnect package, and not yet rebooted? Does the problem persist after you reboot?

Perhaps the package needs to 'kick' dbus-daemon after installation, so that it notices the new file /etc/dbus-1/system.d/nm-openconnect-service.conf has been created?

Pascal Bach (pascal-bach) wrote :

After a restart the dialog comes up and asks for a password. Seems to be a problem with the reload of the dbus configuration.
Thank for the hint.

dwmw2 (dwmw2) wrote :

Reassigning to dbus package. Either dbus-daemon should be noticing the new configuration files, or the dbus maintainer can tell us how the n-m-openconnect package should be prodding dbus-daemon in its post-install script, and assign it back.

affects: network-manager-openconnect (Ubuntu) → dbus (Ubuntu)
dwmw2 (dwmw2) wrote :

It does look like dbus is supposed to cope with this for itself, and shouldn't need to be poked.

http://bugs.freedesktop.org/show_bug.cgi?id=21597 might be relevant.

D-Bus won't apply new security config until after reload *and* disconnection by involved parties. It's better to reboot.

Changed in dbus (Ubuntu):
status: New → Invalid
Petr Šplíchal (psss) wrote :

I've encountered a similar problem today.
Perhaps, at least a warning should be displayed,
that the restart is required after installation of vpnc for NetworkManager.

Dan Williams (dcbw) wrote :

Fixed upstream on 0.8.x and NM master.

(master)
a5c15a2ca3c328421072762fe93011838ff80c76
c4db66c7edc6589d96885387a2952706a1096e80
46afadc02c127031badf0682e850dabb1e236882

(0.8.x)
02ad27fd53356e8b7fe0eb43efff16457c1fd61d
7915a75d2ec7404c4ee191485591abf5f6eb073c
f3cbc74607845cd7ed1af4bccce5770152444d7d

Looks like this can be fixed in Maverick, so I'm targetting it for the release.

Changed in network-manager (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Christiansen (happylinux) wrote :

Seems to affect to knetwork-manager (network-manager-kde) in the final release of Maverich too.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 0.8.2-0ubuntu1

---------------
network-manager (0.8.2-0ubuntu1) natty; urgency=low

  * new upstream release 0.8.2
    - update timestamp in active system connections every 5 mins
    - ignore authorization for sleep/wake requests (but restrict to root)
    - add timestamp to default auto wired connections (LP: #447067)
    - don't crash if for some reason HW addresses aren't available (bgo #630534)
    - ensure Enabled state is preserved regardless of rfkill (LP: #387345)
    - add dhcp4-change and dhcp6-change events (bgo #563654)
    - validate Enable/Disable WiFi and WWAN requests
    - handle VPN service installation/removal dynamically (LP: #458595)
    - let plugins forbid VPN connections from getting the default route
      (LP: #598357)
    - work around dbus-glib property access bug (CVE-2010-1172)
    - ensure dhcp_manager exists before trying to unref it (bgo #626610)
  * drop dhcp3 support patch, it was applied upstream.
    - remove debian/patches/99-support-dhcp3.patch
    - update debian/patches/series
  * drop cherry-picked patches to /etc/hosts handling, their changes are
    included in the source tarball:
    - remove debian/patches/lp659872_dont_overwite_hosts_aliases_ee9ce60.patch
    - remove debian/patches/lp632896_cleanup_etc_hosts.patch
    - update debian/patches/series
  * Properly document workflow for working on NM packaging.
    - add debian/README.source
  * Slight change to GET_SOURCE script. Looks like we were looking for the
    "orig" keyword in the wrong variable.
    - update debian/rules
  * Fix typo in README.source
    - update debian/README.source
  * network-manager Breaks: dhcp3-client (<< 4.1.1-P1-11) to provide seemless
    upgrades to isc-dhcp 4 and avoid unnecessary compatibility issues
  * switch Build-Depends from dhcp3-client to isc-dhcp-client >= 4.1.1 to make
    sure we don't build with an old version of DHCP.
  * libnm-glib2 also Breaks: dhcp3-client (<< 4.1.1-P1-11)
    - debian/control
  * libnm-util1 Breaks: dhcp3-client (<< 4.1.1-P1-11) as well
    - debian/control
  * Patch various files to support building with kernel headers 2.6.36 and
    newer (otherwise it conflicts with libc headers for interface structures)
    - debian/patches/do-not-include-netif.patch
    - debian/patches/series
 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 09 Nov 2010 13:01:48 -0500

Changed in network-manager (Ubuntu):
status: Confirmed → Fix Released
Pascal Bach (pascal-bach) wrote :

For me it works in the newest version. I close close the bug.

Changed in network-manager (Ubuntu Maverick):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.