I'd say this is fairly recent, except it only happens if I try to connect to a different SSID and I haven't been traveling during the pandemic until now. But I have older versions of cauldron which don't show this behavior. If the NM configuration for an SSID is set to "all users may connect", NM will enable it for UIDs >= 1000, but not for UIDs < 1000 unless the UID is in the nmopenconnect group. I found this out trying to connect to a motel SSID with WPA2. You can see this if you uncheck "all users may connect" and click Advanced to get a list of eligible users; it will not include UIDs < 1000. A connection attempt will appear to work (you'll get the popup saying that the network is up on SSID with IP x.x.x.x), but it will disconnect immediately with no message. On a guess, I scanned the list of groups and found "nmopenconnect" and "nmopenvpn". On a guess, I added the user to the nmopenconnect group, and then the connect worked. If this behavior is unique to MGA, we should change it. The drakx tools allow the creation of UIDs < 1000 and supplies several system UIDs like this. If the user says "all users may connect" that is exactly what should happen by default. If NM is doing this (it surprises me that NM knows about our boundary of 1000 unless all distros are doing this), then we should consider patching it to not do this. Or at the very least we should enroll all of system UIDs in the nmopenconnect group. In any case, I consider the fact that connections are deliberately failed with no explanation to be a bug.
Thank you for the report. Assigning it to Olav who does most commits on this; CC'ing Jani who does some, and is the registered maintainer.
CC: (none) => jani.valimaaSource RPM: NetworkManager => networkmanagerAssignee: bugsquad => olav
I'd say this is because of pam's system-auth is broken due to a missing pam_cracklib.so. pam_cracklib.so was dropped in https://svnweb.mageia.org/packages?view=revision&revision=1739002. I'll fix system-auth to see if it fixes the issue.
Please test with pam-1.5.1-2.mga9.
No good, I'm afraid. Clicking on the panel plasma-nm icon, selecting the SSID, and clicking the edit icon opens the edit panel. Unchecking "all users" ungreys Advanced, and selecting that gives a widget whose left side lists the UIDs that can be selected. With the new pam this list still only contains xguest, and none of the UIDs < 1000.
Have you rebooted and/or logged out first?
There might be two separate issues: 1. With broken pam it is not possible to connect to a new and unconfigured WLAN using nm tray applet 2. plasma-nm not working as expected For me new pam fixed issue no 1.
(1) was not a problem for me once I figured out that the current user (UID < 1000) had to be in the nmopenconnect group. (2) is definitely a problem.
(In reply to Frank Griffin from comment #7) > (1) was not a problem for me once I figured out that the current user (UID < > 1000) had to be in the nmopenconnect group. > I'd say there shouldn't be any need to add users to any group to be able to connect WLAN marked as "All users may connect to this network". Adding normal user to nm-openvpn or nm-openconnect group for being able to connect WLAN is misusing the groups and something they're not really designed for. Those groups are available only if networkmanager-openvpn or networkmanager-openconnect pkg is installed.
Unless every other Linux distro has adopted our convention of disallowing normal UIDs < 1000, this has to be something we're doing because we consider UIDs < 1000 to be "impure". I think that the exemption for the nmopenconnect group is probably accidental. It works, but it probably wasn't meant to be used for this.
I don't see any issues to connect to WLANs using NM with uid 500 user.
The symptom I saw was that with "allow all users" it would connect to wifi but almost immediately disconnect. If I uncheck "all users" and then click on Advanced (which only ungreys if you deselect "all users") you get a dialog with a left and right side. The left contains usernames which can be permitted to connect, and to enable any of them you drag the ID to the right column. The left column only contains UIDs > 999 (in my case xguest and oracle). If I add the 500 UID to the nmopenconnect group, then it appears in the left column as eligible. I accept that nmopenconnect shouldn't have anything to do with this, but it has that effect on the editor. Once I added the UID to nmopenconnect and rechecked "all users", the UID connected and stayed connected. I since migrated to a new cauldron install which does not have this problem, so it may not be worth the effort to track this down.