- «Authentication required. System policy prevents WiFi scans» in FocalFossa
- 1 Answer 1
- «Authentication required. System policy prevents WiFi scans» in FocalFossa
- 1 ответ
- NetworkManager constantly prompts for admin password
- 2 Answers 2
- xRDP – Cannot connect to WiFi Networks in xRDP session – System policy prevents WiFi scans. How to Fix it !
- Overview
- Disclaimer
- Problem description
- Solution : Create your custom rules
- Initial & incomplete Fix
- Working pkla configuration file
- Final Notes
«Authentication required. System policy prevents WiFi scans» in FocalFossa
For those of you bothered by the deluge of annoying popups asking to authenticate pretty much every move one makes in Focal Fossa («System policy prevents this and that» when mucking about in WiFi Settings, «Authentication needed to refresh system repositories» etc.), a partial answer is here: https://c-nergy.be/blog/?p=14051. Apparently this is due to manually installing the xRDP package in Ubuntu. Now, if only someone could post the fix for getting rid of network and WiFi-related «Authorization Required» messages, that’d be swell! I am guessing it’d have to be another .pkla file in /etc/polkit-1/localauthority/50-local.d
1 Answer 1
It would not be recommended to change your network setting while connected through xRDP. If something goes wrong, you will loose your xrdp connection and you will need to logon locally to check your settings.
In practice, yes, you could create a pkla file (under /etc/polkit-1/localauthority/50-local-d) and populate it with the following info.
[Allow Wifi Scan] Identity=unix-user:* Action=org.freedesktop.NetworkManager.wifi.scan;org.freedesktop.NetworkManager.enable-disable-wifi;org.freedesktop.NetworkManager.settings.modify.own;org.freedesktop.NetworkManager.settings.modify.system;org.freedesktop.NetworkManager.network-control ResultAny=yes ResultInactive=yes ResultActive=yes
As you can see, the pkla file does a little bit more than authorizing Wifi Scans. Please adapt as required
Hope this help Till next time See ya
«Authentication required. System policy prevents WiFi scans» in FocalFossa
Для тех из вас, кого беспокоит огромное количество назойливых всплывающих окон, требующих аутентификации практически при каждом шаге в Focal Fossa («Системная политика предотвращает то-то и то-то» при работе с настройками WiFi, «Аутентификация необходима для обновления системных репозиториев» и т.д.), частичный ответ находится здесь: https://c-nergy.be/blog/?p=14051.
Очевидно, это связано с ручной установкой пакета xRDP в Ubuntu.
Теперь, если бы кто-нибудь мог опубликовать исправление для избавления от сообщений «Authorization Required», связанных с сетью и WiFi-соединением, это было бы здорово! Я предполагаю, что это должен быть еще один файл .pkla в /etc/polkit-1/localauthority/50-local.d
1 ответ
не рекомендуется изменять настройки сети при подключении через xRDP. Если что-то пойдет не так, вы потеряете соединение xrdp, и вам нужно будет войти в систему локально, чтобы проверить свои настройки.
На практике да, вы можете создать файл pkla (в /etc/polkit-1/localauthority/50-local-d) и заполнить его следующей информацией.
[Allow Wifi Scan] Identity=unix-user:* Action=org.freedesktop.NetworkManager.wifi.scan;org.freedesktop.NetworkManager.enable-disable-wifi;org.freedesktop.NetworkManager.settings.modify.own;org.freedesktop.NetworkManager.settings.modify.syste> ResultAny=yes ResultInactive=yes ResultActive=yes
Как видите, файл pkla делает немного больше, чем авторизует сканирование Wi-Fi. Пожалуйста, адаптируйте по мере необходимости
Надеюсь, это поможет До следующего раза Увидимся
NetworkManager constantly prompts for admin password
I’m running Ubuntu 19.10. NetworkManager constantly asks for the admin password with «System policy prevents wi-fi scans» I’ve seen online instructions for how to disable this with polkit, but nothing seems to work. What is the current way to set polkit rules? I’m also prompted when shutting down.
Anyone else with this problem: It was caused by either installing chrome-remote-desktop or xrdp in general; although, I would suspect chrome-remote-desktop since it’s such a. non-idiomatic package on Ubuntu
2 Answers 2
The best way to set polkit rules is by creating a pkla file, as opposed to editing the policy files in /usr (which get overwritten on updates)
Here is a step by step process to allow stop those annoying wifi-scan password prompts:
- In terminal, run sudo su —
- cd /etc/polkit-1/localauthority/50-local.d
- nano 10-network-manager.pkla
Then paste in the following:
[Allow wi-fi scans for all users] Identity=unix-user:* Action=org.freedesktop.NetworkManager.wifi.scan ResultAny=yes ResultInactive=yes ResultActive=yes
This worked for me on Ubuntu 20.04
After upgrading to Ubuntu 20.04 the policies were all fixed, I still have no idea why they became so draconian or how to revert all policies to defaults. Anyway, I’m almost certain I tried both this and the /usr approach and nothing worked; behaviour never changed, but since I can’t or don’t want to test this right now I’ll give you the gold as this makes sense to me
i completely agree that new pplicies are too restrictive. this worked for me, hope it works for you as well
I couldn’t restart this service on Ubuntu 20.10. Failed to restart network-manager.service: Unit network-manager.service not found. But it’s working without restart
This is an old question, but I am encountering it on automated workstations, systems running 20.04 LTS, and answers online are sparse or misleading.
See the following file cat /usr/share/polkit-1/rules.d/60-network-manager.rules which in 20.04 shows
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.local && subject.active && (subject.isInGroup ("sudo") || subject.isInGroup ("netdev"))) < return polkit.Result.YES; >>);
It is clear from this that your user must be a member of the group sudo or netdev .
The original install user is a member of sudo typically, but other users are not. You should add them to the netdev group (if sudo is not appropriate, as it is not in my employee workstation context).
xRDP – Cannot connect to WiFi Networks in xRDP session – System policy prevents WiFi scans. How to Fix it !
The idea of the post came from a question asked on askubuntu.com (see Authentication required. System policy prevents WiFi scans” in FocalFossa). Some users wanted to scan and connect to WiFi networks while remotely connected to their system through the xRDP Software solution. Usually, we do not recommend to perform changes at network connections level while remotely connected. Indeed, if your changes are not successful (depends the changes you are performing. ), you might loose your remote session and remote connections capabilities. The only option left would be to go logon locally on the machine and perform the necessary changes….
That’s being said, we decided to give it a try and see if we could indeed create a custom polkit configuration file (*.pkla) in order to allow remotely connected users to configure their WiFi connections…
Overview
Disclaimer
This guide and associated instructions are provided AS IS. Use it at your own risk .
Problem description
We have configured a machine that’s running Ubuntu 20.04. The machine has one ethernet card and one Wireless card installed. We have performed this setup to demonstrate how to connect to a WiFi network from an xRDP session while ensuring we would not loose our connectivity to the remote machine.
We have performed our xRDP connection to the machine (using the wired connection) and we are ready to connect to an existing WiFi network. As you can see on the screenshot below, we are not connected to any WiFi networks yet.
The expected behavior would be to have a list of WiFi network to choose from. However, because we are within a remote session, the list is not shown and a popup dialog box is showing up instead. The dialog box would display some informational message similar to “System Policy prevents WiFi Scans”
You can enter multiple time the correct admin password, you will not be able to pass this dialog box…..
As explained in some previous posts, this behavior is triggered by the polkit software component which basically provide an application authorization framework. The software will monitor actions performed by the user and check if the user is authorized or not to perform such actions on the system. Polkit software is reading some policy files that will specify if a user can perform such actions. Polkit will behave differently if you are logged on locally on your Ubuntu machine compared to the user logged on through remote session. The behavior difference is also controlled by the policy file.
You can find more information about polkit, pkla and xrdp by reading these previous posts xRDP – The Infamous “Authentication Required to Create Managed Color Device” Explained xRDP – How to Fix the Infamous system crash popups in Ubuntu 18.04 (and previous versions) xRDP – The Infamous “Authentication Required to Create Managed Color Device” Explained
However, polkit is flexible enough to provide a way to create your own custom rules. To change the polkit default behavior and create your own rules, you will simply needs to create configuration file under /etc/polkit-1/localauthority/50-local.d/. The rule file has usually *.pkla as file extension. So, to overcome the fact that we cannot scans WiFi, we will need to create a new pkla file….
Solution : Create your custom rules
Initial & incomplete Fix
To avoid such dialog box while trying to connect to a WiFi network, you will need to create your own pkla file. In our scenario, we will create a file called 47-allow-wifi-scans.pkla which will be created under /etc/polkit-1/localauthority/50-local.d/. You need administrative privileges in order to write in this location !
The initial pkla file would contains the following information
[Allow Wifi Scan] Identity=unix-user:* Action=org.freedesktop.NetworkManager.wifi.scan ResultAny=yes ResultInactive=yes ResultActive=yes
The following screenshot shows the content of the directory ( /etc/polkit-1/localauthority/50-local.d/) and also shows the content of the file
After creating this file, you can try again to connect to your WiFi network and surprise, you will be able to list the available WiFi networks in your range
However, this file might not be sufficient for you to proceed with your configuration. As soon as you have selected your WiFi network and try to connect…
Another polkit Dialog box is showing up and notify you that “System policy prevents control of Network connections”. Trying to pass your credentials, you would see that the popup will disappear and you will not be able to connect to your WiFi network…..
Working pkla configuration file
To avoid polkit dialog box popping up while trying to connect to a WiFi network, we have updated the our custom configuration file (located /etc/polkit-1/localauthority/50-local.d/47-allow-wifi-scan.pkla) and we have populated it with the following contents
[Allow Wifi Scan] Identity=unix-user:* Action=org.freedesktop.NetworkManager.wifi.scan;org.freedesktop.NetworkManager.enable-disable-wifi;org.freedesktop.NetworkManager.settings.modify.own;org.freedesktop.NetworkManager.settings.modify.system;org.freedesktop.NetworkManager.network-control ResultAny=yes ResultInactive=yes ResultActive=yes
Once the file has been created, you should be able to access the list of WiFi networks available and when trying to connect, you should be presented with the dialog box asking your for the WiFI password you are about to connect to….
We can then assess and check that you are indeed connected to the selected Wireless network
Final Notes
We were able to configure our Ubuntu system to bypass all the polkit dialog box that would popup when trying to connect to a wireless network when remotely connected (via xRDP Software). The fix is relatively easy once you know what causing the popup (i.e. polkit software) and how to overcome these popups (via custom rules). As mentioned at the beginning of the post, we are not recommending to perform network changes while remotely connected to the system as you might loose your remote session. Possibly, do the necessary changes when locally connected
We had some fun (and we learned some news stuff about polkit) writing this post. We hope you have enjoyed this one as well…