Public bug reported:
Steps to reproduce
1. Create LXD VM desktop-noble
lxc init --vm ubuntu:24.04 desktop-noble
2. Passthrough wifi device, in my case Intel Wifi via PCI works fine, some USB
devices can have problem with initialization
lxc config device add desktop-noble wifipci pci address=<pci_address>
where pci_address is address of your device seen via lspci command, i.e.
00:14.3 Network controller: Intel Corporation Raptor Lake-S PCH CNVi WiFi (rev
11)
3. lxc start desktop-noble
2. lxc exec desktop-noble bash
3. Install ubuntu-desktop metapackage
apt update
apt install -y ubuntu-desktop
4. Set passwd for ubuntu user
$ passwd ubuntu
5. Find the name of your wifi device , i.e. (ip a, command)
3: wlp6s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
DOWN group default qlen 1000
link/ether 2c:0d:a7:d7:58:57 brd ff:ff:ff:ff:ff:ff
6. Edit /etc/netplan/50-cloud-init.yaml to set wlp6s0f0 as optional so
systemd-wait-online service is not waiting for this device
network:
version: 2
ethernets:
enp5s0:
dhcp4: true
wifis:
wlp6s0f0:
optional: true
5. Reboot
6. Connect to the vga console
lxc console --type=vga desktop-noble
Wait for login screen to load
Click on the top-right corner and pick the wifi network you would like to
connect
Expected result
The window will popup to pick the choose the password
The actual result
Nothing happens, yet you will see in the logs:
Feb 11 17:10:35 desktop-noble gnome-shell[1353]: Cursor update failed:
drmModeAtomicCommit: Invalid argument
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Successfully made thread 1376
of process 1353 owned by '124' high priority at nice level 0.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 8 threads of 5
processes of 1 users.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 7 threads of 4
processes of 1 users.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 7 threads of 4
processes of 1 users.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Successfully made thread 1376
of process 1353 owned by '124' RT at priority 20.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 8 threads of 5
processes of 1 users.
Feb 11 17:10:35 desktop-noble /usr/libexec/gdm-wayland-session[3686]:
discover_other_daemon: 1
Feb 11 17:10:35 desktop-noble /usr/libexec/gdm-wayland-session[1305]:
dbus-daemon[1305]: [session uid=124 pid=1305] Failed to activate service
'org.freedesktop.secrets': timed out (service_start_timeout=120000ms)
Feb 11 17:10:37 desktop-noble kernel: Lockdown: systemd-logind: hibernation is
restricted; see man kernel_lockdown.7
Feb 11 17:10:42 desktop-noble NetworkManager[3727]:
/etc/netplan/50-cloud-init.yaml: Error in network definition: wlp6s0f0: No
access points defined
Feb 11 17:10:42 desktop-noble systemd[1]: Reloading requested from client PID
3729 ('systemctl') (unit NetworkManager.service)...
Feb 11 17:10:42 desktop-noble systemd[1]: Reloading...
Feb 11 17:10:43 desktop-noble systemd[1]: Reloading finished in 112 ms.
Feb 11 17:10:43 desktop-noble systemd[1]: Starting apt-daily.service - Daily
apt download activities...
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0590]
device (wlp6s0f0): Activation: starting connection 'coppernik-guest'
(3c1ce33e-2c09-413b-8713-3d8dbe7e1a28)
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0591]
audit: op="connection-add-activate" uuid="3c1ce33e-2c09-413b-8713-3d8dbe7e1a28"
name="coppernik-guest" pid=1353 uid=124 result="success"
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0592]
device (wlp6s0f0): state change: disconnected -> prepare (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0593]
device (wlp6s0f0): state change: prepare -> config (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0594]
device (wlp6s0f0): Activation: (wifi) access point 'coppernik-guest' has
security, but secrets are required.
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0594]
device (wlp6s0f0): state change: config -> need-auth (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:10:43 desktop-noble /usr/libexec/gdm-wayland-session[1305]:
dbus-daemon[1305]: [session uid=124 pid=1305] Activating service
name='org.freedesktop.secrets' requested by ':1.3' (uid=124 pid=1353
comm="/usr/bin/gnome-shell" label="unconfined")
Feb 11 17:10:43 desktop-noble gnome-keyring-daemon[1929]: The Secret Service
was already initialized
Feb 11 17:10:43 desktop-noble gnome-keyring-daemon[3832]:
discover_other_daemon: 1
Feb 11 17:10:43 desktop-noble /usr/libexec/gdm-wayland-session[3832]:
GNOME_KEYRING_CONTROL=/run/user/124/keyring
Feb 11 17:10:43 desktop-noble gnome-keyring-d[1929]: The Secret Service was
already initialized
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <warn> [1739293868.0662]
device (wlp6s0f0): no secrets: No agents were available for this request.
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <info> [1739293868.0662]
device (wlp6s0f0): state change: need-auth -> failed (reason 'no-secrets',
sys-iface-state: 'managed')
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <warn> [1739293868.0666]
device (wlp6s0f0): Activation: failed for connection 'coppernik-guest'
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <info> [1739293868.0667]
device (wlp6s0f0): state change: failed -> disconnected (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:11:13 desktop-noble systemd-networkd-wait-online[3830]: Timeout
occurred while waiting for network connectivity.
Important part of the log:
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <warn> [1739293868.0662]
device (wlp6s0f0): no secrets: No agents were available for this request.
then 1m35s later:
Feb 11 17:12:43 desktop-noble /usr/libexec/gdm-wayland-session[3832]:
discover_other_daemon: 1
Feb 11 17:12:43 desktop-noble /usr/libexec/gdm-wayland-session[1305]:
dbus-daemon[1305]: [session uid=124 pid=1305] Failed to activate service
'org.freedesktop.secrets': timed out (service_start_timeout=120000ms)
Use-case from the customer
When the user receives the notebook, he needs to connect to his local network
via WiFi. He has to do it at login screen, as his credentials are not stored in
sssd cache yet. At this
point no window is shown to enter the WiFi password. The window would only be
shown _after_ user login (that is not possible due to missing credentials). For
this reason we
need the possibility to enter the WiFi password at login screen. This has
worked at Ubuntu 22 but not on Ubuntu 24 anymore.
I tried to test that in Jammy but I encountered issue
https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/2098014
I fought the issue might be due to the missing polkit rules
but this seems not to be the case
On other test machine with existing connection I needed to add this rule
so gdm can configure the connection. I need to remove --no-debug flag
from polkit to see when it fails
systemctl edit polkit
# That will be put in /etc/systemd/system/polkit.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/lib/polkit-1/polkitd
Then run
systemctl daemon-reload
# Create the following rule
root@machine:~# cat /etc/polkit-1/rules.d/99-allwifi.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
subject.user == "gdm") {
return polkit.Result.YES;
}
});
systemctl daemon-reload
systemctl restart polkit
Otherwise I was not able to change the connection
Feb 11 17:41:54 earl polkitd[8018]: Error performing authentication:
GDBus.Error:org.freedesktop.PolicyKit1.Error.Cancelled: Authentication dialog
was dismissed by the user (polkit-error-quark 1)
Feb 11 17:41:54 earl polkitd[8018]: 17:41:54.934: Operator of unix-session:c1
FAILED to authenticate to gain authorization for action
org.freedesktop.NetworkManager.settings.modify.system for unix-process:2412:921
[/usr/bin/gnome-shell] (owned by unix-user:gdm)
Feb 11 17:41:54 earl polkitd[8018]: Operator of unix-session:c1 FAILED to
authenticate to gain authorization for action
org.freedesktop.NetworkManager.settings.modify.system for unix-process:2412:921
[/usr/bin/gnome-shell] (owned by unix-user:gdm)
Some relevant links:
How to set polkitd-1 rules since 23.10
https://askubuntu.com/questions/1291512/authentication-required-system-policy-prevents-wifi-scans-in-focalfossa
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: gdm3 46.2-1ubuntu1~24.04.1
ProcVersionSignature: Ubuntu 6.8.0-52.53-generic 6.8.12
Uname: Linux 6.8.0-52-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: lxd
CloudName: lxd
CloudPlatform: lxd
CloudSerial: 20250115
CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock)
Date: Tue Feb 11 15:20:39 2025
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
TERM=xterm-256color
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: gdm3 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug cloud-image noble
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/2098016
Title:
Ubuntu 24.04 WiFi from gdm3 login screen: cannot select new network
Status in gdm3 package in Ubuntu:
New
Bug description:
Steps to reproduce
1. Create LXD VM desktop-noble
lxc init --vm ubuntu:24.04 desktop-noble
2. Passthrough wifi device, in my case Intel Wifi via PCI works fine, some
USB devices can have problem with initialization
lxc config device add desktop-noble wifipci pci address=<pci_address>
where pci_address is address of your device seen via lspci command, i.e.
00:14.3 Network controller: Intel Corporation Raptor Lake-S PCH CNVi WiFi
(rev 11)
3. lxc start desktop-noble
2. lxc exec desktop-noble bash
3. Install ubuntu-desktop metapackage
apt update
apt install -y ubuntu-desktop
4. Set passwd for ubuntu user
$ passwd ubuntu
5. Find the name of your wifi device , i.e. (ip a, command)
3: wlp6s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
state DOWN group default qlen 1000
link/ether 2c:0d:a7:d7:58:57 brd ff:ff:ff:ff:ff:ff
6. Edit /etc/netplan/50-cloud-init.yaml to set wlp6s0f0 as optional so
systemd-wait-online service is not waiting for this device
network:
version: 2
ethernets:
enp5s0:
dhcp4: true
wifis:
wlp6s0f0:
optional: true
5. Reboot
6. Connect to the vga console
lxc console --type=vga desktop-noble
Wait for login screen to load
Click on the top-right corner and pick the wifi network you would like to
connect
Expected result
The window will popup to pick the choose the password
The actual result
Nothing happens, yet you will see in the logs:
Feb 11 17:10:35 desktop-noble gnome-shell[1353]: Cursor update failed:
drmModeAtomicCommit: Invalid argument
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Successfully made thread
1376 of process 1353 owned by '124' high priority at nice level 0.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 8 threads of 5
processes of 1 users.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 7 threads of 4
processes of 1 users.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 7 threads of 4
processes of 1 users.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Successfully made thread
1376 of process 1353 owned by '124' RT at priority 20.
Feb 11 17:10:35 desktop-noble rtkit-daemon[1312]: Supervising 8 threads of 5
processes of 1 users.
Feb 11 17:10:35 desktop-noble /usr/libexec/gdm-wayland-session[3686]:
discover_other_daemon: 1
Feb 11 17:10:35 desktop-noble /usr/libexec/gdm-wayland-session[1305]:
dbus-daemon[1305]: [session uid=124 pid=1305] Failed to activate service
'org.freedesktop.secrets': timed out (service_start_timeout=120000ms)
Feb 11 17:10:37 desktop-noble kernel: Lockdown: systemd-logind: hibernation
is restricted; see man kernel_lockdown.7
Feb 11 17:10:42 desktop-noble NetworkManager[3727]:
/etc/netplan/50-cloud-init.yaml: Error in network definition: wlp6s0f0: No
access points defined
Feb 11 17:10:42 desktop-noble systemd[1]: Reloading requested from client PID
3729 ('systemctl') (unit NetworkManager.service)...
Feb 11 17:10:42 desktop-noble systemd[1]: Reloading...
Feb 11 17:10:43 desktop-noble systemd[1]: Reloading finished in 112 ms.
Feb 11 17:10:43 desktop-noble systemd[1]: Starting apt-daily.service - Daily
apt download activities...
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0590]
device (wlp6s0f0): Activation: starting connection 'coppernik-guest'
(3c1ce33e-2c09-413b-8713-3d8dbe7e1a28)
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0591]
audit: op="connection-add-activate" uuid="3c1ce33e-2c09-413b-8713-3d8dbe7e1a28"
name="coppernik-guest" pid=1353 uid=124 result="success"
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0592]
device (wlp6s0f0): state change: disconnected -> prepare (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0593]
device (wlp6s0f0): state change: prepare -> config (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0594]
device (wlp6s0f0): Activation: (wifi) access point 'coppernik-guest' has
security, but secrets are required.
Feb 11 17:10:43 desktop-noble NetworkManager[1966]: <info> [1739293843.0594]
device (wlp6s0f0): state change: config -> need-auth (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:10:43 desktop-noble /usr/libexec/gdm-wayland-session[1305]:
dbus-daemon[1305]: [session uid=124 pid=1305] Activating service
name='org.freedesktop.secrets' requested by ':1.3' (uid=124 pid=1353
comm="/usr/bin/gnome-shell" label="unconfined")
Feb 11 17:10:43 desktop-noble gnome-keyring-daemon[1929]: The Secret Service
was already initialized
Feb 11 17:10:43 desktop-noble gnome-keyring-daemon[3832]:
discover_other_daemon: 1
Feb 11 17:10:43 desktop-noble /usr/libexec/gdm-wayland-session[3832]:
GNOME_KEYRING_CONTROL=/run/user/124/keyring
Feb 11 17:10:43 desktop-noble gnome-keyring-d[1929]: The Secret Service was
already initialized
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <warn> [1739293868.0662]
device (wlp6s0f0): no secrets: No agents were available for this request.
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <info> [1739293868.0662]
device (wlp6s0f0): state change: need-auth -> failed (reason 'no-secrets',
sys-iface-state: 'managed')
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <warn> [1739293868.0666]
device (wlp6s0f0): Activation: failed for connection 'coppernik-guest'
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <info> [1739293868.0667]
device (wlp6s0f0): state change: failed -> disconnected (reason 'none',
sys-iface-state: 'managed')
Feb 11 17:11:13 desktop-noble systemd-networkd-wait-online[3830]: Timeout
occurred while waiting for network connectivity.
Important part of the log:
Feb 11 17:11:08 desktop-noble NetworkManager[1966]: <warn> [1739293868.0662]
device (wlp6s0f0): no secrets: No agents were available for this request.
then 1m35s later:
Feb 11 17:12:43 desktop-noble /usr/libexec/gdm-wayland-session[3832]:
discover_other_daemon: 1
Feb 11 17:12:43 desktop-noble /usr/libexec/gdm-wayland-session[1305]:
dbus-daemon[1305]: [session uid=124 pid=1305] Failed to activate service
'org.freedesktop.secrets': timed out (service_start_timeout=120000ms)
Use-case from the customer
When the user receives the notebook, he needs to connect to his local network
via WiFi. He has to do it at login screen, as his credentials are not stored in
sssd cache yet. At this
point no window is shown to enter the WiFi password. The window would only be
shown _after_ user login (that is not possible due to missing credentials). For
this reason we
need the possibility to enter the WiFi password at login screen. This has
worked at Ubuntu 22 but not on Ubuntu 24 anymore.
I tried to test that in Jammy but I encountered issue
https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/2098014
I fought the issue might be due to the missing polkit rules
but this seems not to be the case
On other test machine with existing connection I needed to add this
rule so gdm can configure the connection. I need to remove --no-debug
flag from polkit to see when it fails
systemctl edit polkit
# That will be put in /etc/systemd/system/polkit.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/lib/polkit-1/polkitd
Then run
systemctl daemon-reload
# Create the following rule
root@machine:~# cat /etc/polkit-1/rules.d/99-allwifi.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system"
&&
subject.user == "gdm") {
return polkit.Result.YES;
}
});
systemctl daemon-reload
systemctl restart polkit
Otherwise I was not able to change the connection
Feb 11 17:41:54 earl polkitd[8018]: Error performing authentication:
GDBus.Error:org.freedesktop.PolicyKit1.Error.Cancelled: Authentication dialog
was dismissed by the user (polkit-error-quark 1)
Feb 11 17:41:54 earl polkitd[8018]: 17:41:54.934: Operator of unix-session:c1
FAILED to authenticate to gain authorization for action
org.freedesktop.NetworkManager.settings.modify.system for unix-process:2412:921
[/usr/bin/gnome-shell] (owned by unix-user:gdm)
Feb 11 17:41:54 earl polkitd[8018]: Operator of unix-session:c1 FAILED to
authenticate to gain authorization for action
org.freedesktop.NetworkManager.settings.modify.system for unix-process:2412:921
[/usr/bin/gnome-shell] (owned by unix-user:gdm)
Some relevant links:
How to set polkitd-1 rules since 23.10
https://askubuntu.com/questions/1291512/authentication-required-system-policy-prevents-wifi-scans-in-focalfossa
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: gdm3 46.2-1ubuntu1~24.04.1
ProcVersionSignature: Ubuntu 6.8.0-52.53-generic 6.8.12
Uname: Linux 6.8.0-52-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: lxd
CloudName: lxd
CloudPlatform: lxd
CloudSerial: 20250115
CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock)
Date: Tue Feb 11 15:20:39 2025
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
TERM=xterm-256color
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/2098016/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
