NetworkManager startup priorities

Hi there,

I’m using NetworkManager on Tumbleweed (KDE Plasma 6) and I have set some priorities for networks at my university. Now on startup (or after logging in more generally), NetworkManager tries to connect to the higher priority networks first, but does not succeed because the authentication agent for stored secrets isn’t available. So it ends up connecting to a lower-priority, public network, that does not require authentication.

Here are the relevant logs:

Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.6656] policy: auto-activating connection 'private' (efd16fda-bf0a-4c67-8f27-886752880a5f)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.6660] device (wlp0s20f3): Activation: starting connection 'private' (efd16fda-bf0a-4c67-8f27-886752880a5f)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.6661] device (wlp0s20f3): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.6662] manager: NetworkManager state is now CONNECTING
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.6980] device (wlp0s20f3): set-hw-addr: reset MAC address to C4:75:AB:8E:3C:BC (preserve)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7020] device (wlp0s20f3): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7023] device (wlp0s20f3): Activation: (wifi) access point 'private' has security, but secrets are required.
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7023] device (wlp0s20f3): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <warn>  [1712836718.7028] device (wlp0s20f3): no secrets: No agents were available for this request.
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7028] device (wlp0s20f3): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7030] manager: NetworkManager state is now DISCONNECTED
Apr 11 13:58:38 sirius NetworkManager[1813]: <warn>  [1712836718.7032] device (wlp0s20f3): Activation: failed for connection 'private'
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7034] device (wlp0s20f3): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7416] device (wlp0s20f3): set-hw-addr: set MAC address to E2:08:C3:2D:FF:C4 (scanning)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7455] policy: auto-activating connection 'public' (74e78ce9-7d13-4447-91ef-34965511a935)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7461] device (wlp0s20f3): Activation: starting connection 'public' (74e78ce9-7d13-4447-91ef-34965511a935)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7463] device (wlp0s20f3): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7466] manager: NetworkManager state is now CONNECTING
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7882] device (wlp0s20f3): set-hw-addr: reset MAC address to C4:75:AB:8E:3C:BC (preserve)
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7916] device (wlp0s20f3): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7918] device (wlp0s20f3): Activation: (wifi) connection 'public' requires no security.  No secrets needed.
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7919] Config: added 'ssid' value 'public'
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7919] Config: added 'scan_ssid' value '1'
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7919] Config: added 'bgscan' value 'simple:30:-65:300'
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7919] Config: added 'key_mgmt' value 'NONE'
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7922] device (wlp0s20f3): supplicant interface state: disconnected -> interface_disabled
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.7923] device (p2p-dev-wlp0s20f3): supplicant management interface state: disconnected -> interface_disabled
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.8301] device (wlp0s20f3): supplicant interface state: interface_disabled -> disconnected
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.8301] device (p2p-dev-wlp0s20f3): supplicant management interface state: interface_disabled -> disconnected
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.8424] device (wlp0s20f3): supplicant interface state: disconnected -> authenticating
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.8424] device (p2p-dev-wlp0s20f3): supplicant management interface state: disconnected -> authenticating
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.8863] device (wlp0s20f3): supplicant interface state: authenticating -> associating
Apr 11 13:58:38 sirius NetworkManager[1813]: <info>  [1712836718.8864] device (p2p-dev-wlp0s20f3): supplicant management interface state: authenticating -> associating
Apr 11 13:58:39 sirius NetworkManager[1813]: <info>  [1712836719.0727] device (wlp0s20f3): supplicant interface state: associating -> completed
Apr 11 13:58:39 sirius NetworkManager[1813]: <info>  [1712836719.0728] device (wlp0s20f3): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "public"

How can I make NetworkManager wait until the key agent (probably kwallet) is available, or alternatively how can I ensure the kwallet agent is running before NetworkManager tries to connect?

You cannot. Hmm … you can set autoconnect-retries to zero which will make NetworkManager to try forever.

Store connection secrets system wide and not in user specific location.

Disable autoconnect property for this connection and connect manually when you logged in. I assume you can also add KDE startup script that initiates connection.

Adding the following startup script solves the issue:

#!/bin/sh

if [ enabled == enabled ]
then
  nmcli radio wifi off
  nmcli radio wifi on
fi

But it’s kind of hacky… is there no other way? What gives NetworkManager the signal to connect on login? The NetorkManager service is already started at system startup.

I’m using NetworkManager on Tumbleweed (KDE Plasma 6) too. It unconditionally connects upon boot. Configuration file is:

6700k:~ # cat /etc/NetworkManager/system-connections/FRITZ\!Box\ Karl\ Mistelberger.nmconnection 
[connection]
id=FRITZ!Box Karl Mistelberger
uuid=948baf91-cbcf-4b99-834a-931621e03e66
type=wifi

[wifi]
mode=infrastructure
ssid=FRITZ!Box Karl Mistelberger

[wifi-security]
key-mgmt=wpa-psk
psk=1234567890123456....

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]
6700k:~ # 

https://wiki.archlinux.org/title/NetworkManager#Connect_to_network_with_secret_on_boot

I was wrong. This is what NetworkManager does by default if connection secrets are stored in user specific location.

NM will not “connect on login” (although there are some indications that NM may monitor login sessions). But if connection is set to autoconnect and secrets are not available NM will delay autoconnection until some user agent registers. Then it will ask this user agent for secrets and try again.

This did not work for me on GNOME 42 with autologin. On session startup I get prompted to unlock gnome-keyring (where secrets are stored) but NM never activates connection. I do not know if it is GNOME Shell or NM bug.

If I log in normally then connection is activated.

I use autologin on Gnome 45 and now 46 as I have FDE, in both versions NM auto-connects to the last used wifi network. But as I have FDE, the default Gnome keyring password is set to empty value, maybe NM won’t auto-connect if it doesn’t get the secret right at login.

There was a very straightforward solution I did not see: disabling autoconnect for the public network… Thank you for all the help guys! Cheers!!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.