Hello world,
The idea of the post came from a question asked on askubuntu.com (see Authentication required. System policy prevents WiFi scans” in FocalFossa). Some users wanted to scan and connect to WiFi networks while remotely connected to their system through the xRDP Software solution. Usually, we do not recommend to perform changes at network connections level while remotely connected. Indeed, if your changes are not successful (depends the changes you are performing!!!), you might loose your remote session and remote connections capabilities. The only option left would be to go logon locally on the machine and perform the necessary changes….
That’s being said, we decided to give it a try and see if we could indeed create a custom polkit configuration file (*.pkla) in order to allow remotely connected users to configure their WiFi connections…
So, let’s go !
Overview
Disclaimer
Problem description
We have configured a machine that’s running Ubuntu 20.04. The machine has one ethernet card and one Wireless card installed. We have performed this setup to demonstrate how to connect to a WiFi network from an xRDP session while ensuring we would not loose our connectivity to the remote machine.
We have performed our xRDP connection to the machine (using the wired connection) and we are ready to connect to an existing WiFi network. As you can see on the screenshot below, we are not connected to any WiFi networks yet.
You can find more information about polkit, pkla and xrdp by reading these previous posts xRDP – The Infamous “Authentication Required to Create Managed Color Device” Explained xRDP – How to Fix the Infamous system crash popups in Ubuntu 18.04 (and previous versions) xRDP – The Infamous “Authentication Required to Create Managed Color Device” Explained
Solution : Create your custom rules
Initial & incomplete Fix
To avoid such dialog box while trying to connect to a WiFi network, you will need to create your own pkla file. In our scenario, we will create a file called 47-allow-wifi-scans.pkla which will be created under /etc/polkit-1/localauthority/50-local.d/. You need administrative privileges in order to write in this location !
The initial pkla file would contains the following information
[Allow Wifi Scan]
Identity=unix-user:*
Action=org.freedesktop.NetworkManager.wifi.scan
ResultAny=yes
ResultInactive=yes
ResultActive=yes
The following screenshot shows the content of the directory ( /etc/polkit-1/localauthority/50-local.d/) and also shows the content of the file
Working pkla configuration file
To avoid polkit dialog box popping up while trying to connect to a WiFi network, we have updated the our custom configuration file (located /etc/polkit-1/localauthority/50-local.d/47-allow-wifi-scan.pkla) and we have populated it with the following contents
[Allow Wifi Scan] Identity=unix-user:* Action=org.freedesktop.NetworkManager.wifi.scan;org.freedesktop.NetworkManager.enable-disable-wifi;org.freedesktop.NetworkManager.settings.modify.own;org.freedesktop.NetworkManager.settings.modify.system;org.freedesktop.NetworkManager.network-control ResultAny=yes ResultInactive=yes ResultActive=yes
Once the file has been created, you should be able to access the list of WiFi networks available and when trying to connect, you should be presented with the dialog box asking your for the WiFI password you are about to connect to….
We can then assess and check that you are indeed connected to the selected Wireless network
Final Notes
This is it for this post !
We were able to configure our Ubuntu system to bypass all the polkit dialog box that would popup when trying to connect to a wireless network when remotely connected (via xRDP Software). The fix is relatively easy once you know what causing the popup (i.e. polkit software) and how to overcome these popups (via custom rules). As mentioned at the beginning of the post, we are not recommending to perform network changes while remotely connected to the system as you might loose your remote session. Possibly, do the necessary changes when locally connected
We had some fun (and we learned some news stuff about polkit) writing this post. We hope you have enjoyed this one as well…
Till next time
See ya
Thank you!!!!!!!
@Mircea,
Thank you for visiting our blog and provide good feedback.. Always happy to see that this info can be useful
Till next time
See ya
seems this doesn’t work anymore, at least not for my environment.
@Tro-Co,
Thank you for visiting our blog and providing some feedback. So, the first question to ask is which version of Ubuntu are your running. This post will work up to UBuntu version 23.04. If you are running Ubuntu 23.10 or later, it will not work… The reason behind is simply that Ubuntu 23.10 is using a new pkaction version (i.e. 123) which means that the pkla file extension cannot be used anymore. You will need to create exclusions rules using javascript code and the file extensions should be now .rules.
You can find more info and an example in the following post (https://c-nergy.be/blog/?p=19242)
Hope this help
Till next time
See ya