First lets Install the basic software we need on the server
Note: I found this info here…
apt-get update apt-get install -y xorg-video-abi-23 xserver-xorg-core apt install -y xrdp xorgxrdp apt install -y freerdp-x11
Next lets fix a few known issues
# Fix : http://c-nergy.be/blog/?p=12043 # Create the file for the fix touch /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla # Add the right content to the file echo "[Allow Colord all Users] Identity=unix-user:* Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile ResultAny=no ResultInactive=no ResultActive=yes" > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla # Lets confirm the file was created echo; echo; echo; cat /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla # Remove any crash files rm /var/crash/*
# Extra Fix for "Auth Required:, may not be necessary... : http://c-nergy.be/blog/?p=12073
# Create /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
touch /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
echo "polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile") &&
subject.isInGroup("{users}")) {
return polkit.Result.YES;
}
});" > /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
echo; echo; echo; cat /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
rm /var/crash/*
cp ~/.xsession ~/.xsession.backup echo env -u SESSION_MANAGER -u DBUS_SESSION_BUS_ADDRESS cinnamon-session > ~/.xsession
# Fix for the next command :http://c-nergy.be/blog/?p=11868 sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config
For those who are looking for an answer and found this page in Google. The issue is the lack of an sssd config, is not and xrdp bug.
Maybe you are using an Active Directory integration with sssd and Group Policy as authorization method (Like the official instructions from RHEL)
You have 2 choices:
Option 1: Use “simple” as access provider instead of Group Policy
You sssd.conf should look like this
[sssd] domains = mydomain.corp config_file_version = 2 services = nss, pam
ad_domain = mydomain.corp … a bunch of config not related … access_provider = simple
This makes useless the GPO Policy, but you can specify which users or groups are allowed to login with this commands in the workstation: (more info)realm permit user@example.com
orrealm permit -g group@example.com.
Option 2: Keep Using Group Policy
This is the config that works for me in Centos 8
[sssd] domains = mydomain.corp config_file_version = 2 services = nss, pam
[domain/mydomain.corp]
ad_domain = mydomain.corp … a bunch of config not related … access_provider = ad ad_gpo_access_control = enforcing ad_gpo_map_remote_interactive = +xrdp-sesman