xRDP and Linux (Ubuntu, Mint, etc)

  • Post author:
  • Post category:Linux

First lets Install the basic software we need on the server

Note: I found this info here

apt-get update
apt-get install -y xorg-video-abi-23 xserver-xorg-core
apt install -y xrdp xorgxrdp
apt install -y freerdp-x11

Next lets fix a few known issues

# Fix : http://c-nergy.be/blog/?p=12043

# Create the file for the fix
touch /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

# Add the right content to the file
echo "[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes" > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

# Lets confirm the file was created
echo; echo; echo; cat /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

# Remove any crash files
rm /var/crash/*
# Extra Fix for "Auth Required:, may not be necessary... : http://c-nergy.be/blog/?p=12073
# Create /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf

touch /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf

echo "polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" ||
action.id == "org.freedesktop.color-manager.create-profile" ||
action.id == "org.freedesktop.color-manager.delete-device" ||
action.id == "org.freedesktop.color-manager.delete-profile" ||
action.id == "org.freedesktop.color-manager.modify-device" ||
action.id == "org.freedesktop.color-manager.modify-profile") &&
subject.isInGroup("{users}")) {
return polkit.Result.YES;
}
});" > /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf

echo; echo; echo; cat /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf

rm /var/crash/*
cp ~/.xsession ~/.xsession.backup
echo env -u SESSION_MANAGER -u DBUS_SESSION_BUS_ADDRESS cinnamon-session > ~/.xsession
# Fix for the next command :http://c-nergy.be/blog/?p=11868
sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config

For those who are looking for an answer and found this page in Google. The issue is the lack of an sssd config, is not and xrdp bug.

Maybe you are using an Active Directory integration with sssd and Group Policy as authorization method (Like the official instructions from RHEL)

You have 2 choices:

Option 1: Use “simple” as access provider instead of Group Policy

You sssd.conf should look like this

[sssd]
domains = mydomain.corp
config_file_version = 2
services = nss, pam

ad_domain = mydomain.corp … a bunch of config not related … access_provider = simple

This makes useless the GPO Policy, but you can specify which users or groups are allowed to login with this commands in the workstation: (more info)
realm permit user@example.com
or
realm permit -g group@example.com.

Option 2: Keep Using Group Policy

This is the config that works for me in Centos 8

[sssd]
domains = mydomain.corp
config_file_version = 2
services = nss, pam

[domain/mydomain.corp]

ad_domain = mydomain.corp … a bunch of config not related … access_provider = ad ad_gpo_access_control = enforcing ad_gpo_map_remote_interactive = +xrdp-sesman