Sadly my setup is centos only.
The login works fine for ad-accounts when using ssh.
Allow_all policy is enabled in ipa


It seems that authentication to xrdp works, but when it switches to vnc and
tries to set up the display it fails.
because it says => Window manager config problem?
the errors for libxrdp_query_channels are also present when a working
session is started, so I'm ignoring those

anyway I'm gonna see if I can set up a fedora ipa server and client to test
this.

[20210401-09:21:52] [DEBUG] xrdp_wm_log_msg: connecting to sesman ip
127.0.0.1 port 3350

==> /var/log/xrdp-sesman.log <==
[20210401-09:21:52] [INFO ] A connection received from 127.0.0.1 port 34514

==> /var/log/xrdp.log <==
[20210401-09:21:53] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: sending login info to session
manager, please wait...
[20210401-09:21:53] [DEBUG] return value from xrdp_mm_connect 0

==> /var/log/xrdp-sesman.log <==
[20210401-09:21:53] [INFO ] Terminal Server Users group is disabled,
allowing authentication
[20210401-09:21:53] [INFO ] ++ created session (access granted): username
r...@windows.test, ip 172.16.1.10:59237 - socket: 12
[20210401-09:21:53] [INFO ] starting Xvnc session...
[20210401-09:21:53] [INFO ] calling auth_start_session from pid 1573414

==> /var/log/xrdp.log <==
[20210401-09:21:53] [INFO ] xrdp_wm_log_msg: login successful for display 16
[20210401-09:21:53] [DEBUG] Layout from client_info (geom=1920x1080
#screens=1) : 0:(1920x1080+0+0)
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC started connecting
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC connecting to 127.0.0.1
5916

==> /var/log/xrdp-sesman.log <==
[20210401-09:21:53] [INFO ] Xvnc :16 -auth .Xauthority -geometry 1920x1080
-depth 32 -rfbauth
/home/rob/.vnc/sesman_passwd-...@windows.test@desktop.linux.test:16
-bs -nolisten tcp -localhost -dpi 96

==> /var/log/xrdp.log <==
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC tcp connected
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC security level is 2 (1 =
none, 2 = standard)
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC password ok
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC sending share flag
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC receiving server init
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC receiving pixel format
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC receiving name length
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC receiving name
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC sending pixel format
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC sending cursor
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: VNC connection complete,
connected ok
[20210401-09:21:53] [DEBUG] xrdp_wm_log_msg: connected ok

==> /var/log/xrdp-sesman.log <==
[20210401-09:21:53] [INFO ] waiting for window manager (pid 1573428) to exit

==> /var/log/xrdp.log <==
[20210401-09:21:53] [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
[20210401-09:21:53] [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
[20210401-09:21:53] [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
[20210401-09:21:53] [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
[20210401-09:21:53] [ERROR] libxrdp_query_channel - Channel out of range 4
[20210401-09:21:53] [DEBUG] xrdp_mm_connect_chansrv: chansrv connect
successful
[20210401-09:21:53] [DEBUG] Skipping ENC_CURSOR encoding
[20210401-09:21:53] [DEBUG] VNC matched ExtendedDesktopSize rectangle x=0,
y=0 geom=1920x1080
[20210401-09:21:53] [DEBUG] VNC server supports resizing
[20210401-09:21:53] [INFO ] Layout from OldLayout (geom=1920x1080
#screens=1) : 1804289383:(1920x1080+0+0)
[20210401-09:21:53] [DEBUG] VNC setting screen id to 1804289383 from server
[20210401-09:21:53] [DEBUG] Server layout is the same as the client layout
[20210401-09:21:53] [DEBUG] Closed socket 18 (AF_INET 127.0.0.1:34514)
[20210401-09:21:53] [DEBUG] VNC got clip data

==> /var/log/xrdp-sesman.log <==
[20210401-09:21:54] [CORE ] window manager exited quickly (1 secs). Window
manager config problem?
[20210401-09:21:54] [INFO ] Cleaning up session. Calling auth_stop_session
and auth_end from pid 1573414

==> /var/log/xrdp.log <==
[20210401-09:21:54] [DEBUG] Closed socket 12 (AF_INET 172.16.1.100:3389)
[20210401-09:21:54] [DEBUG] xrdp_mm_module_cleanup
[20210401-09:21:54] [DEBUG] VNC mod_exit

==> /var/log/xrdp-sesman.log <==
[20210401-09:21:54] [INFO ] ++ terminated session:  username
r...@windows.test, display :16.0, session_pid 1573414, ip 172.16.1.10:59237
 - socket: 12

==> /var/log/xrdp.log <==
[20210401-09:21:54] [DEBUG] Closed socket 19 (AF_INET 127.0.0.1:53726)
[20210401-09:21:54] [DEBUG] Closed socket 20 (AF_UNIX)




Op di 30 mrt. 2021 om 15:57 schreef Alexander Bokovoy <aboko...@redhat.com>:

> On ti, 30 maalis 2021, Rob Verduijn via FreeIPA-users wrote:
> >I just noticed that xrdp works fine for ipa idm users.
> >
> >However for users that login with ad accounts from the ad that has a trust
> >relation with ipa xrdp fails.
>
> Do you have more details? What do you see in the logs?
>
> I am not sure it is going to work at all but if you can reproduce with
> Fedora 33, then I'd look at it. The reason for F33 is that we had quite
> some changes in FreeIPA 4.9.2 merged related to AD interoperability.
>
> I am not interested in this happening with FreeIPA 4.6 or with FreeIPA
> 4.8 as those will not be updated with these changes.
>
>
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to