[Xrdp-devel] xrdp_pam_authentication

Fri, 04 Nov 2011 20:24:20 -0700 

hi there,

i'm sorry for bothering you but i'm stuck in a project of mine and
can't find a solution to my problem, even after hours of research. :-/

the task is to connect from a windows(xp)-machine (with its default
remote desktop client) to a debian(squeeze)-server, using a pam-radius
authentication.

to solve that, i've installed xrdp(v0.5.0) and the tightvncserver
(v1.3.9-6.1).
the vnc-server is not configured at all and my xrdp-configs look like
this...

/etc/xrdp/xrdp.ini
----------------------------------
[globals]
bitmap_cache=yes
bitmap_compression=yes
port=3389
crypt_level=low
channel_code=1

[xrdp1]
name=Debian
lib=libvnc.so
username=na
password=na
ip=127.0.0.1
port=5901
----------------------------------

/etc/xrdp/sesman.ini
----------------------------------
[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=1
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh

[Security]
AllowRootLogin=1
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins

[Sessions]
MaxSessions=10
KillDisconnected=0
IdleTimeLimit=0
DisconnectedTimeLimit=0

[Logging]
LogFile=/var/log/xrdp-sesman.log
LogLevel=DEBUG
EnableSyslog=0
SyslogLevel=DEBUG

[X11rdp]
param1=-bs
param2=-ac
param3=-nolisten
param4=tcp

[Xvnc]
param1=-bs
param2=-ac
param3=-nolisten
param4=tcp
-------------------------------

with this parameters and a started vnc-session :1 (with given
username/passwd) a connection can be established.
the next step would be to authenticate via the radius-server.
this works fine when performing a local-login - my configuration for
pam looks like this...

/usr/pam.d/sudo
-------------------------------
#%PAM-1.0

##########pam radius
auth       sufficient   pam_radius_auth.so debug
##########pam radius

@include common-auth
@include common-account

session required pam_permit.so
session required pam_limits.so
-------------------------------

i actually thought, i could just use this for an xrdp-connection, too.
so i copied it into the /etc/pam.d/xrdp-sesman file.
but this doesn't seem to be everything that has to be done...how can i
configure xrdp to run the pam-module?

i would really appreciate it, if you could give me a piece of advice.

Best Regards
Ole Kant
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel

Reply via email to