CentOS 8にxrdpをインストールしてWindows PCからRemote Desktop接続をしてみました。
xrdp
http://xrdp.org/
xrdp – an open source RDP server
https://github.com/neutrinolabs/xrdp
環境
・CentOS Linux release 8.2.2004 (Core)
・Kernel 4.18.0-193.6.3.el8_2.x86_64
- デスクトップ環境のインストール
- epel Repositoryのインストール
- xrdpのインストール
- xrdpの自動起動の設定と起動
- Firewallの許可
- テストユーザの登録
- リモートデスクトップ接続
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[root@centos8 ~]# dnf grouplist CentOS-8 - AppStream 4.4 kB/s | 4.3 kB 00:00 CentOS-8 - Base 7.9 kB/s | 3.9 kB 00:00 CentOS-8 - Extras 1.8 kB/s | 1.5 kB 00:00 Available Environment Groups: Server with GUI Server Workstation Virtualization Host Custom Operating System Installed Environment Groups: Minimal Install Installed Groups: Development Tools Security Tools System Tools Available Groups: Container Management .NET Core Development RPM Development Tools Graphical Administration Tools Headless Management Legacy UNIX Compatibility Network Servers Scientific Support Smart Card Support [root@centos8 ~]# dnf -y groupinstall "Server with GUI" |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@centos8 ~]# dnf -y install epel-release Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: epel-release noarch 8-8.el8 extras 23 k Transaction Summary ================================================================================ Install 1 Package Total download size: 23 k Installed size: 32 k Downloading Packages: epel-release-8-8.el8.noarch.rpm 190 kB/s | 23 kB 00:00 -------------------------------------------------------------------------------- Total 19 kB/s | 23 kB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-8.el8.noarch 1/1 Running scriptlet: epel-release-8-8.el8.noarch 1/1 Verifying : epel-release-8-8.el8.noarch 1/1 Installed products updated. Installed: epel-release-8-8.el8.noarch Complete! |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
[root@centos8 ~]# dnf -y install xrdp Extra Packages for Enterprise Linux Modular 8 - 41 kB/s | 82 kB 00:01 Extra Packages for Enterprise Linux 8 - x86_64 2.1 MB/s | 7.4 MB 00:03 ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: xrdp x86_64 1:0.9.13.1-1.el8 epel 442 k Installing weak dependencies: xrdp-selinux x86_64 1:0.9.13.1-1.el8 epel 22 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 464 k Installed size: 2.2 M Downloading Packages: (1/2): xrdp-selinux-0.9.13.1-1.el8.x86_64.rpm 146 kB/s | 22 kB 00:00 (2/2): xrdp-0.9.13.1-1.el8.x86_64.rpm 1.3 MB/s | 442 kB 00:00 -------------------------------------------------------------------------------- Total 700 kB/s | 464 kB 00:00 warning: /var/cache/dnf/epel-6519ee669354a484/packages/xrdp-0.9.13.1-1.el8.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x2F86D6A1: Userid : "Fedora EPEL (8) <epel@fedoraproject.org>" Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : xrdp-selinux-1:0.9.13.1-1.el8.x86_64 1/2 Running scriptlet: xrdp-selinux-1:0.9.13.1-1.el8.x86_64 1/2 Installing : xrdp-1:0.9.13.1-1.el8.x86_64 2/2 Running scriptlet: xrdp-1:0.9.13.1-1.el8.x86_64 2/2 Verifying : xrdp-1:0.9.13.1-1.el8.x86_64 1/2 Verifying : xrdp-selinux-1:0.9.13.1-1.el8.x86_64 2/2 Installed products updated. Installed: xrdp-1:0.9.13.1-1.el8.x86_64 xrdp-selinux-1:0.9.13.1-1.el8.x86_64 Complete! |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
[root@centos8 ~]# repoquery --list xrdp /etc/logrotate.d/xrdp /etc/pam.d/xrdp-sesman /etc/sysconfig/xrdp /etc/xrdp /etc/xrdp/km-00000406.ini /etc/xrdp/km-00000407.ini /etc/xrdp/km-00000409.ini /etc/xrdp/km-0000040a.ini /etc/xrdp/km-0000040b.ini /etc/xrdp/km-0000040c.ini /etc/xrdp/km-00000410.ini /etc/xrdp/km-00000411.ini /etc/xrdp/km-00000412.ini /etc/xrdp/km-00000414.ini /etc/xrdp/km-00000415.ini /etc/xrdp/km-00000416.ini /etc/xrdp/km-00000419.ini /etc/xrdp/km-0000041d.ini /etc/xrdp/km-00000807.ini /etc/xrdp/km-00000809.ini /etc/xrdp/km-0000080a.ini /etc/xrdp/km-0000080c.ini /etc/xrdp/km-00000813.ini /etc/xrdp/km-00000816.ini /etc/xrdp/km-0000100c.ini /etc/xrdp/km-00010409.ini /etc/xrdp/openssl.conf /etc/xrdp/pulse /etc/xrdp/pulse/default.pa /etc/xrdp/sesman.ini /etc/xrdp/xrdp.ini /etc/xrdp/xrdp_keyboard.ini /usr/bin/xrdp-dis /usr/bin/xrdp-genkeymap /usr/bin/xrdp-keygen /usr/bin/xrdp-sesadmin /usr/bin/xrdp-sesrun /usr/lib/.build-id /usr/lib/.build-id/30 /usr/lib/.build-id/30/24941389f84e18358547d7cfff56946469ee62 /usr/lib/.build-id/57 /usr/lib/.build-id/57/bd805928e89995a4789bb7be524eb9b64e019a /usr/lib/.build-id/69 /usr/lib/.build-id/69/6f84c91366918428abf8c042c736f7771baf05 /usr/lib/.build-id/6d /usr/lib/.build-id/6d/a56765e25f2d8b28bfb0d1400492c372d6f6aa /usr/lib/.build-id/74 /usr/lib/.build-id/74/e8b5633bce165253a96e11d926e86e04a20a34 /usr/lib/.build-id/77 /usr/lib/.build-id/77/6366954dbe442d339a2f4f3e5e991cc991c34d /usr/lib/.build-id/97 /usr/lib/.build-id/97/5518ed1fd2615c189a4a6be03b352a99a7cb22 /usr/lib/.build-id/9e /usr/lib/.build-id/9e/66581ae70ebedf4d40260eccd8711dd6dbadba /usr/lib/.build-id/a5 /usr/lib/.build-id/a5/9bdd37381c95640445b61f252ba1ec08e25b10 /usr/lib/.build-id/a5/bb1e9f818bbec5e7b9f9ecd1c1b878bc511da8 /usr/lib/.build-id/ac /usr/lib/.build-id/ac/a280d34f1badbad8ae9e8516ac88e705534da4 /usr/lib/.build-id/d8 /usr/lib/.build-id/d8/6e464ace0550c3726fd5bb9204f3f8dad10b8f /usr/lib/.build-id/d9 /usr/lib/.build-id/d9/dfa007f9673599fd9497c695f63d0b289851e5 /usr/lib/.build-id/dc /usr/lib/.build-id/dc/8a82a1b030f4627bb306837e709c5ee034f5ba /usr/lib/.build-id/e9 /usr/lib/.build-id/e9/f2d7fbaa701d892fbafdba421d56b2ceb7eba4 /usr/lib/.build-id/f8 /usr/lib/.build-id/f8/cc2bba88ec815cc2931b76ef0ee19d0a6341f7 /usr/lib/.build-id/fd /usr/lib/.build-id/fd/4d9a166ba1569e53c2f9060fb2720c5f537211 /usr/lib/systemd/system/xrdp-sesman.service /usr/lib/systemd/system/xrdp.service /usr/lib64/librfxencode.so.0 /usr/lib64/librfxencode.so.0.0.0 /usr/lib64/xrdp /usr/lib64/xrdp/libcommon.so.0 /usr/lib64/xrdp/libcommon.so.0.0.0 /usr/lib64/xrdp/libmc.so /usr/lib64/xrdp/libscp.so.0 /usr/lib64/xrdp/libscp.so.0.0.0 /usr/lib64/xrdp/libvnc.so /usr/lib64/xrdp/libxrdp.so.0 /usr/lib64/xrdp/libxrdp.so.0.0.0 /usr/lib64/xrdp/libxrdpapi.so.0 /usr/lib64/xrdp/libxrdpapi.so.0.0.0 /usr/lib64/xrdp/libxup.so /usr/libexec/xrdp /usr/libexec/xrdp/reconnectwm.sh /usr/libexec/xrdp/startwm-bash.sh /usr/libexec/xrdp/startwm.sh /usr/sbin/xrdp /usr/sbin/xrdp-chansrv /usr/sbin/xrdp-sesman /usr/share/doc/xrdp /usr/share/doc/xrdp/COPYING /usr/share/doc/xrdp/README.Fedora /usr/share/doc/xrdp/design.txt /usr/share/doc/xrdp/faq-compile.txt /usr/share/doc/xrdp/faq-general.txt /usr/share/doc/xrdp/file-loc.txt /usr/share/doc/xrdp/install.txt /usr/share/man/man1/xrdp-dis.1.gz /usr/share/man/man5/sesman.ini.5.gz /usr/share/man/man5/xrdp.ini.5.gz /usr/share/man/man8/xrdp-chansrv.8.gz /usr/share/man/man8/xrdp-genkeymap.8.gz /usr/share/man/man8/xrdp-keygen.8.gz /usr/share/man/man8/xrdp-sesadmin.8.gz /usr/share/man/man8/xrdp-sesman.8.gz /usr/share/man/man8/xrdp-sesrun.8.gz /usr/share/man/man8/xrdp.8.gz /usr/share/polkit-1/rules.d/xrdp.rules /usr/share/xrdp /usr/share/xrdp/ad24b.bmp /usr/share/xrdp/ad256.bmp /usr/share/xrdp/cursor0.cur /usr/share/xrdp/cursor1.cur /usr/share/xrdp/sans-10.fv1 /usr/share/xrdp/xrdp24b.bmp /usr/share/xrdp/xrdp256.bmp /usr/share/xrdp/xrdp_logo.bmp /var/log/xrdp-sesman.log /var/log/xrdp.log |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@centos8 ~]# systemctl enable xrdp Created symlink /etc/systemd/system/multi-user.target.wants/xrdp.service -> /usr/lib/systemd/system/xrdp.service. [root@centos8 ~]# systemctl start xrdp [root@centos8 ~]# systemctl status xrdp * xrdp.service - xrdp daemon Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset> Active: active (running) since Wed 2020-07-26 13:42:32 JST; 4s ago Docs: man:xrdp(8) man:xrdp.ini(5) Main PID: 9620 (xrdp) Tasks: 1 (limit: 49603) Memory: 996.0K CGroup: /system.slice/xrdp.service `-9620 /usr/sbin/xrdp --nodaemon Jul 26 13:42:32 centos8.rootlinks.net systemd[1]: Started xrdp daemon. Jul 26 13:42:32 centos8.rootlinks.net xrdp[9620]: (9620)(139777331344832)[INFO > Jul 26 13:42:32 centos8.rootlinks.net xrdp[9620]: (9620)(139777331344832)[INFO > Jul 26 13:42:32 centos8.rootlinks.net xrdp[9620]: (9620)(139777331344832)[INFO > Jul 26 13:42:32 centos8.rootlinks.net xrdp[9620]: (9620)(139777331344832)[INFO > |
Firewalldのサービスが登録されていました。無い場合はデフォルトのポート3389を許可して下さい。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@centos8 ~]# cat /usr/lib/firewalld/services/rdp.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>rdp</short> <description>Microsoft's Remote Desktop Protocol</description> <port protocol="tcp" port="3389"/> </service> [root@centos8 ~]# firewall-cmd --permanent --add-service=rdp success [root@centos8 ~]# firewall-cmd --reload success [root@centos8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client rdp ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |
|
1 2 3 4 5 6 |
[root@centos8 ~]# useradd guest [root@centos8 ~]# passwd guest Changing password for user guest. New password: Retype new password: passwd: all authentication tokens updated successfully. |
Windows PCからCentOS 8にリモートデスクトップ接続をしてみます。
設定変更は何もしていないのですが接続できました。
RHEL/CentOSにDESKTOP環境をインストールして運用することは少ないのですが、実際に運用となったらポート変更とかいろいろ設定を見直した方が良さそうです。
|
1 2 3 4 5 |
[root@centos8 ~]# cat /etc/sysconfig/xrdp # put some options here #XRDP_OPTIONS="" #SESMAN_OPTIONS="" |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 |
[root@centos8 ~]# cat /etc/xrdp/xrdp.ini [Globals] ; xrdp.ini file version number ini_version=1 ; fork a new process for each incoming connection fork=true ; ports to listen on, number alone means listen on all interfaces ; 0.0.0.0 or :: if ipv6 is configured ; space between multiple occurrences ; ; Examples: ; port=3389 ; port=unix://./tmp/xrdp.socket ; port=tcp://.:3389 127.0.0.1:3389 ; port=tcp://:3389 *:3389 ; port=tcp://<any ipv4 format addr>:3389 192.168.1.1:3389 ; port=tcp6://.:3389 ::1:3389 ; port=tcp6://:3389 *:3389 ; port=tcp6://{<any ipv6 format addr>}:3389 {FC00:0:0:0:0:0:0:1}:3389 ; port=vsock://<cid>:<port> port=3389 ; 'port' above should be connected to with vsock instead of tcp ; use this only with number alone in port above ; prefer use vsock://<cid>:<port> above use_vsock=false ; regulate if the listening socket use socket option tcp_nodelay ; no buffering will be performed in the TCP stack tcp_nodelay=true ; regulate if the listening socket use socket option keepalive ; if the network connection disappear without close messages the connection will be closed tcp_keepalive=true ; set tcp send/recv buffer (for experts) #tcp_send_buffer_bytes=32768 #tcp_recv_buffer_bytes=32768 ; security layer can be 'tls', 'rdp' or 'negotiate' ; for client compatible layer security_layer=negotiate ; minimum security level allowed for client for classic RDP encryption ; use tls_ciphers to configure TLS encryption ; can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high ; X.509 certificate and private key ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= ; set SSL protocols ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' ssl_protocols=TLSv1.2, TLSv1.3 ; set TLS cipher suites #tls_ciphers=HIGH ; Section name to use for automatic login if the client sends username ; and password. If empty, the domain name sent by the client is used. ; If empty and no domain name is given, the first suitable section in ; this file will be used. autorun= allow_channels=true allow_multimon=true bitmap_cache=true bitmap_compression=true bulk_compression=true #hidelogwindow=true max_bpp=32 new_cursors=true ; fastpath - can be 'input', 'output', 'both', 'none' use_fastpath=both ; when true, userid/password *must* be passed on cmd line #require_credentials=true ; You can set the PAM error text in a gateway setup (MAX 256 chars) #pamerrortxt=change your password according to policy at http://url ; ; colors used by windows in RGB format ; blue=009cb5 grey=dedede #black=000000 #dark_grey=808080 #blue=08246b #dark_blue=08246b #white=ffffff #red=ff0000 #green=00ff00 #background=626c72 ; ; configure login screen ; ; Login Screen Window Title #ls_title=My Login Title ; top level window background color in RGB format ls_top_window_bg_color=009cb5 ; width and height of login screen ls_width=350 ls_height=430 ; login screen background color in RGB format ls_bg_color=dedede ; optional background image filename (bmp format). #ls_background_image= ; logo ; full path to bmp-file or file in shared folder ls_logo_filename= ls_logo_x_pos=55 ls_logo_y_pos=50 ; for positioning labels such as username, password etc ls_label_x_pos=30 ls_label_width=65 ; for positioning text and combo boxes next to above labels ls_input_x_pos=110 ls_input_width=210 ; y pos for first label and combo box ls_input_y_pos=220 ; OK button ls_btn_ok_x_pos=142 ls_btn_ok_y_pos=370 ls_btn_ok_width=85 ls_btn_ok_height=30 ; Cancel button ls_btn_cancel_x_pos=237 ls_btn_cancel_y_pos=370 ls_btn_cancel_width=85 ls_btn_cancel_height=30 [Logging] LogFile=xrdp.log LogLevel=DEBUG EnableSyslog=true SyslogLevel=DEBUG ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] ; Channel names not listed here will be blocked by XRDP. ; You can block any channel by setting its value to false. ; IMPORTANT! All channels are not supported in all use ; cases even if you set all values to true. ; You can override these settings on each session type ; These settings are only used if allow_channels=true rdpdr=true rdpsnd=true drdynvc=true cliprdr=true rail=true xrdpvr=true tcutils=true ; for debugging xrdp, in section xrdp1, change port=-1 to this: #port=/tmp/.xrdp/xrdp_display_10 ; for debugging xrdp, add following line to section xrdp1 #chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 ; ; Session types ; ; Some session types such as Xorg, X11rdp and Xvnc start a display server. ; Startup command-line parameters for the display server are configured ; in sesman.ini. See and configure also sesman.ini. #[Xorg] #name=Xorg #lib=libxup.so #username=ask #password=ask #ip=127.0.0.1 #port=-1 #code=20 [Xvnc] name=Xvnc lib=libvnc.so username=ask password=ask ip=127.0.0.1 port=-1 #xserverbpp=24 #delay_ms=2000 #[vnc-any] #name=vnc-any #lib=libvnc.so #ip=ask #port=ask5900 #username=na #password=ask #pamusername=asksame #pampassword=asksame #pamsessionmng=127.0.0.1 #delay_ms=2000 #[neutrinordp-any] #name=neutrinordp-any #lib=libxrdpneutrinordp.so #ip=ask #port=ask3389 #username=ask #password=ask ; You can override the common channel settings for each session type #channel.rdpdr=true #channel.rdpsnd=true #channel.drdynvc=true #channel.cliprdr=true #channel.rail=true #channel.xrdpvr=true |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
[root@centos8 ~]# cat /etc/xrdp/sesman.ini ;; See `man 5 sesman.ini` for details [Globals] ListenAddress=127.0.0.1 ListenPort=3350 EnableUserWindowManager=true ; Give in relative path to user's home directory UserWindowManager=startwm.sh ; Give in full path or relative path to /etc/xrdp DefaultWindowManager=startwm-bash.sh ; Give in full path or relative path to /etc/xrdp ReconnectScript=reconnectwm.sh [Security] AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins ; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. AlwaysGroupCheck=false ; When RestrictOutboundClipboard=true clipboard from the ; server is not pushed to the client. RestrictOutboundClipboard=false [Sessions] ;; X11DisplayOffset - x11 display number offset ; Type: integer ; Default: 10 X11DisplayOffset=10 ;; MaxSessions - maximum number of connections to an xrdp server ; Type: integer ; Default: 0 MaxSessions=50 ;; KillDisconnected - kill disconnected sessions ; Type: boolean ; Default: false ; if 1, true, or yes, kill session after 60 seconds KillDisconnected=false ;; DisconnectedTimeLimit - when to kill idle sessions ; Type: integer ; Default: 0 ; if not zero, the seconds before a disconnected session is killed ; min 60 seconds DisconnectedTimeLimit=0 ;; IdleTimeLimit (specify in second) - wait before disconnect idle sessions ; Type: integer ; Default: 0 ; Set to 0 to disable idle disconnection. IdleTimeLimit=0 ;; Policy - session allocation policy ; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] ; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize> ; "UBD" session per <User,BitPerPixel,DisplaySize> ; "UBI" session per <User,BitPerPixel,IPAddr> ; "UBC" session per <User,BitPerPixel,Connection> ; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr> ; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection> Policy=Default [Logging] LogFile=xrdp-sesman.log LogLevel=DEBUG EnableSyslog=1 SyslogLevel=DEBUG ; ; Session definitions - startup command-line parameters for each session type ; [Xorg] ; Specify the path of non-suid Xorg executable. It might differ depending ; on your distribution and version. The typical path is shown as follows: ; ; Fedora 26 or later : param=/usr/libexec/Xorg ; Debian 9 or later : param=/usr/lib/xorg/Xorg ; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg ; Arch Linux : param=/usr/lib/xorg-server/Xorg ; CentOS 7 : param=/usr/bin/Xorg or param=Xorg ; param=Xorg ; Leave the rest paramaters as-is unless you understand what will happen. param=-config param=xrdp/xorg.conf param=-noreset param=-nolisten param=tcp param=-logfile param=.xorgxrdp.%s.log [Xvnc] param=Xvnc param=-bs param=-nolisten param=tcp param=-localhost param=-dpi param=96 [Chansrv] ; drive redirection, defaults to xrdp_client if not set FuseMountName=thinclient_drives ; this value allows only the user to acess their own mapped drives. ; Make this more permissive (e.g. 022) if required. FileUmask=077 [SessionVariables] PULSE_SCRIPT=/etc/xrdp/pulse/default.pa |