Menu

#51 [bug] automatic .vnc directory creation not working properly for active directory users

v1.0 (example)
open
nobody
None
5
2015-07-23
2014-08-27
Nathan
No

This bug report concerns active directory logins not working properly on xrdp 0.6.1 / tigervnc 1.3.0 on fedora 20.
System configuration: Fedora 20 64 bit installation as a guest on vmware esxi server
selinux : disabled
firewall : disabled
joined to active directory domain corp.mydomain.com (CORP) through realmd.

Steps to isolate xrdp / tigervnc as the source of the problem: users can login properly through ssh using the username format username@corp.mydomain.com so we know that pam/sssd/realmd are all working properly.

Basic issue : .vnc directory and vnc password file is not properly created when the user first logs in.

Steps to reproduce :
1)attempt to connect with remote desktop to the server and login using username format username@corp.mydomain.com or CORP\username.
expected result : sucessful login
actual result : home directory is created properly but .vnc directory is not so login fails

2)Attempt to login as many times as you want using the same username format you chose in step 1.
result : after about 15 attempts I got bored and gave up. Attempt # 2 is the only one I logged below because all subsequent attempts are identical in log entries and error messages.

3)Switch username format. If you initially logged in with username@corp.mydomain.com switch to CORP\username and vice versa.
result : .vnc directory is automatically created, vnc password file is automatically generated by the server, user is able to successfully log in!!!

Issue that needs to be addressed

-Why is the .vnc directory and password file not created when the user home directory is created?
-Why does switching the login name format after an initial failed login cause the .vnc directory and password file to now be created?

Troubleshooting and log entries are below. Note that after the first set of tests, I reverted this VM to the initial snapshot so I could demonstrate that it doesn't matter which username format you use first, it only works once you
get a failure and switch the format.

First login using username@corp.mydomain.com as login username

xrdp screen shows :

connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
xrdp_mm_process_login_response: login successful for display
started connecting
connecting to 127.0.0.1 5910
tcp connected
security level is 2 (1 = none, 2 = standard)
password failed
error - problem connecting

journalctl shows:

Aug 27 10:56:55 vm-fedora20.corp.mydomain.com systemd[1]: Starting User Manager for 77401602...
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com systemd[1]: Starting Session c1 of user username@corp.mydomain.com.
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com systemd[1]: Started Session c1 of user username@corp.mydomain.com.
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com systemd-logind[580]: New session c1 of user username@corp.mydomain.com.
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com systemd-logind[580]: Linked /tmp/.X11-unix/X10 to /run/user/77401602/X11-display.
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1362]: pam_unix(xrdp-sesman:session): session opened for user username@corp.mydomain.com by (uid=0)
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Wed Aug 27 10:56:55 2014
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Connections: accepted: 127.0.0.1::42003
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SConnection: Client needs protocol version 3.3
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SVncAuth: opening password file
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: '/home/corp.mydomain.com/username/.vnc/sesman_username@corp.mydomain.com_passwd'
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: failed
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SConnection: AuthFailureException: No password configured for VNC Auth
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Connections: closed: 127.0.0.1::42003 (No password configured for VNC Auth)
Aug 27 10:56:55 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: touch: cannot touch â/home/corp.mydomain.com/username/.cache/imsettings/logâ: No such file or directory
Aug 27 10:56:56 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: gpg-agent[1537]: directory /home/corp.mydomain.com/username/.gnupg' created Aug 27 10:56:56 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: gpg-agent[1537]: directory/home/corp.mydomain.com/username/.gnupg/private-keys-v1.d' created
Aug 27 10:56:56 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: gpg-agent[1538]: gpg-agent (GnuPG) 2.0.22 started
Aug 27 10:56:56 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: startkde: Starting up...

2nd attempt using login name format username@corp.mydomain.com

Aug 27 11:02:02 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=username@corp.mydomain.com
Aug 27 11:02:02 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=username@corp.mydomain.com
Aug 27 11:02:02 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Wed Aug 27 11:02:02 2014
Aug 27 11:02:02 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Connections: accepted: 127.0.0.1::42007
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Wed Aug 27 11:02:03 2014
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SConnection: Client needs protocol version 3.3
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SVncAuth: opening password file
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: '/home/corp.mydomain.com/username/.vnc/sesman_username@corp.mydomain.com_passwd'
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: failed
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SConnection: AuthFailureException: No password configured for VNC Auth
Aug 27 11:02:03 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Connections: closed: 127.0.0.1::42007 (No password configured for VNC Auth)

3rd attempt using login name format CORP\username

Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=CORP\username
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=CORP\username
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Xvnc TigerVNC 1.3.0 - built Oct 2 2013 10:43:43
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: See http://www.tigervnc.org for information on TigerVNC.
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Underlying X server release 11402000, The X.Org Foundation
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension VNC-EXTENSION
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension Generic Event Extension
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension SHAPE
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension MIT-SHM
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XInputExtension
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XTEST
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension BIG-REQUESTS
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension SYNC
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XKEYBOARD
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XC-MISC
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XFIXES
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension RENDER
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension RANDR
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension COMPOSITE
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension DAMAGE
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension MIT-SCREEN-SAVER
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension DOUBLE-BUFFER
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension RECORD
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension DPMS
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension X-Resource
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XVideo
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension XVideo-MotionCompensation
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Initializing built-in extension GLX
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Wed Aug 27 11:03:24 2014
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: vncext: VNC extension running!
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: vncext: Listening for VNC connections on all interface(s), port 5911
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: vncext: created VNC server for screen 0
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com systemd[1]: Starting Session c2 of user username@corp.mydomain.com.
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com systemd-logind[580]: New session c2 of user username@corp.mydomain.com.
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com systemd[1]: Started Session c2 of user username@corp.mydomain.com.
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[2026]: pam_unix(xrdp-sesman:session): session opened for user CORP\username by (uid=0)
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: Connections: accepted: 127.0.0.1::60750
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: SConnection: Client needs protocol version 3.3
Aug 27 11:03:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888
Aug 27 11:03:25 vm-fedora20.corp.mydomain.com xrdp-sesman[1352]: startkde: Starting up...

home directory of user username
Notes : notice that the creation time on most of those files matches exactly the time 10:56 which is my first attempted login. First login caused home directory to get created but no vncpasswd file created.
Notice that the creation time of the .vnc directory corresponds to the 3rd login attempt when I switched to the CORP\username login format. Somehow vnc or xrdp auto-created my .vncpasswd file for me on that login attempt.
=============================
[root@vm-fedora20 username]# ls -al
total 84
drwxr-xr-x. 16 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 11:03 .
drwx--x--x. 4 root root 4096 Aug 27 10:56 ..
-rw-r--r--. 1 username@corp.mydomain.com domain users@corp.mydomain.com 18 Aug 27 10:56 .bash_logout
-rw-r--r--. 1 username@corp.mydomain.com domain users@corp.mydomain.com 193 Aug 27 10:56 .bash_profile
-rw-r--r--. 1 username@corp.mydomain.com domain users@corp.mydomain.com 231 Aug 27 10:56 .bashrc
drwx------. 4 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:57 .cache
drwxr-xr-x. 6 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 11:03 .config
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:57 Desktop
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Documents
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Downloads
-rw-------. 1 username@corp.mydomain.com domain users@corp.mydomain.com 16 Aug 27 10:57 .esd_auth
drwx------. 3 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 .gnupg
-rw-r--r--. 1 username@corp.mydomain.com domain users@corp.mydomain.com 113 Mar 8 2011 .gtkrc-2.0-kde4
drwx------. 4 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:57 .kde
drwxr-xr-x. 3 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:57 .local
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Music
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Pictures
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Public
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Templates
drwxr-xr-x. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 10:56 Videos
drwx------. 2 username@corp.mydomain.com domain users@corp.mydomain.com 4096 Aug 27 11:03 .vnc

/var/log/xrdp-sesman.log
Notes : entire contents here. Not very useful at all
========================
[20140827-10:56:54] [INFO ] scp thread on sck 9 started successfully
[20140827-10:56:54] [INFO ] ++ created session (access granted): username username@corp.mydomain.com, ip 10.1.4.111:58366 - socket: 7
[20140827-10:56:54] [INFO ] starting Xvnc session...
[20140827-10:56:54] [WARN ] can't read vnc password file - /home/corp.mydomain.com/username/.vnc/sesman_username@corp.mydomain.com_passwd
[20140827-10:56:55] [INFO ] starting xrdp-sessvc - xpid=1363 - wmpid=1362
[20140827-11:02:02] [INFO ] scp thread on sck 9 started successfully
[20140827-11:02:02] [INFO ] ++ reconnected session: username username@corp.mydomain.com, display :10.0, session_pid 1361, ip 10.1.4.111:58366 - socket: 7
[20140827-11:03:23] [INFO ] scp thread on sck 9 started successfully
[20140827-11:03:24] [INFO ] ++ created session (access granted): username CORP\username, ip 10.1.4.111:58366 - socket: 7
[20140827-11:03:24] [INFO ] starting Xvnc session...
[20140827-11:03:24] [INFO ] starting xrdp-sessvc - xpid=2027 - wmpid=2026

--------------- revert to snapshot and attempt login with CORP\username format first ----------------------------

=== 1st attempt with CORP\username format ===
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: accepted: 127.0.0.1::47465
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: Client needs protocol version 3.3
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SVncAuth: opening password file
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: '/home/corp.mydomain.com/username/.vnc/sesman_CORP\username_passwd'
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: failed
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: AuthFailureException: No password configured for VNC Auth
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: closed: 127.0.0.1::47465 (No password configured for VNC Auth)
Aug 27 11:34:21 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: touch: cannot touch â/home/corp.mydomain.com/username/.cache/imsettings/logâ: No such file or directory
Aug 27 11:34:22 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: gpg-agent[1603]: directory /home/corp.mydomain.com/username/.gnupg' created Aug 27 11:34:22 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: gpg-agent[1603]: directory/home/corp.mydomain.com/username/.gnupg/private-keys-v1.d' created
Aug 27 11:34:22 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: gpg-agent[1604]: gpg-agent (GnuPG) 2.0.22 started
Aug 27 11:34:22 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: startkde: Starting up...

=== 2nd attempt with CORP\username format ===
Aug 27 11:36:34 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=CORP\username
Aug 27 11:36:34 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=CORP\username
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Wed Aug 27 11:36:35 2014
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: accepted: 127.0.0.1::47469
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: Client needs protocol version 3.3
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SVncAuth: opening password file
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: '/home/corp.mydomain.com/username/.vnc/sesman_CORP\username_passwd'
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: failed
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: AuthFailureException: No password configured for VNC Auth
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: closed: 127.0.0.1::47469 (No password configured for VNC Auth)

=== 3rd attempt with username@corp.mydomain.com format ===
Aug 27 11:36:34 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=CORP\username
Aug 27 11:36:34 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=CORP\username
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Wed Aug 27 11:36:35 2014
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: accepted: 127.0.0.1::47469
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: Client needs protocol version 3.3
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SVncAuth: opening password file
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: '/home/corp.mydomain.com/username/.vnc/sesman_CORP\username_passwd'
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: failed
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: AuthFailureException: No password configured for VNC Auth
Aug 27 11:36:35 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: closed: 127.0.0.1::47469 (No password configured for VNC Auth)
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=username@corp.mydomain.com
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=username@corp.mydomain.com
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Xvnc TigerVNC 1.3.0 - built Oct 2 2013 10:43:43
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: See http://www.tigervnc.org for information on TigerVNC.
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Underlying X server release 11402000, The X.Org Foundation
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension VNC-EXTENSION
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension Generic Event Extension
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension SHAPE
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension MIT-SHM
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XInputExtension
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XTEST
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension BIG-REQUESTS
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension SYNC
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XKEYBOARD
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XC-MISC
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XFIXES
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension RENDER
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension RANDR
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension COMPOSITE
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension DAMAGE
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension MIT-SCREEN-SAVER
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension DOUBLE-BUFFER
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension RECORD
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension DPMS
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension X-Resource
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XVideo
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension XVideo-MotionCompensation
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Initializing built-in extension GLX
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Wed Aug 27 11:37:24 2014
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: vncext: VNC extension running!
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: vncext: Listening for VNC connections on all interface(s), port 5911
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: vncext: created VNC server for screen 0
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com systemd[1]: Starting Session c2 of user username@corp.mydomain.com.
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com systemd-logind[569]: New session c2 of user username@corp.mydomain.com.
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com systemd[1]: Started Session c2 of user username@corp.mydomain.com.
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[2038]: pam_unix(xrdp-sesman:session): session opened for user username@corp.mydomain.com by (uid=0)
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Connections: accepted: 127.0.0.1::53502
Aug 27 11:37:24 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: SConnection: Client needs protocol version 3.3
Aug 27 11:37:25 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: Wed Aug 27 11:37:25 2014
Aug 27 11:37:25 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888
Aug 27 11:37:25 vm-fedora20.corp.mydomain.com xrdp-sesman[1181]: startkde: Starting up...

Discussion

  • Nathan

    Nathan - 2014-08-29

    I kind of solved this. In case anyone is trying to get the same setup working here is what I did.

    Edit /etc/xrdp/sesman.ini and add these 2 lines at the bottom of the file

    param8=-SecurityTypes
    param9=None

    Because xrdp handles the authentication through PAM, there is no need to have vnc authenticate a 2nd time. This seems to be secure enough because vnc only listens on 127.0.0.1 so there is no worry about someone logging in directly through vnc and getting in without a password.

    I even tried leaving a session running by disconnecting remote desktop client and then trying to connect to the underlying vnc session and because it was bound to localhost it refused the connection.

     

  • Antoine Tran

    Antoine Tran - 2015-07-23

    Hi Nathan,

    I know this is a old post but just to inform others: this solution is only a workaround as it introduces a security risk. Indeed, the vnc session is bound to localhost, but then two users connected at the same host can steal vnc session each others. I tried that.

    This issue is the same as mine http://sourceforge.net/p/xrdp/bugs/57/, except it is LDAP instead of active directory.

     

Log in to post a comment.