A couple of readers asked how they could get xrdp to authenticate with Active Directory.
Here's how… ;)
- I assume your xrdp server already has either the Likewise/Likewise-Open or as it's now known by, PowerBroker Identity Services
- I assume that your xrdp server has already been joined to the Active Directory
- I assume that you've installed xrdp and X11rdp – either manually, or automatically via the X11rdp-o-Matic & RDPsesconfig utilities.
1) Specify the default RDP session for new AD logins…
Likewise/PowerBroker Identity Services create a user directory on the linux system (the xrdp server) upon first login by that user.
On my default setup, Likewise/pbis creates these directories under
/home/local/SCARYGLIDERS/<username>. SCARYGLIDERS being my domain name.
Obviously, your domain name and location for these directories depends on your particular configuration of Likewise/pbis.
/etc/skel to create these new directories, so create a default
.xsession file in /etc/skel, containing the desktop environment that the AD user will see upon first login.
So for example, say you want each new AD login to be presented with the excellent LXDE desktop. You'd simply create a .xsession file in /etc/skel with the following;
Really, it's that simple.
If you've got a bunch of AD users who have logged into this linux/xrdp system before, then you'll have to copy that .xsession file into each user's directory.
2) Get xrdp to authenticate with AD (and local linux users)
PAM to authenticate logins, so this one was remarkably easy to solve.
In the directory
/etc/pam.d , you will notice there is a file called
xrdp-sesman. This file specifies how xrdp uses PAM to authenticate users.
The default one won't authenticate against AD, so we need to change it.
Rename that file to xrdp-sesman.old (or remove it – doesn't matter either way).
Then create a new xrdp-sesman file with the following contents;
How did you get on with this?