xrdp authentication problem

[ToddAndMargo]

Hi All,

Fedora 41
xrdp-0.10.2-11.fc41.x86_64

I have a customer that I set up a FC41 server with xRDP.

Problem: Only my account can log in to xRDP. (Everyone works from console login and Samba.)

The other users (all of them) get this error message in /var/log/xrdp.log

[INFO ] xrdp_wm_log_msg: User does not exist, or could not be authenticated

And no, I did not goof their passwords.

I also do not have AlwaysGroupCheck configured
# grep -i AlwaysGroupCheck /etc/xrdp/sesman.ini
AlwaysGroupCheck=false

Why does my account work and theirs does not?

Yours in confusion,
-T

[matt335672]

Check the user exists on the command line with getent passwd <user>

Failing that, I'm afraid it's likely to be the password. Possible problems:-

1. The keyboard mapping is incorrect. Try typing the password characters in the username field so you can see what the actual characters are that are being passed in to PAM.
2. When using a Windows authentication backend, be aware that Windows characters are interpreted using a codepage, and UN*X characters are interpreted using UTF-8. So, for example, the '£' character commonly found on UK keyboards cannot be used for authenticating to both systems. From your description I think this one is unlikely.

[ToddAndMargo]

On 4/8/25 9:04 AM, matt335672 wrote: Check the user exists on the command line with `getent passwd <user>`

That is a sweet command. I have been using `grep -i <user> /etc/passwd` They are all there. I can log into them at the console without issue.

Failing that, I'm afraid it's likely to be the password. Possible problems:- 1. The keyboard mapping is incorrect. Try typing the password characters in the username field so you can see what the actual characters are that are being passed in to PAM.

It is from Windows 10 `mstsc`to Fedora 41 xRDP. I tried tying their passwords into the user block. The password is correct. My password is a long complex password, and it it works from the same Windows machine.

2. When using a Windows authentication backend, be aware that Windows characters are interpreted using a codepage, and UN*X characters are interpreted using UTF-8. So, for example, the '£' character commonly found on UK keyboards cannot be used for authenticating to both systems. From your description I think this one is unlikely.

I even tried a user that has a simple lower case password. It did not work either. Extra Info. The Fedora 41 machine replaced a Fedora 26 machine. I had xRDP installed on it and used it exclusively with my account. I transferred my home directory over to the new computer. I had scrubbed through my account and can not find anything different on mine than theirs.

[matt335672]

OK - thanks for looking at that.

I've had a think about this and previous similar issues. This post is worth a look:-

#2755 (comment)

Also, given this is Fedora, you could use ausearch -m avc -ts recent to see if it's SELinux-related.

[ToddAndMargo]

On 4/9/25 3:30 AM, matt335672 wrote: OK - thanks for looking at that. I've had a think about this and previous similar issues. This post is worth a look:- #2755 (comment) <https://github.com/neutrinolabs/xrdp/ issues/2755#issuecomment-1658417135> Also, given this is Fedora, you could use |ausearch -m avc -ts recent| to see if it's SELinux-related.

SELinux is quite. here is a great command line SELinux troubleshooter: Basic SELinux Troubleshooting in CLI https://access.redhat.com/articles/2191331 Here is the latest error message from xrdp-sesman.log 2025-04-14T10:47:43.821-0700] [INFO ] starting xrdp-sesexec with pid 4192 [2025-04-14T10:47:43.893-0700] [INFO ] User bozo is in TerminalServerUsers group tsusers. Access granted [2025-04-14T10:47:43.897-0700] [INFO ] Access permitted for user: bozo [2025-04-14T10:47:44.171-0700] [INFO ] Starting X server on display 11: /usr/libexec/Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log [2025-04-14T10:47:45.173-0700] [INFO ] X server :11 is working [2025-04-14T10:47:45.187-0700] [INFO ] Starting window manager for display :11 [2025-04-14T10:47:45.193-0700] [INFO ] Starting the xrdp channel server for display :11 [2025-04-14T10:47:45.193-0700] [INFO ] Using the default window manager on display 11: /usr/libexec/xrdp/startwm-bash.sh [2025-04-14T10:47:45.198-0700] [INFO ] Session in progress on display :11. Waiting until the window manager (pid 4215) exits to end the session [2025-04-14T10:47:45.528-0700] [INFO ] Window manager (pid 4215, display 11) finished normally in 0 secs [2025-04-14T10:47:45.534-0700] [WARN ] Window manager (pid 4215, display 11) exited quickly (0 secs). This could indicate a window manager config problem [2025-04-14T10:47:45.538-0700] [INFO ] Terminating X server (pid 4209) on display :11 [2025-04-14T10:47:45.544-0700] [INFO ] Terminating the xrdp channel server (pid 4216) on display :11 [2025-04-14T10:47:45.549-0700] [INFO ] xrdp channel server pid 4216 on display :11 finished [2025-04-14T10:47:45.558-0700] [INFO ] X server pid 4209 on display :11 finished

[ToddAndMargo]

Figured it out. I missed doing step 5: [5] copy startwm.sh to the users you want xRDP addess: $ cp /etc/xrdp/startwm.sh $HOME/. My xRDP how to: Install Xrdp Server to connect to Fedora Desktop Xfce from the Windows Remote Desktop feature. Also see: Installing XRDP on Fedora 25 xrdp.install.configure.txt References: https://www.server-world.info/en/note?os=Fedora_41&p=desktop&f=6 https://www.reddit.com/r/debian/comments/1hzuvww/how_to_switch_from_gnome_to_xfce_for_xrdp/ https://idroot.us/install-xrdp-centos-8/ Note: see 6 and 7 below for sample client run strings [1] Install and Start Xrdp Server. # dnf -y install xrdp xorgxrdp xrdp-selinux # systemctl enable xrdp.service # systemctl start xrdp.service # systemctl enable xrdp-sesman.service # systemctl start xrdp-sesman.service [2] vi /etc/xrdp/xrdp.ini Replace the port with a masked port For example: port=Not_3389 comment out all of [Xvnc] and [X11rdp] uncomment all of [Xorg]. ignore the complaining about the `ip` line [Xorg] name=Xorg lib=libxup.so username=ask password=ask ip=127.0.0.1 port=-1 code=20 ; Frame capture interval (milliseconds) h264_frame_interval=16 rfx_frame_interval=32 normal_frame_interval=40 # systemctl restart xrdp [3] If Firewalld is running, allow RDP port. # firewall-cmd --add-port=[port_you_chose]/tcp # firewall-cmd --runtime-to-permanent # firewall-cmd --reload [4] vi /etc/xrdp/startwm.sh # test -x /etc/X11/Xsession && exec /etc/X11/Xsession # exec /bin/sh /etc/X11/Xsession exec /usr/bin/xfce4-session # exec /usr/bin/startxfce4 chmod 755 /etc/xrdp/startwm.sh # systemctl restart xrdp [5] copy startwm.sh to the users you want xRDP addess: $ cp /etc/xrdp/startwm.sh $HOME/. [6] Connect from Windows clients. <Win><R> mstsc.exe An example on Windows 11. --> Open Start Menu --> [Windows Tool] --> [Remote Desktop Connection] [7] Connect from Linux clients. An example on Fedora 41. # dnf install freerdp $ /usr/bin/xfreerdp /u:todd /title:"KVM-Fedora-Xfce-Mate" +clipboard /drive:temp,/home/temp /printer:HLL2300D,"Brother HLL2300D" /size:92%% +auto-reconnect /v:192.168.aaa.bbb:xxxx