Getting tired of having to rediscover how to get xrdp to install and work correctly. Brain dump:

xrdp not being able to log in users when pam (and active directory) are used

symptom: xrdp-sesman is successfully called, but xrdp.log shows the login failed: xrdp_wm_log_msg: login failed for display 0

Solution is that xrdp-sesman is not included in /etc/sssd/sssd.conf. Default map does not include sesman, looks like this:

ad_gpo_map_interactive = +unity, +polkit-1

solution is to add , +xrdp-sesman to that list and restart sssd (sudo systemctl restart sssd.service). New line looks like this:

ad_gpo_map_interactive = +unity, +polkit-1, +xrdp-sesman

see neutrinolabs/xrdp issue 906

Next problem: xOrg isn’t starting up. If you try to start it manually (Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile /tmp/xorgxrdp.%s.log), xorg.wrapper complains that only console users can run xOrg. That’s because /etc/X11/Xwrapper.config isn’t set up to allow everyone, only console users. Change console to anybody and now it will run xOrg. See this linuxquestions.org post.

After that (if you don’t have an /etc/X11/xrdp/xorg.conf you’ll need one first), you will likely end up with the xOrg server crashing because none of the virtual devices are there. The xorgxrdp package from hermlnx/xrdp is what you want:

First try

sudo add-apt-repository ppa:hermlnx/xrdp
sudo apt-get update
sudo apt-get install xorgxrdp

but if that doesn’t exist or doesn’t work because of some weird-ass hybrid 16.04 that is running on your client’s workstation, you might have to clone the repo and build it yourself:

git clone https://github.com/neutrinolabs/xorgxrdp.git

Now that will fail because you need the xorg development package (xserver-xorg-dev) but wait - because it’s some weird hybrid they installed on your workstation you’re actually using the hwe variant of xserver-xorg (which is why the ppa didn’t work), so you want xserver-xorg-dev-hwe-16.04 instead of xserver-xorg-dev. This manifests itself as xorg log errors like module ABI major version (22) doesn't match the server's version (24). Installing the right -dev package fixes this. Finally. Got this hint from issue 955 in the neutrinolabs/xrdp github repo.

