Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora Resources > Guides & Solutions (Not For Questions)
FedoraForum Search

Forgot Password? Join Us!

Guides & Solutions (Not For Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 13th August 2017, 12:58 AM
ToddAndMargo Online
Registered User
 
Join Date: Feb 2010
Posts: 623
linuxfirefox
My notes on setting up xdrp on Fedora 26

Hi All,

There are my notes on setting up XRDP on Fedora 26.

-T

Fedora 25: how to configure "xrdp":

Reference: http://www.scottalanmiller.com/linux...-on-fedora-19/

Installing XRDP on Fedora 25


0) Prerequisite: each user musts log in locall one and run from w his own profile
at least once:
$ xhost +

1) install xrdp:
# dnf install xrdp


2) change the default port and configure Autorun:

# vi /etc/xrdp/xrdp.ini

Under the [Global] section:
port=xxxx (default is 3389)
autorun=Xorg (default is empty)


3) Configure Xwrapper.config for everyone:
# echo 'allowed_users = anybody' >> /etc/X11/Xwrapper.config
or edit it with vi, if this file exists


4) add the service descriptions to the systemd system and set them to start.

# systemctl enable xrdp.service
# systemctl start xrdp.service
# systemctl enable xrdp-sesman.service
# systemctl start xrdp-sesman.service


5) SELinux issues:

Note: if you experiencing bug:
xrdp fails to start with permission denied error
https://bugzilla.redhat.com/show_bug.cgi?id=1177202
this is the workaround:

# chcon --type=bin_t /usr/sbin/xrdp
# chcon --type=bin_t /usr/sbin/xrdp-sesman
# systemctl reenable xrdp.service
# systemctl start xrdp.service


6) Firewall:
Change the port to whatever you changed it to (3389 is the default)

Firewalld:
# firewall-cmd --permanent --add-port=3389/tcp
or # firewall-cmd --permanent --add-port=6789/tcp
# systemctl restart firewalld

iptables:
enable_xrdp=yes # yes|no xRDP Linux's Terminal Services
#rdp_port=3389
xrdp_port=6789

if [ "$enable_xrdp" = "yes" ]; then
# Warning: this user is given access to SYN's
# xrdp is Linux'sTerminal Services

$tbls -A dsl-in -i $eth1 -p tcp --syn -s $ANY_IP --sport $unassgn -d $eth1_addr --dport $xrdp_port -m state --state NEW,ESTABLISHED -j ACCEPT
$tbls -A dsl-in -i $eth1 -p tcp ! --syn -s $ANY_IP --sport $unassgn -d $eth1_addr --dport $xrdp_port -m state --state RELATED,ESTABLISHED -j ACCEPT
$tbls -A dsl-out -o $eth1 -p tcp -s $eth1_addr --sport $xrdp_port --dport $unassgn -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Firewall external rules warning: XRDP $eth1_addr accepts SYN's on Port $xrdp_port." | systemd-cat -t firewall -p warning
fi

Then restart your firewall (this is a customer service in systemd)


7) test to see if your ports are open:

# nmap -Pn -p T:3389,6789 192.168.xxx.yyy (insert correct address)
...
PORT STATE SERVICE
6789/tcp open unknown



8) if you goofed the firewalld rule or the port

Remove the bad firewall rule with:
# firewall-cmd --remove-port=6789/tcp -->Or whatever port<--

edit /etc/xrdp/xrdp.ini and modify the "Port"

To restart everything and make the new setting take:

# systemctl restart firewalld
# systemctl restart xrdp.service
# systemctl restart xrdp-sesman.service


9) to make Xfce your default session:

Reference:
http://askubuntu.com/questions/13548...esktop-session

Xfce4:

cd ~
echo "startxfce4" > ~/.Xclients
chmod +x ~/.Xclients
su root -c "systemctl restart xrdp.service"


10) A working xrdp.ini (port changerd to 6789):

[Globals]
; xrdp.ini file version number
ini_version=1

; fork a new process for each incoming connection
fork=true
; tcp port to listen
#port=3389
port=6789
; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true
; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768

; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate
; minimum security level allowed for client
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high
; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
certificate=
key_file=
; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2'
ssl_protocols=TLSv1, TLSv1.1, TLSv1.2
; set TLS cipher suites
#tls_ciphers=HIGH

; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=Xorg

allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url

;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72

;
; configure login screen
;

; Login Screen Window Title
#ls_title=My Login Title

; top level window background color in RGB format
ls_top_window_bg_color=009cb5

; width and height of login screen
ls_width=350
ls_height=430

; login screen background color in RGB format
ls_bg_color=dedede

; optional background image filename (bmp format).
#ls_background_image=

; logo
; full path to bmp-file or file in shared folder
ls_logo_filename=
ls_logo_x_pos=55
ls_logo_y_pos=50

; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=60

; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210

; y pos for first label and combo box
ls_input_y_pos=220

; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30

; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30

[Logging]
LogFile=xrdp.log
LogLevel=DEBUG
EnableSyslog=true
SyslogLevel=DEBUG
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug

[Channels]
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true

; Session types

# [Xvnc]
# name=Xvnc
# lib=libvnc.so
# username=ask
# password=ask
# ip=127.0.0.1
# port=-1
# #xserverbpp=24
# #delay_ms=2000

[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20

#[X11rdp]
#name=X11rdp
#lib=libxup.so
#username=ask
#password=ask
#ip=127.0.0.1
#port=-1
#xserverbpp=24
#code=10


11) if you are testing from xfreerdp, run it from a terminal once
so you can accept its security certificate


12) Note: due to bug
Clipboard not working with xrdp and Xvnc (works with Xorg)
https://github.com/neutrinolabs/xrdp/issues/469

to keep it from crashing after log on, you have to
disable your clipboard or log on with Xorg.

freexrdp's run string to disable the clipboard is
-clipboard


13) A sample run string (Xorg):

$ /opt/freerdp-nightly/bin/xfreerdp /u:tony /title:StorAllServer +clipboard /drive:temp,/home/temp /printer:B4350,"HP LaserJet 2200 Series PCL 5" /size:92%% +auto-reconnect /v:aaa.bbb.ccc.ddd:xxxx

Where aaa.bbb.ccc.ddd is the IP addess and xxxx is the port
Reply With Quote
Reply

Tags
fedora, notes, setting, xdrp

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Notes package for taking the notes rashid47010 Fedora Focus 12 14th March 2013 09:43 PM
[SOLVED] Lotus Notes 8.5.4 on Fedora 17 user5031858 Using Fedora 4 24th August 2012 06:53 PM
Fedora release notes F9 hermouche Alpha - Beta (Fedora 9 Only) 5 21st April 2008 10:10 PM
Lotus Notes 7.0.1 on Fedora?? gpetroui Using Fedora 1 3rd September 2006 12:04 PM
HOWTO - Some notes about setting up VNC server in Fedora raoul Links 15 19th November 2005 06:04 PM


Current GMT-time: 12:04 (Monday, 21-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat