問題:インストールされているRealm、SSSD、およびSSHはすべてのユーザーに対して機能しますが、xrdpを使用してリモートデスクトップを試みると、次のエラーで失敗します。
Aug 30 00:00:00 PC-NAME xrdp-sesman[220997]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost= user=username
Aug 30 00:00:00 PC-NAME xrdp-sesman[220997]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost= user=username
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_unix(xrdp-sesman:session): session opened for user username by (uid=0)
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_systemd(xrdp-sesman:session): Failed to create session: No such process
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_unix(xrdp-sesman:session): session closed for user username
/etc/sssd/sssd.confの設定
[sssd]
domains = SOME.DOMAIN
config_file_version = 2
services = nss, pam
[domain/SOME.DOMAIN]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = SOME.DOMAIN
realmd_tags = manages-system joined-with-adcli
#realmd_tags = joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = SOME.DOMAIN
use_fully_qualified_names = False
#simple_allow_users = $
ldap_id_mapping = True
#access_provider = ad
access_provider = simple
# Fixes for long load times.
# case_sensitive = False
ad_gpo_access_control = permissive
# ad_gpo_map_remote_interactive = +xrdp-sesman
ignore_group_members = true
ldap_refferals = false
オペレーティングシステム:Ubuntu 20.04 LTS
注用の同様の質問(解決されたが解決策は機能しません):
- https://github.com/neutrinolabs/xrdp/issues/1684
- https://stackoverflow.com/questions/47150283/ubuntu-16-active-directory-can-ssh-cannot-rdp
私は何を試しましたか?
- gpoを許可に変更: "ad_gpo_access_control =許可"
- 「/etc/X11/Xwrapper.config」を「allowed_users=anybody」に編集します。
- 「access_provider=simple」を「access_provider=ad」から「access_provider=simple」に変更します。