sudoユーザーを使用してサーバーに接続できますが、sudo以外のユーザーを使用すると接続できません。 /var/log/xrdp-sesman.log は、X サーバーが起動していないことを示します。
ログインに失敗しました:xrdp-sesman.log
[20231018-13:08:12] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 45494
[20231018-13:08:13] [INFO ] ++ created session (access granted): username testuser, ip ::ffff:192.168.1.146:49982 - socket: 12
[20231018-13:08:13] [INFO ] starting Xorg session...
[20231018-13:08:13] [INFO ] Starting session: session_pid 2557, display :11.0, width 1920, height 1080, bpp 24, client ip ::ffff:192.168.1.146:49982 - socket: 12, user name testuser
[20231018-13:08:13] [INFO ] [session start] (display 11): calling auth_start_session from pid 2557
[20231018-13:08:13] [ERROR] sesman_data_in: scp_process_msg failed
[20231018-13:08:13] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20231018-13:08:13] [INFO ] Starting X server on display 11: /usr/lib/xorg/Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[20231018-13:08:23] [WARN ] Timed out waiting for X server on display 11 to startup
[20231018-13:08:23] [INFO ] Session started successfully for user testuser on display 11
[20231018-13:08:23] [INFO ] Starting the xrdp channel server for display 11
[20231018-13:08:23] [INFO ] Session in progress on display 11, waiting until the window manager (pid 2614) exits to end the session
[20231018-13:08:23] [WARN ] Timed out waiting for X server on display 11 to startup
[20231018-13:08:23] [ERROR] There is no X server active on display 11
[20231018-13:08:23] [ERROR] A fatal error has occurred attempting to start the window manager on display 11, aborting connection
[20231018-13:08:23] [WARN ] Window manager (pid 2614, display 11) exited quickly (0 secs). This could indicate a window manager config problem
[20231018-13:08:23] [INFO ] Calling auth_stop_session and auth_end from pid 2557
[20231018-13:08:23] [INFO ] Terminating X server (pid 2615) on display 11
[20231018-13:08:23] [INFO ] Terminating the xrdp channel server (pid 2820) on display 11
[20231018-13:08:23] [INFO ] X server on display 11 (pid 2615) returned exit code 1 and signal number 0
[20231018-13:08:23] [INFO ] xrdp channel server for display 11 (pid 2820) exit code 1 and signal number 0
[20231018-13:08:23] [INFO ] cleanup_sockets:
[20231018-13:08:23] [INFO ] Process 2557 has exited
[20231018-13:08:23] [INFO ] ++ terminated session: username testuser, display :11.0, session_pid 2557, ip ::ffff:192.168.1.146:49982 - socket: 12
xrdp.log[20231018-13:08:10] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:192.168.1.146 port 49981
[20231018-13:08:10] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20231018-13:08:10] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20231018-13:08:10] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20231018-13:08:10] [WARN ] Cannot accept TLS connections because certificate or private key file is not readable. certificate file: [/etc/xrdp/cert.pem], private key file: [/etc/xrdp/key.pem]
[20231018-13:08:10] [INFO ] Security protocol: configured [RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [RDP]
[20231018-13:08:10] [ERROR] libxrdp_force_read: header read error
[20231018-13:08:10] [ERROR] Processing [ITU-T T.125] Connect-Initial failed
[20231018-13:08:10] [ERROR] [MCS Connection Sequence] receive connection request failed
[20231018-13:08:10] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:192.168.1.146 port 49982
[20231018-13:08:10] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20231018-13:08:10] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20231018-13:08:10] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20231018-13:08:10] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20231018-13:08:10] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20231018-13:08:10] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20231018-13:08:10] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20231018-13:08:10] [WARN ] Cannot accept TLS connections because certificate or private key file is not readable. certificate file: [/etc/xrdp/cert.pem], private key file: [/etc/xrdp/key.pem]
[20231018-13:08:10] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20231018-13:08:10] [INFO ] Security protocol: configured [RDP], requested [RDP], selected [RDP]
[20231018-13:08:10] [INFO ] Connected client computer name: L60P05S2
[20231018-13:08:10] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20231018-13:08:10] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20231018-13:08:10] [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x04], keyboard_subtype:[0x00], keylayout:[0x00000409]
[20231018-13:08:10] [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
[20231018-13:08:10] [INFO ] Non-TLS connection established from ::ffff:192.168.1.146 port 49982: with security level : high
[20231018-13:08:10] [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
[20231018-13:08:10] [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 5242880 MB cache entries 100
[20231018-13:08:10] [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
[20231018-13:08:10] [WARN ] xrdp_caps_process_codecs: unknown codec id 5
[20231018-13:08:10] [INFO ] xrdp_caps_process_codecs: RemoteFX, codec id 3, properties len 49
[20231018-13:08:10] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20231018-13:08:10] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20231018-13:08:12] [INFO ] connecting to sesman on 127.0.0.1:3350
[20231018-13:08:13] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20231018-13:08:13] [INFO ] sesman connect ok
[20231018-13:08:13] [INFO ] sending login info to session manager. Please wait...
[20231018-13:08:13] [INFO ] xrdp_wm_log_msg: login successful for user testuser on display 11
[20231018-13:08:13] [INFO ] login successful for user testuser on display 11
[20231018-13:08:13] [INFO ] loaded module 'libxup.so' ok, interface size 10296, version 4
[20231018-13:08:13] [INFO ] started connecting
[20231018-13:08:13] [INFO ] lib_mod_connect: connecting via UNIX socket
[20231018-13:09:55] [INFO ] connection problem, giving up
[20231018-13:09:55] [INFO ] some problem
[20231018-13:09:55] [ERROR] xrdp_sec_send_fastpath: xrdp_fastpath_send failed
[20231018-13:09:55] [ERROR] xrdp_rdp_send_fastpath: xrdp_sec_send_fastpath failed
[20231018-13:09:55] [ERROR] xrdp_orders_send: xrdp_rdp_send_fastpath failed
[20231018-13:09:55] [ERROR] xrdp_sec_send_fastpath: xrdp_fastpath_send failed
[20231018-13:09:55] [ERROR] xrdp_rdp_send_fastpath: xrdp_sec_send_fastpath failed
[20231018-13:09:55] [ERROR] xrdp_orders_send: xrdp_rdp_send_fastpath failed
[20231018-13:09:55] [ERROR] xrdp_sec_send_fastpath: xrdp_fastpath_send failed
[20231018-13:09:55] [ERROR] xrdp_rdp_send_fastpath: xrdp_sec_send_fastpath failed
[20231018-13:09:55] [ERROR] xrdp_orders_send: xrdp_rdp_send_fastpath failed
[20231018-13:09:55] [ERROR] xrdp_wm_log_msg: Error connecting to user session
[20231018-13:09:55] [INFO ] Error connecting to user session
sesman.iniGlobals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
; Give in relative path to user's home directory
UserWindowManager=startwm.sh
; Give in full path or relative path to /etc/xrdp
DefaultWindowManager=startwm.sh
; Give in full path or relative path to /etc/xrdp
ReconnectScript=reconnectwm.sh
[Security]
AllowRootLogin=false
MaxLoginRetry=4
#TerminalServerUsers=tsusers
TerminalServerUsers=TerminalServerUsers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=true
; When RestrictOutboundClipboard=all clipboard from the
; server is not pushed to the client.
; In addition, you can control text/file/image transfer restrictions
; respectively. It also accepts comma separated list such as text,file,image.
; To keep compatibility, some aliases are also available:
; true: an alias of all
; false: an alias of none
; yes: an alias of all
RestrictOutboundClipboard=none
; When RestrictInboundClipboard=all clipboard from the
; client is not pushed to the server.
; In addition, you can control text/file/image transfer restrictions
; respectively. It also accepts comma separated list such as text,file,image.
; To keep compatibility, some aliases are also available:
; true: an alias of all
; false: an alias of none
; yes: an alias of all
RestrictInboundClipboard=none
[Sessions]
;; X11DisplayOffset - x11 display number offset
; Type: integer
; Default: 10
X11DisplayOffset=10
;; MaxSessions - maximum number of connections to an xrdp server
; Type: integer
; Default: 0
MaxSessions=50
;; KillDisconnected - kill disconnected sessions
; Type: boolean
; Default: false
; if 1, true, or yes, every session will be killed within DisconnectedTimeLimit
; seconds after the user disconnects
KillDisconnected=false
;; DisconnectedTimeLimit (seconds) - wait before kill disconnected sessions
; Type: integer
; Default: 0
; if KillDisconnected is set to false, this value is ignored
DisconnectedTimeLimit=0
;; IdleTimeLimit (seconds) - wait before disconnect idle sessions
; Type: integer
; Default: 0
; Set to 0 to disable idle disconnection.
IdleTimeLimit=0
;; Policy - session allocation policy
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
; "Default" session per <User,BitPerPixel>
; "UBD" session per <User,BitPerPixel,DisplaySize>
; "UBI" session per <User,BitPerPixel,IPAddr>
; "UBC" session per <User,BitPerPixel,Connection>
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
Policy=Default
[Logging]
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogFile=xrdp-sesman.log
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false
[LoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#sesman.c=INFO
#main()=INFO
;
; Session definitions - startup command-line parameters for each session type
;
[Xorg]
; Specify the path of non-suid Xorg executable. It might differ depending
; on your distribution and version. Find out the appropriate path for your
; environment. The typical path is known as follows:
;
; Fedora 26 or later : param=/usr/libexec/Xorg
; Debian 9 or later : param=/usr/lib/xorg/Xorg
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
; Arch Linux : param=/usr/lib/Xorg
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
; CentOS 8 : param=/usr/libexec/Xorg
; FreeBSD (from 2022Q4) : param=/usr/local/libexec/Xorg
;
param=/usr/lib/xorg/Xorg
; Leave the rest parameters as-is unless you understand what will happen.
param=-config
param=xrdp/xorg.conf
param=-noreset
param=-nolisten
param=tcp
param=-logfile
param=.xorgxrdp.%s.log
[Xvnc]
param=Xvnc
param=-bs
param=-nolisten
param=tcp
param=-localhost
param=-dpi
param=96
[Chansrv]
; drive redirection
; See sesman.ini(5) for the format of this parameter
#FuseMountName=/run/user/%u/thinclient_drives
#FuseMountName=/media/thinclient_drives/%U/thinclient_drives
FuseMountName=thinclient_drives
; this value allows only the user to access their own mapped drives.
; Make this more permissive (e.g. 022) if required.
FileUmask=077
; Can be used to disable FUSE functionality - see sesman.ini(5)
#EnableFuseMount=false
; Uncomment this line only if you are using GNOME 3 versions 3.29.92
; and up, and you wish to cut-paste files between Nautilus and Windows. Do
; not use this setting for GNOME 4, or other file managers
#UseNautilus3FlistFormat=true
[ChansrvLogging]
; Note: one log file is created per display and the LogFile config value
; is ignored. The channel server log file names follow the naming convention:
; xrdp-chansrv.${DISPLAY}.log
;
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false
[ChansrvLoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#chansrv.c=INFO
#main()=INFO
[SessionVariables]
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
答え1
ありがとう記事後ろに
sudo adduser xrdp ssl-cert
PCを再起動すると、xrdpはUbuntu 22で動作しました。これ以上同様の問題は発生しません。
$sudo journalctl --since="- 2 minutes"
xrdp[2275]: (2275)(139923607619392)[ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied