参考另一篇关于xrdp的安装:
1. 配置xrdp-sesman pam
root:shensh# cat /etc/pam.d/xrdp-sesman
#%PAM-1.0
# Generic Fedora config
auth sufficient pam_ldap.so
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so try_first_pass
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
#auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account sufficient pam_ldap.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_usertype.so issystem
#account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password sufficient pam_ldap.so
password requisite pam_pwquality.so try_first_pass local_users_only enforce_for_root
password requisite pam_pwhistory.so use_authtok remember=10
password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
#password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
#session optional pam_sss.so
2. 配置nslcd:
yum -y install nss-pam-ldapd
root:shensh# cat /etc/nslcd.conf|egrep -v "^#|^$"
uid nslcd
gid ldap
uri ldap://9.17.**.253
base ou=bluepages,o=ibm.com
filter passwd (ou=*)
map passwd uid notesShortName
map passwd uidNumber workerId
map passwd gidNumber workerId
map passwd homeDirectory "${homeDirectory:-/home/$notesShortName}"
map passwd loginShell "/bin/bash"
filter shadow (ou=*)
map shadow uid notesShortName
filter group (ou=*)
map group gidNumber workerId
map group cn notesShortName
3. 重启服务
systemctl restart xrdp
systemctl restart nslcd
4. xrdp-sesman使用windows manager调用到的shell 脚本
/usr/libexec/xrdp/startwm-bash.sh
/usr/libexec/xrdp/startwm.sh
/etc/X11/xinit/Xsession
/etc/X11/xinit/Xclients
5. 使用remmina远程连接至服务器,使用的账号是ldap账号
xrdp-sesman有复用session功能:
Aug 23 20:30:36 li-e37870cc xrdp-sesman[23525]: [INFO ] Starting session reconnection script on display 13: /usr/libexec/xrdp/reconnectwm.sh