search

neutrinolabs / xrdp

xrdp: an open source RDP server
http://www.xrdp.org/
Apache License 2.0
5.56k stars 1.73k forks source link

Problem on debian - black screen #764

Closed matiux closed 7 years ago

matiux commented 7 years ago

Hi, I have installed with apt this packages on Debian testing: xrdp 0.9.1-9 Dependencies: xorgxrdp 0.9.1-9 ssl-cert 1.0.39

Usually configurations were never needed so the only thing that I have done is creating .xsession file in the home of the user. The file contains startkde From another pc with Debian testing and kde, I use KRDC to connect to xrdp server. Both machines are in the same local lan

KRDC show me a black screen and after several minutes show me this message:

Connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
login successful for display 11
started connceting
conenction problem, giving up
some problem

This is the sesman log:

[20170528-14:34:06] [INFO ] A connection received from ::1 port 42668
[20170528-14:34:06] [INFO ] ++ created session (access granted): username guest, ip 0.0.0.0:42296 - socket: 12
[20170528-14:34:06] [INFO ] starting Xorg session...
[20170528-14:34:06] [DEBUG] Closed socket 9 (AF_INET6 :: port 5911)
[20170528-14:34:06] [DEBUG] Closed socket 9 (AF_INET6 :: port 6011)
[20170528-14:34:06] [DEBUG] Closed socket 9 (AF_INET6 :: port 6211)
[20170528-14:34:06] [DEBUG] Closed socket 8 (AF_INET6 ::1 port 3350)
[20170528-14:34:06] [DEBUG] Closed socket 7 (AF_INET6 ::1 port 3350)
[20170528-14:34:06] [INFO ] Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp  
[20170528-14:34:16] [ERROR] X server for display 11 startup timeout
[20170528-14:34:16] [INFO ] starting xrdp-sessvc - xpid=17532 - wmpid=17531
[20170528-14:34:16] [ERROR] X server for display 11 startup timeout
[20170528-14:34:16] [ERROR] another Xserver might already be active on display 11 - see log
[20170528-14:34:16] [DEBUG] aborting connection...
[20170528-14:34:16] [INFO ] ++ terminated session:  username guest, display :11.0, session_pid 17530, ip 0.0.0.0:42296 - socket: 12

And this is the xrdp log:

[20170528-14:34:05] [INFO ] A connection received from: ::ffff:192.168.0.2 port 42296
[20170528-14:34:05] [DEBUG] Closed socket 12 (AF_INET6 ::ffff:192.168.0.4 port 3389)
[20170528-14:34:05] [DEBUG] Closed socket 11 (AF_INET6 :: port 3389)
[20170528-14:34:05] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20170528-14:34:05] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20170528-14:34:05] [DEBUG] Security layer: requested 3, selected 0
[20170528-14:34:06] [DEBUG] xrdp_00004477_wm_login_mode_event_00000001
[20170528-14:34:06] [INFO ] Loading keymap file /etc/xrdp/km-00000410.ini
[20170528-14:34:06] [WARN ] local keymap file for 0x00000410 found and doesn't match built in keymap, using local keymap file
[20170528-14:34:06] [DEBUG] xrdp_wm_log_msg: connecting to sesman ip 127.0.0.1 port 3350
[20170528-14:34:06] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20170528-14:34:06] [DEBUG] xrdp_wm_log_msg: sending login info to session manager, please wait...
[20170528-14:34:06] [DEBUG] return value from xrdp_mm_connect 0
[20170528-14:34:06] [INFO ] xrdp_wm_log_msg: login successful for display 11
[20170528-14:34:06] [DEBUG] xrdp_wm_log_msg: started connecting
[20170528-14:34:10] [DEBUG] Closed socket 23 (AF_UNIX)
[20170528-14:34:13] [DEBUG] Closed socket 23 (AF_UNIX)

sesman.ini

[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh

[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false

[Sessions]
;; X11DisplayOffset - x11 display number offset
; Type: integer
; Default: 10
X11DisplayOffset=10

;; MaxSessions - maximum number of connections to an xrdp server
; Type: integer
; Default: 0
MaxSessions=50

;; KillDisconnected - kill disconnected sessions
; Type: boolean
; Default: false
; if 1, true, or yes, kill session after 60 seconds
KillDisconnected=false

;; IdleTimeLimit - when to disconnect idle sessions
; Type: integer
; Default: 0
; if not zero, the seconds without mouse or keyboard input before disconnect
; not complete yet
IdleTimeLimit=0

;; DisconnectedTimeLimit - when to kill idle sessions
; Type: integer
; Default: 0
; if not zero, the seconds before a disconnected session is killed
; min 60 seconds
DisconnectedTimeLimit=0

;; Policy - session allocation policy
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
; "UBD" session per <User,BitPerPixel,DisplaySize>
; "UBI" session per <User,BitPerPixel,IPAddr>
; "UBC" session per <User,BitPerPixel,Connection>
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
Policy=Default

[Logging]
LogFile=xrdp-sesman.log
LogLevel=DEBUG
EnableSyslog=1
SyslogLevel=DEBUG

[Xorg]
param=Xorg
param=-config
param=xrdp/xorg.conf
param=-noreset
param=-nolisten
param=tcp

[Xvnc]
param=Xvnc
param=-bs
param=-nolisten
param=tcp
param=-localhost
param=-dpi
param=96

[Chansrv]
; drive redirection, defaults to xrdp_client if not set
FuseMountName=thinclient_drives

[SessionVariables]
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa

xrdp.ini

[Globals]
; xrdp.ini file version number
ini_version=1

; fork a new process for each incoming connection
fork=true
; tcp port to listen
port=3389
; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true
; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768

; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate
; minimum security level allowed for client
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high
; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
certificate=
key_file=
; specify whether SSLv3 should be disabled
#disableSSLv3=true
; set TLS cipher suites
#tls_ciphers=HIGH

; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=

allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url

;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72

;
; configure login screen
;

; Login Screen Window Title
#ls_title=My Login Title

; top level window background color in RGB format
ls_top_window_bg_color=009cb5

; width and height of login screen
ls_width=350
ls_height=430

; login screen background color in RGB format
ls_bg_color=dedede

; optional background image filename (bmp format).
#ls_background_image=

; logo
; full path to bmp-file or file in shared folder
ls_logo_filename=
ls_logo_x_pos=55
ls_logo_y_pos=50

; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=60

; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210

; y pos for first label and combo box
ls_input_y_pos=220

; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30

; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30

[Logging]
LogFile=xrdp.log
LogLevel=DEBUG
EnableSyslog=true
SyslogLevel=DEBUG
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug

[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true

; for debugging xrdp, in section xrdp1, change port=-1 to this:
#port=/var/run/xrdp/sockdir/xrdp_display_10

; for debugging xrdp, add following line to section xrdp1
#chansrvport=/var/run/xrdp/sockdir/xrdp_chansrv_socket_7210

;
; Session types
;

[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20

[Xvnc]
name=Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1
#xserverbpp=24
#delay_ms=2000

[console]
name=console
lib=libvnc.so
ip=127.0.0.1
port=5900
username=na
password=ask
#delay_ms=2000

[vnc-any]
name=vnc-any
lib=libvnc.so
ip=ask
port=ask5900
username=na
password=ask
#pamusername=asksame
#pampassword=asksame
#pamsessionmng=127.0.0.1
#delay_ms=2000

[sesman-any]
name=sesman-any
lib=libvnc.so
ip=ask
port=-1
username=ask
password=ask
#delay_ms=2000

[rdp-any]
name=rdp-any
lib=librdp.so
ip=ask
port=ask3389

[neutrinordp-any]
name=neutrinordp-any
lib=libxrdpneutrinordp.so
ip=ask
port=ask3389
username=ask
password=ask

; You can override the common channel settings for each session type
#channel.rdpdr=true
#channel.rdpsnd=true
#channel.drdynvc=true
#channel.cliprdr=true
#channel.rail=true
#channel.xrdpvr=true

How can I solve? I have read a ton of post with similar problem but no one solution solved my problem

metalefty commented 7 years ago

Try to run this command in your terminal for example logged in via SSH. And show me the output. I assume the issue is caused by failure of this Xorg command.

Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp

tfischer77 commented 7 years ago

Hi, I ran into the same issue on Debian testing and opened a bug on the Debian bug tracking system (Debian bug 862089). The bug was immediately closed because in /usr/share/doc/xrdp/README.Debian the solution is explained. It is easy if you know it, but costs you hours if you don't know where to search for it (and if you don't RTFM). So, the solution is to edit

/etc/X11/Xwrapper.config

and exchange the line:

allowed_users=console by

allowed_users=anybody

After that (or after a reboot, I cannot remember), xrdp just runs normally. At the end, it might be a distribution bug, and I promise that it will prevent dozens of users from using xrdp on Debian, but it seems nobody will fix it in the near future.

matiux commented 7 years ago

Hei @tfischer77 thanks :) it's works!

metalefty commented 7 years ago

@tfischer77 Thanks for letting me know that debian bug.

Now it seems a dirtro bug, closing.

matiux commented 7 years ago

@tfischer77 which desktop manager do you use? I use kde but I can not type my password to login

matiux commented 7 years ago

I have solved using mate-desktop and put in .xsession file mate-session

tfischer77 commented 7 years ago

I only tried xfce so far... no issues with login.

Natureshadow commented 7 years ago

Now it seems a dirtro bug, closing.

It is not a bug, neither in xrdp nor in Debian.

It's simply how the Xwrapper works, and if you don't break privilege separation like some distributions do, that's how things are.

metalefty commented 7 years ago

Thanks, I understand.

henryH2Owho commented 6 years ago

You are a GOD ! All instrauctions on this simply say install this blah blah and it works. Well as we know is DOES NOT. It makes NO sense and has cost me days. F&^%$$^g wa#*%rs

teneri66 commented 6 years ago

After that (or after a reboot, I cannot remember), xrdp just runs normally.

After Xorg restart it works.

ghost commented 5 years ago

Nice one gentleman. Bit late to the party but saved me some time and was able to tidy up the configuration.

ahprh12 commented 4 years ago

Hi, I ran into the same issue on Debian testing and opened a bug on the Debian bug tracking system (Debian bug 862089). The bug was immediately closed because in /usr/share/doc/xrdp/README.Debian the solution is explained. It is easy if you know it, but costs you hours if you don't know where to search for it (and if you don't RTFM). So, the solution is to edit

/etc/X11/Xwrapper.config

and exchange the line:

allowed_users=console by

allowed_users=anybody

After that (or after a reboot, I cannot remember), xrdp just runs normally. At the end, it might be a distribution bug, and I promise that it will prevent dozens of users from using xrdp on Debian, but it seems nobody will fix it in the near future.

For anyone running into this issue in 2020, this solution still works! Thank you @tfischer77

Additional clarification: This fix does indeed require a reboot ($ sudo reboot) for the change to take effect.

jonathb commented 3 years ago

All fine and thanks. But xrdp is still broken. None of the above suggestions makes any difference, black screen always. Tried on: clients: remmina - many, windows 7 and 10. servers: u11x 12x 16x 18x 20x F29 I think.

rafaljot commented 3 years ago

LinuxCNC (Debian 10 XFCE ) This works for me:

sudo dpkg-reconfigure xserver-xorg-legacy

chose "anybody"

sudo reboot

sangchengfang commented 1 year ago

Works on Debian 11 with KDE in 2023, thanks

sangchengfang commented 1 year ago

您好,您的邮件已收到.谢谢。