尝试使用 AD 集成设置 rdxp 时出现 pam_unix 错误

尝试使用 AD 集成设置 rdxp 时出现 pam_unix 错误

问题:已安装的 Realm、SSSD 和 SSH 适用于所有用户,但尝试使用 xrdp 进行远程桌面失败并出现以下错误

Aug 30 00:00:00 PC-NAME xrdp-sesman[220997]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost=  user=username
Aug 30 00:00:00 PC-NAME xrdp-sesman[220997]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost= user=username
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_unix(xrdp-sesman:session): session opened for user username by (uid=0)
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_systemd(xrdp-sesman:session): Failed to create session: No such process
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_unix(xrdp-sesman:session): session closed for user username

/etc/sssd/sssd.conf 的配置

[sssd]
domains = SOME.DOMAIN
config_file_version = 2
services = nss, pam

[domain/SOME.DOMAIN]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = SOME.DOMAIN
realmd_tags = manages-system joined-with-adcli
#realmd_tags = joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = SOME.DOMAIN
use_fully_qualified_names = False
#simple_allow_users = $
ldap_id_mapping = True
#access_provider = ad
access_provider = simple

# Fixes for long load times.
# case_sensitive = False
ad_gpo_access_control = permissive
# ad_gpo_map_remote_interactive = +xrdp-sesman
ignore_group_members = true
ldap_refferals = false

操作系统:Ubuntu 20.04 LTS

类似问题供参考(已解决,但分辨率对我不起作用):

我尝试过什么

  • 将 gpo 更改为宽容:“ad_gpo_access_control = 宽容”
  • 将“/etc/X11/Xwrapper.config”编辑为“allowed_users=anybody”
  • 将“access_provider = simple”从“access_provider = ad”更改为“access_provider = simple”

相关内容