It is not possible to connect to xrdp because every login session will hang on "login failed for display 0". FreeBSD Version: FreeBSD 13.0-CURRENT #0 r363759 (GENERIC-NODEBUG amd64) Hardware: Tuxedo Notebook (Intel(R) Core(TM) i5-7200U CPU) xrdp Version: xrdp-0.9.13.1,1 xrdp is compiled with synth-2.08 and the default options: OPTIONS_FILE_UNSET+=DEBUG OPTIONS_FILE_UNSET+=FUSE OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=FDKAAC OPTIONS_FILE_UNSET+=MP3LAME OPTIONS_FILE_SET+=OPUS How to test: # install pkg install xrdp # settings in /etc/rc.conf xrdp_enable="YES" xrdp_sesman_enable="YES" # start services service xrdp start service xrdp-sesman start # connect via RDP client (Archlinux freerdp 2.2.0 in this case) Session: Xorg username: username password: password # Connection Log (in RDP window): connecting to sesman ip 127.0.0.1 port 3350 sesman connect ok sending login info to session manager, please wait... login failed for display 0 # fix Problem via change in PAM settings: # /usr/local/etc/pam.d/xrdp-sesman (default) #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session include system-auth # change to: #%PAM-1.0 auth include system account include system password include system session include system # connect via RDP again (same Session/user/pass) RDP connection works and shows xterm
Thanks for the report. Yes, that's true `system-auth` won't work but `system` works. However, `system` should be default installation. At 12.1-RELEASE: # pkg install xrdp # less /usr/local/etc/pam.d/xrdp-sesman #%PAM-1.0 auth include system account include system password include system session include system I haven't looked into 13-CURRENT. Will do it later.
Created attachment 217051 [details] makefile-patch-1 Can you apply makefile-patch-1 and rebuild xrdp package? I assume the "system" pam rule should be chosen automatically. However yours appears "system-auth"pam rule is unexpectedly mischosen. The patch explicitly specify the pam rule for FreeBSD.
I've applied makefile-patch-1 and rebuilt xrdp. After a "pkg upgrade" from xrdp 0.9.13.1,1 to 0.9.13.1_1,1 the configuration in /usr/local/etc/pam.d/xrdp-sesman looks good and I was able to connect via RDP. Thanks!
Created attachment 217057 [details] FreeBSD 12.1 synth xrdp build log I've now tested with FreeBSD 12.1 too but it seems it's also broken. The xrdp package is from my own repo which is built with synth. Since your 12.1 package works there must be something that synth does different. I've attached the build log if someone wants to take a look.
A commit references this bug: Author: meta Date: Fri Aug 7 08:37:12 UTC 2020 New revision: 544315 URL: https://svnweb.freebsd.org/changeset/ports/544315 Log: net/xrdp: adjust configure arguments Set --enable-pam-config=freebsd explicitly. If this is not given, PAM configuration will be autodetected however it might be misdetected on some environments. Quit relying on autodetection. Force rebuild because built packages might include misconfigured pam files as reported in the bugzilla issue.. PR: 248481 Reported by: Sascha Folie <sascha.folie@safo.at> Sponsored by: HAW International Changes: head/net/xrdp/Makefile
A commit references this bug: Author: meta Date: Tue Aug 11 05:19:30 UTC 2020 New revision: 544663 URL: https://svnweb.freebsd.org/changeset/ports/544663 Log: MFH: r544315 net/xrdp: adjust configure arguments Set --enable-pam-config=freebsd explicitly. If this is not given, PAM configuration will be autodetected however it might be misdetected on some environments. Quit relying on autodetection. Force rebuild because built packages might include misconfigured pam files as reported in the bugzilla issue.. PR: 248481 Reported by: Sascha Folie <sascha.folie@safo.at> Sponsored by: HAW International Approved by: portmgr blanket Changes: _U branches/2020Q3/ branches/2020Q3/net/xrdp/Makefile