Installing XRDP on Fedora 27 Workstation

INSTALL FEDORA 27 Workstation

Start with the 1.5 GB Workstation image and install it with the default settings, and set your username and passwords appropriately.

Unless otherwise stated, all commands and file editing below should be done as root

After you're done, go ahead and

dnf upggrade

And then...

dnf install xrdp 

Reboot your machine to apply the updates.

 

Activate SSH to ease file editing:

If your VM console doesn't have an option to paste your data in, you can start & enable SSH to make this easier.

firewall-cmd --add-port=22/tcp --permanent
systemctl start sshd
systemctl enable sshd

Firewall Settings:

Don't forget to allow port 3389/tcp for the RDP connections.

firewall-cmd --add-port=3389/tcp --permanent
firewall-cmd --reload

Reboot, and then SSH into your machine to make the changes below.

IF YOU LOG INTO THE GUI, YOU WILL NEED TO REBOOT BEFORE TRYING TO LOG IN VIA RDP.

SELinux Issues:

There's a few issues that we need to fix to prevent constantly being prompted for our password at first login.

Colord:

Create the following file:  /etc/polkit-1/rules.d/02-colord.rules

polkit.addRule(function(action, subject) {
   if ((action.id == "org.freedesktop.color-manager.create-device" ||
        action.id == "org.freedesktop.color-manager.create-profile" ||
        action.id == "org.freedesktop.color-manager.delete-device" ||
        action.id == "org.freedesktop.color-manager.delete-profile" ||
        action.id == "org.freedesktop.color-manager.modify-device" ||
        action.id == "org.freedesktop.color-manager.modify-profile")
       {
        return polkit.Result.YES;
   }
});

PC/SC Daemon:

Create the following file: /etc/polkit-1/rules.d/03-pcsc.rules

polkit.addRule(function(action, subject) {
    if (action.id == "org.debian.pcsc-lite.access_pcsc") {
            return polkit.Result.YES;
    }
});

 Additional Policy Change:

Open the file /usr/share/polkit-1/actions/org.freedesktop.color.policy -- search for "allow_any"  and change the option to "no"...  It should look like below when you're done.

    <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>

Restart the Colord system: 

systemctl restart colord

Allow X connections to be started from some place other than the console.

Check for the file /etc/X11/Xwrapper.config.  If it does not exist, created with the content:

allowed_users=anybody

 

Gnome Desktop:

To fix the Gnome session, we need to ensure that the script that starts the desktop session is started by DBUS.  Create the file /usr/libexec/xrdp/startwm-local.sh

#!/bin/bash
exec dbus-launch --exit-with-x11 /usr/libexec/startwm-bash.sh

and then:

chmod +x /usr/libexec/xrdp/startwm-local.sh

Rename the original /usr/libexec/xrdp/startwm.sh:

cd /usr/libexec/xrdp
mv startwm.sh startwm-orig

Make a new startwm.sh with the following content:

#!/bin/bash

#exec dbus-launch --exit-with-session xterm  #Uncomment Me if we have problems

exec dbus-launch --exit-with-session gnome-session -f #using the -f improves performance and disables hardware acceleration


#Uncomment me if running on a Physical Machine
#exec dbus-launch --exit-with-session gnome-session

Don't forget to   chmod +x /usr/libexec/xrdp/startwm.sh so your new file is executable.

 

Need to make a minor tweak to /etc/xrdp/sesman.ini.  In the [Globals] section, make sure the

UserWindowManager = startwm-local.sh:

[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
UserWindowManager=startwm-local.sh
DefaultWindowManager=startwm-bash.sh

 

In the /etc/xrdp/xrdp.ini file, comment out the Xvnc session using a ; at the beginning of each line.

;[Xvnc]
;name=Xvnc
;lib=libvnc.so
;username=ask
;password=ask
;ip=127.0.0.1
;port=-1
;#xserverbpp=24
;#delay_ms=2000

 

Now we are ready to start XRDP and see if it works.

systemctl start xrdp
systemctl enable xrdp

IF YOU LOGGED INTO THE GNOME SESSION FROM THE GUI, YOU MUST REBOOT BEFORE LOGGING IN!

No Comments

Back to top