I am using the xrdp Tool to remotely access Linux Ubuntu and want to limit the users that are in the same network and can remotely log in to the PC if they know the username and password. This can be handled using xrdp.ini configuration file ? Or should I do something else. That is, I can identify which users in this network that can log in e.g. using their MAC Address or IP.
1 Answers
So by default, xrdp will allow any user to perform the remote connection....
To allow only certain users to perform an rdp connection via the XRDP server, you will need to perform the following
Create a group called tsusers
In this group, you add all users that will be allowed to perform the remote session
in the /etc/xrdp/sesman.ini, locate the Section [Security] and change the line 'AlwaysCheckGroup from false to true'
[Security] AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins ; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. AlwaysGroupCheck=false
So, your file should be looking like this
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=true
Restart the machine or restart the xrdp daemon and give it a try All users being part of this group will be allowed to connect via rdp if users are not part of this group, they will get a popup and will not be allowed to perform their remote session
Refer to sesman.ini Man page to obtain more information
Hope this help

- 2,375