1

I have installed xrdp on Ubuntu 22.04 Server where I also installed ubuntu-desktop for development and testing. When one user is logged in through remote desktop, others cannot login. How to allow multiple logins (different users)?

Also, how to allow some users to login using xrdp and disable xrdp login for other users? I have four users. I want to allow accesses for two and disable access for the other two.

For ssh, it can be done using DenyUsers as answered here. Does something similar exists for xrdp?

There is one accepted answer here but I couldn't make it work.

Raja Ayaz
  • 161

1 Answers1

0

Similar question at How can I limit the users that have remotely access to PC using xrdp.ini configuration file?

So by default, xrdp will allow any user to perform the remote connection....

To allow only certain users to perform an rdp connection via the XRDP server, you will need to perform the following

Create a group called tsusers

In this group, you add all users that will be allowed to perform the remote session

in the /etc/xrdp/sesman.ini, locate the Section [Security] and change the line 'AlwaysCheckGroup from false to true'

[Security] 
AllowRootLogin=true 
MaxLoginRetry=4 
TerminalServerUsers=tsusers 
TerminalServerAdmins=tsadmins 
; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. 
AlwaysGroupCheck=**false**

So, your file should be looking like this

[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=**true**

Restart the machine or restart the xrdp daemon and give it a try All users being part of this group will be allowed to connect via rdp if users are not part of this group, they will get a popup and will not be allowed to perform their remote session

Refer to sesman.ini Man page to obtain more information

Hope this help

Griffon
  • 2,375
  • Thank you for the answer. The group tsusers has to be a linux group or is it a group defined in /etc/xrdp/sesman.ini? – Raja Ayaz Dec 17 '22 at 07:39
  • Hello there, Sorry for the delay... yes, you simply create a group on your Linux Machine. On ubuntu, you would use something like sudo groupadd tsusers Hope this help...till next time – Griffon Dec 21 '22 at 17:31
  • got it. thanks @Griffon – Raja Ayaz Jan 01 '23 at 16:05