xrdp用ldap验证

其他 2021-12-11 10:18:51 阅读次数: 0

参考另一篇关于xrdp的安装:

https://blog.csdn.net/weixin_39833509/article/details/115705944?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522162953232716780274128319%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=162953232716780274128319&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_v2~rank_v29-2-115705944.pc_v2_rank_blog_default&utm_term=xrdp&spm=1018.2226.3001.4450

1. 配置xrdp-sesman pam

root:shensh# cat /etc/pam.d/xrdp-sesman
#%PAM-1.0
# Generic Fedora config

auth      sufficient pam_ldap.so
auth       required pam_env.so
auth       required pam_faildelay.so delay=2000000
auth       [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth       [default=1 ignore=ignore success=ok] pam_localuser.so
auth       sufficient pam_unix.so try_first_pass
auth       [default=1 ignore=ignore success=ok] pam_usertype.so isregular
#auth       sufficient pam_sss.so forward_pass
auth       required pam_deny.so

account   sufficient pam_ldap.so
account    required pam_unix.so
account    sufficient pam_localuser.so
account    sufficient pam_usertype.so issystem
#account    [default=bad success=ok user_unknown=ignore] pam_sss.so
account    required pam_permit.so

password  sufficient pam_ldap.so
password   requisite pam_pwquality.so try_first_pass local_users_only enforce_for_root
password   requisite pam_pwhistory.so use_authtok remember=10
password   sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
#password   sufficient pam_sss.so use_authtok
password   required pam_deny.so

session    optional pam_keyinit.so revoke
session    required pam_limits.so
-session   optional pam_systemd.so
session    required   pam_mkhomedir.so skel=/etc/skel umask=0022
session    [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session    required pam_unix.so
session   optional  pam_ldap.so
#session    optional pam_sss.so

2. 配置nslcd:

yum -y install nss-pam-ldapd

root:shensh# cat /etc/nslcd.conf|egrep -v "^#|^$"
uid nslcd
gid ldap
uri ldap://9.17.**.253
base ou=bluepages,o=ibm.com
filter passwd (ou=*)
map    passwd uid notesShortName
map    passwd uidNumber workerId
map    passwd gidNumber workerId
map    passwd homeDirectory "${homeDirectory:-/home/$notesShortName}"
map    passwd loginShell    "/bin/bash"
filter shadow (ou=*)
map    shadow uid notesShortName
filter group (ou=*)
map    group  gidNumber workerId
map    group  cn notesShortName

3. 重启服务

 systemctl restart xrdp
 systemctl restart nslcd

4. xrdp-sesman使用windows manager调用到的shell 脚本

/usr/libexec/xrdp/startwm-bash.sh 
/usr/libexec/xrdp/startwm.sh
/etc/X11/xinit/Xsession
/etc/X11/xinit/Xclients

5. 使用remmina远程连接至服务器,使用的账号是ldap账号 

xrdp-sesman有复用session功能:

Aug 23 20:30:36 li-e37870cc xrdp-sesman[23525]: [INFO ] Starting session reconnection script on display 13: /usr/libexec/xrdp/reconnectwm.sh

猜你喜欢

转载自blog.csdn.net/weixin_39833509/article/details/119840302
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022