AD 통합을 사용하여 rdxp를 설정하려고 할 때 pam_unix 오류가 발생함

문제: 설치된 Realm, SSSD 및 SSH는 모든 사용자에 대해 작동하지만 xrdp를 사용하여 원격 데스크톱을 시도하면 다음 오류와 함께 실패합니다.

Aug 30 00:00:00 PC-NAME xrdp-sesman[220997]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost=  user=username
Aug 30 00:00:00 PC-NAME xrdp-sesman[220997]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost= user=username
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_unix(xrdp-sesman:session): session opened for user username by (uid=0)
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_systemd(xrdp-sesman:session): Failed to create session: No such process
Aug 30 00:00:00 PC-NAME xrdp-sesman[222108]: pam_unix(xrdp-sesman:session): session closed for user username

/etc/sssd/sssd.conf 구성

[sssd]
domains = SOME.DOMAIN
config_file_version = 2
services = nss, pam

[domain/SOME.DOMAIN]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = SOME.DOMAIN
realmd_tags = manages-system joined-with-adcli
#realmd_tags = joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = SOME.DOMAIN
use_fully_qualified_names = False
#simple_allow_users = $
ldap_id_mapping = True
#access_provider = ad
access_provider = simple

# Fixes for long load times.
# case_sensitive = False
ad_gpo_access_control = permissive
# ad_gpo_map_remote_interactive = +xrdp-sesman
ignore_group_members = true
ldap_refferals = false

운영 체제: 우분투 20.04 LTS

참고용 유사한 질문(해결되었으나 해결 방법이 작동하지 않음):

• https://github.com/neutrinolabs/xrdp/issues/1684
• https://stackoverflow.com/questions/47150283/ubuntu-16-active-directory-can-ssh-cannot-rdp

내가 뭘 시도한 거야?

• gpo를 허용으로 변경: "ad_gpo_access_control = 허용"
• "/etc/X11/Xwrapper.config"를 "allowed_users=anybody"로 편집하세요.
• "access_provider=simple"을 "access_provider=ad"에서 "access_provider=simple"로 변경합니다.