LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (https://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   User coming in through RDP has different settings than one logging in directly (https://www.linuxquestions.org/questions/linux-desktop-74/user-coming-in-through-rdp-has-different-settings-than-one-logging-in-directly-4175471512/)

hwyhobo 07-30-2013 05:59 PM
User coming in through RDP has different settings than one logging in directly
 
When I log in to my CentOS 6.4 directly, nm-connection-editor works normally, I can edit connections. However, if I log in through rdp, I can't. "Edit" is always grayed out. It must be something simple I am not seeing.

Any pointers will be appreciated.

gradinaruvasile 07-31-2013 08:53 AM
rdp? More exactly?

hwyhobo 07-31-2013 12:33 PM
rdp = Remote Desktop Protocol.

gradinaruvasile 07-31-2013 01:21 PM
You talk about the xrdp or freerdp implementation?

Or

Gnome has "a "RDP" server shich is a big messy misunderstanding because that is just plain and simple VNC.
?

hwyhobo 07-31-2013 01:42 PM
xrdp. Yes, it runs on VNC, but seems to connect nicely, no drops, no problems. It's just that the user coming in through rdp seems to have different settings and permissions. There has to be some hidden setting to make the system treat that user like any other logging in directly, but I haven't found it yet.

gradinaruvasile 07-31-2013 02:50 PM
Most likely the user is treated as "inactive" or "not local" by consolekit/policykit. Log in a session, open a terminal then type:

Code:
ck-list-sessions
Will output something like:

Code:

$ ck-list-sessions
Session3:
        unix-user = '0'
        realname = 'root'
        seat = 'Seat1'
        session-type = ''
        active = FALSE
        x11-display = ''
        x11-display-device = ''
        display-device = '/dev/pts/1'
        remote-host-name = ''
        is-local = TRUE
        on-since = '2013-07-29T18:30:09.478535Z'
        login-session-id = '1'
        idle-since-hint = '2013-07-31T19:44:14.123049Z'
Session2:
        unix-user = '1000'
        realname = 'Kertesz Laszlo'
        seat = 'Seat1'
        session-type = ''
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty7'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2013-07-29T18:29:14.080634Z'
        login-session-id = '1'
Find your session there (probably display will be 1 or 10) then see what you have at
Code:
active =
or
Code:
is-local =
it can be TRUE or FALSE. If its FALSE, you have to modify the policykit permission files in the /usr/share/polkit-1/actions/ folder.

hwyhobo 07-31-2013 05:20 PM
I just tried that. I rebooted the machine to make sure it was clean. Then I rdp'ed to it and executed ck-list-sessions:

Code:
$ ck-list-sessions
Session1:
        unix-user = '42'
        realname = '(null)'
        seat = 'Seat1'
        session-type = 'LoginWindow'
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty1'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2013-07-31T21:54:05.528130Z'
        login-session-id = '4294967295'
Session2:
        unix-user = '501'
        realname = 'Training Attendee'
        seat = 'Seat2'
        session-type = ''
        active = FALSE
        x11-display = ':10.0'
        x11-display-device = ''
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2013-07-31T21:57:08.529246Z'
        login-session-id = '4294967295'
The second session, for the rdp user, showed inactive (the first one appears to for gdm:x:42:42::/var/lib/gdm:/sbin/nologin). I modified two network manager policy files to allow inactive (changed <allow_inactive>no<allow_inactive> to yes), but even after a reboot it made no difference.

There a lot more files in there:
Code:
# ls /usr/share/polkit-1/actions/
net.reactivated.fprint.device.policy                    org.freedesktop.policykit.examples.pkexec.policy
org.fedoraproject.config.firewall.policy                org.freedesktop.policykit.policy
org.fedoraproject.config.services.policy                org.freedesktop.RealtimeKit1.policy
org.fedoraproject.systemconfig.kdump.policy            org.freedesktop.udisks.policy
org.freedesktop.consolekit.policy                      org.gnome.clockapplet.mechanism.policy
org.freedesktop.devicekit.power.policy                  org.gnome.control-center.defaultbackground.policy
org.freedesktop.devicekit.power.qos.policy              org.gnome.cpufreqselector.policy
org.freedesktop.modem-manager.policy                    org.gnome.gconf.defaults.policy
org.freedesktop.NetworkManager.policy                  org.gnome.settings-daemon.plugins.wacom.policy
org.freedesktop.network-manager-settings.system.policy  org.gnome.system-monitor.policy
org.freedesktop.packagekit.policy
but they don't seem to be related specifically to this.

gradinaruvasile 08-01-2013 02:49 AM
Some more info here:

http://scarygliders.net/2011/11/17/x...omment-page-1/

Here are some possible solutions:

http://askubuntu.com/questions/47942...ger-privileged

This command will list your permissions, check for network manager related stuff:

Code:
pkaction --verbose

hwyhobo 08-01-2013 02:28 PM
I have changed all the policy files. All inactive permissions are now identical to active according to pkaction -verbose. Still no change. I wish there was just a way to cause new session to be marked as active and get it over with. There has to be a way. Obviously NetworkManager does not do what is expected.

I am beginning to understand also why most normal people do not want to touch Linux. I've been using it on the side since 0.99 pl 7, and it still causes me to gasp in frustration.

hwyhobo 08-01-2013 03:34 PM
Consider this closed. Decided the simplest solution was to disable NetworkManager and use network. Then I will have participants edit the interface in gedit and restart it. Works every time. Simple solutions work best. The more bloat is being introduced, the more like Windows this is becoming.

Thank you, gradinaruvasile, for all your help.

hwyhobo 08-01-2013 04:46 PM
Alas, I spoke too soon. Even though network brings up all interfaces as expected, xrdp no longer accepts connections. Apparently something depends on NetworkManager. I have to manually log in from the console and do:

# /etc/sysconfig/network-scripts/ifdown-eth eth0
# /etc/sysconfig/network-scripts/ifup-eth eth0

(yes, it has to be done via ifup-eth, not ifup, and not by restarting network)

and then everything works. I think it is time to kick it to the curb and install Windows as a landing VM to my dismay.

gradinaruvasile 08-01-2013 05:12 PM
1. Network Manager is crap. It doesnt make sense to be used with fixed computers at all. Its ok for laptops.
2. Network Manager is NOT integral part of the Linux networking stack - if disabled for good it should not interfere.
3. Try Wicd - it does what NM does only it is a wrapper for the standard Linux tools instead of trying to replace them.

julmarqu 12-25-2015 08:03 PM
Solved this in my xubuntu system
 
I had been looking for a solution to this problem (use xrdp to login) and this is what I did to make it work:

1. I edited file /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf as follows:
a. cloned the policy user="root" below it and changed it to my user by changing the clone's first line to policy user="myUser"
b. cloned the policy at_console="true" below it and changed the first line of the clone to policy at_console="false"

2. Needed to start NetworkManager using dbus by changing /etc/xdg/autostart/nm-applet.desktop line EXEC=nm-applet to EXEC=dbus-launch nm-applet

3. Changed all the permissions in the default section of the /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy to this:
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>

Without the allow_any it did not work. I also changed those set to auth_admin_keep to yes. Didn't do an intermediate step so not sure if both the allow_any and the yes instead of auth_admin_keep are needed.

v4r3l0v 12-26-2015 12:51 PM
Something depends on Network Manager- correct, firewalld for one depends on Network Manager. Network Manager uses dbus, it is better solution than what we had previously.
If you haven't solved it already, this looks like permissions problem, how is the remote system seeing you- as its local user or as the default user under which rdp service works?


All times are GMT -5. The time now is 11:54 PM.