Hi all,

Sorry for the reply to an ancient post.

But I thought I share how I finally managed to get xrdp to play nice with freeipa.

The solution was rather simple.

When in ipa allow_all policy is disabled.

Add xrdep-sesman to the hbac-services then add the service to the hbac-policy that allows desktop access.

after that you can login with an ipa user via xrdp

this even works for ad-domain users when you have configured a trust and mapped all the required groups.

Rob