Sorry for the reply to an ancient post.
But I thought I share how I finally managed to get xrdp to play nice with
The solution was rather simple.
When in ipa allow_all policy is disabled.
Add xrdep-sesman to the hbac-services then add the service to the
hbac-policy that allows desktop access.
after that you can login with an ipa user via xrdp
this even works for ad-domain users when you have configured a trust and
mapped all the required groups.
Show replies by date