sesman crashes on second login

I can confirm this bug on Ubuntu 8.10. xrdp version 0.4.0

Confirmed that it is still a problem under jaunty.

Confirmed under jaunty

Having this issue as well. I don't have much choice but to fix it tomorrow morning (gotta love forced issues in production environments) so I will post back my findings.

FYI, Ubuntu 9.04: This issue must have been resolved at some point in the CVS version. I uninstalled xrdp and built the cvs version. no issues yet.

ubuntu 10.04, not solved.

I'm running xrdp from the 0.5.0 amd64 .deb built in the Maverick ppa (though I'm running Lucid) and it's happening for me.

The first time it happened to me, I had closed the (mstsc.exe) RDP client window without logging off.

I tried to /etc/init.d/xrdp restart, and it told me sesman was running, so I deleted the .pid file and restarted xrdp. I still can't login, though I expect I'll be able to if I restart the Linux machine.

I rebooted, and it worked again the first time as expected, but again crashed on the second login; this time I made sure to actually logout.

I have this issue on two lucid amd64 machines with nvidia proprietary drivers and NOT with another lucid amd64 machine with ati proprietary drivers. So could this be related to they nvidia proprietary blobs? Just a hunch, could be other differences.

10.04 64-bit on Intel Xeon. Had the NVidia driver installed and experienced this same problem. Uninstalled the driver, rebooted, no change. I wish it was just the driver. This is stopping us from running our servers in a headless environment, as well as preventing users from actually working with the servers 8-(

10.10 64-bit AMD same problem.

Hi brothers by misfortune, finally I've found the root of evil!!!

I guest all of you have samba installed in the System (If no it can be any additional package that has own pam authorizatuion schema). I will show what is wrong on the example with samba.
When you install samba package the installer adds an authorization method string into /etc/pam.d/common-auth file, it looks like:

auth optional pam_smbpass.so migrate

From the outer hand file /etc/pam.d/sesman contains inctruction:

@include common-auth

So this way the samba authorization method take part in authorization and sesman crashes on it.
The solution is just move string [auth optional pam_smbpass.so migrate] from file /etc/pam.d/common-auth to file /etc/pam.d/samba rigth under string [@include common-auth] and all will be fine.

BTW, I recomment you get from CVS repository last version 0.6.0 xrdp package, compile it and install, it has a fix allowing you to use MS RD Client version 7 comming with Windows 7 for connectivity. I've set it up and it works perfectly. And whats more developers changed content of file /etc/pam.d/sesman (btw now it is named /etc/pam.d/xrdp-sesman). They removed all includes and added all auth strings directly, so if you use any additional auth schema, like pam_mysql for example, keep it into account.

Thank you Konstantin!

This fix worked for me on xrdp 0.5.0 on Ubuntu 10.04.

So the question is which: application here (samba or xrdp) is to blame for this bad behavior? Should samba put that line in its own configuration file, or should xrdp handle things differently?

I ask because if it is Samba-related, we should probably add that as an also-affected project.

Konstantin Kasatkin is definitely correct.

I knew XRDP had been perfect, and then stopped right after I installed Samba, but couldn't figure out exactly what it was.

xrdp 0.5.0 and Ubuntu 10.10

I can't blame neither samba nor xrdp because I haven't developed them:) But I've noticed that the last version 0.6.0 (I've got it from CVS repository) has a big problem on Ubuntu 10.4. After starting service xrdp even if you make no connections by rdp the service starts to eat system resources. In 20 мин after service start uptime command shows system load parameter 10 and more and when I try to stop process correctly it unsuccessfully, only kill -9 can drop the process. If someone knows the reason of this strange behavior I would be very appreciate to get explanation.

BTW maybe someone has a stable deb package of xrdp 0.5.0 (better 0.6.0) for Ubuntu 10.4 x64 could you share the link to this?

To Jon Ogilvie...

About auth line that samba adds to common config I think following: if you want to use user authentification from samba users repository it must be in common-auth, but hardly someone uses this approach. I think the problem is not in wrong location samba auth string, but the problem in samba auth engine inplementation.

Once connecting via RDP configured to use xterm as window manager when I entered wrong login-password pair I was asked credentials by samba auth engine. That means that samba auth engine works, only works somehow strange.

Konstantin Kasatkin,

I am trying to implement an alternative to M$ Sever with Terminal services. Using the project xrdp and the project likewise-open on Ubuntu 10.10 seems to be the right combination. However, I fear that the likewise client installation makes changs to Pluggable Authentication Module (PAM).

I am new to Linux security practices, and I would be very grateful if you could offer some direction.

relevant links:

About the Likewise Agent
http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-54-guide.html#AboutLikewiseAgent

Likewise Open
https://help.ubuntu.com/8.04/serverguide/C/likewise-open.html

domainjoin-cli - Join a host to an Active Directory domain
http://manpages.ubuntu.com/manpages/hardy/man8/domainjoin-cli.8.html

xRDP INFO (1)
http://xrdp.sourceforge.net/documents/xrdpdesign/index.html

xRDP INFO (2)
http://xrdp.sourceforge.net/documents/asession/index.html

xrdp - a Remote Desktop Protocol (RDP) server
http://manpages.ubuntu.com/manpages/hardy/man8/xrdp.8.html

xrdp.ini - Configuration file for xrdp(8)
http://manpages.ubuntu.com/manpages/hardy/man5/xrdp.ini.5.html

The same problem is still present in Ubuntu 10.10 (maverick). The steps in #12 above solve the problem. Thanks.

The same problem is still present in Ubuntu 10.04.2 64 bit.

 The steps in #12 above solve the problem. Thanks.

A recent software upgrade which I installed on 5th April 2011 re-introduced the problem that I had cured by following #12 above. I had to re-edit /etc/pam.d/common-auth. /etc/pam.d/common-auth.pam-old had my originals edits in it.

The problem is still present in xubuntu 11.04 BETA 2.

The bug is also in Ubuntu (Server) 11.04, downloaded yesterday, and the fix of #12 is working great! Thank you Konstantin!

Still on Ubuntu Server 11.04, comment #12 fixed the problem!

And the fix is still as described in #12 as of 11.04 Natty Narwhal

The bug is also in Ubuntu (Server) 11.11, the fix of #12 is working and I think #13 needs some attention, should we report in samba?

All hail Konstantin. Thank you.

Steve P, thank you for reporting this and helping make Ubuntu better. However, your crash report is missing. Please follow these instructions to have apport report a new bug about your crash that can be dealt with by the automatic retracer. First, execute at a terminal:
cd /var/crash && sudo rm * ; sudo apt-get update && sudo apt-get -y upgrade && sudo service apport start force_start=1

If you are running the Ubuntu Stable Release you might need to enable apport in /etc/default/apport and restart.

Now reproduce the crash, then open your file manager, navigate to your /var/crash directory and open the crash report you wish to submit.
If this fails you will have to open a terminal and file your report with 'ubuntu-bug /var/crash/_my_crash_report.crash' where _my_crash_report.crash is the crash you would like to report. If you get an error that you aren't allowed to access this report you will have to file it with 'sudo ubuntu-bug /var/crash/_my_crash_report.crash'. If you run the command against the crash report and a window pops up asking you to report this, but then never opens a new report, you would be affected by https://bugs.launchpad.net/ubuntu/+source/apport/+bug/994921 . In order to WORKAROUND this, one would need to open the following file via a command line:
sudo nano /etc/apport/crashdb.conf

and comment out the line:
'problem_types': ['Bug', 'Package'],

by changing it to:
# 'problem_types': ['Bug', 'Package'],

Save, close, and try to file the crash report again via:
ubuntu-bug /var/crash/_my_crash_report.crash

I'm closing this bug report since the process outlined above will automatically open a new bug report which can then dealt with more efficiently.

Please feel free to subscribe me to this new report.

Also, please do not attach your crash report manually to this report and reopen it.

Thank you for your understanding.

Helpful bug reporting tips:
https://wiki.ubuntu.com/ReportingBugs