{{ ansible_managed | comment(decoration = '; ') }} ;; See `man 5 sesman.ini` for details [Globals] ListenAddress=127.0.0.1 ListenPort=3350 EnableUserWindowManager=true ; Give in relative path to user's home directory UserWindowManager=startwm.sh ; Give in full path or relative path to /etc/xrdp DefaultWindowManager=startwm.sh ; Give in full path or relative path to /etc/xrdp ReconnectScript=reconnectwm.sh [Security] AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins ; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. AlwaysGroupCheck=false ; When RestrictOutboundClipboard=all clipboard from the ; server is not pushed to the client. ; In addition, you can control text/file/image transfer restrictions ; respectively. It also accepts comma separated list such as text,file,image. ; To keep compatibility, some aliases are also available: ; true: an alias of all ; false: an alias of none ; yes: an alias of all RestrictOutboundClipboard=none ; When RestrictInboundClipboard=all clipboard from the ; client is not pushed to the server. ; In addition, you can control text/file/image transfer restrictions ; respectively. It also accepts comma separated list such as text,file,image. ; To keep compatibility, some aliases are also available: ; true: an alias of all ; false: an alias of none ; yes: an alias of all RestrictInboundClipboard=none [Sessions] ;; X11DisplayOffset - x11 display number offset ; Type: integer ; Default: 10 X11DisplayOffset=10 ;; MaxSessions - maximum number of connections to an xrdp server ; Type: integer ; Default: 0 MaxSessions={{ xrdp_maxsessions }} ;; KillDisconnected - kill disconnected sessions ; Type: boolean ; Default: false ; if 1, true, or yes, every session will be killed within DisconnectedTimeLimit ; seconds after the user disconnects KillDisconnected={{ xrdp_killdisconnected }} ;; DisconnectedTimeLimit (seconds) - wait before kill disconnected sessions ; Type: integer ; Default: 0 ; if KillDisconnected is set to false, this value is ignored DisconnectedTimeLimit=0 ;; IdleTimeLimit (seconds) - wait before disconnect idle sessions ; Type: integer ; Default: 0 ; Set to 0 to disable idle disconnection. IdleTimeLimit=0 ;; Policy - session allocation policy ; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] ; "Default" session per ; "UBD" session per ; "UBI" session per ; "UBC" session per ; "UBDI" session per ; "UBDC" session per Policy={{ xrdp_policy }} [Logging] ; Note: Log levels can be any of: core, error, warning, info, debug, or trace LogFile=xrdp-sesman.log LogLevel=INFO EnableSyslog=true #SyslogLevel=INFO #EnableConsole=false #ConsoleLevel=INFO #EnableProcessId=false [LoggingPerLogger] ; Note: per logger configuration is only used if xrdp is built with ; --enable-devel-logging #sesman.c=INFO #main()=INFO ; ; Session definitions - startup command-line parameters for each session type ; [Xorg] ; Specify the path of non-suid Xorg executable. It might differ depending ; on your distribution and version. Find out the appropriate path for your ; environment. The typical path is known as follows: ; ; Fedora 26 or later : param=/usr/libexec/Xorg ; Debian 9 or later : param=/usr/lib/xorg/Xorg ; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg ; Arch Linux : param=/usr/lib/Xorg ; CentOS 7 : param=/usr/bin/Xorg or param=Xorg ; CentOS 8 : param=/usr/libexec/Xorg ; FreeBSD (from 2022Q4) : param=/usr/local/libexec/Xorg ; param=/usr/lib/xorg/Xorg ; Leave the rest parameters as-is unless you understand what will happen. param=-config param=xrdp/xorg.conf param=-noreset param=-nolisten param=tcp param=-logfile param=.xorgxrdp.%s.log [Xvnc] param=Xvnc param=-bs param=-nolisten param=tcp param=-localhost param=-dpi param=96 [Chansrv] ; drive redirection ; See sesman.ini(5) for the format of this parameter #FuseMountName=/run/user/%u/thinclient_drives #FuseMountName=/media/thinclient_drives/%U/thinclient_drives FuseMountName=thinclient_drives ; this value allows only the user to access their own mapped drives. ; Make this more permissive (e.g. 022) if required. FileUmask=077 ; Can be used to disable FUSE functionality - see sesman.ini(5) #EnableFuseMount=false ; Uncomment this line only if you are using GNOME 3 versions 3.29.92 ; and up, and you wish to cut-paste files between Nautilus and Windows. Do ; not use this setting for GNOME 4, or other file managers #UseNautilus3FlistFormat=true [ChansrvLogging] ; Note: one log file is created per display and the LogFile config value ; is ignored. The channel server log file names follow the naming convention: ; xrdp-chansrv.${DISPLAY}.log ; ; Note: Log levels can be any of: core, error, warning, info, debug, or trace LogLevel=INFO EnableSyslog=true #SyslogLevel=INFO #EnableConsole=false #ConsoleLevel=INFO #EnableProcessId=false [ChansrvLoggingPerLogger] ; Note: per logger configuration is only used if xrdp is built with ; --enable-devel-logging #chansrv.c=INFO #main()=INFO [SessionVariables] PULSE_SCRIPT=/etc/xrdp/pulse/default.pa