Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
xrdp.ini(5)							   xrdp.ini(5)

NAME
       xrdp.ini	- Configuration	file for xrdp(8)

DESCRIPTION
       This  is	 the man page for xrdp.ini, xrdp(8) configuration file.	 It is
       composed	by a number of sections, each one composed by a	section	 name,
       enclosed	 by square brackets, followed by a list	of _parameter_=_value_
       lines.

       xrdp.ini	supports the following sections:

       [Globals] - sets	some global configuration settings for xrdp(8).

       [Logging] - logging subsystem parameters

       [Channels] - channel subsystem parameters

       All options and values (except for file names and paths)	are  case  in-
       sensitive, and are described in detail below.

GLOBALS
       The options to be specified in the [Globals] section are	the following:

       address=ip address
	      Specify  xrdp  listening	address. If not	specified, defaults to
	      0.0.0.0 (all interfaces).

       autorun=session_name
	      Section name for automatic login.	If set and the client supplies
	      valid username and password, the user will be logged in automat-
	      ically using the connection specified by session_name.

	      If session_name is empty,	the LOGIN DOMAIN from the client  with
	      be  used	to  select the section.	If no domain name is supplied,
	      the first	suitable section will be used for automatic login.

       bitmap_cache=[true|false]
	      If set to	1, true	or yes this option enables bitmap  caching  in
	      xrdp(8).

       bitmap_compression=[true|false]
	      If  set to 1, true or yes	this option enables bitmap compression
	      in xrdp(8).

       bulk_compression=[true|false]
	      If set to	1, true	or yes this option enables compression of bulk
	      data in xrdp(8).

       certificate=/path/to/certificate

       key_file=/path/to/private_key
	      Set  location  of	 TLS certificate and private key. They must be
	      written in PEM format.  If not specified,	defaults  to  /usr/lo-
	      cal/etc/xrdp/cert.pem, /usr/local/etc/xrdp/key.pem.

	      This parameter is	effective only if security_layer is set	to tls
	      or negotiate.

       channel_code=[true|false]
	      If set to	0, false or  no	 this  option  disables	 all  channels
	      xrdp(8).	 See  section CHANNELS below for more fine grained op-
	      tions.

       crypt_level=[low|medium|high|fips]
	      Regulate encryption level	of Standard RDP	Security.  This	param-
	      eter  is effective only if security_layer	is set to rdp or nego-
	      tiate.

	      Encryption in Standard RDP Security is controlled	 by  two  set-
	      tings:  Encryption  Level	 and Encryption	Method.	 The only sup-
	      ported Encryption	Method are 40BIT_ENCRYPTION and	128BIT_ENCRYP-
	      TION.  56BIT_ENCRYPTION  is not supported.  This option controls
	      the Encryption Level:

	       low    All data sent from the client to the server is protected
		      by  encryption  based  on	 the maximum key strength sup-
		      ported by	the client.  This is the only level  that  the
		      traffic sent by the server to client is not encrypted.

	       medium All  data	sent between the client	and the	server is pro-
		      tected by	encryption based on the	maximum	 key  strength
		      supported	by the client (client compatible).

	       high   All  data	sent between the client	and the	server is pro-
		      tected by	encryption based on the	server's  maximum  key
		      strength (sever compatible).

	       fips   All data sent between the	client and server is protected
		      using Federal Information	Processing Standard 140-1 val-
		      idated  encryption  methods.  This level is required for
		      Windows clients (mstsc.exe) if the client's group	policy
		      enforces FIPS-compliance mode.

       fork=[true|false]
	      If  set  to  1, true or yes for each incoming connection xrdp(8)
	      forks a sub-process instead of using threads.

       hidelogwindow=[true|false]
	      If set to	1, true	or yes,	xrdp will not show a  window  for  log
	      messages.	 If not	specified, defaults to false.

       max_bpp=[8|15|16|24|32]
	      Limit  the  color	depth by specifying the	maximum	number of bits
	      per pixel.  If not specified or set to 0,	unlimited.

       pamerrortxt=error_text
	      Specify text passed to PAM when authentication failed. The maxi-
	      mum length is 256.

       port=port
	      Specify TCP port to listen on for	incoming connections.  The de-
	      fault for	RDP is 3389.

       require_credentials=[true|false]
	      If set to	1, true	or yes,	xrdp requires clients to include user-
	      name and password	initial	connection phase. In other words, xrdp
	      doesn't allow clients to show login screen if set	 to  true.  If
	      not specified, defaults to false.

       security_layer=[tls|rdp|negotiate]
	      Regulate security	methods. If not	specified, defaults to negoti-
	      ate.

	       tls    Enhanced RDP Security is used. All  security  operations
		      (encryption,  decryption,	 data  integrity verification,
		      and server authentication) are implemented by TLS.

	       rdp    Standard RDP Security, which is not  safe	 from  man-in-
		      the-middle  attack,  is  used.  The  encryption level of
		      Standard RDP Security is controlled by crypt_level.

	       negotiate
		      Negotiate	these security methods with clients.

       ssl_protocols=[SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] [TLSv1.3]
	      Enables the specified SSL/TLS protocols. Each  value  should  be
	      separated	by comma.  SSLv2 is always disabled. At	least one pro-
	      tocol should be given to accept TLS connections.	This parameter
	      is effective only	if security_layer is set to tls	or negotiate.

       tcp_keepalive=[true|false]
	      Regulate	 if   the   listening	socket	 uses	socket	option
	      SO_KEEPALIVE.  If	set to 1, true or yes and the network  connec-
	      tion disappears without closing messages,	the connection will be
	      closed.

       tcp_nodelay=[true|false]
	      Regulate if the listening	socket uses socket option TCP_NODELAY.
	      If  set to 1, true or yes, no buffering will be performed	in the
	      TCP stack.

       tcp_send_buffer_bytes=buffer_size

       tcp_recv_buffer_bytes=buffer_size
	      Specify send/recv	buffer sizes in	bytes.	The default value  de-
	      pends on operating system.

       tls_ciphers=cipher_suite
	      Specifies	 TLS  cipher  suite.  The  format of this parameter is
	      equivalent to which openssl(1) ciphers subcommand	accepts.

	      (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1')

	      This parameter is	effective only if security_layer is set	to tls
	      or negotiate.

       use_fastpath=[input|output|both|none]
	      If not specified,	defaults to none.

       black=000000

       grey=c0c0c0

       dark_grey=808080

       blue=0000ff

       dark_blue=00007f

       white=ffffff

       red=ff0000

       green=00ff00

       background=000000
	      These  options override the colors used internally by xrdp(8) to
	      draw the login and log windows.	Colors	are  defined  using  a
	      hexadecimal  (hex)  notation  for	the combination	of Red,	Green,
	      and Blue color values (RGB).  The	lowest value that can be given
	      to one of	the light sources is 0 (hex 00).  The highest value is
	      255 (hex FF).

LOGGING
       The following parameters	can be used in the [Logging] section:

       LogFile=/var/log/xrdp.log
	      This options contains the	path to	logfile. It can	be either  ab-
	      solute or	relative.

       LogLevel=level
	      This option can have one of the following	values:

	      CORE  or 0 - Log only core messages. these messages are _always_
	      logged, regardless the logging level selected.

	      ERROR or 1 - Log only error messages

	      WARNING, WARN or 2 - Logs	warnings and error messages

	      INFO or 3	- Logs errors, warnings	and informational messages

	      DEBUG or 4 - Log everything. If  sesman  is  compiled  in	 debug
	      mode, this options will output many more low-level message, use-
	      ful for developers

       EnableSyslog=[true|false]
	      If set to	1, true	or yes this option enables logging to  syslog.
	      Otherwise	syslog is disabled.

       SyslogLevel=level
	      This  option  sets the logging level for syslog. It can have the
	      same  values  of	LogLevel.  If  SyslogLevel  is	greater	  than
	      LogLevel,	its value is lowered to	that of	LogLevel.

CHANNELS
       The  Remote  Desktop Protocol supports several channels,	which are used
       to transfer additional data like	 sound,	 clipboard  data  and  others.
       Channel	names  not listed here will be blocked by xrdp.	 Not all chan-
       nels are	supported in all cases,	so setting a value to true is  a  pre-
       requisite, but does not force its use.
       Channels	 can  also be enabled or disabled on a per connection basis by
       prefixing each setting with channel. in the channel section.

       rdpdr=[true|false]
	      If set to	1, true	or yes using the RDP channel for device	 redi-
	      rection is allowed.

       rdpsnd=[true|false]
	      If  set to 1, true or yes	using the RDP channel for sound	is al-
	      lowed.

       drdynvc=[true|false]
	      If set to	1, true	or yes using the RDP channel to	initiate addi-
	      tional dynamic virtual channels is allowed.

       cliprdr=[true|false]
	      If set to	1, true	or yes using the RDP channel for clipboard re-
	      direction	is allowed.

       rail=[true|false]
	      If set to	1, true	or yes using the RDP channel for remote	appli-
	      cations integrated locally (RAIL)	is allowed.

       xrdpvr=[true|false]
	      If  set  to  1, true or yes using	the RDP	channel	for XRDP Video
	      streaming	is allowed.

CONNECTIONS
       A connection section is made of a  section  name,  enclosed  in	square
       brackets, and the following entries:

       name=_session name_
	      The name displayed in xrdp(8) login window's combo box.

       lib=../vnc/libvnc.so
	      Sets the library to be used with this connection.

       username=_username_|{base64}_base64-encoded-username_|ask
	      Specifies	 the  username	used for authenticating	in the connec-
	      tion.  If	set to ask, user name should be	provided in the	 login
	      window.

	      If  the  username	 includes  comment out symbols such as '#', or
	      ';', the username	can  be	 provided  in  base64  form  prefixing
	      "{base64}".

       password=_password_|{base64}_base64-encoded-password_|ask
	      Specifies	 the  password	used for authenticating	in the connec-
	      tion.  If	set to ask, password should be provided	in  the	 login
	      window.

	      This  parameter  can be provided in base64 form as well as user-
	      name. See	also examples below.

       ip=127.0.0.1
	      Specifies	the ip address of the host to connect to.

       port=_number_|-1
	      Specifies	the port number	to connect to. If set to -1,  the  de-
	      fault port for the specified library is used.

       xserverbpp=_number_
	      Specifies	 color	depth  of the backend X	server.	The default is
	      the color	depth of the client. Only Xvnc	and  X11rdp  use  that
	      setting. Xorg runs at 24 bpp.

       code=_number_|0
	      Specifies	 the  session  type.  The  default,  0,	is Xvnc, 10 is
	      X11rdp, and 20 is	Xorg with xorgxrdp modules.

EXAMPLES
       This is an example xrdp.ini:

       [Globals]
       bitmap_cache=true
       bitmap_compression=true

       [Xorg]
       name=Xorg
       lib=libxup.so
       username=ask
       password=ask
       ip=127.0.0.1
       port=-1
       code=20

       [vnc-any]
       name=vnc-any
       lib=libvnc.so
       ip=ask
       port=ask5900
       username=na
       password={base64}cGFzc3dvcmQhCg==

FILES
       /usr/local/etc/xrdp/xrdp.ini

SEE ALSO
       xrdp(8),	sesman(8), sesrun(8), sesman.ini(5)

       for more	info on	xrdp see http://www.xrdp.org/

xrdp team			   0.9.13.1			   xrdp.ini(5)

NAME | DESCRIPTION | GLOBALS | LOGGING | CHANNELS | CONNECTIONS | EXAMPLES | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=xrdp.ini&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help