1[Globals]
2; xrdp.ini file version number
3ini_version=1
4
5; fork a new process for each incoming connection
6fork=true
7
8; ports to listen on, number alone means listen on all interfaces
9; 0.0.0.0 or :: if ipv6 is configured
10; space between multiple occurrences
11; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start
12;
13; Examples:
14;   port=3389
15;   port=unix://./tmp/xrdp.socket
16;   port=tcp://.:3389                           127.0.0.1:3389
17;   port=tcp://:3389                            *:3389
18;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
19;   port=tcp6://.:3389                          ::1:3389
20;   port=tcp6://:3389                           *:3389
21;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
22;   port=vsock://<cid>:<port>
23port=3389
24
25; 'port' above should be connected to with vsock instead of tcp
26; use this only with number alone in port above
27; prefer use vsock://<cid>:<port> above
28use_vsock=false
29
30; regulate if the listening socket use socket option tcp_nodelay
31; no buffering will be performed in the TCP stack
32tcp_nodelay=true
33
34; regulate if the listening socket use socket option keepalive
35; if the network connection disappear without close messages the connection will be closed
36tcp_keepalive=true
37
38; set tcp send/recv buffer (for experts)
39#tcp_send_buffer_bytes=32768
40#tcp_recv_buffer_bytes=32768
41
42; security layer can be 'tls', 'rdp' or 'negotiate'
43; for client compatible layer
44security_layer=negotiate
45
46; minimum security level allowed for client for classic RDP encryption
47; use tls_ciphers to configure TLS encryption
48; can be 'none', 'low', 'medium', 'high', 'fips'
49crypt_level=high
50
51; X.509 certificate and private key
52; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
53certificate=
54key_file=
55
56; set SSL protocols
57; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
58ssl_protocols=TLSv1.2, TLSv1.3
59; set TLS cipher suites
60#tls_ciphers=HIGH
61
62; concats the domain name to the user if set for authentication with the separator
63; for example when the server is multi homed with SSSd
64#domain_user_separator=@
65
66; The following options will override the keyboard layout settings.
67; These options are for DEBUG and are not recommended for regular use.
68#xrdp.override_keyboard_type=0x04
69#xrdp.override_keyboard_subtype=0x01
70#xrdp.override_keylayout=0x00000409
71
72; Section name to use for automatic login if the client sends username
73; and password. If empty, the domain name sent by the client is used.
74; If empty and no domain name is given, the first suitable section in
75; this file will be used.
76autorun=
77
78allow_channels=true
79allow_multimon=true
80bitmap_cache=true
81bitmap_compression=true
82bulk_compression=true
83#hidelogwindow=true
84max_bpp=32
85new_cursors=true
86; fastpath - can be 'input', 'output', 'both', 'none'
87use_fastpath=both
88; when true, userid/password *must* be passed on cmd line
89#require_credentials=true
90; when true, the userid will be used to try to authenticate
91#enable_token_login=true
92; You can set the PAM error text in a gateway setup (MAX 256 chars)
93#pamerrortxt=change your password according to policy at http://url
94
95;
96; colors used by windows in RGB format
97;
98blue=009cb5
99grey=dedede
100#black=000000
101#dark_grey=808080
102#blue=08246b
103#dark_blue=08246b
104#white=ffffff
105#red=ff0000
106#green=00ff00
107#background=626c72
108
109;
110; configure login screen
111;
112
113; Login Screen Window Title
114#ls_title=My Login Title
115
116; top level window background color in RGB format
117ls_top_window_bg_color=009cb5
118
119; width and height of login screen
120;
121; The default height allows for about 5 fields to be comfortably displayed
122; above the buttons at the bottom. To display more fields, make <ls_height>
123; larger, and also increase <ls_btn_ok_y_pos> and <ls_btn_cancel_y_pos>
124; below
125;
126ls_width=350
127ls_height=430
128
129; login screen background color in RGB format
130ls_bg_color=dedede
131
132; optional background image filename (bmp format).
133#ls_background_image=
134
135; logo
136; full path to bmp-file or file in shared folder
137ls_logo_filename=
138ls_logo_x_pos=55
139ls_logo_y_pos=50
140
141; for positioning labels such as username, password etc
142ls_label_x_pos=30
143ls_label_width=65
144
145; for positioning text and combo boxes next to above labels
146ls_input_x_pos=110
147ls_input_width=210
148
149; y pos for first label and combo box
150ls_input_y_pos=220
151
152; OK button
153ls_btn_ok_x_pos=142
154ls_btn_ok_y_pos=370
155ls_btn_ok_width=85
156ls_btn_ok_height=30
157
158; Cancel button
159ls_btn_cancel_x_pos=237
160ls_btn_cancel_y_pos=370
161ls_btn_cancel_width=85
162ls_btn_cancel_height=30
163
164[Logging]
165; Note: Log levels can be any of: core, error, warning, info, debug, or trace
166LogFile=xrdp.log
167LogLevel=INFO
168EnableSyslog=true
169#SyslogLevel=INFO
170#EnableConsole=false
171#ConsoleLevel=INFO
172#EnableProcessId=false
173
174[LoggingPerLogger]
175; Note: per logger configuration is only used if xrdp is built with
176; --enable-devel-logging
177#xrdp.c=INFO
178#main()=INFO
179
180[Channels]
181; Channel names not listed here will be blocked by XRDP.
182; You can block any channel by setting its value to false.
183; IMPORTANT! All channels are not supported in all use
184; cases even if you set all values to true.
185; You can override these settings on each session type
186; These settings are only used if allow_channels=true
187rdpdr=true
188rdpsnd=true
189drdynvc=true
190cliprdr=true
191rail=true
192xrdpvr=true
193tcutils=true
194
195; for debugging xrdp, in section xrdp1, change port=-1 to this:
196#port=/tmp/.xrdp/xrdp_display_10
197
198
199;
200; Session types
201;
202
203; Some session types such as Xorg, X11rdp and Xvnc start a display server.
204; Startup command-line parameters for the display server are configured
205; in sesman.ini. See and configure also sesman.ini.
206[Xorg]
207name=Xorg
208lib=libxup.@lib_extension@
209username=ask
210password=ask
211ip=127.0.0.1
212port=-1
213code=20
214
215[Xvnc]
216name=Xvnc
217lib=libvnc.@lib_extension@
218username=ask
219password=ask
220ip=127.0.0.1
221port=-1
222#xserverbpp=24
223#delay_ms=2000
224; Disable requested encodings to support buggy VNC servers
225; (1 = ExtendedDesktopSize)
226#disabled_encodings_mask=0
227; Use this to connect to a chansrv instance created outside of sesman
228; (e.g. as part of an x11vnc console session). Replace '0' with the
229; display number of the session
230#chansrvport=DISPLAY(0)
231
232; Generic VNC Proxy
233; Tailor this to specific hosts and VNC instances by specifying an ip
234; and port and setting a suitable name.
235[vnc-any]
236name=vnc-any
237lib=libvnc.@lib_extension@
238ip=ask
239port=ask5900
240username=na
241password=ask
242#pamusername=asksame
243#pampassword=asksame
244#pamsessionmng=127.0.0.1
245#delay_ms=2000
246
247; Generic RDP proxy using NeutrinoRDP
248; Tailor this to specific hosts by specifying an ip and port and setting
249; a suitable name.
250[neutrinordp-any]
251name=neutrinordp-any
252; To use this section, you should build xrdp with configure option
253; --enable-neutrinordp.
254lib=libxrdpneutrinordp.@lib_extension@
255ip=ask
256port=ask3389
257username=ask
258password=ask
259; Uncomment the following lines to enable PAM authentication for proxy
260; connections.
261#pamusername=ask
262#pampassword=ask
263#pamsessionmng=127.0.0.1
264; Currently NeutrinoRDP doesn't support dynamic resizing. Uncomment
265; this line if you're using a client which does.
266#enable_dynamic_resizing=false
267; By default, performance settings requested by the RDP client are ignored
268; and chosen by NeutrinoRDP. Uncomment this line to allow the user to
269; select performance settings in the RDP client.
270#perf.allow_client_experiencesettings=true
271; Override any experience setting by uncommenting one or more of the
272; following lines.
273#perf.wallpaper=false
274#perf.font_smoothing=false
275#perf.desktop_composition=false
276#perf.full_window_drag=false
277#perf.menu_anims=false
278#perf.themes=false
279#perf.cursor_blink=false
280; By default NeutrinoRDP supports cursor shadows. If this is giving
281; you problems (e.g. cursor is a black rectangle) try disabling cursor
282; shadows by uncommenting the following line.
283#perf.cursor_shadow=false
284; By default, NeutrinoRDP uses the keyboard layout of the remote RDP Server.
285; If you want to tell the remote the keyboard layout of the RDP Client,
286; by uncommenting the following line.
287#neutrinordp.allow_client_keyboardLayout=true
288; The following options will override the remote keyboard layout settings.
289; These options are for DEBUG and are not recommended for regular use.
290#neutrinordp.override_keyboardLayout_mask=0x0000FFFF
291#neutrinordp.override_kbd_type=0x04
292#neutrinordp.override_kbd_subtype=0x01
293#neutrinordp.override_kbd_fn_keys=12
294#neutrinordp.override_kbd_layout=0x00000409
295
296; You can override the common channel settings for each session type
297#channel.rdpdr=true
298#channel.rdpsnd=true
299#channel.drdynvc=true
300#channel.cliprdr=true
301#channel.rail=true
302#channel.xrdpvr=true
303