Failed to access RDP gnome remote desktop of Redhat 10 from Remmina client

Rocky Linux Help & Support
1

RedHat 10 no more support VNC, so I have to try RDP.
On my server side:
RedHat 10.1, firewalld not running and disabled, selinux disabled
Set up Gnome RDP following connecting-to-a-remote-desktop-session-on-a-headless-server-for-multiple-users

Summary

dnf install gnome-remote-desktop gdm freerdp
dnf group install ‘Server with GUI’
yum group install GNOME Fonts

  • Create the self-signed TLS certificate as the gnome-remote-desktop user:
    $ sudo -u gnome-remote-desktop mkdir -p ~gnome-remote-desktop/.local/share/gnome-remote-desktop

  • Generate a self-signed TLS certificate for the RDP service as the gnome-remote-desktop user:
    $ sudo -u gnome-remote-desktop winpr-makecert -silent -rdp -path ~gnome-remote-desktop/.local/share/gnome-remote-desktop tls

  • Set remote desktop through RDP for multiple users:
    $ sudo grdctl --system rdp set-tls-key ~gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.key
    $ sudo grdctl --system rdp set-tls-cert ~gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.crt
    $ sudo grdctl --system rdp set-credentials
    $ sudo grdctl --system rdp enable

  • Enable the system remote login service and GDM:
    $ sudo systemctl enable --now gdm
    $ sudo systemctl enable --now gnome-remote-desktop.service

  • Make gnome-remote-desktop.service persistent across system reboot:
    $ sudo systemctl set-default graphical.target

    Installed rpm version:
    gnome-remote-desktop-47.3-3.el10_1.x86_64
    freerdp-3.10.3-5.el10_1.2.x86_64
    gdm-47.0-11.el10.x86_64

The user accounts are managed by IDM (ipa-, krb5-,sssd,pam,LDAP …)

On client side:
Ubuntu 24.04
remmina 1.4.35+dfsg-0ubuntu5.1
remmina-common 1.4.35+dfsg-0ubuntu5.1
remmina-plugin-rdp:amd64 1.4.35+dfsg-0ubuntu5.1
remmina-plugin-secret:amd64 1.4.35+dfsg-0ubuntu5.1
remmina-plugin-vnc:amd64 1.4.35+dfsg-0ubuntu5.1

On Ubuntu client PC
ssh -L 13389:localhost:3389 my-idm-user@server-rhel10
then
remmina -c rdp://my-idm-user@localhost:13389
on the pop up window, I input the RDP authentication username and password, then propose me again input the RDP authentication crendential.

At the same time, on the server side, I see this in the logs:
Mar 26 14:57:01.732 xxxx gnome-remote-desktop-daemon[1771]: [14:57:01:946] [1771:00004269] [ERROR][com.winpr.sspi.NTLM] - [ntlm_fetch_ntlm_v2_hash]: Error: Could not find user in SAM database
Mar 26 14:57:01.732 xxxx gnome-remote-desktop-daemon[1771]: [14:57:01:946] [1771:00004269] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_NO_CREDENTIALS [0x8009030E]
Mar 26 14:57:01.732 xxxx gnome-remote-desktop-daemon[1771]: [14:57:01:946] [1771:00004269] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_NO_CREDENTIALS [0x8009030E]
Mar 26 14:57:01.733 xxxx gnome-remote-desktop-daemon[1771]: [14:57:01:946] [1771:00004269] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure
Mar 26 14:57:01.733 xxxx gnome-remote-desktop-daemon[1771]: [14:57:01:946] [1771:00004269] [ERROR][com.freerdp.core.peer] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail
Mar 26 14:57:01.733 xxxx gnome-remote-desktop-daemon[1771]: [14:57:01:946] [1771:00004269] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
Mar 26 14:57:01.733 xxxx gnome-remote-de[1771]: [RDP] Network or intentional disconnect, stopping session

2

Sorry, my bad.
I forgot to restart gnome-remote-desktop service after the change of RDP username and password.

After restart gnome-remote-desktop service, the error message `Error: Could not find user in SAM database` no more there. Now some other new problem, I continue debug.

3

now after I input RDP username and password, it say reconnection attemps 1 of 20>
I got these messages on client side , strange, it ask the rdp account in kerberos, but teh rdp aacount is just a system wide account for RDP service, no need to be in kerberos database?

Summary

remmina -c rdp://idm-useraccount@localhost:13389
(process:44901): remmina-DEBUG: 17:13:03.573: (remmina_file_manager_init) - Initialized the “/home/idm-useraccount/.local/share/remmina” data folder
(process:44901): remmina-DEBUG: 17:13:03.587: (remmina_plugin_entry) - gfx_h264_available: 0
(process:44901): remmina-DEBUG: 17:13:03.588: (remmina_rdp_settings_kbd_init) - rdp_keyboard_remapping_list:
(process:44901): remmina-DEBUG: 17:13:03.590: (remmina_plugin_manager_register_plugin) - Remmina plugin glibsecret (type=Secret) has been registered, but is not yet initialized/activated. The initialization order is 2000.
(process:44901): remmina-DEBUG: 17:13:03.598: (remmina_plugin_manager_load_plugins) - The glibsecret secret plugin has been initialized and it will be your default secret plugin
remmina-INFO: 17:13:03.677: StatusNotifier/Appindicator support in “ubuntu:gnome ubuntu”: your desktop does support it
remmina-INFO: 17:13:03.677: StatusNotifier/Appindicator support in “ubuntu:gnome ubuntu”: and Remmina has built-in (compiled) support for libappindicator.
remmina-INFO: 17:13:03.677: StatusNotifier/Appindicator support in “ubuntu:gnome ubuntu”: You may need to install, and use Gnome Shell Extension Appindicator
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.752: Connecting to: rdp://idm-useraccount@localhost:13389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.753: (remmina_exec_command) - Initiating connection
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.839: (rcw_map_event) - Mapping: RemminaConnectionWindow
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.839: (remmina_protocol_widget_map_event) - Calling plugin mapping function
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.859: (remmina_icon_connection_changed_cb) - Indicator connection changed to: 1
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.983: [precommand] (null)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.984: [precommand] updated to:
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.984: (remmina_protocol_widget_open_connection_real) - Opening connection
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.987: (remmina_rdp_event_init) - Disable smooth scrolling is set to 0
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.988: (remmina_rdp_event_init) - Adding GDK_SMOOTH_SCROLL_MASK
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.988: (remmina_protocol_widget_open_connection_real) - Have SSH
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_main) - RDP data path is /home/idm-useraccount/.local/share/remmina/RDP
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_main) - Not using system proxy settings
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_tunnel_init) - Tunnel init
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_protocol_widget_start_direct_tunnel) - SSH tunnel initialization…
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_protocol_widget_start_direct_tunnel) - Calling remmina_public_get_server_port
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - Parsing server: localhost:13389, default port: 3389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - host: localhost
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - port: 13389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_protocol_widget_start_direct_tunnel) - Calling remmina_public_get_server_port (tunnel)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - host: (null)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - port: 0
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_protocol_widget_start_direct_tunnel) - server: localhost, port: 13389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - Parsing server: [localhost]:13389, default port: 3389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - host: localhost
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_public_get_server_port) - port: 13389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_tunnel_init) - protocol_plugin_start_direct_tunnel() returned [localhost]:13389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_tunnel_init) - Tunnel has been optionally initialized. Now connecting to localhost:13389
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_main) - gfx_h264_available: 0
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_main) - Resolution set by the user: 592x440
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.989: (remmina_rdp_main) - Resolution set after workarounds: 592x440
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.998: (remmina_rdp_main) - proxy_type: (null)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.998: (remmina_rdp_main) - proxy_username: (null)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.998: (remmina_rdp_main) - proxy_password: (null)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.998: (remmina_rdp_main) - proxy_hostname: (null)
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.998: (remmina_rdp_main) - proxy_port: 80
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:03.999: (remmina_rdp_main) - rdp_keyboard_remapping_list:
[17:13:04:804] [44901:0000afad] [WARN][com.freerdp.core.nego] - [nego_enable_aad]: This build does not support AAD security, disabling.
[17:13:04:858] [44901:0000afad] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure ‘self-signed certificate (18)’ at stack position 0
[17:13:04:858] [44901:0000afad] [WARN][com.freerdp.crypto] - [verify_cb]: CN = cca003
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.329: (remmina_rdp_event_on_clipboard) - gp=0x5d8214c21840: owner-change event received
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.329: (remmina_rdp_event_on_clipboard) - gp=0x5d8214c21840 owner-change: new owner is different than me: new=(nil) me=0x5d8214c21840
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.329: (remmina_rdp_event_on_clipboard) - gp=0x5d8214c21840 owner-change: new owner is not me: Sending local clipboard format list to server.
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.333: (remmina_rdp_cliprdr_get_client_format_list) - gp=0x5d8214c21840 sending to server the following local clipboard content formats
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.333: (remmina_rdp_cliprdr_get_client_format_list) - local clipboard format UTF8_STRING will be sent to remote as 13
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.333: (remmina_rdp_cliprdr_get_client_format_list) - local clipboard format TEXT will be sent to remote as 1
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.333: (remmina_rdp_cliprdr_get_client_format_list) - local clipboard format text/plain;charset=utf-8 will be sent to remote as 13
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.333: (remmina_rdp_cliprdr_get_client_format_list) - local clipboard format text/plain will be sent to remote as 1
[17:13:15:281] [44901:0000afad] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5glue_get_init_creds (Client ‘rdp@CC.IN2P3.FR’ not found in Kerberos database [-1765328378])
[17:13:15:289] [44901:0000afad] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5glue_get_init_creds (Client ‘rdp@CC.IN2P3.FR’ not found in Kerberos database [-1765328378])
[17:13:15:299] [44901:0000afad] [INFO][com.winpr.timezone] - [winpr_detect_windows_time_zone]: tzid: Europe/Paris
[17:13:15:464] [44901:0000afad] [WARN][com.freerdp.core.license] - [license_read_binary_blob_data]: license binary blob::type BB_ERROR_BLOB, length=0, skipping.
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.672: (remmina_rdp_post_connect) - bpp: 32
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.672: (remmina_rdp_post_connect) - CAIRO_FORMAT_RGB24
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.gdi] - [gdi_init_ex]: Local framebuffer format PIXEL_FORMAT_BGRA32
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.gdi] - [gdi_init_ex]: Remote framebuffer format PIXEL_FORMAT_BGRA32
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.673: (remmina_rdp_OnChannelConnectedEventHandler) - Channel rdpdr has been opened
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.channels.rdpsnd.client] - [rdpsnd_load_device_plugin]: [static] Loaded fake backend for rdpsnd
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.673: (remmina_rdp_OnChannelConnectedEventHandler) - Channel rdpsnd has been opened
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.673: (remmina_rdp_OnChannelConnectedEventHandler) - Channel cliprdr has been opened
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel disp
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel rdpgfx
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel ainput
[17:13:15:465] [44901:0000afad] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel rdpsnd
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.673: (remmina_rdp_OnChannelConnectedEventHandler) - Channel drdynvc has been opened
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.673: (remmina_rdp_event_connected) - [2026-03-26T17:13:15.673482+01] - xini - idm-useraccount - Connected to localhost via RDP
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.674: (rco_on_connect) - Connect signal emitted
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.680: (rco_on_connect) - We save the last successful connection date
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.680: (remmina_file_state_last_success) - State file /home/idm-useraccount/.cache/remmina/remmina.pref.state.
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.684: (remmina_file_state_last_success) - Last connection made on 20260326.
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.684: (rco_on_connect) - Saving credentials
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.684: (rco_on_connect) - Trying to present the window
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.886: (remmina_rdp_event_on_focus_in) - Top level name is: RemminaConnectionWindow
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.886: (rcw_map_event) - Mapping: RemminaConnectionWindow
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.886: (remmina_protocol_widget_map_event) - Calling plugin mapping function
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:15.886: (remmina_rdp_event_on_map) - Map event received, disabling TS_SUPPRESS_OUTPUT_PDU
[17:13:17:908] [44901:0000afad] [INFO][com.freerdp.core.redirection] - [rdp_recv_server_redirection_pdu]: flags: 0x0400, length: 2079, sessionID: 0x00000000, redirFlags: LB_LOAD_BALANCE_INFO|LB_USERNAME|LB_PASSWORD|LB_PASSWORD_IS_PK_ENCRYPTED|LB_REDIRECTION_GUID|LB_TARGET_CERTIFICATE [0x0001C016]
[17:13:17:908] [44901:0000afad] [ERROR][com.freerdp.core.redirection] - [rdp_redirection_read_base64_wchar]: failed to read base64 data
[17:13:17:908] [44901:0000afad] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x5d8214b52c20]: CONNECTION_STATE_ACTIVE status STATE_RUN_FAILED [-1]
[17:13:17:908] [44901:0000afad] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
[17:13:17:908] [44901:0000afad] [ERROR][com.freerdp.core] - [freerdp_check_event_handles]: freerdp_check_fds() failed - 0
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:17.116: (rf_auto_reconnect) - maxattempts from default: 20
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:17.116: (rf_auto_reconnect) - maxattempts from general preferences: 0
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:17.116: (rf_auto_reconnect) - maxattempts from general plugin: 0
(org.remmina.Remmina:44901): remmina-DEBUG: 17:13:17.116: (rf_auto_reconnect) - maxattempts set to: 20

And on the server side, I got these message:

Summary

Mar 26 17:41:34.830 xxxx gnome-remote-desktop-daemon[25714]: [17:41:34:986] [25714:0001741a] [ERROR][com.freerdp.core.capabilities] - [rdp_read_general_capability_set]: TS_GENERAL_CAPABILITYSET::protocolVersion(0x0000) != TS_CAPS_PROTOCOLVERSION(0x0200)
Mar 26 17:41:34.830 xxxx gnome-remote-desktop-daemon[25714]: [17:41:34:986] [25714:0001741a] [WARN][com.freerdp.core.capabilities] - [rdp_read_general_capability_set]: TS_GENERAL_CAPABILITYSET::protocolVersion(0x0000 assuming old FreeRDP, ignoring protocol violation, correcting value.
Mar 26 17:41:34.891 xxxx systemd-logind[1947]: New session c145 of user gdm.
Mar 26 17:41:34.910 xxxx systemd[1]: Started session-c145.scope - Session c145 of User gdm.
Mar 26 17:41:34.912 xxxx gdm-launch-environment][95518]: pam_unix(gdm-launch-environment:session): session opened for user gdm(uid=42) by (uid=0)
Mar 26 17:41:34.935 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: Cannot initialize inotify: Too many open files
Mar 26 17:41:34.967 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.systemd1’ requested by ‘:1.2’ (uid=42 pid=95529 comm=“/usr/libexec/gnome-session-binary --autostart /usr”)
Mar 26 17:41:34.969 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activated service ‘org.freedesktop.systemd1’ failed: Process org.freedesktop.systemd1 exited with status 1
Mar 26 17:41:34.970 xxxx gnome-session[95529]: gnome-session-binary[95529]: WARNING: Could not check if unit gnome-session-wayland@gnome-login.target is active: Error calling StartServiceByName for org.freedesktop.systemd1: Process org.freedesktop.systemd1 exited with status 1
Mar 26 17:41:34.970 xxxx gnome-session-binary[95529]: WARNING: Could not check if unit gnome-session-wayland@gnome-login.target is active: Error calling StartServiceByName for org.freedesktop.systemd1: Process org.freedesktop.systemd1 exited with status 1
Mar 26 17:41:34.979 xxxx gnome-session[95529]: gnome-session-binary[95529]: WARNING: Error getting login monitor: -24
Mar 26 17:41:34.979 xxxx gnome-session-binary[95529]: WARNING: Error getting login monitor: -24
Mar 26 17:41:35.053 xxxx gnome-shell[95541]: Running GNOME Shell (using mutter 47.5) as a Wayland display server
Mar 26 17:41:35.113 xxxx gnome-shell[95541]: No seat assigned, running headlessly
Mar 26 17:41:35.139 xxxx gnome-shell[95541]: Created surfaceless renderer without GPU
Mar 26 17:41:35.172 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.a11y.Bus’ requested by ‘:1.4’ (uid=42 pid=95541 comm=“/usr/bin/gnome-shell”)
Mar 26 17:41:35.181 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.a11y.Bus’
Mar 26 17:41:35.184 xxxx /usr/libexec/gdm-wayland-session[95633]: dbus-daemon[95633]: Cannot initialize inotify: Too many open files
Mar 26 17:41:35.187 xxxx gnome-shell[95541]: Using public X11 display :1052, (using :1053 for managed services)
Mar 26 17:41:35.187 xxxx gnome-shell[95541]: WL: unable to lock lockfile /run/user/42/wayland-0.lock, maybe another compositor is running

Mar 26 17:41:35.187 xxxx gnome-shell[95541]: WL: unable to lock lockfile /run/user/42/wayland-13.lock, maybe another compositor is running

Mar 26 17:41:35.187 xxxx gnome-shell[95541]: Using Wayland display name ‘wayland-14’
Mar 26 17:41:35.256 xxxx /usr/libexec/gdm-wayland-session[95633]: dbus-daemon[95633]: Activating service name=‘org.a11y.atspi.Registry’ requested by ‘:1.0’ (uid=42 pid=95541 comm=“/usr/bin/gnome-shell”)
Mar 26 17:41:35.259 xxxx org.gnome.Shell.desktop[95634]: Xwayland glamor: GBM Wayland interfaces not available
Mar 26 17:41:35.259 xxxx org.gnome.Shell.desktop[95634]: Failed to initialize glamor, falling back to sw
Mar 26 17:41:35.265 xxxx /usr/libexec/gdm-wayland-session[95633]: dbus-daemon[95633]: Successfully activated service ‘org.a11y.atspi.Registry’
Mar 26 17:41:35.265 xxxx /usr/libexec/gdm-wayland-session[95636]: SpiRegistry daemon is running with well-known name - org.a11y.atspi.Registry
Mar 26 17:41:35.569 xxxx gnome-shell[95541]: Unset XDG_SESSION_ID, getCurrentSessionProxy() called outside a user session. Asking logind directly.
Mar 26 17:41:35.569 xxxx gnome-shell[95541]: Will monitor session c102
Mar 26 17:41:35.584 xxxx systemd[1]: Starting systemd-localed.service - Locale Service…
Mar 26 17:41:35.601 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.gnome.Shell.Screencast’ requested by ‘:1.3’ (uid=42 pid=95541 comm=“/usr/bin/gnome-shell”)
Mar 26 17:41:35.626 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.impl.portal.PermissionStore’ requested by ‘:1.3’ (uid=42 pid=95541 comm=“/usr/bin/gnome-shell”)
Mar 26 17:41:35.631 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.freedesktop.impl.portal.PermissionStore’
Mar 26 17:41:35.679 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.gnome.Shell.Notifications’ requested by ‘:1.3’ (uid=42 pid=95541 comm=“/usr/bin/gnome-shell”)
Mar 26 17:41:35.680 xxxx gnome-shell[95541]: Extension background-logo@fedorahosted.org already installed in /usr/share/gnome-shell/extensions/background-logo@fedorahosted.org. /usr/share/gnome-shell/extensions/background-logo@fedorahosted.org will not be loaded
Mar 26 17:41:35.682 xxxx org.gnome.Shell.desktop[95541]: Window manager warning: Failed to parse saved session file: Failed to open file “/var/lib/gdm/.config/mutter/sessions/10f11dff98936e8201177454329498965300000955290000.ms”: No such file or directory
Mar 26 17:41:35.684 xxxx systemd[1]: Starting packagekit.service - PackageKit Daemon…
Mar 26 17:41:35.703 xxxx gnome-shell[95541]: Failed to monitor ICC profile directory ‘/var/lib/gdm/.local/share/icc’: Unable to find default local file monitor type
Mar 26 17:41:35.706 xxxx gnome-shell[95541]: Error looking up permission: GDBus.Error:org.freedesktop.portal.Error.NotFound: No entry for geolocation
Mar 26 17:41:35.733 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.portal.IBus’ requested by ‘:1.22’ (uid=42 pid=95719 comm=“ibus-daemon --panel disable”)
Mar 26 17:41:35.742 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.freedesktop.portal.IBus’
Mar 26 17:41:35.744 xxxx cupsd[1960]: REQUEST localhost - - “POST / HTTP/1.1” 200 359 Create-Printer-Subscriptions successful-ok
Mar 26 17:41:35.745 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.systemd1’ requested by ‘:1.10’ (uid=42 pid=95710 comm=“/usr/libexec/gsd-sharing”)
Mar 26 17:41:35.746 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activated service ‘org.freedesktop.systemd1’ failed: Process org.freedesktop.systemd1 exited with status 1
Mar 26 17:41:35.749 xxxx gsd-sharing[95710]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
Mar 26 17:41:35.750 xxxx gsd-sharing[95710]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
Mar 26 17:41:35.753 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.gnome.Shell.Notifications’
Mar 26 17:41:35.771 xxxx systemd[1]: Started systemd-localed.service - Locale Service.
Mar 26 17:41:35.853 xxxx systemd[1]: Starting geoclue.service - Location Lookup Service…
Mar 26 17:41:35.960 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.gnome.Shell.Screencast’
Mar 26 17:41:35.978 xxxx geoclue[95921]: Failed to connect to avahi service: Daemon not running
Mar 26 17:41:35.979 xxxx systemd[1]: Started geoclue.service - Location Lookup Service.
Mar 26 17:41:35.982 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.portal.IBus’ requested by ‘:1.36’ (uid=42 pid=95949 comm=“ibus-daemon --panel disable -r --xim”)
Mar 26 17:41:35.988 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.freedesktop.portal.IBus’
Mar 26 17:41:36.058 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.portal.Desktop’ requested by ‘:1.40’ (uid=42 pid=95946 comm=“/usr/libexec/mutter-x11-frames”)
Mar 26 17:41:36.069 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.portal.Documents’ requested by ‘:1.41’ (uid=42 pid=96152 comm=“/usr/libexec/xdg-desktop-portal”)
Mar 26 17:41:36.075 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.freedesktop.portal.Documents’
Mar 26 17:41:36.078 xxxx /usr/libexec/gdm-wayland-session[96171]: fusermount3: failed to access mountpoint /run/user/42/doc: Permission denied
Mar 26 17:41:36.079 xxxx /usr/libexec/gdm-wayland-session[96161]: error: fuse init failed: Can’t mount path /run/user/42/doc
Mar 26 17:41:36.081 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.impl.portal.desktop.gnome’ requested by ‘:1.41’ (uid=42 pid=96152 comm=“/usr/libexec/xdg-desktop-portal”)
Mar 26 17:41:36.196 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Successfully activated service ‘org.freedesktop.impl.portal.desktop.gnome’
Mar 26 17:41:36.220 xxxx /usr/libexec/gdm-wayland-session[95528]: dbus-daemon[95528]: [session uid=42 pid=95528] Activating service name=‘org.freedesktop.impl.portal.desktop.gtk’ requested by ‘:1.41’ (uid=42 pid=96152 comm=“/usr/libexec/xdg-desktop-portal”)
Mar 26 17:41:36.311 xxxx gnome-remote-de[95871]: RDP server started

4

So painful , the RDP GNOME and Remmia :worried:

5

Some feedback, hope it could be helpful for someone.

The problem I got is due to my Remmina client(Ubunut24.04). I was using the Remmia installed from Ubuntu repository. Looks like it has some problems related to krb5. Today, I remove the Remmina ,then install it from snap, now when I run

remmina -c rdp://rdpcrendential@xx.x.x.x,

Or with ssh tunnel

ssh -L 13389:localhost:3389 idm-sccount@x.x.x
and remmina -c rdp://rdpcrendential@localhost:13389

I finally got the GDM display mamager.

I can then login gnome desktop with a local user account.

Now I need to test how to integrate gdm with IDM/sssd/krb5.
We set up pam_sss.so in our system-auth, I replace the password-auth in gdm-password, then try to login with my IDM account, got the authentication failure:

gdm-password\]\[3536319\]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=0.0.0.0  user=xxxx
krb5_child\[3536351\]: Preauthentication failed
gdm-password\]\[3536319\]: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=0.0.0.0 user=xxxx
gdm-password\]\[3536319\]: pam_sss(gdm-password:auth): received for user xxxx: 7 (Authentication failure)
gdm-password\]\[3536319\]: gkr-pam: unable to locate daemon control file
gdm-password\]\[3536319\]: gkr-pam: stashed password to try later in open session
6

Some feedback:
The error message:
krb5_child\[3536351\]: Preauthentication failed
is due to the wrong password.
The wrong password is due to the mismatch between my english keyboard and GDM display manager interface. Apparently the input follow the French keyboard layout.

Now I can connect with IDM account after input the correct password.

7

  • Feed back about pam.d/gdm-password:
    I replace the password-auth with our customized
    system-auth ( in which there are the needed pam_sss.so settings), so it is working fine now with Ubuntu 24.04/remmina(1.4.41, installed by snap) and RHEL10(Gnome, RDP, GDM)

  • Feed back about remmina and krb5:
    With the working version remmina(1.4.41, installed by snap), I also have the error message

[ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5glue_get_init_creds (Client ‘XXX@XX.XX.XX’ not found in Kerberos database [-1765328378])

I would like to say, this kind message is not fatal, and it doesn’t stop RDP working. Chatgpt is not reliable for this.

Next, I need to test Windows client and Mac OS client.