pi-farm/base-image-debian-rdp-ldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test01 #1

Merged
pi-farm merged 18 commits from test01 into dev 2026-04-09 09:34:33 +00:00
Conversation 0 Commits 18 Files Changed 7 +139 -132
7 changed files with 139 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Dockerfile
View File

@@ -81,12 +81,13 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \ printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
dpkg-reconfigure -f noninteractive keyboard-configuration dpkg-reconfigure -f noninteractive keyboard-configuration
#COPY config/pam/ /etc/pam.d/ # NEU: Systemweite statische Konfigurationen für LDAP/PAM/Sudo
#COPY config/nsswitch.conf /etc/nsswitch.conf # 1. Entfernt die gefährliche %users Regel
#COPY config/xrdp/ /etc/xrdp/ # 2. Sagt nsswitch, dass Sudoers auch im SSS (LDAP) gesucht werden sollen
#COPY config/ldap/ /etc/ldap/ # 3. Aktiviert das automatische Erstellen von Home-Verzeichnissen (mkhomedir)
#COPY config/skel/ /etc/skel/ RUN sed -i '/%users/s/^/# /' /etc/sudoers && \
#COPY config/sudoers /etc/sudoers echo "sudoers: files sss" >> /etc/nsswitch.conf && \
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session
RUN chmod 440 /etc/sudoers && \ RUN chmod 440 /etc/sudoers && \
mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \ mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
@@ -97,7 +98,7 @@ RUN chmod 440 /etc/sudoers && \
echo "LANG=${LANG}" >> /etc/environment && \ echo "LANG=${LANG}" >> /etc/environment && \
echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \ echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
echo "LC_ALL=${LC_ALL}" >> /etc/environment && \ echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \ sed -i '2i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}\npulseaudio --start\npactl load-module module-xrdp-sink.so\npactl load-module module-xrdp-source.so' /etc/xrdp/startwm.sh && \
chmod +x /etc/xrdp/startwm.sh && \ chmod +x /etc/xrdp/startwm.sh && \
mkdir -p /etc/xdg/xfce4 && \ mkdir -p /etc/xdg/xfce4 && \
echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc

15
Dockerfile.aarch64
View File

@@ -81,12 +81,13 @@ RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.s
printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \ printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
dpkg-reconfigure -f noninteractive keyboard-configuration dpkg-reconfigure -f noninteractive keyboard-configuration
#COPY config/pam/ /etc/pam.d/ # NEU: Systemweite statische Konfigurationen für LDAP/PAM/Sudo
#COPY config/nsswitch.conf /etc/nsswitch.conf # 1. Entfernt die gefährliche %users Regel
#COPY config/xrdp/ /etc/xrdp/ # 2. Sagt nsswitch, dass Sudoers auch im SSS (LDAP) gesucht werden sollen
#COPY config/ldap/ /etc/ldap/ # 3. Aktiviert das automatische Erstellen von Home-Verzeichnissen (mkhomedir)
#COPY config/skel/ /etc/skel/ RUN sed -i '/%users/s/^/# /' /etc/sudoers && \
#COPY config/sudoers /etc/sudoers echo "sudoers: files sss" >> /etc/nsswitch.conf && \
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session
RUN chmod 440 /etc/sudoers && \ RUN chmod 440 /etc/sudoers && \
mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \ mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
@@ -97,7 +98,7 @@ RUN chmod 440 /etc/sudoers && \
echo "LANG=${LANG}" >> /etc/environment && \ echo "LANG=${LANG}" >> /etc/environment && \
echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \ echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
echo "LC_ALL=${LC_ALL}" >> /etc/environment && \ echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
sed -i '1i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}' /etc/xrdp/startwm.sh && \ sed -i '2i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}\npulseaudio --start\npactl load-module module-xrdp-sink.so\npactl load-module module-xrdp-source.so' /etc/xrdp/startwm.sh && \
chmod +x /etc/xrdp/startwm.sh && \ chmod +x /etc/xrdp/startwm.sh && \
mkdir -p /etc/xdg/xfce4 && \ mkdir -p /etc/xdg/xfce4 && \
echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc

88
README.md
View File

@@ -1,92 +1,62 @@
# baseimage-debian-rdp-ldap # base-image-debian-rdp-ldap
Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination Debian Desktop with LDAP-Authentication. To use behind Guacamole with LDAP-Authentication and pass-through to Debian-Desktop.
[![Build Status](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap/actions) [![Build Status](https://git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap/actions/workflows/build-and-push.yaml/badge.svg)](https://git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap/actions)
[![Gitea Repo](https://img.shields.io/badge/gitea-repository-blue?logo=gitea&logoColor=white)](__REPO_URL__) [![Gitea Repo](https://img.shields.io/badge/gitea-repository-blue?logo=gitea&logoColor=white)](__REPO_URL__)
This repository is built and pushed automatically. This repository is built and pushed automatically.
[![Docker Hub](https://img.shields.io/badge/docker-hub-blue?logo=docker__DOCKERHUB_LINK__logoColor=white)](https://hub.docker.com/r/pifarm/base-image-debian-rdp-ldap)
### 🏗️ Platform Support ### 🏗️ Platform Support
| Architecture | Status | Base Image | Build Date | | Architecture | Status | Base Image | Build Date |
| :--- | :--- | :--- | :--- | | :--- | :--- | :--- | :--- |
| x86_64 (amd64) | ✅ Active | debian:bookworm | 02.04.2026 17:26 | | x86_64 (amd64) | ✅ Active | debian:bookworm | 09.04.2026 10:11 |
| aarch64 (arm64) | ✅ Active | debian:bookworm | 02.04.2026 17:26 | | aarch64 (arm64) | ✅ Active | debian:bookworm | 09.04.2026 10:11 |
### 🚀 Docker Pull ### 🚀 Docker Pull
```bash ```bash
docker pull git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de docker pull git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
``` ```
### 🚀 Docker Compose ### 🚀 Docker Compose
```yaml ```yaml
services: services:
baseimage-debian-rdp-ldap: base-image-debian-rdp-ldap:
image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
container_name: baseimage-debian-rdp-ldap container_name: base-image-debian-rdp-ldap
restart: unless-stopped restart: unless-stopped
ports: ports:
- 3889 - 3889
environment: environment:
- SSSD_DEBUG_LEVEL=9 - SSSD_DEBUG_LEVEL=5
- LDAP_SCHEMA=rfc2307 - LDAP_URI=ldap://YOUR-LDAP-SERVER:389
- LDAP_AUTH_DISABLE_TLS=true - LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC
- LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER - LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC
- LDAP_BIND_USER=admin - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD
- LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM - LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
- LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
- LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
- LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
- LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
- LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
- LDAP_USER_OBJECT_CLASS=posixAccount
- LDAP_USER_NAME=uid
- LDAP_USER_DN_ATTRIBUTE=cn
- LDAP_GROUP_OBJECTS_CLASS=posixGroup
- LDAP_ID_USE_START_TLS=false
- LDAP_AUTH_USE_START_TLS=false
- LDAP_TLS_REQCERT=never
- LDAP_SIMPLE_ALLOW_GROUPS=users
volumes: volumes:
- ./sssd.conf:/etc/sssd/sssd.conf:ro - ./YOUR-PERSISTENT-FOLDER:/home
- ./home:/home
``` ```
### 🚀 Docker Run ### 🚀 Docker Run
```bash ```bash
docker run -d \ docker run -d \
--name baseimage-debian-rdp-ldap \ --name base-image-debian-rdp-ldap \
--restart unless-stopped \ --restart unless-stopped \
-e SSSD_DEBUG_LEVEL=9 \ -e SSSD_DEBUG_LEVEL=5 \
-e LDAP_SCHEMA=rfc2307 \ -e LDAP_URI=ldap://YOUR-LDAP-SERVER:389 \
-e LDAP_AUTH_DISABLE_TLS=true \ -e LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC \
-e LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER \ -e LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC \
-e LDAP_BIND_USER=admin \ -e LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD \
-e LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM \ -e LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP \
-e LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD \ -v ./YOUR-PERSISTENT-FOLDER:/home \
-e LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM \
-e LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM \
-e LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM \
-e LDAP_USER_PASSWORD_ATTRIBUTE=userPassword \
-e LDAP_USER_OBJECT_CLASS=posixAccount \
-e LDAP_USER_NAME=uid \
-e LDAP_USER_DN_ATTRIBUTE=cn \
-e LDAP_GROUP_OBJECTS_CLASS=posixGroup \
-e LDAP_ID_USE_START_TLS=false \
-e LDAP_AUTH_USE_START_TLS=false \
-e LDAP_TLS_REQCERT=never \
-e LDAP_SIMPLE_ALLOW_GROUPS=users \
-v ./sssd.conf:/etc/sssd/sssd.conf:ro \
-v ./home:/home \
-p 3889 \ -p 3889 \
git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
``` ```
*Last updated on: 02.04.2026 17:26* *Last updated on: 09.04.2026 10:11*
### 📜 Version History ### 📜 Version History
| Version | Date | Status | | Version | Date | Status |
| :--- | :--- | :--- | | :--- | :--- | :--- |
| **bookworm-de** | 02.04.2026 17:26 | ✅ | | **bookworm-de** | 09.04.2026 10:11 | ✅ |
| **bookworm-de** | 02.04.2026 16:44 | ✅ |
| **bookworm-de** | 02.04.2026 15:37 | ✅ |
| **bookworm** | 02.04.2026 14:15 | ✅ |

6
VERSION.history
View File

@@ -1,3 +1,9 @@
| **bookworm-de** | 09.04.2026 10:11 | ✅ |
| **bookworm-de** | 07.04.2026 19:27 | ✅ |
| **bookworm-de** | 07.04.2026 17:38 | ✅ |
| **bookworm-de** | 05.04.2026 11:47 | ✅ |
| **bookworm-de** | 05.04.2026 11:20 | ✅ |
| **bookworm-de** | 04.04.2026 00:31 | ✅ |
| **bookworm-de** | 02.04.2026 17:26 | ✅ | | **bookworm-de** | 02.04.2026 17:26 | ✅ |
| **bookworm-de** | 02.04.2026 16:44 | ✅ | | **bookworm-de** | 02.04.2026 16:44 | ✅ |
| **bookworm-de** | 02.04.2026 15:37 | ✅ | | **bookworm-de** | 02.04.2026 15:37 | ✅ |

46
buildargs.env
View File

@@ -1,37 +1,27 @@
## BUILD STAGE ## BUILD STAGE
BUILD_BASE_IMAGE=debian:bookworm BUILD_BASE_IMAGE=debian:bookworm
BUILD_COUNTRY=de BUILD_COUNTRY=de
BUILD_TAG=bookworm-${BUILD_COUNTRY} BUILD_TAG=bookworm-de
BUILD_TAG_LATEST=y BUILD_TAG_LATEST=n
BUILD_LANG=de_DE.UTF-8 BUILD_LANG=de_DE.UTF-8
BUILD_LANGUAGE=de_DE:de BUILD_LANGUAGE=de_DE:de
BUILD_LC_ALL=de_DE.UTF-8 BUILD_LC_ALL=de_DE.UTF-8
BUILD_TZ=Europe/Berlin BUILD_TZ=Europe/Berlin
BUILD_MAINTAINER=pi-farm BUILD_MAINTAINER=pi-farm
BUILD_APP_NAME=baseimage-debian-rdp-ldap BUILD_APP_NAME=base-image-debian-rdp-ldap
BUILD_APP_VERSION=${BUILD_TAG}-${COUNTRY} BUILD_APP_VERSION=1.0.0
PUSH=gitea PUSH=dockerhub
## ENV STAGE ## ENV STAGE
ENV_SSSD_DEBUG_LEVEL=9 ENV_SSSD_DEBUG_LEVEL=5
ENV_LDAP_SCHEMA=rfc2307 ENV_LDAP_URI=ldap://YOUR-LDAP-SERVER:389
ENV_LDAP_AUTH_DISABLE_TLS=true ENV_LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC
ENV_LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER ENV_LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC
ENV_LDAP_BIND_USER=admin ENV_LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD
ENV_LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM ENV_LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
ENV_LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
ENV_LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM ## DOCKER / COMPOSE CONFIG
ENV_LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM VOL_HOME=./YOUR-PERSISTENT-FOLDER:/home
ENV_LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM PORT_RDP=3889
ENV_LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
ENV_LDAP_USER_OBJECT_CLASS=posixAccount DESCRIPTION="Debian Desktop with LDAP-Authentication. To use behind Guacamole with LDAP-Authentication and pass-through to Debian-Desktop."
ENV_LDAP_USER_NAME=uid
ENV_LDAP_USER_DN_ATTRIBUTE=cn
ENV_LDAP_GROUP_OBJECTS_CLASS=posixGroup
ENV_LDAP_ID_USE_START_TLS=false
ENV_LDAP_AUTH_USE_START_TLS=false
ENV_LDAP_TLS_REQCERT=never
ENV_LDAP_SIMPLE_ALLOW_GROUPS=users
VOL_CONFIG=./sssd.conf:/etc/sssd/sssd.conf:ro
VOL_HOME=./home:/home
PORT_WEB=3889
DESCRIPTION="Debian Desktop with LDAP-Auth to use with Guacamole as RDP-destination"

34
docker-compose.yml
View File

@@ -1,30 +1,16 @@
services: services:
baseimage-debian-rdp-ldap: base-image-debian-rdp-ldap:
image: git.pi-farm.de/pi-farm/baseimage-debian-rdp-ldap:bookworm-de image: git.pi-farm.de/pi-farm/base-image-debian-rdp-ldap:bookworm-de
container_name: baseimage-debian-rdp-ldap container_name: base-image-debian-rdp-ldap
restart: unless-stopped restart: unless-stopped
ports: ports:
- 3889 - 3889
environment: environment:
- SSSD_DEBUG_LEVEL=9 - SSSD_DEBUG_LEVEL=5
- LDAP_SCHEMA=rfc2307bis - LDAP_URI=ldap://YOUR-LDAP-SERVER:389
- LDAP_AUTH_DISABLE_TLS=true - LDAP_BASE_DN=dc=YOUR-DOMAIN,dc=LOC
- LDAP_SERVER_URI=URL-OF-YOUR-LDAP-SERVER - LDAP_BIND_DN=cn=YOUR-BIND-USER,dc=YOUR-DOMAIN,dc=LOC
- LDAP_BIND_USER=admin - LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-BIND-PASSWORD
- LDAP_DOMAIN_DC=dc=YOUR-DOMAIN,dc=COM - LDAP_SUDO_GROUP=YOUR-SUDO-USERS-GROUP
- LDAP_BIND_PASSWORD=YOUR-SUPER-SECRET-PASSWORD
- LDAP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
- LDAP_USER_SEARCH_BASE=ou=users,dc=YOUR-DOMAIN,dc=COM
- LDAP_GROUP_SEARCH_BASE=dc=YOUR-DOMAIN,dc=COM
- LDAP_USER_PASSWORD_ATTRIBUTE=userPassword
- LDAP_USER_OBJECT_CLASS=posixAccount
- LDAP_USER_NAME=uid
- LDAP_USER_DN_ATTRIBUTE=cn
- LDAP_GROUP_OBJECTS_CLASS=posixGroup
- LDAP_ID_USE_START_TLS=false
- LDAP_AUTH_USE_START_TLS=false
- LDAP_TLS_REQCERT=never
- LDAP_SIMPLE_ALLOW_GROUPS=users
volumes: volumes:
- ./sssd.conf:/etc/sssd/sssd.conf:ro - ./YOUR-PERSISTENT-FOLDER:/home
- ./home:/home

67
entrypoint.sh
View File

@@ -1,8 +1,61 @@
#!/bin/sh #!/bin/bash
service dbus start set -e
# Mapping der Gitea-Workflow Variablen (ENV_...) auf interne Variablen
# Falls ENV_LDAP_URI nicht gesetzt ist, wird ein Fallback genutzt
LDAP_URI=${LDAP_URI:-"ldap://localhost:389"}
LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=com"}
LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=admin,dc=example,dc=com"}
LDAP_BIND_PASSWORD=${LDAP_BIND_PASSWORD}
LDAP_SUDO_GROUP=${LDAP_SUDO_GROUP:-"sudo_users"}
SSSD_DEBUG=${SSSD_DEBUG_LEVEL:-0}
echo ">>> Erstelle SSSD Konfiguration..."
cat <<EOF > /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = LDAP
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
chpass_provider = ldap
ldap_uri = ${LDAP_URI}
ldap_search_base = ${LDAP_BASE_DN}
ldap_sudo_search_base = ou=SUDOers,${LDAP_BASE_DN}
ldap_default_bind_dn = ${LDAP_BIND_DN}
ldap_default_authtok = ${LDAP_BIND_PASSWORD}
ldap_schema = rfc2307bis
ldap_group_member = uniqueMember
ldap_id_use_start_tls = false
ldap_tls_reqcert = never
ldap_auth_disable_tls_never_use_in_production = true
cache_credentials = true
enumerate = false
EOF
chmod 600 /etc/sssd/sssd.conf
chown root:root /etc/sssd/sssd.conf
echo ">>> Erstelle Sudoers-Regel für Gruppe: ${LDAP_SUDO_GROUP}..."
echo "%${LDAP_SUDO_GROUP} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ldap-admins
chmod 0440 /etc/sudoers.d/ldap-admins
echo ">>> Bereinige SSSD Cache..."
rm -f /var/lib/sss/db/* rm -f /var/lib/sss/db/*
sssd -i & rm -f /var/lib/sss/mc/*
xrdp-sesman --nodaemon &
xrdp --nodaemon & echo ">>> Starte Dienste..."
#service xrdp start # SSSD mit dem gemappten Debug-Level starten
tail -f /var/log/xrdp.log sssd -D --debug-level=${SSSD_DEBUG}
service dbus start
xrdp-sesman
exec xrdp -n