xrdp is a somewhat limited implementation of the server side of Microsoft's RDP Remote Desktop Protocol. (RDP is superior in speed to earlier remote control protocols like VNC.)
The current implementation of xrdp only functions properly as an rdp-to-vnc gateway - this is a bit odd and confusing, but what you actually must do is have one or more already-running VNC instances listening on the target computer; xrdp listens for incoming RDP connections and "patches them through" to the target machine's VNC servers. One thing xrdp does not currently do is provide true terminal server functionality; it cannot spawn new VNC server instances under arbitrary usernames by itself, it can only connect to existing VNC server sessions. What xrdp does do is accelerate remote control sessions by performing the (slower) VNC control session over the localhost interface, and using the much lower-bandwidth RDP protocol over the network between the client and the server. It also de facto provides a way for unmodified Windows computers to remote control the machine running xrdp, as Windows XP and higher have a built-in RDP client ("Remote Desktop") but no built-in VNC client.
xrdp also currently (as of 9.10 Karmic Koala) has some painful thorns; it won't work in its out-of-the-box configuration, and it has known bugs with some VNC servers. The following configuration makes both of the major useful configurations of xrdp available simultaneously - a Vino backend controlling the currently logged in user's desktop, and a vncserver backend controlling a simplified, no-compiz, non-dependent-on-local-login session.
why would I want two different VNC sessions available?
The Vino session is handy because it allows you to control whatever's actually going on with the logged in user - so somebody sitting at the keyboard can see what you're doing, and so that you can interact with programs which were started running locally. But it can be a bit painful to control in some cases: any desktop effects you have enabled get faithfully (and slowly!) reproduced over the network connection, and you may have a much larger screen resolution than it's convenient to reproduce at your client. Also, if nobody is locally logged in, Vino won't be running and you won't be able to connect to this session at all.
The vncserver "clean session" is handy because it will have no desktop effects, you can specify an arbitrary, smaller desktop resolution if you like, and it doesn't depend on a user being logged in locally in order for you to access it. It's also convenient if you need to get work done on the target machine without disturbing another user who is sitting in front of it!
Installing necessary packages
First, you'll need to install xrdp and (if you don't already have it - such as with Ubuntu Netbook Remix) vino.
me@box:~$ sudo apt-get update && sudo apt-get install xrdp vino
If at some point you have installed tightvncserver - likely as a result of trying to follow another xrdp guide somewhere else - I recommend uninstalling it now. Otherwise, you'll need to do a dirty workaround later.
me@box:~$ sudo apt-get remove tightvncserver
Configuring the servers
vncserver for "clean session" remote login
The "clean session" setup allows you to log in remotely to a session which is completely unconnected and does not rely on the locally logged in user (if there even is one). Log in as the user who will own that session, start a terminal, and start vncserver for the first time.
WARNING: if you want to be able to run your "clean session" even when there is a locally logged on user, you'll need to set up the clean session under a different system user. Otherwise, quite a few applications (including Firefox!) won't work right, because their dotfiles in your profile are already locked by the other X session.
me2@box:~$ vncserver :1 You will require a password to access your desktops. Password: Verify: New 'X' desktop is box:1 Creating default startup script /home/me2/.vnc/xstartup Starting applications specified in /home/me2/.vnc/cstartup Log file is /home/me2/.vnc/me:1.log
vino for "active session" remote login
Now, configure Vino so that you can remotely control the currently logged in session. This one's easier: System->Remote Desktop (or vino-preferences from the terminal, if you prefer), check "Allow other users to view your desktop", "Allow other users to control your desktop", and configure the "Security" settings as you like (you will probably want to uncheck "confirm each access to this machine" and check "require the user to enter this password").
configuring xrdp to access your vnc servers
Finally, configure /etc/xrdp/xrdp.ini:
[globals] bitmap_cache=yes bitmap_compression=yes port=3389 crypt_level=low channel_code=1 # set empty username because VNC auth # doesn't actually use username, so no # point in asking the user for one. [xrdp1] name=Active Local Login lib=libvnc.so username= password=ask ip=127.0.0.1 port=5900 [xrdp2] name=Clean Session lib=libvnc.so username= password=ask ip=127.0.0.1 port=5901
Obviously, you can go on and specify other sessions in the same format - you might want to relay VNC sessions to OTHER machines on the LAN from your xrdp host (yes, that does work) so that you don't have to punch different holes in the firewall for each machine on the inside. Or you might want "clean" sessions available for multiple user accounts. All you need to do is follow the format here, and remember that each block must have its own ID in square brackets, a human-readable name= argument, and its own ip= and port= arguments that point to working VNC servers.
Automatically starting vncserver for the "clean session"
Last step: you'll need to automatically start vncserver, so that it will be available whenever the machine is up. Add this to the end of /etc/rc.local:
su user -c "cd ~user && vncserver -geometry 800x600 :1"
where "user" is the username we set up for the vncserver session (and feel free to change the screen size specified by the -geometry argument, if you like). Don't forget, it won't actually be running until you either reboot, or run that command you just appended to rc.local manually!
Also note that if you like, you can set up multiple vncservers, possibly running as different users, so that you've got more than one "clean session" to log into - you just have to make sure that you specify a different desktop number (the ":1" at the end of the command) for each vncserver session, and add blocks in your xrdp.ini to point to those sessions (with port number 5901 going to desktop :1, port number 5902 going to desktop :2, et cetera).
Basic listener checks
Now that you've got vino, vncserver, and xrdp installed, configured and running, make sure they work right. First, check to make sure they're listening:
me@box:~$ sudo netstat -anpt | grep -E "vino|vnc|xrdp"
You should, at a minimum, see vino, vncserver, and/or Xvnc listening on ports 5900 and 5901, and xrdp listening on 3389. If you don't, you'll need to figure out what's not running.
Assuming you've got all listeners at 5900, 5901, and 3389, everything should be good to go - you can connect to the VNC servers directly with a VNC client, or you can use an RDP client to connect to xrdp, which will give you a drop-down menu to select Active Local Login or Clean Session.
What if my keyboard doesn't work right?
If you've installed tightvncserver on your own at some point, you'll either need to uninstall it (audo apt-get remove tightvncserver will do the trick), OR if for some reason you absolutely must have tightvncserver, you can do a quick-and-dirty workaround: Start gconf-editor as the user your tightvncserver session runs under (do not run as root!) and browse to apps->gnome-settings-daemon->plugins->keyboard. Uncheck the "active" checkbox, and close gconf-editor.
Kill and restart the tightvncserver, and your keyboard should work fine now. WARNING: I don't know what (if anything) you're not getting when you disable that "active keyboard" plugin; all I know is that disabling it works around the tightvnc/xrdp bug!
What if my "clean session" doesn't give me a desktop?
Check ~/.vnc/xstartup. Most likely, you're running twm and not your normal window manager. Comment out any line invoking twm, and add a line (if you don't already have one) invoking Xsession.
# twm & /etc/X11/Xsession
Kill and restart your vncserver :1, and try logging in again - it should be better this time around.
What if Firefox and/or other applications don't work on my "clean session"?
There are several applications, Firefox being a very notable example, that won't work properly if the same user is running more than one X session. If you want to be able to run a "clean session" even when you are logged in locally, you will need to set up your "clean session" under a different system user.