ThinLinc Administrator's Guide for ThinLinc 4.9.0

Table of Contents

I. Introduction

1. Introduction

1.1. About the Documentation

1.2. Finding More Information

2. ThinLinc Architecture

2.1. Session Overview

II. Installation

3. Installation

3.1. Overview

3.2. Server Requirements

3.2.1. ThinLinc System and Software Requirements

3.2.2. Windows RDP Server Requirements

3.2.3. Server Sizing

3.3. Preparing the Network for ThinLinc Installation

3.3.1. A Simple ThinLinc Setup

3.3.2. ThinLinc in a Novell Network

3.3.3. ThinLinc in a Windows Network

3.3.4. ThinLinc in a NAT/Split-DNS Environment

3.3.5. Using ThinLinc Web Access

3.3.6. Other Services Required by ThinLinc Servers

3.4. Installing the ThinLinc Remote Desktop Server

3.4.1. Starting the Installation Program

3.5. Upgrading an Old Installation

3.5.1. Acquire New Licenses

3.5.2. Starting the Installation Program

3.6. SELinux enabled distributions

3.7. The ThinLinc WTS Tools Package

3.7.1. Overview

3.7.2. Installing the WTS Tools Package on Windows Remote Desktop Servers

3.8. VirtualGL

3.8.1. Overview

3.8.2. Installation and configuration

4. License Handling

4.1. Overview

4.2. License Counting

4.3. Location and format of License Files

4.4. Log Files and E-mail Messages

4.5. Checking the Number of Valid Licenses

5. Printer Features

5.1. Overview of ThinLinc Printer Features

5.2. Printer Configuration Overview

5.2.1. CUPS Browsing

5.2.2. CUPS configuration on the Machine Running VSM Server

5.2.3. CUPS configuration on the Machine running VSM Agent

5.3. Local printer support

5.3.1. Theory of operation

5.3.2. Device independent mode

5.3.3. Device dependent mode

5.3.4. Installation and Configuration

5.3.5. Parallel port emulation

5.4. Nearest printer support

5.4.1. Administration of the Nearest Printer Feature in ThinLinc

5.4.2. Nearest Printer Selection Algorithm

5.4.3. Printer Drivers

5.5. Printer Access Control

5.5.1. Theory of Operation

5.5.2. Requirements

5.5.3. Activating the Printer Access Control Feature

5.5.4. Configuration

5.6. Printer Configuration on Windows Remote Desktop Servers

5.6.1. Configuration

5.6.2. Persistent Printer Settings

6. High Availability (HA)

6.1. Overview

6.1.1. Background - Reasons For a HA Setup

6.1.2. Solution - Elimination of Single Point of Failure

6.1.3. Theory of Operation

6.2. Configuration of ThinLinc for HA Operations

6.2.1. Installation of a New HA Cluster

6.2.2. Reconfiguring an existing ThinLinc Installation into HA mode

6.3. Recovering from hardware failures

6.3.1. Recovering from Minor Failures

6.3.2. Recovering from Catastrophic Failure

7. The ThinLinc Client

7.1. Client usage

7.1.1. The started ThinLinc client

7.1.2. Logging in to a ThinLinc server

7.1.3. Language Settings

7.1.4. The ThinLinc session life cycle

7.1.5. The session menu

7.2. Running the ThinLinc client from the command line

7.3. Local device export

7.3.1. Sound device

7.3.2. Serial ports (Windows and Linux only)

7.3.3. Drives

7.3.4. Printer

7.3.5. Smart Card Readers

7.4. Client configuration

7.4.1. Options tab

7.4.2. Local Devices tab

7.4.3. Screen tab

7.4.4. Optimization tab

7.4.5. Security tab

7.5. The XDM mode (Linux only)

7.5.1. The XDM mode Control Panel

7.6. Logfile placement

7.6.1. Linux log file

7.6.2. Windows log file

7.7. Client configuration storage

7.7.1. Overview and Parameters

7.7.2. Configuration Parameter Storage

7.7.3. Adding Custom Branding to the ThinLinc Client Login Window

7.8. Client Customizer

7.8.1. Introduction

7.8.2. Installation

7.8.3. Building a Customized Client

7.8.4. Adding SSH Host Keys to settings.reg

7.9. Advanced Topics

7.9.1. Hardware Address Reporting

7.9.2. Client Update Notifications

8. Client Platforms

8.1. Windows

8.1.1. Requirements

8.1.2. Installing the Windows Client

8.1.3. Running the Windows Client

8.2. Mac OS X

8.2.1. Requirements

8.2.2. Installing the Mac OS X Client

8.2.3. Running the Mac OS X Client

8.2.4. Command and Alt Keys on Mac OS X

8.3. Linux PC

8.3.1. Requirements

8.3.2. Installing the Linux Client

8.3.3. Running the Linux Client

8.4. Thin Terminals

8.4.1. eLux-based Thin Terminals (Fujitsu Futro et. al.)

8.4.2. HP ThinPro Terminals

8.4.3. IGEL Universal Desktop

8.4.4. Dell Wyse-Enhanced SuSE Linux Terminals

8.4.5. Other Thin Terminals

8.5. Running ThinLinc on a Thinstation terminal

8.5.1. Installing and Building the Package

8.5.2. Configuring the ThinLinc client when running on a Thinstation Terminal

8.6. Web Integration and Web Access

8.6.1. Launching the Native Client From a Web Page

8.6.2. The CGI Script tlclient.cgi

8.6.3. ThinLinc Web Access (HTML5 Client)

9. Authentication in ThinLinc

9.1. Pluggable Authentication Modules

9.1.1. Configuration files for PAM

9.2. Limitations

9.3. Using Public Key Authentication

9.3.1. Introduction

9.3.2. Key Generation

9.3.3. Server Configuration

9.3.4. Client Configuration

9.4. Using Smart Card Public Key Authentication

9.4.1. Introduction

9.4.2. General Requirements

9.4.3. Key Generation

9.4.4. Server Configuration

9.4.5. Client Configuration

9.4.6. Automatic Connection

9.4.7. LDAP Automatic Update (tl-ldap-certalias)

9.5. Using One Time Passwords

9.5.1. Introduction

9.5.2. General Requirements

9.5.3. Configuration for RSA SecurID

10. File Access

10.1. Accessing Windows File Servers

10.1.1. Introduction

10.1.2. Requirements

10.1.3. Mounting and Unmounting Shares

10.2. Restricting write access to users home directory

10.2.1. Introduction

10.2.2. Activation

10.2.3. Configuration

10.2.4. Security Considerations and Limitations

11. Connecting to Windows Remote Desktop Servers

11.1. Introduction

11.2. Single Sign-On

11.2.1. Information

11.2.2. Smart card

11.3. Connection Modes

11.3.1. Running a Windows Desktop

11.3.2. Running a Windows Application

III. Administration

12. Accessing Client Resources from the ThinLinc session

12.1. Accessing the Clients Local Drives

12.1.1. Introduction

12.1.2. Mounting and Unmounting Local Drives

12.1.3. Accessing local drives from Windows Remote Desktop Servers

12.1.4. Mounting Drives at Login

12.1.5. Limitations and additional information

12.2. Using Serial Port redirection

12.2.1. Introduction

12.2.2. Requirements

12.2.3. Enabling Serial Port Redirection

12.2.4. Accessing the redirected port from applications

12.2.5. Limitations and additional information

12.3. Using Sound Device Redirection

12.3.1. Introduction

12.3.2. Requirements

12.3.3. Using sound redirection with Linux applications

12.3.4. Using sound redirection with Windows Remote Desktop Servers

12.3.5. Limitations and additional information

12.4. Using Smart Card Redirection

12.4.1. Introduction

12.4.2. Requirements

12.4.3. Enabling Smart Card Redirection

12.4.4. Limitations and additional information

13. Commands on the ThinLinc Server

14. Server Configuration

14.1. Configuring ThinLinc Servers in a Cluster

14.1.1. Configuration Options

14.1.2. Cluster Management

14.2. Server Configuration Parameters

14.2.1. Parameters in /vsmagent/

14.2.2. Parameters in /vsmserver/

14.2.3. Parameters in /vsm/

14.2.4. Parameters in /appservergroups/

14.2.5. Parameters in /sessionstart/

14.2.6. Parameters in /tlwebadm/

14.2.7. Parameters in /webaccess/

14.3. Configuring Logging on ThinLinc servers

14.3.1. ThinLinc server components

14.3.2. Per-Session Logging

14.4. Customizing the User's Session

14.4.1. Session startup - the big picture

14.4.2. Session startup on VSM Agent

14.4.3. Profiles and the standard xstartup.default file.

14.4.4. Session Startup with a Client Supplied Start Program

14.4.5. Configuring available profiles

14.4.6. Configuring different Linux Desktops based on the selected profile

14.4.7. Speeding up Session Startup

14.4.8. Configuring the language environment on the server based on the client language

14.4.9. Forcing sessions for some users to certain agent hosts

14.5. Limiting Lifetime of ThinLinc Sessions

15. Shadowing

15.1. Introduction

15.2. Disable shadowing feature

15.3. Granting shadowing access to users

15.4. Shadowing notification

15.5. Shadowing a user session

16. Hiveconf

16.1. Overview

16.1.1. Basic Syntax

16.1.2. Tree Structure

16.1.3. Mounting Datasources

16.1.4. Hostwide Configuration

16.1.5. Hiveconf Tools

16.2. Hiveconf and ThinLinc

16.2.1. The ThinLinc Configuration Tool - tl-config

17. Administration of ThinLinc using the Web Administration Interface

17.1. Introduction

17.2. Configuring tlwebadm

17.3. Modules

17.3.1. The System Health Module

17.3.2. The Status Module

17.3.3. The VSM Module

17.3.4. The Profiles Module

17.3.5. The Locations Module

17.3.6. The Desktop Customizer Module

17.3.7. The Application Servers Module

18. Building Custom Linux Desktops with the ThinLinc Desktop Customizer

18.1. Introduction

18.2. Using the ThinLinc Desktop Customizer

18.2.1. Concepts

18.2.2. Using the ThinLinc Desktop Customizer

18.2.3. Handling Applications

18.2.4. Defining a Menu Structure

18.2.5. Defining Application Groups

18.2.6. Distribute Configuration to all agent hosts

18.3. Enabling the Custom Desktops for users

18.4. Tips & Tricks with TLDC

18.4.1. Unwanted Icons on the Desktop with KDE

18.4.2. File Associations for Applications Not In the Menu

18.4.3. Home Icon not Working in KDE?

IV. Appendixes

A. TCP Ports Used by ThinLinc

A.1. On Machine Running VSM Server

A.2. On Machine Running VSM Agent

A.3. On Windows Remote Desktop Servers

B. Troubleshooting ThinLinc

B.1. General troubleshooting method

B.2. Troubleshooting Specific Problems

B.2.1. Problems Where the Client Reports an Error

B.2.2. Problems that Occur After Session Start

C. Restricting access to ThinLinc servers

C.1. Disabling SSH access

C.2. Disabling shell access

C.2.1. Changing the configured shell

C.2.2. Using ForceCommand

C.3. Disabling port forwarding

C.3.1. Disabling remote port forwarding

C.4. Disabling clipboard

C.5. Disabling local drives

D. Configuring CUPS queues on Windows Remote Desktop Servers

E. GnuTLS priority strings

E.1. Standard configuration

E.1.1. Cipher suites

E.1.2. Certificate types

E.1.3. Protocols

E.1.4. Compression

E.1.5. Elliptic curves

E.1.6. PK-signatures

E.2. Available algorithms

E.2.1. Cipher suites

E.2.2. Certificate types

E.2.3. Protocols

E.2.4. Ciphers

E.2.5. MACs

E.2.6. Digests

E.2.7. Key exchange algorithms

E.2.8. Compression

E.2.9. Elliptic curves

E.2.10. Public Key Systems

E.2.11. PK-signatures