ThinLinc Administrator's Guide for ThinLinc 3.3.0

Table of Contents

I. Introduction

1. Introduction

1.1. About the Documentation

1.2. Finding More Information

2. ThinLinc Architecture

2.1. Session Overview

II. Installation

3. Installation

3.1. Overview

3.2. Server Requirements

3.2.1. ThinLinc System and Software Requirements

3.2.2. Windows RDP Server Requirements

3.2.3. Server Sizing

3.2.4. Supported Application Types

3.2.5. Supported Protocols

3.2.6. Supported Authentication Mechanisms

3.3. Preparing the Network for ThinLinc Installation

3.3.1. A Simple ThinLinc Setup

3.3.2. ThinLinc in a Novell Network

3.3.3. ThinLinc in a Windows Network

3.3.4. ThinLinc in a NAT/Split-DNS Environment

3.3.5. Using the Browser Clients

3.3.6. Other Services Required by ThinLinc Servers

3.4. Installing the ThinLinc Terminal Server

3.4.1. Starting the Installation Program

3.5. Upgrading an Old Installation

3.5.1. Acquire New Licenses

3.5.2. Run the Installation Program

3.5.3. Update Configuration Files

3.5.4. Run tl-setup

3.6. Platform Specific Notes

3.6.1. SELinux enabled distributions

3.6.2. AppArmor enabled distributions

3.6.3. Red Hat Enterprise Linux 4

3.6.4. All SUSE Linux variants, including SLES and SLED

3.6.5. SUSE Linux Enterprise Desktop 10

3.6.6. SUSE Linux Enterprise Desktop 11

3.6.7. Debian 3.1 and Ubuntu

3.6.8. Mandriva Enterprise Server 5

3.6.9. Sun Solaris

3.7. The ThinLinc WTS Tools Package

3.7.1. Overview

3.7.2. Installing the WTS Tools Package on Windows Terminal Servers

3.8. VirtualGL

3.8.1. Overview

3.8.2. Installation and configuration

3.8.3. Use with ThinLinc

4. License Handling

4.1. Overview

4.2. License Counting

4.3. Location and format of License Files

4.4. Log Files and E-mail Messages

4.5. Checking the Number of Valid Licenses

5. Printer Features

5.1. Overview of ThinLinc Printer Features

5.2. Printer Configuration Overview

5.2.1. CUPS Browsing

5.2.2. CUPS configuration on the Machine Running VSM Server

5.2.3. CUPS configuration on the Machine running VSM Agent

5.3. Local printer support

5.3.1. Theory of operation

5.3.2. Device independent mode

5.3.3. Device dependent mode

5.3.4. Installation and Configuration

5.3.5. Parallel port emulation

5.4. Nearest printer support

5.4.1. Administration of the Nearest Printer Feature in ThinLinc

5.4.2. Nearest Printer Selection Algorithm

5.4.3. Printer Drivers

5.5. Printer Access Control

5.5.1. Theory of Operation

5.5.2. Requirements

5.5.3. Activating the Printer Access Control Feature

5.5.4. Configuration

5.6. Printer Configuration on Windows Terminal Servers

5.6.1. Configuration

5.6.2. Persistent Printer Settings

5.7. CUPS

5.7.1. Theory of operation

5.7.2. ThinLinc and CUPS

5.7.3. CUPS configuration

5.7.4. Common CUPS configuration operations

6. High Availability (HA)

6.1. Overview

6.1.1. Background - Reasons For a HA Setup

6.1.2. Solution - Elimination of Single Point of Failure

6.1.3. Theory of Operation

6.2. Configuration of ThinLinc for HA Operations

6.2.1. Installation of a New HA Cluster

6.2.2. Reconfiguring an existing ThinLinc Installation into HA mode

6.3. Validating HA Operation

6.3.1. Validation of Heartbeat Operations

6.3.2. Validation of Network Connectivity

6.3.3. Validating Operations on the Active Node

6.4. Testing Correct Failover Behavior

6.4.1. Testing Failover by Stopping Heartbeat

6.4.2. Testing Correct Failover Because of Hardware Failure

6.5. Recovering from hardware failures

6.5.1. Recovering from Minor Failures

6.5.2. Recovering from Catastrophic Failure

6.6. ThinLinc HA and Other Services

6.6.1. User database

6.6.2. Home Directories and other File Resources

6.6.3. Printing

6.7. Detailed Instructions on Heartbeat Configuration

6.7.1. Configuration by Editing Configuration Files

6.7.2. Configuring Heartbeat Using the Webmin Module

7. The ThinLinc Client

7.1. Client usage

7.1.1. The started ThinLinc client

7.1.2. Logging in to a ThinLinc server

7.1.3. Language Settings

7.1.4. The ThinLinc session life cycle

7.1.5. The session menu

7.2. Running the ThinLinc client from the command line

7.3. Local device export

7.3.1. Sound device (Windows and UNIX only)

7.3.2. Serial ports (Windows and UNIX only)

7.3.3. Drives (Windows and UNIX only)

7.3.4. Printer (Windows and UNIX only)

7.3.5. Smart Card Readers

7.4. Client configuration

7.4.1. Options tab

7.4.2. Local Devices tab

7.4.3. Screen tab

7.4.4. Optimization tab

7.4.5. Security tab

7.5. The XDM mode (UNIX only)

7.5.1. The XDM mode Control Panel

7.6. Logfile placement

7.6.1. UNIX log file

7.6.2. Windows log file

7.7. Client configuration storage

7.7.1. Overview and Parameters

7.7.2. Configuration Parameter Storage

7.7.3. Adding Custom Branding to the ThinLinc Client Login Window

7.8. Client Customizer

7.8.1. Introduction

7.8.2. Installation

7.8.3. Building a Customized Client

7.8.4. Adding Host Keys to settings.reg

7.9. Advanced Topics

7.9.1. Hardware Address Reporting

7.9.2. Client Update Notifications

8. Client Platforms

8.1. Windows

8.1.1. Requirements

8.1.2. Installing the Windows Client

8.1.3. Running the Windows Client

8.2. Mac OS X

8.2.1. Requirements

8.2.2. Installing the Mac OS X Client

8.2.3. Running the Mac OS X Client

8.2.4. Command and Alt Keys on Mac OS X

8.3. Linux PC

8.3.1. Requirements

8.3.2. Installing the Linux Client

8.3.3. Running the Linux Client

8.4. Solaris

8.4.1. Requirements

8.4.2. Installing the Solaris Client

8.4.3. Running the Solaris Client

8.5. Thin Terminals

8.5.1. Neoware Terminals

8.5.2. eLux-based Thin Terminals (Fujitsu Futro et. al.)

8.5.3. VXL Itona

8.5.4. Tecnoworld Thin Terminals

8.5.5. HP Terminals

8.5.6. IGEL Universal Desktop

8.5.7. Connec EZ800 Thin Terminal

8.5.8. Wyse Linux Terminals

8.5.9. Other Thin Terminals

8.6. The ThinLinc Client Operating System (TLCOS)

8.6.1. Requirements

8.6.2. Downloading the Distribution

8.6.3. Customizing the Kickstart File

8.6.4. Installing the ThinLinc Client Operating System

8.6.5. Using Local Drives with TLCOS

8.6.6. Using Image Scanners with TLCOS

8.6.7. Using Local Printers with TLCOS

8.6.8. Getting Applications Using Ctrl-Alt-Fx to Work with TLCOS

8.6.9. Dealing with Sound Cards not found by Autodetection

8.6.10. Managing Network Connections with NetworkManager

8.7. Using X11 Terminals as ThinLinc Clients

8.7.1. Configuration

8.8. Running ThinLinc on a Thinstation terminal

8.8.1. Installing and Building the Package

8.8.2. Configuring the ThinLinc client when running on a Thinstation Terminal

8.9. Web Integration and Browser Clients

8.9.1. The Java Browser Client

8.9.2. Requirements

8.9.3. Installation

8.9.4. Launching the Native Client From a Web Page

8.9.5. The CGI Script tlclient.cgi

9. Authentication in ThinLinc

9.1. Pluggable Authentication Modules

9.1.1. Configuration files for PAM

9.2. Limitations

9.3. Authenticating users against Windows Active Directory

9.3.1. Single Machine or Cluster Setup

9.3.2. Requirements

9.3.3. Single Machine Setup

9.3.4. Verifying AD Integration

9.3.5. Cluster Configuration

9.4. Authentication against LDAP servers

9.4.1. ThinLinc Authenticating to LDAP - Theory of Operation

9.4.2. LDAP server configuration issues

9.4.3. Verifying LDAP Connectivity

9.4.4. Configuring a ThinLinc Server to use LDAP Lookups for Users and Groups

9.4.5. Using Novell eDirectory with ThinLinc

9.4.6. LDAP Query Performance Tuning

9.5. Limiting ThinLinc Access from Foreign Networks

9.6. Using Public Key Authentication

9.6.1. Introduction

9.6.2. General Requirements

9.6.3. Key Generation

9.6.4. Server Configuration

9.6.5. Client Configuration

9.7. Using Smart Card Public Key Authentication

9.7.1. Introduction

9.7.2. General Requirements

9.7.3. Key Generation

9.7.4. Server Configuration

9.7.5. Client Configuration

9.7.6. Automatic Connection

9.7.7. LDAP Automatic Update (tl-ldap-certalias)

9.8. Using One Time Passwords

9.8.1. Introduction

9.8.2. General Requirements

9.8.3. Configuration for NordicEdge One Time Password Server

9.8.4. Configuration for RSA SecurID

10. File Access

10.1. Accessing Windows File Servers

10.1.1. Introduction

10.1.2. Requirements

10.1.3. Mounting and Unmounting Shares

10.2. Accessing Novell Netware File Servers

10.2.1. Introduction

10.2.2. Using NCPFS to Access Novell File Servers

10.2.3. Using the Native Novell Client to Access Novell File Servers

10.2.4. Accessing Novell Netware File Servers using NFS

10.3. Restricting write access to users home directory

10.3.1. Introduction

10.3.2. Activation

10.3.3. Configuration

10.3.4. Security Considerations and Limitations

11. Connecting to Windows Terminal Servers

11.1. Introduction

11.2. Connection Modes

11.2.1. Running a Windows Desktop in a Window

11.2.2. Running a Windows Desktop in Fullscreen

11.2.3. Running a WTS application in Standard Mode

11.2.4. Running a WTS application in SeamlessRDP Mode

III. Administration

12. Accessing Client Resources from the Terminal Server

12.1. Accessing the Clients Local Drives

12.1.1. Introduction

12.1.2. Requirements

12.1.3. Mounting and Unmounting Local Drives

12.1.4. Accessing local drives from Windows Terminal Servers

12.1.5. Mounting Drives at Login

12.1.6. Limitations and additional information

12.2. Using Serial Port redirection

12.2.1. Introduction

12.2.2. Requirements

12.2.3. Enabling Serial Port Redirection

12.2.4. Accessing the redirected port from applications

12.2.5. Limitations and additional information

12.3. Using Sound Device Redirection

12.3.1. Introduction

12.3.2. Requirements

12.3.3. Using sound redirection with UNIX applications

12.3.4. Using sound redirection with Windows Terminal Servers

12.3.5. Using sound redirection with Crossover

12.3.6. Limitations and additional information

12.4. Using Smart Card Redirection

12.4.1. Introduction

12.4.2. Requirements

12.4.3. Enabling Smart Card Redirection

12.4.4. Limitations and additional information

13. Commands on the ThinLinc Server

14. Server Configuration

14.1. Server Configuration Parameters

14.1.1. Parameters in /vsmagent/

14.1.2. Parameters in /vsmserver/

14.1.3. Parameters in /vsm/

14.1.4. Parameters in /appservergroups/

14.1.5. Parameters in /sessionstart/

14.1.6. Parameters in /vdi/

14.1.7. Parameters in /tlwebadm/

14.2. Configuring Logging on ThinLinc servers

14.2.1. Configuring Logging for the VSM server, the VSM server and the Browser Clients.

14.2.2. Per-Session Logging

14.3. Customizing the User's Session

14.3.1. Session startup - the big picture

14.3.2. Session startup on VSM Agent

14.3.3. Profiles and the standard xstartup.default file.

14.3.4. Session Startup with a Client Supplied Start Program

14.3.5. Configuring available profiles

14.3.6. Configuring different Linux Desktops based on the selected profile

14.3.7. Speeding up Session Startup

14.3.8. Configuring the language environment on the server based on the client language

14.3.9. Pruning data in /var/opt/thinlinc/sessions/

14.3.10. Forcing sessions for some users to certain agent hosts

14.3.11. Indicating that Shadowing is in Progress

14.4. Limiting Lifetime of ThinLinc Sessions

15. Hiveconf

15.1. Overview

15.1.1. Basic Syntax

15.1.2. Tree Structure

15.1.3. Mounting Datasources

15.1.4. Hostwide Configuration

15.1.5. Hiveconf Tools

15.2. Hiveconf and ThinLinc

15.2.1. The ThinLinc Configuration Tool - tl-config

16. Administration of ThinLinc using the Web Administration Interface

16.1. Introduction

16.2. Configuring tlwebadm

16.3. Modules

16.3.1. The Status Module

16.3.2. The Locations Module

16.3.3. The Desktop Customizer Module

16.3.4. The Novell Configurator Module

16.3.5. The VDI Module

17. Building Custom Linux Desktops with the ThinLinc Desktop Customizer

17.1. Introduction

17.2. Using the KDE Kiosk Tool in a ThinLinc environment

17.2.1. Getting the KDE Kiosk Tool

17.2.2. Working with the KDE Kiosk Tool

17.2.3. Desktop Profile Best Practices

17.3. Using the ThinLinc Desktop Customizer

17.3.1. Concepts

17.3.2. Using the ThinLinc Desktop Customizer

17.3.3. Handling Applications

17.3.4. Defining a Menu Structure

17.3.5. Defining Application Groups

17.3.6. Distribute Configuration to all agent hosts

17.4. Enabling the Custom Desktops for users

17.5. Tips & Tricks with TLDC

17.5.1. Unwanted Icons on the Desktop with KDE

17.5.2. File Associations for Applications Not In the Menu

17.5.3. Home Icon not Working in KDE?

18. Frequently Asked Questions (FAQ)

18.1. Frequently Asked Questions for Linux

18.2. Frequently Asked Questions for Windows

IV. Virtual Desktop Infrastructure (VDI)

19. VDI Overview

19.1. Virtual Desktop Infrastructure

19.2. ThinLinc VDI

19.2.1. VMware Virtual Infrastructure

19.2.2. Oracle VirtualBox

20. VDI Requirements

20.1. VMware Virtual Infrastructure

20.1.1. ESX and vCenter

20.1.2. Customization configuration

20.1.3. Template requirements

20.1.4. Browser requirements

20.2. Oracle VirtualBox

20.2.1. Host requirements

20.2.2. Guest requirements

21. VDI Configuration

21.1. Virtual Infrastructure Configuration

21.1.1. Selecting a datacenter

21.1.2. Creating a user

21.1.3. Creating a template

21.1.4. Using customization configurations

21.2. VirtualBox Configuration

21.2.1. Creating a template

21.2.2. Exporting a template

21.3. ThinLinc Configuration

21.3.1. vdi.hconf and vdi-user.hconf

21.3.2. appservergroups.hconf

21.3.3. profiles.hconf

22. VDI Administration

22.1. ThinLinc VDI Administration Interface

22.1.1. Home page

22.1.2. Creating a new pool

22.1.3. View pool

22.1.4. Creating common machines

22.1.5. Creating persistent machines

22.2. VirtualBox Administration

22.2.1. tl-export-virtualbox

22.2.2. tlcloneprep

V. Appendixes

A. TCP Ports Used by ThinLinc

A.1. On Machine Running VSM Server

A.2. On Machine Running VSM Agent

A.3. On Windows Terminal Servers

B. Troubleshooting ThinLinc

B.1. General troubleshooting method

B.2. Troubleshooting Specific Problems

B.2.1. Problems Where the Client Reports an Error

B.2.2. Problems that Occur After Session Start

C. Manually Configuring Integration with Novell eDirectory

C.1. Schema extensions

C.2. Increasing performance by adding an index on some Attributes.

C.3. Removing Attribute Mappings

C.4. Adding nss_map_attribute statements to /etc/ldap.conf

C.5. Creating a DN for search operations

C.6. Creating the DN used to modify users in the directory

D. Configuring CUPS queues on Windows Terminal Servers

D.1. Generic PostScript printer driver for Windows