ThinLinc Administrator's Guide for ThinLinc 4.9.0

Table of Contents

I. Introduction
1. Introduction
1.1. About the Documentation
1.2. Finding More Information
2. ThinLinc Architecture
2.1. Session Overview
II. Installation
3. Installation
3.1. Overview
3.2. Server Requirements
3.2.1. ThinLinc System and Software Requirements
3.2.2. Windows RDP Server Requirements
3.2.3. Server Sizing
3.3. Preparing the Network for ThinLinc Installation
3.3.1. A Simple ThinLinc Setup
3.3.2. ThinLinc in a Novell Network
3.3.3. ThinLinc in a Windows Network
3.3.4. ThinLinc in a NAT/Split-DNS Environment
3.3.5. Using ThinLinc Web Access
3.3.6. Other Services Required by ThinLinc Servers
3.4. Installing the ThinLinc Remote Desktop Server
3.4.1. Starting the Installation Program
3.5. Upgrading an Old Installation
3.5.1. Acquire New Licenses
3.5.2. Starting the Installation Program
3.6. SELinux enabled distributions
3.7. The ThinLinc WTS Tools Package
3.7.1. Overview
3.7.2. Installing the WTS Tools Package on Windows Remote Desktop Servers
3.8. VirtualGL
3.8.1. Overview
3.8.2. Installation and configuration
4. License Handling
4.1. Overview
4.2. License Counting
4.3. Location and format of License Files
4.4. Log Files and E-mail Messages
4.5. Checking the Number of Valid Licenses
5. Printer Features
5.1. Overview of ThinLinc Printer Features
5.2. Printer Configuration Overview
5.2.1. CUPS Browsing
5.2.2. CUPS configuration on the Machine Running VSM Server
5.2.3. CUPS configuration on the Machine running VSM Agent
5.3. Local printer support
5.3.1. Theory of operation
5.3.2. Device independent mode
5.3.3. Device dependent mode
5.3.4. Installation and Configuration
5.3.5. Parallel port emulation
5.4. Nearest printer support
5.4.1. Administration of the Nearest Printer Feature in ThinLinc
5.4.2. Nearest Printer Selection Algorithm
5.4.3. Printer Drivers
5.5. Printer Access Control
5.5.1. Theory of Operation
5.5.2. Requirements
5.5.3. Activating the Printer Access Control Feature
5.5.4. Configuration
5.6. Printer Configuration on Windows Remote Desktop Servers
5.6.1. Configuration
5.6.2. Persistent Printer Settings
6. High Availability (HA)
6.1. Overview
6.1.1. Background - Reasons For a HA Setup
6.1.2. Solution - Elimination of Single Point of Failure
6.1.3. Theory of Operation
6.2. Configuration of ThinLinc for HA Operations
6.2.1. Installation of a New HA Cluster
6.2.2. Reconfiguring an existing ThinLinc Installation into HA mode
6.3. Recovering from hardware failures
6.3.1. Recovering from Minor Failures
6.3.2. Recovering from Catastrophic Failure
7. The ThinLinc Client
7.1. Client usage
7.1.1. The started ThinLinc client
7.1.2. Logging in to a ThinLinc server
7.1.3. Language Settings
7.1.4. The ThinLinc session life cycle
7.1.5. The session menu
7.2. Running the ThinLinc client from the command line
7.3. Local device export
7.3.1. Sound device
7.3.2. Serial ports (Windows and Linux only)
7.3.3. Drives
7.3.4. Printer
7.3.5. Smart Card Readers
7.4. Client configuration
7.4.1. Options tab
7.4.2. Local Devices tab
7.4.3. Screen tab
7.4.4. Optimization tab
7.4.5. Security tab
7.5. The XDM mode (Linux only)
7.5.1. The XDM mode Control Panel
7.6. Logfile placement
7.6.1. Linux log file
7.6.2. Windows log file
7.7. Client configuration storage
7.7.1. Overview and Parameters
7.7.2. Configuration Parameter Storage
7.7.3. Adding Custom Branding to the ThinLinc Client Login Window
7.8. Client Customizer
7.8.1. Introduction
7.8.2. Installation
7.8.3. Building a Customized Client
7.8.4. Adding SSH Host Keys to settings.reg
7.9. Advanced Topics
7.9.1. Hardware Address Reporting
7.9.2. Client Update Notifications
8. Client Platforms
8.1. Windows
8.1.1. Requirements
8.1.2. Installing the Windows Client
8.1.3. Running the Windows Client
8.2. Mac OS X
8.2.1. Requirements
8.2.2. Installing the Mac OS X Client
8.2.3. Running the Mac OS X Client
8.2.4. Command and Alt Keys on Mac OS X
8.3. Linux PC
8.3.1. Requirements
8.3.2. Installing the Linux Client
8.3.3. Running the Linux Client
8.4. Thin Terminals
8.4.1. eLux-based Thin Terminals (Fujitsu Futro et. al.)
8.4.2. HP ThinPro Terminals
8.4.3. IGEL Universal Desktop
8.4.4. Dell Wyse-Enhanced SuSE Linux Terminals
8.4.5. Other Thin Terminals
8.5. Running ThinLinc on a Thinstation terminal
8.5.1. Installing and Building the Package
8.5.2. Configuring the ThinLinc client when running on a Thinstation Terminal
8.6. Web Integration and Web Access
8.6.1. Launching the Native Client From a Web Page
8.6.2. The CGI Script tlclient.cgi
8.6.3. ThinLinc Web Access (HTML5 Client)
9. Authentication in ThinLinc
9.1. Pluggable Authentication Modules
9.1.1. Configuration files for PAM
9.2. Limitations
9.3. Using Public Key Authentication
9.3.1. Introduction
9.3.2. Key Generation
9.3.3. Server Configuration
9.3.4. Client Configuration
9.4. Using Smart Card Public Key Authentication
9.4.1. Introduction
9.4.2. General Requirements
9.4.3. Key Generation
9.4.4. Server Configuration
9.4.5. Client Configuration
9.4.6. Automatic Connection
9.4.7. LDAP Automatic Update (tl-ldap-certalias)
9.5. Using One Time Passwords
9.5.1. Introduction
9.5.2. General Requirements
9.5.3. Configuration for RSA SecurID
10. File Access
10.1. Accessing Windows File Servers
10.1.1. Introduction
10.1.2. Requirements
10.1.3. Mounting and Unmounting Shares
10.2. Restricting write access to users home directory
10.2.1. Introduction
10.2.2. Activation
10.2.3. Configuration
10.2.4. Security Considerations and Limitations
11. Connecting to Windows Remote Desktop Servers
11.1. Introduction
11.2. Single Sign-On
11.2.1. Information
11.2.2. Smart card
11.3. Connection Modes
11.3.1. Running a Windows Desktop
11.3.2. Running a Windows Application
III. Administration
12. Accessing Client Resources from the ThinLinc session
12.1. Accessing the Clients Local Drives
12.1.1. Introduction
12.1.2. Mounting and Unmounting Local Drives
12.1.3. Accessing local drives from Windows Remote Desktop Servers
12.1.4. Mounting Drives at Login
12.1.5. Limitations and additional information
12.2. Using Serial Port redirection
12.2.1. Introduction
12.2.2. Requirements
12.2.3. Enabling Serial Port Redirection
12.2.4. Accessing the redirected port from applications
12.2.5. Limitations and additional information
12.3. Using Sound Device Redirection
12.3.1. Introduction
12.3.2. Requirements
12.3.3. Using sound redirection with Linux applications
12.3.4. Using sound redirection with Windows Remote Desktop Servers
12.3.5. Limitations and additional information
12.4. Using Smart Card Redirection
12.4.1. Introduction
12.4.2. Requirements
12.4.3. Enabling Smart Card Redirection
12.4.4. Limitations and additional information
13. Commands on the ThinLinc Server
14. Server Configuration
14.1. Configuring ThinLinc Servers in a Cluster
14.1.1. Configuration Options
14.1.2. Cluster Management
14.2. Server Configuration Parameters
14.2.1. Parameters in /vsmagent/
14.2.2. Parameters in /vsmserver/
14.2.3. Parameters in /vsm/
14.2.4. Parameters in /appservergroups/
14.2.5. Parameters in /sessionstart/
14.2.6. Parameters in /tlwebadm/
14.2.7. Parameters in /webaccess/
14.3. Configuring Logging on ThinLinc servers
14.3.1. ThinLinc server components
14.3.2. Per-Session Logging
14.4. Customizing the User's Session
14.4.1. Session startup - the big picture
14.4.2. Session startup on VSM Agent
14.4.3. Profiles and the standard xstartup.default file.
14.4.4. Session Startup with a Client Supplied Start Program
14.4.5. Configuring available profiles
14.4.6. Configuring different Linux Desktops based on the selected profile
14.4.7. Speeding up Session Startup
14.4.8. Configuring the language environment on the server based on the client language
14.4.9. Forcing sessions for some users to certain agent hosts
14.5. Limiting Lifetime of ThinLinc Sessions
15. Shadowing
15.1. Introduction
15.2. Disable shadowing feature
15.3. Granting shadowing access to users
15.4. Shadowing notification
15.5. Shadowing a user session
16. Hiveconf
16.1. Overview
16.1.1. Basic Syntax
16.1.2. Tree Structure
16.1.3. Mounting Datasources
16.1.4. Hostwide Configuration
16.1.5. Hiveconf Tools
16.2. Hiveconf and ThinLinc
16.2.1. The ThinLinc Configuration Tool - tl-config
17. Administration of ThinLinc using the Web Administration Interface
17.1. Introduction
17.2. Configuring tlwebadm
17.3. Modules
17.3.1. The System Health Module
17.3.2. The Status Module
17.3.3. The VSM Module
17.3.4. The Profiles Module
17.3.5. The Locations Module
17.3.6. The Desktop Customizer Module
17.3.7. The Application Servers Module
18. Building Custom Linux Desktops with the ThinLinc Desktop Customizer
18.1. Introduction
18.2. Using the ThinLinc Desktop Customizer
18.2.1. Concepts
18.2.2. Using the ThinLinc Desktop Customizer
18.2.3. Handling Applications
18.2.4. Defining a Menu Structure
18.2.5. Defining Application Groups
18.2.6. Distribute Configuration to all agent hosts
18.3. Enabling the Custom Desktops for users
18.4. Tips & Tricks with TLDC
18.4.1. Unwanted Icons on the Desktop with KDE
18.4.2. File Associations for Applications Not In the Menu
18.4.3. Home Icon not Working in KDE?
IV. Appendixes
A. TCP Ports Used by ThinLinc
A.1. On Machine Running VSM Server
A.2. On Machine Running VSM Agent
A.3. On Windows Remote Desktop Servers
B. Troubleshooting ThinLinc
B.1. General troubleshooting method
B.2. Troubleshooting Specific Problems
B.2.1. Problems Where the Client Reports an Error
B.2.2. Problems that Occur After Session Start
C. Restricting access to ThinLinc servers
C.1. Disabling SSH access
C.2. Disabling shell access
C.2.1. Changing the configured shell
C.2.2. Using ForceCommand
C.3. Disabling port forwarding
C.3.1. Disabling remote port forwarding
C.4. Disabling clipboard
C.5. Disabling local drives
D. Configuring CUPS queues on Windows Remote Desktop Servers
E. GnuTLS priority strings
E.1. Standard configuration
E.1.1. Cipher suites
E.1.2. Certificate types
E.1.3. Protocols
E.1.4. Compression
E.1.5. Elliptic curves
E.1.6. PK-signatures
E.2. Available algorithms
E.2.1. Cipher suites
E.2.2. Certificate types
E.2.3. Protocols
E.2.4. Ciphers
E.2.5. MACs
E.2.6. Digests
E.2.7. Key exchange algorithms
E.2.8. Compression
E.2.9. Elliptic curves
E.2.10. Public Key Systems
E.2.11. PK-signatures

List of Figures

2.1. The System Architecture of ThinLinc
3.1. A Simple ThinLinc Setup
3.2. ThinLinc in a Novell Network
3.3. ThinLinc in a Windows Network
3.4. ThinLinc in a NAT/Split-DNS Environment
5.1. Printer Configuration Overview
6.1. A non-HA ThinLinc cluster setup
6.2. A ThinLinc HA cluster setup
7.1. The ThinLinc client login window
7.2. The ThinLinc client session selection window
7.3. Client settings Options tab
7.4. Client settings Local Devices tab
7.5. Sound system selection interface
7.6. Serial port selection interface
7.7. Local drive export selection interface
7.8. Printer options dialog
7.9. Client settings Screen tab
7.10. Client settings Optimization tab
7.11. Client settings Security tab
7.12. Smart card authentication settings
7.13. Certificate filter settings
7.14. The control panel mouse tab
7.15. The control panel keyboard tab
7.16. The control panel screen tab
14.1. Session Startup Procedure - on VSM Server.
14.2. Session Startup Procedure - on VSM Agent
14.3. The ThinLinc profiles and xstartup.default
17.1. Terminals
17.2. New terminal form
17.3. New Location Form
17.4. Location Details With Printer
17.5. UNIX Application Server Groups List
17.6. Adding a UNIX Application Server Group
17.7. Adding a Windows Application Server Group
18.1. ThinLinc Desktop Customizer Concepts
B.1. The General Troubleshooting Method

List of Tables

14.1. Log Levels
14.2. Default Log Behaviour
17.1. Terminal properties
17.2. UNIX Application Server Group Fields
17.3. Windows Application Server Group Fields