The ThinLinc server is configured using a number of configuration parameters stored in Hiveconf. For information about how to access and set the parameters, please refer to Chapter 16, Hiveconf . In this chapter, we will describe the different parameters and their meaning.
The parameters used in ThinLinc are divided into a number of folders, each having zero or more subfolders. The following folders exist:
/vsm/ contains parameters common to both the VSM agent and the VSM server. This folder normally resides in /opt/thinlinc/etc/conf.d/vsm.hconf
/vsmagent/ contains parameters specific to the VSM agent. This folder normally resides in /opt/thinlinc/etc/conf.d/vsmagent.hconf
/vsmserver/ contains parameters specific to the VSM server. This folder normally resides in /opt/thinlinc/etc/conf.d/vsmserver.hconf
/appservergroups/ contains parameters used by ThinLinc to access application servers. This folder normally resides in /opt/thinlinc/etc/conf.d/appservergroups.hconf
/profiles/ contains parameters for configuring the different session profiles. This folder normally resides in /opt/thinlinc/etc/conf.d/profiles.hconf
/utils/ contains parameters used by miscellaneous ThinLinc utilities. Each utility has its own configuration file, but all parameters are then merged in under /utils when read by the HiveConf framework.
/sessionstart/ contains some parameters used during session startup.
/tlwebadm/ contains parameters for the tlwebadm web configuration interface.
/webaccess/ contains parameters for the server part of ThinLinc Web Access.
In this section, we will describe all the parameters currently used by the VSM agent.
Public hostname; the hostname that clients are redirected to. If not defined, the agent will use the computer's IP address. This is the default configuration, and means that ThinLinc does not require DNS to work properly. However, if you are using Network Address Translation (NAT), you must set this parameter to a IP address or DNS name that all clients can connect to. Example:
agent_hostname = thinlinc.example.com
This is the space-separated list of VSM servers that should be allowed to connect to this VSM agent and create new sessions. The localhost is always allowed as well as the IP of the hostname the VSM agent runs on, and the host specified in the /vsmagent/master_hostname/ parameter.
This subfolder of /vsmagent contains environment variables that should be set in each user's session. Example:
[/vsmagent/default_environment] TOWN=Springfield LC_CTYPE=sv_SE.UTF-8 FOOBAR=foobar
This will set the TOWN environment variable to Springfield , the LC_CTYPE variable to sv_SE.UTF-8 and the FOOBAR variable to foobar in each user's session.
xsession is executed via a login shell, which may modify the environment and override values in [/vsmagent/default_environment].
The default session size, to be used when clients are not requesting any specific session size.
The maximum display number to be used for ThinLinc sessions on each specific VSM agent host. Default value is 2000.
The maximum ThinLinc sessions allowed on a specific VSM Agent host is /vsmagent/display_max - /vsmagent/display_min .
The lowest display numbers to use for clients. The default is 10, and unless there are other processes needing display numbers, the recommendation is not to change this number. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
The TCP port VSM Agent listen to for incoming requests. This should normally be set to the same value as /vsm/vsm_agent_port.
The lowest port to be used by normal user processes. This may never be lower than /vsmagent/max_session_port . See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
If this parameter is true, the users home directory will be automatically created if it doesn't exist.
When a home directory is created (see parameter /vsmagent/make_homedir above), the mode for the newly created directory will be determined by this parameter.
This parameter specifies the hostname of the master machine, i.e. the machine that runs the VSM server. In a HA setup, this should be the hostname of the IP address that is on the machine that is currently the active node, to ensure that services on the agents that need to access the VSM Server always connects to the machine that is up and running.
The highest port to use for VNC and tunnel ports on the VSM Agent. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
This parameter decides whether the passwords of the users should be saved in order to support Single Sign-On when connecting to servers from the ThinLinc session, for example when running a Windows session.
Extra arguments to pass on to the Xserver Xvnc. One common case is to use -localhost , which makes Xvnc require connections to originate from localhost, thus forcing applications to either be local or use a tunnel (which often also means that the traffic is encrypted). Other examples include -IdleTimeout and -MaxIdleTime. For more information, see Section 14.5, “ Limiting Lifetime of ThinLinc Sessions ”.
This parameter controls the location of the Xauthority file. Currently, two values are supported: With "homedir", the file will be placed in the users home directory. With "sessiondir", the file will be placed in the session directory below /var/opt/thinlinc/sessions. The XAUTHORITY environment variable is set accordingly by the VSM agent.
In this section, we will describe all the parameters currently used by the VSM server.
The administrator's email address. This is where warnings about overuse of Licenses are sent, among with other administrative messages. Make sure this is a valid address.
A space-separated list of hosts from which privileged operations are allowed. The default (empty) allows localhost to do this. Privileged operations are for example to deactivate a session, something that should be allowed by the host running the ThinLinc Web Administration service.
ThinLinc access can be limited to certain groups. If the allowed_groups space-separated list is empty, all users are accepted. Otherwise, the user must be a member of the groups listed below, to be able to use ThinLinc. Example:
allowed_groups = students teachers
A space-separated list of users that are allowed to shadow other users. Please note that these users will gain full access to other users' sessions. See Chapter 15, Shadowing for more information.
A constant string value of; reject, silent, notify or ask. This value configures in which way a shadowing request is handled.
All shadowing requests are rejected. You should set this if you want to disable the shadowing feature.
All shadowing requests are accepted and the user will not be notified about beeing shadowed.
All shadowing requests are accepted and a message box will be shown to notify the user when the shadowing starts and when the shadowing ends.
Shows a dialog to the user and gives him the full control of deciding to accept or reject the shadowing request. If the request timeout is reached without the user making a decision then the shadowing request will be rejected. Like for notify the user is also informed when the shadowing ends.
See Chapter 15, Shadowing for more information.
This parameter is a space-separated list which presents a way to force the sessions created for certain users or groups to always be created on specific agent hosts. See Section 14.4.9, “ Forcing sessions for some users to certain agent hosts ” for more information.
All ThinLinc machines part of this ThinLinc cluster. This should be a space-separated list of DNS host names. These will be used for communication between the server and the agent. The names reported to clients are fetched from the agent itself; names in /vsmserver/terminalservers are not reported directly to clients.
Estimated bogomips required for each user.
This parameter decides the importance of the amount of logged in users on a VSM agent host when calculating load balance parameters. A host with low load, but a lot of users, is generally more likely to get a higher load within short time when the users get active. For this reason, the load balance calculating code takes the number of users at a certain host into its calculation. The /vsmserver/existing_users_weight controls how important this factor is. A higher value of this parameter means the load balancing code will care less about a high number of users on a certain machine.
This parameter should normally not be changed, unless when fine-tuning the load balancing.
If this parameter is true, the VSM server will try to replicate information about sessions to the other VSM server node. See Chapter 6, High Availability (HA) for more information about ThinLinc in a High Availability configuration.
This parameter lists the hostnames of both nodes in a ThinLinc HA setup. The space-separated list should include the hostname of the current node. This means that vsmserver.hconf can be identical on both nodes.
The TCP port VSM Server listen to for incoming requests. This should normally be set to the same value as /vsm/vsm_server_port.
The number of seconds allowed for updating the load status in the entire cluster.
The maximum number of sessions allowed per user. 0 means no limit.
Integer, number of estimated MiB memory required for each session. A value of 8 is appropriate if only tl-run-windesk is used.
If this parameter is true, processes occupying the users' interval of forwarded ports will be killed at login. This means that if a user logs in twice to the same session, the second login will get working tunnel ports, if this parameter is true. The first session's tunnel ports will stop working. If the parameter is false, the first session will keep the ports.
Parameters in the /vsm/ folder are used by both the VSM agent and the VSM server. Neither of them need to be changed on a normal ThinLinc installation.
The tunnels setup by the client to access various resources (audio, serial port, network resources, local printer) need one port number each on the server running the VSM agent the client is connected to. This parameter decides the lowest such port that is allocated by the VSM agent. Each user has a port range defined by the formula /vsm/tunnel_bind_base + display-ID*10 + service_slot where the service_slot depends on which service will use the tunnel. This port range is however used only for sessions with display numbers less than 100. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
This parameter should normally not be changed.
There are several parameters under the /vsm/tunnelservices folder. Each one decides which ports are used at serverside termination points for the tunnels used to access client resources. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
None of these parameters should normally be changed.
The number of ports to reserve for tunnel port endpoints on the server. The number of ports actually used depends on the number of services defined under /vsm/tunnelservices/ . We recommend letting this parameter have its default value (10), since that provides a margin for future services. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
This parameter should normally not be changed and must not be changed whilst there are any running sessions.
The port base for VNC communication. The VNC protocol runs on one port per active user on the VSM agent host, and this is the base of the numbers used. That is, for the first user, the port will be /vsm/vnc_port_base + 1, for the second user /vsm/vnc_port_base + 2 and so on. This algorithm is used only for display numbers below 100. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.
This parameter should normally not be changed.
VSM agent communication. This is the port that the VSM server connects to on VSM Agents. This traffic is not encrypted.
This parameter should normally not be changed
The port that the VSM server listens to.
This parameter should normally not be changed
Parameters related to how ThinLinc connects to application servers, such as UNIX servers via the X Window system, or Windows Remote Desktop Servers using the RDP protocol, are stored under /appservergroups/ in the Hiveconf tree. There are two subfolders of /appservergroups/, rdp and x11. The rdp subfolder is used for settings related to connections to Windows Remote Desktop Servers. The x11 subfolder contains settings related to UNIX X11 and Linux servers. Each of the two subfolders have one or more subfolders. Each subfolder represents an application server group, a way of configuring what server a specific user should be connected to. The commands tl-run-unixapp, tl-run-winapp, tl-run-winapp-seamless, tl-run-windesk, and tl-run-rdesktop all take the parameter -G to choose which appserver group to connect to. If no -G parameter is given, they connect to the group named default.
The Windows NT domain to use.
The keyboard layout to use for connections to Windows Remote Desktop Servers. If no layout is specified, the appropriate keyboard layout will be determined automatically based on the session's locale settings.
Set this parameter to true to improve compatibility with servers that authenticate against Novell eDirectory.
Extra arguments for RDP connections to Windows Remote Desktop Servers. See the documentation for tl-run-rdesktop in Chapter 13, Commands on the ThinLinc Server for information about the possible values of this parameter.
True if printers should automatically be redirected to Windows Remote Desktop Servers. See Section 5.6, “ Printer Configuration on Windows Remote Desktop Servers ” for details.
A space-separated list of Windows Remote Desktop Servers to connect to using the RDP protocol. This list is read by tl-run-rdesktop (and associated commands) to decide which server to connect to. The server with the least load is chosen.
This parameter determines the sound system to use. If set to "esddsp", sound redirection using the "esddsp" wrapper will be enabled. A value of "padsp" uses the PulseAudio system instead. If "auto" is specified, "padsp" and "esddsp" are both tried, in that order. The empty string disables sound redirection.
A space-separated list of external UNIX servers to connect to when the tl-run-unixapp is called.
In the current release of ThinLinc, load balancing is not supported when connecting to UNIX servers, so only the first server in this list will be used.
True if X11 traffic should be encrypted via SSH.
The path to the xauth executable on the remote server. This is only used if use_ssh_encryption is false.
In this section, we will describe all the parameters currently used by the session startup scripts.
The initial color of the background that is set early during session startup. By default this is a dark blue color.
A PNG image used as the initial background. The image will always be scaled to cover the entire screen.
If the image contains transparency then the color set by background_color will shine through.
The default virtual keyboard layout used by Xvnc. The protocol is not dependent on this being configured, but some applications can misbehave if a different virtual layout is configured compared to the real keyboard layout on the client device.
A list of possible keyboard layouts is given from this command:
$ man /opt/thinlinc/share/man/man7/xkeyboard-config.7
For details of parameters in /tlwebadm/, see Section 17.2, “ Configuring tlwebadm ”
For details of parameters in /webaccess/, see Section 22.214.171.124.2, “ Configuration ”