The ThinLinc Administrator’s Guide

Version 4.17.0

Introduction

• Introduction
  • About the Documentation
  • Finding More Information
• ThinLinc Architecture
  • Session Overview

Installation

• Installation
  • Server Requirements
    • ThinLinc System and Software Requirements
    • Server Sizing
  • Preparing the Network for ThinLinc Installation
    • A Simple ThinLinc Setup
    • ThinLinc in a Novell Network
    • ThinLinc in a Windows Network
    • ThinLinc in a NAT/Split-DNS Environment
    • Using ThinLinc Web Access
    • Other Services Required by ThinLinc Servers
  • Installing the ThinLinc Remote Desktop Server
    • Verifying the server RPM
    • Starting the Installation Program
    • Run ThinLinc administration commands using sudo
  • Upgrading an Old Installation
    • Upgrading a Cluster
    • New Licenses
    • Upgrading the Package
    • Configuration Migration
  • SELinux enabled distributions
  • VirtualGL
    • Overview
    • Installation and configuration
• License Handling
  • Overview
  • License Counting
  • Location and format of License Files
  • Log Files and E-mail Messages
  • Checking the Number of Valid Licenses
• Printer Features
  • Printer Configuration Overview
    • CUPS Browsing
    • CUPS configuration on the Machine Running VSM Server
    • CUPS configuration on the Machine running VSM Agent
  • Local printer support
    • Theory of operation
    • Device independent mode
    • Device dependent mode
    • Installation and Configuration
    • Parallel port emulation
  • Nearest printer support
    • Administration of the Nearest Printer Feature in ThinLinc
    • Nearest Printer Selection Algorithm
    • Printer Drivers
  • Printer Access Control
    • Theory of Operation
    • Requirements
    • Activating the Printer Access Control Feature
    • Configuration
• High Availability (HA)
  • High Availability Overview
    • Background - Reasons For a HA Setup
    • Solution - Elimination of Single Point of Failure
    • Theory of Operation
  • Configuration of ThinLinc for HA Operations
    • Installation of a New HA Cluster
    • Reconfiguring an existing ThinLinc Installation into HA mode
  • Recovering from hardware failures
    • Recovering from Minor Failures
    • Recovering from Catastrophic Failure
• The ThinLinc Client
  • Client usage
    • The started ThinLinc client
    • Logging in to a ThinLinc server
    • Language Settings
    • The ThinLinc session life cycle
    • The session menu
  • Running the ThinLinc client from the command line
    • Description of available command line arguments
  • Local device export
    • Sound device
    • Serial ports (Windows and Linux only)
    • Drives
    • Printer
    • Smart Card Readers
  • Client configuration
    • Display tab
    • Local Devices tab
    • Optimization tab
    • Security tab
    • Advanced tab
  • Client Touch Gestures
  • The XDM mode (Linux only)
  • Logfile placement
    • Linux log file
    • Windows log file
    • macOS log file
  • Client configuration storage
    • Configuration Format
    • Alternative Files
    • Linux Client Configuration Files
    • macOS Client Configuration Files
    • Windows Client Configuration
  • Adding Custom Branding to the ThinLinc Client Login Window
  • Client Customizer
    • Introduction
    • Installation
    • Building a Customized Client
    • Adding SSH Host Keys
  • Launching the Client from a Web Page
    • Requirements
    • Installation
    • Usage
    • The CGI Script tlclient.cgi
  • Advanced Topics
    • Hardware Address Reporting
    • Client Update Notifications
• Client Platforms
  • Windows
    • Requirements
    • Installing the Windows Client
    • Running the Windows Client
  • macOS
    • Requirements
    • Installing the macOS Client
    • Running the macOS Client
    • Command and Alt Keys on macOS
  • Linux PC
    • Requirements
    • Verifying the client RPMs
    • Installing the Linux Client
    • Running the Linux Client
  • Thin Terminals
    • HP ThinPro Terminals
    • IGEL Universal Desktop
    • Other Thin Terminals
  • Running ThinLinc on a ThinStation terminal
    • Installing and Building the Package
    • Configuring the ThinLinc client when running on a ThinStation Terminal
• ThinLinc Web Access
  • Requirements
  • Server Configuration
    • Certificates
  • Usage
    • Logging in to a ThinLinc server
    • The Toolbar
    • Extra Keys
    • Clipboard
    • Touch Gestures
    • Command and Alt Keys on macOS and iOS
• Authentication in ThinLinc
  • Pluggable Authentication Modules
    • Configuration files for PAM
  • Limitations
  • Using Public Key Authentication
    • Introduction
    • Key Generation
    • Server Configuration
    • Client Configuration
  • Using Smart Card Public Key Authentication
    • Introduction
    • General Requirements
    • Key Generation
    • Server Configuration
    • Client Configuration
    • Automatic Connection
    • LDAP Automatic Update (tl-ldap-certalias)
  • Using One Time Passwords
    • Introduction
    • General Requirements
    • Configuration for RSA SecurID
• File Access
  • Restricting write access to users home directory
    • Introduction
    • Activation
    • Configuration
    • Security Considerations and Limitations

Administration

• Accessing Client Resources from the ThinLinc session
  • Accessing the Clients Local Drives
    • Introduction
    • Mounting and Unmounting Local Drives
    • Mounting Drives at Login
    • Limitations and additional information
  • Using Serial Port redirection
    • Introduction
    • Requirements
    • Enabling Serial Port Redirection
    • Accessing the redirected port from applications
    • Limitations and additional information
  • Using Sound Device Redirection
    • Introduction
    • Requirements
    • PulseAudio applications
    • OSS applications
    • ALSA applications
    • Choosing sound system
    • Limitations and additional information
  • Using Smart Card Redirection
    • Introduction
    • Requirements
    • Enabling Smart Card Redirection
    • Limitations and additional information
• Server Configuration
  • Configuring ThinLinc Servers in a Cluster
    • Cluster Configuration
    • Keeping agent configuration synchronized in a cluster
    • Stopping new session creation on select agents in a cluster
  • Configuring Logging on ThinLinc servers
    • ThinLinc server components
    • Per-Session Logging
  • Customizing the User’s Session
    • Session startup - the big picture
    • Session startup on VSM Agent
    • Profiles and the standard xstartup.default file
    • Session Startup with a Client Supplied Start Program
    • Configuring available profiles
    • Configuring different Linux Desktops based on the selected profile
    • Speeding up Session Startup
    • Configuring the language environment on the server based on the client language
  • Limiting Lifetime of ThinLinc Sessions
• Shadowing
  • Introduction
  • Disable shadowing feature
  • Granting shadowing access to users
  • Shadowing notification
  • Shadowing a user session
• Hiveconf
  • Overview
    • Basic Syntax
    • Tree Structure
    • Mounting Datasources
    • Hostwide Configuration
    • Hiveconf Tools
  • Hiveconf and ThinLinc
    • The ThinLinc Configuration Tool
• Command Line
  • Managing Sessions
  • Notifying Users
  • Cluster Load
• Administration of ThinLinc using the Web Administration Interface
  • Introduction
  • Modules
    • The System Health Module
    • The Status Module
    • The VSM Module
    • The Profiles Module
    • The Locations Module
    • The Desktop Customizer Module
• Building custom Linux desktops with the ThinLinc Desktop Customizer
  • Introduction
  • Using the ThinLinc Desktop Customizer
    • Concepts
    • Using the ThinLinc Desktop Customizer
    • Handling Applications
    • Defining a Menu Structure
    • Defining Application Groups
    • Distribute configuration to all agent hosts
  • Enabling the custom desktops for users
  • Tips & Tricks with TLDC
    • Unwanted icons on the desktop with KDE
    • File associations in KDE for applications not in the menu
    • Home Icon not working in KDE

Appendixes

• Commands on the ThinLinc Server
  • tl-config
    • Synopsis
    • Description
    • Options
    • Examples
  • tl-desktop-restore
    • Synopsis
    • Description
  • tl-disconnect
    • Synopsis
    • Description
  • tl-env
    • Synopsis
    • Description
    • Options
  • tl-memberof-group
    • Synopsis
    • Description
    • Exit status
    • Examples
  • tl-mount-localdrives
    • Synopsis
    • Description
    • Options
    • Notes
    • See also
  • tl-session-param
    • Synopsis
    • Description
    • Options
    • Examples
  • tl-single-app
    • Synopsis
    • Description
    • Examples
  • tl-sso-password
    • Synopsis
    • Description
    • Options
    • See also
  • tl-sso-token-passphrase
    • Synopsis
    • Description
    • Options
    • See also
  • tl-sso-update-password
    • Synopsis
    • Description
  • tl-umount-localdrives
    • Synopsis
    • Description
    • Options
    • Notes
    • See also
  • tl-while-x11
    • Synopsis
    • Description
  • tlctl
    • Synopsis
    • Description
    • Options
    • Commands
  • tlctl load
    • Synopsis
    • Description
    • Options
    • Commands
  • tlctl session
    • Synopsis
    • Description
    • Options
    • Commands
  • tl-gen-auth
    • Synopsis
    • Description
  • tl-ldap-certalias
    • Synopsis
    • Description
    • Options
  • tl-notify
    • Synopsis
    • Description
    • Options
  • tl-rsync-all
    • Synopsis
    • Description
    • Examples
    • See also
  • tl-setup
    • Synopsis
    • Description
    • Options
  • tl-show-licenses
    • Synopsis
    • Description
  • tl-ssh-all
    • Synopsis
    • Description
    • See also
  • tl-support
    • Synopsis
    • Description
    • Options
• Server Configuration Parameters
  • Parameters in /profiles/
  • Parameters in /tlwebadm/
  • Parameters in /sessionstart/
  • Parameters in /shadowing/
  • Parameters in /utils/
    • Parameters in /utils/tl-desktop-customizer/
    • Parameters in /utils/tl-ldap-certalias/
    • Parameters in /utils/tl-mount-localdrives/
  • Parameters in /vsm/
  • Parameters in /vsmagent/
  • Parameters in /vsmserver/
  • Parameters in /vsmserver/subclusters/
  • Parameters in /webaccess/
• Client Configuration Parameters
• TCP Ports Used by ThinLinc
  • On Machine Running VSM Server
  • On Machine Running VSM Agent
• Troubleshooting ThinLinc
  • General troubleshooting method
  • Troubleshooting Specific Problems
    • Problems Where the Client Reports an Error
    • Problems that Occur After Session Start
• Restricting access to ThinLinc servers
  • Disabling SSH access
  • Disabling shell access
    • Changing the configured shell
    • Using ForceCommand
  • Disabling port forwarding
    • Disabling remote port forwarding
  • Disabling clipboard
  • Disabling local drives
• GnuTLS priority strings
  • Standard configuration
    • Cipher suites
    • Protocols
    • Ciphers
    • MACs
    • Key Exchange Algorithms
    • Groups
    • PK-signatures
  • Available algorithms
    • Cipher suites
    • Certificate types
    • Protocols
    • Ciphers
    • MACs
    • Digests
    • Key exchange algorithms
    • Compression
    • Groups
    • Public Key Systems
    • PK-signatures