ThinLinc Administrator's Guide for ThinLinc 4.12.0


Table of Contents

I. Introduction
1. Introduction
1.1. About the Documentation
1.2. Finding More Information
2. ThinLinc Architecture
2.1. Session Overview
II. Installation
3. Installation
3.1. Overview
3.2. Server Requirements
3.2.1. ThinLinc System and Software Requirements
3.2.2. Server Sizing
3.3. Preparing the Network for ThinLinc Installation
3.3.1. A Simple ThinLinc Setup
3.3.2. ThinLinc in a Novell Network
3.3.3. ThinLinc in a Windows Network
3.3.4. ThinLinc in a NAT/Split-DNS Environment
3.3.5. Using ThinLinc Web Access
3.3.6. Other Services Required by ThinLinc Servers
3.4. Installing the ThinLinc Remote Desktop Server
3.4.1. Starting the Installation Program
3.5. Upgrading an Old Installation
3.5.1. Upgrading a Cluster
3.5.2. New Licenses
3.5.3. Upgrading the Packages
3.5.4. Configuration Migration
3.6. SELinux enabled distributions
3.7. VirtualGL
3.7.1. Overview
3.7.2. Installation and configuration
4. License Handling
4.1. Overview
4.2. License Counting
4.3. Location and format of License Files
4.4. Log Files and E-mail Messages
4.5. Checking the Number of Valid Licenses
5. Printer Features
5.1. Overview of ThinLinc Printer Features
5.2. Printer Configuration Overview
5.2.1. CUPS Browsing
5.2.2. CUPS configuration on the Machine Running VSM Server
5.2.3. CUPS configuration on the Machine running VSM Agent
5.3. Local printer support
5.3.1. Theory of operation
5.3.2. Device independent mode
5.3.3. Device dependent mode
5.3.4. Installation and Configuration
5.3.5. Parallel port emulation
5.4. Nearest printer support
5.4.1. Administration of the Nearest Printer Feature in ThinLinc
5.4.2. Nearest Printer Selection Algorithm
5.4.3. Printer Drivers
5.5. Printer Access Control
5.5.1. Theory of Operation
5.5.2. Requirements
5.5.3. Activating the Printer Access Control Feature
5.5.4. Configuration
6. High Availability (HA)
6.1. Overview
6.1.1. Background - Reasons For a HA Setup
6.1.2. Solution - Elimination of Single Point of Failure
6.1.3. Theory of Operation
6.2. Configuration of ThinLinc for HA Operations
6.2.1. Installation of a New HA Cluster
6.2.2. Reconfiguring an existing ThinLinc Installation into HA mode
6.3. Recovering from hardware failures
6.3.1. Recovering from Minor Failures
6.3.2. Recovering from Catastrophic Failure
7. The ThinLinc Client
7.1. Client usage
7.1.1. The started ThinLinc client
7.1.2. Logging in to a ThinLinc server
7.1.3. Language Settings
7.1.4. The ThinLinc session life cycle
7.1.5. The session menu
7.2. Running the ThinLinc client from the command line
7.3. Local device export
7.3.1. Sound device
7.3.2. Serial ports (Windows and Linux only)
7.3.3. Drives
7.3.4. Printer
7.3.5. Smart Card Readers
7.4. Client configuration
7.4.1. Options tab
7.4.2. Local Devices tab
7.4.3. Screen tab
7.4.4. Optimization tab
7.4.5. Security tab
7.5. Client Touch Gestures
7.6. The XDM mode (Linux only)
7.7. Logfile placement
7.7.1. Linux log file
7.7.2. Windows log file
7.7.3. macOS log file
7.8. Client configuration storage
7.8.1. Overview and Parameters
7.8.2. Configuration Parameter Storage
7.8.3. Adding Custom Branding to the ThinLinc Client Login Window
7.9. Client Customizer
7.9.1. Introduction
7.9.2. Installation
7.9.3. Building a Customized Client
7.9.4. Adding SSH Host Keys to settings.reg
7.10. Launching the Client from a Web Page
7.10.1. Requirements
7.10.2. Installation
7.10.3. Usage
7.10.4. The CGI Script tlclient.cgi
7.11. Advanced Topics
7.11.1. Hardware Address Reporting
7.11.2. Client Update Notifications
8. Client Platforms
8.1. Windows
8.1.1. Requirements
8.1.2. Installing the Windows Client
8.1.3. Running the Windows Client
8.2. macOS
8.2.1. Requirements
8.2.2. Installing the macOS Client
8.2.3. Running the macOS Client
8.2.4. Command and Alt Keys on macOS
8.3. Linux PC
8.3.1. Requirements
8.3.2. Installing the Linux Client
8.3.3. Running the Linux Client
8.4. Thin Terminals
8.4.1. eLux-based Thin Terminals (Fujitsu Futro et. al.)
8.4.2. HP ThinPro Terminals
8.4.3. IGEL Universal Desktop
8.4.4. Other Thin Terminals
8.5. Running ThinLinc on a Thinstation terminal
8.5.1. Installing and Building the Package
8.5.2. Configuring the ThinLinc client when running on a Thinstation Terminal
9. ThinLinc Web Access
9.1. Overview
9.2. Requirements
9.3. Server Configuration
9.3.1. Certificates
9.4. Usage
9.4.1. Logging in to a ThinLinc server
9.4.2. The Toolbar
9.4.3. Extra Keys
9.4.4. Clipboard
9.4.5. Touch Gestures
9.4.6. Command and Alt Keys on macOS and iOS
10. Authentication in ThinLinc
10.1. Pluggable Authentication Modules
10.1.1. Configuration files for PAM
10.2. Limitations
10.3. Using Public Key Authentication
10.3.1. Introduction
10.3.2. Key Generation
10.3.3. Server Configuration
10.3.4. Client Configuration
10.4. Using Smart Card Public Key Authentication
10.4.1. Introduction
10.4.2. General Requirements
10.4.3. Key Generation
10.4.4. Server Configuration
10.4.5. Client Configuration
10.4.6. Automatic Connection
10.4.7. LDAP Automatic Update (tl-ldap-certalias)
10.5. Using One Time Passwords
10.5.1. Introduction
10.5.2. General Requirements
10.5.3. Configuration for RSA SecurID
11. File Access
11.1. Accessing Windows File Servers
11.1.1. Introduction
11.1.2. Requirements
11.1.3. Mounting and Unmounting Shares
11.2. Restricting write access to users home directory
11.2.1. Introduction
11.2.2. Activation
11.2.3. Configuration
11.2.4. Security Considerations and Limitations
III. Administration
12. Accessing Client Resources from the ThinLinc session
12.1. Accessing the Clients Local Drives
12.1.1. Introduction
12.1.2. Mounting and Unmounting Local Drives
12.1.3. Mounting Drives at Login
12.1.4. Limitations and additional information
12.2. Using Serial Port redirection
12.2.1. Introduction
12.2.2. Requirements
12.2.3. Enabling Serial Port Redirection
12.2.4. Accessing the redirected port from applications
12.2.5. Limitations and additional information
12.3. Using Sound Device Redirection
12.3.1. Introduction
12.3.2. Requirements
12.3.3. PulseAudio applications
12.3.4. OSS applications
12.3.5. ALSA applications
12.3.6. Choosing sound system
12.3.7. Limitations and additional information
12.4. Using Smart Card Redirection
12.4.1. Introduction
12.4.2. Requirements
12.4.3. Enabling Smart Card Redirection
12.4.4. Limitations and additional information
13. Commands on the ThinLinc Server
14. Server Configuration
14.1. Configuring ThinLinc Servers in a Cluster
14.1.1. Cluster Configuration
14.1.2. Cluster Management
14.2. Server Configuration Parameters
14.2.1. Parameters in /vsmagent/
14.2.2. Parameters in /vsmserver/
14.2.3. Parameters in /vsmserver/subclusters/
14.2.4. Parameters in /vsm/
14.2.5. Parameters in /sessionstart/
14.2.6. Parameters in /shadowing/
14.2.7. Parameters in /tlwebadm/
14.2.8. Parameters in /webaccess/
14.3. Configuring Logging on ThinLinc servers
14.3.1. ThinLinc server components
14.3.2. Per-Session Logging
14.4. Customizing the User's Session
14.4.1. Session startup - the big picture
14.4.2. Session startup on VSM Agent
14.4.3. Profiles and the standard xstartup.default file.
14.4.4. Session Startup with a Client Supplied Start Program
14.4.5. Configuring available profiles
14.4.6. Configuring different Linux Desktops based on the selected profile
14.4.7. Speeding up Session Startup
14.4.8. Configuring the language environment on the server based on the client language
14.5. Limiting Lifetime of ThinLinc Sessions
15. Shadowing
15.1. Introduction
15.2. Disable shadowing feature
15.3. Granting shadowing access to users
15.4. Shadowing notification
15.5. Shadowing a user session
16. Hiveconf
16.1. Overview
16.1.1. Basic Syntax
16.1.2. Tree Structure
16.1.3. Mounting Datasources
16.1.4. Hostwide Configuration
16.1.5. Hiveconf Tools
16.2. Hiveconf and ThinLinc
16.2.1. The ThinLinc Configuration Tool - tl-config
17. Administration of ThinLinc using the Web Administration Interface
17.1. Introduction
17.2. Modules
17.2.1. The System Health Module
17.2.2. The Status Module
17.2.3. The VSM Module
17.2.4. The Profiles Module
17.2.5. The Locations Module
17.2.6. The Desktop Customizer Module
18. Building Custom Linux Desktops with the ThinLinc Desktop Customizer
18.1. Introduction
18.2. Using the ThinLinc Desktop Customizer
18.2.1. Concepts
18.2.2. Using the ThinLinc Desktop Customizer
18.2.3. Handling Applications
18.2.4. Defining a Menu Structure
18.2.5. Defining Application Groups
18.2.6. Distribute Configuration to all agent hosts
18.3. Enabling the Custom Desktops for users
18.4. Tips & Tricks with TLDC
18.4.1. Unwanted Icons on the Desktop with KDE
18.4.2. File Associations for Applications Not In the Menu
18.4.3. Home Icon not Working in KDE?
IV. Appendixes
A. TCP Ports Used by ThinLinc
A.1. On Machine Running VSM Server
A.2. On Machine Running VSM Agent
B. Troubleshooting ThinLinc
B.1. General troubleshooting method
B.2. Troubleshooting Specific Problems
B.2.1. Problems Where the Client Reports an Error
B.2.2. Problems that Occur After Session Start
C. Restricting access to ThinLinc servers
C.1. Disabling SSH access
C.2. Disabling shell access
C.2.1. Changing the configured shell
C.2.2. Using ForceCommand
C.3. Disabling port forwarding
C.3.1. Disabling remote port forwarding
C.4. Disabling clipboard
C.5. Disabling local drives
D. GnuTLS priority strings
D.1. Standard configuration
D.1.1. Cipher suites
D.1.2. Protocols
D.1.3. Ciphers
D.1.4. MACs
D.1.5. Key Exchange Algorithms
D.1.6. Groups
D.1.7. PK-signatures
D.2. Available algorithms
D.2.1. Cipher suites
D.2.2. Certificate types
D.2.3. Protocols
D.2.4. Ciphers
D.2.5. MACs
D.2.6. Digests
D.2.7. Key exchange algorithms
D.2.8. Compression
D.2.9. Groups
D.2.10. Public Key Systems
D.2.11. PK-signatures

List of Figures

2.1. The System Architecture of ThinLinc
3.1. A Simple ThinLinc Setup
3.2. ThinLinc in a Novell Network
3.3. ThinLinc in a Windows Network
3.4. ThinLinc in a NAT/Split-DNS Environment
5.1. Printer Configuration Overview
6.1. A non-HA ThinLinc cluster setup
6.2. A ThinLinc HA cluster setup
7.1. The ThinLinc client login window
7.2. The ThinLinc client session selection window
7.3. Client settings Options tab
7.4. Client settings Local Devices tab
7.5. Sound system selection interface
7.6. Serial port selection interface
7.7. Local drive export selection interface
7.8. Printer options dialog
7.9. Client settings Screen tab
7.10. Client settings Optimization tab
7.11. Client settings Security tab
7.12. Smart card authentication settings
7.13. Certificate filter settings
9.1. ThinLinc Web Access Login
9.2. ThinLinc Web Access Toolbar
9.3. ThinLinc Web Access Extra Keys
9.4. ThinLinc Web Access Clipboard Dialog
14.1. Session Startup Procedure - on VSM Server.
14.2. Session Startup Procedure - on VSM Agent
14.3. The ThinLinc profiles and xstartup.default
17.1. Subclusters
17.2. New subcluster form
17.3. Terminals
17.4. New terminal form
17.5. New Location Form
17.6. Location Details With Printer
18.1. ThinLinc Desktop Customizer Concepts
B.1. The General Troubleshooting Method

List of Tables

14.1. Log Levels
14.2. Default Log Behaviour
17.1. Terminal properties

List of Examples

7.1. Installing Web Integration configuration
7.2. Installing Web Integration configuration to a custom httpd directory
7.3. Installing Web Integration configuration with a custom file name