14.2.  Server Configuration Parameters

The ThinLinc server is configured using a number of configuration parameters stored in Hiveconf. For information about how to access and set the parameters, please refer to Chapter 16, Hiveconf . In this chapter, we will describe the different parameters and their meaning.

The parameters used in ThinLinc are divided into a number of folders, each having zero or more subfolders. The following folders exist:

14.2.1.  Parameters in /vsmagent/

In this section, we will describe all the parameters currently used by the VSM agent.

/vsmagent/agent_hostname

Public hostname; the hostname that clients are redirected to. If not defined, the agent will use the computer's IP address. This is the default configuration, and means that ThinLinc does not require DNS to work properly. However, if you are using Network Address Translation (NAT), you must set this parameter to a IP address or DNS name that all clients can connect to. Example:

agent_hostname = thinlinc.example.com

/vsmagent/allowed_clients

This is the space-separated list of VSM servers that should be allowed to connect to this VSM agent and create new sessions. The localhost is always allowed as well as the IP of the hostname the VSM agent runs on, and the host specified in the /vsmagent/master_hostname/ parameter.

/vsmagent/default_environment

This subfolder of /vsmagent contains environment variables that should be set in each user's session. Example:

[/vsmagent/default_environment]
TOWN=Springfield
LC_CTYPE=sv_SE.UTF-8
FOOBAR=foobar

This will set the TOWN environment variable to Springfield , the LC_CTYPE variable to sv_SE.UTF-8 and the FOOBAR variable to foobar in each user's session.

Note

xsession is executed via a login shell, which may modify the environment and override values in [/vsmagent/default_environment].

/vsmagent/default_geometry

The default session size, to be used when clients are not requesting any specific session size.

/vsmagent/display_max

The maximum display number to be used for ThinLinc sessions on each specific VSM agent host. Default value is 2000.

The maximum ThinLinc sessions allowed on a specific VSM Agent host is /vsmagent/display_max - /vsmagent/display_min .

/vsmagent/display_min

The lowest display numbers to use for clients. The default is 1, and unless there are other processes needing display numbers, the recommendation is not to change this number. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

/vsmagent/listen_port

The TCP port VSM Agent listen to for incoming requests. This should normally be set to the same value as /vsm/vsm_agent_port.

/vsmagent/lowest_user_port

The lowest port to be used by normal user processes. This may never be lower than /vsmagent/max_session_port . See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

/vsmagent/make_homedir

If this parameter is true, the users home directory will be automatically created if it doesn't exist.

/vsmagent/make_homedir_mode

When a home directory is created (see parameter /vsmagent/make_homedir above), the mode for the newly created directory will be determined by this parameter.

/vsmagent/master_hostname

This parameter specifies the hostname of the master machine, i.e. the machine that runs the VSM server. In a HA setup, this should be the hostname of the IP address that is on the machine that is currently the active node, to ensure that services on the agents that need to access the VSM Server always connects to the machine that is up and running.

/vsmagent/max_session_port

The highest port to use for VNC and tunnel ports on the VSM Agent. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

/vsmagent/single_signon

This parameter decides whether the passwords of the users should be saved in order to support Single Sign-On when connecting to servers from the ThinLinc session, for example when running a Windows session.

/vsmagent/xserver_args

Extra arguments to pass on to the Xserver Xvnc. One common case is to use -localhost , which makes Xvnc require connections to originate from localhost, thus forcing applications to either be local or use a tunnel (which often also means that the traffic is encrypted). Other examples include -IdleTimeout and -MaxIdleTime. For more information, see Section 14.5, “ Limiting Lifetime of ThinLinc Sessions ”.

/vsmagent/xauthority_location

This parameter controls the location of the Xauthority file. Currently, two values are supported: With "homedir", the file will be placed in the users home directory. With "sessiondir", the file will be placed in the session directory below /var/opt/thinlinc/sessions. The XAUTHORITY environment variable is set accordingly by the VSM agent.

14.2.2.  Parameters in /vsmserver/

In this section, we will describe all the parameters currently used by the VSM server.

/vsmserver/admin_email

The administrator's email address. This is where warnings about overuse of Licenses are sent, among with other administrative messages. Make sure this is a valid address.

/vsmserver/allowed_clients

A space-separated list of hosts from which privileged operations are allowed. The default (empty) allows localhost to do this. Privileged operations are for example to deactivate a session, something that should be allowed by the host running the ThinLinc Web Administration service.

/vsmserver/allowed_groups

ThinLinc access can be limited to certain groups. If the allowed_groups space-separated list is empty, all users are accepted. Otherwise, the user must be a member of the groups listed below, to be able to use ThinLinc. Example:

 allowed_groups = students teachers
            

/vsmserver/allowed_shadowers

A space-separated list of users that are allowed to shadow other users. Please note that these users will gain full access to other users' sessions. See Chapter 15, Shadowing for more information.

/vsmserver/explicit_agentselection

This parameter is a space-separated list which presents a way to force the sessions created for certain users or groups to always be created on specific agent hosts. See Section 14.4.9, “ Forcing sessions for some users to certain agent hosts ” for more information.

/vsmserver/terminalservers

All ThinLinc machines part of this ThinLinc cluster. This should be a space-separated list of DNS host names. These will be used for communication between the server and the agent. The names reported to clients are fetched from the agent itself; names in /vsmserver/terminalservers are not reported directly to clients.

/vsmserver/bogomips_per_user

Estimated bogomips required for each user.

/vsmserver/existing_users_weight

This parameter decides the importance of the amount of logged in users on a VSM agent host when calculating load balance parameters. A host with low load, but a lot of users, is generally more likely to get a higher load within short time when the users get active. For this reason, the load balance calculating code takes the number of users at a certain host into its calculation. The /vsmserver/existing_users_weight controls how important this factor is. A higher value of this parameter means the load balancing code will care less about a high number of users on a certain machine.

Note

This parameter should normally not be changed, unless when fine-tuning the load balancing.

/vsmserver/HA/enabled

If this parameter is true, the VSM server will try to replicate information about sessions to the other VSM server node. See Chapter 6, High Availability (HA) for more information about ThinLinc in a High Availability configuration.

/vsmserver/HA/nodes

This parameter lists the hostnames of both nodes in a ThinLinc HA setup. The space-separated list should include the hostname of the current node. This means that vsmserver.hconf can be identical on both nodes.

/vsmserver/listen_port

The TCP port VSM Server listen to for incoming requests. This should normally be set to the same value as /vsm/vsm_server_port.

/vsmserver/load_update_cycle

The number of seconds allowed for updating the load status in the entire cluster.

/vsmserver/max_sessions_per_user

The maximum number of sessions allowed per user. 0 means no limit.

/vsmserver/ram_per_user

Integer, number of estimated MiB memory required for each session. A value of 8 is appropriate if only tl-run-windesk is used.

/vsmserver/unbind_ports_at_login

If this parameter is true, processes occupying the users' interval of forwarded ports will be killed at login. This means that if a user logs in twice to the same session, the second login will get working tunnel ports, if this parameter is true. The first session's tunnel ports will stop working. If the parameter is false, the first session will keep the ports.

14.2.3.  Parameters in /vsm/

Parameters in the /vsm/ folder are used by both the VSM agent and the VSM server. Neither of them need to be changed on a normal ThinLinc installation.

/vsm/tunnel_bind_base

The tunnels setup by the client to access various resources (audio, serial port, network resources, local printer) need one port number each on the server running the VSM agent the client is connected to. This parameter decides the lowest such port that is allocated by the VSM agent. Each user has a port range defined by the formula /vsm/tunnel_bind_base + display-ID*10 + service_slot where the service_slot depends on which service will use the tunnel. This port range is however used only for sessions with display numbers less than 100. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

Note

This parameter should normally not be changed.

/vsm/tunnelservices/

There are several parameters under the /vsm/tunnelservices folder. Each one decides which ports are used at serverside termination points for the tunnels used to access client resources. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

Note

None of these parameters should normally be changed.

/vsm/tunnelslots_per_session

The number of ports to reserve for tunnel port endpoints on the server. The number of ports actually used depends on the number of services defined under /vsm/tunnelservices/ . We recommend letting this parameter have its default value (10), since that leaves for further services and easy live upgrades of ThinLinc. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

/vsm/vnc_port_base

The port base for VNC communication. The VNC protocol runs on one port per active user on the VSM agent host, and this is the base of the numbers used. That is, for the first user, the port will be /vsm/vnc_port_base + 1, for the second user /vsm/vnc_port_base + 2 and so on. This algorithm is used only for display numbers below 100. See Appendix A, TCP Ports Used by ThinLinc for an in-depth explanation of port allocation.

Note

This parameter should normally not be changed.

/vsm/vsm_agent_port

VSM agent communication. This is the port that the VSM server connects to on VSM Agents. This traffic is not encrypted.

Note

This parameter should normally not be changed

/vsm/vsm_server_port

The port that the VSM server listens to.

Note

This parameter should normally not be changed

14.2.4.  Parameters in /appservergroups/

Parameters related to how ThinLinc connects to application servers, such as UNIX servers via the X Window system, or Windows Remote Desktop Servers using the RDP protocol, are stored under /appservergroups/ in the Hiveconf tree. There are two subfolders of /appservergroups/, rdp and x11. The rdp subfolder is used for settings related to connections to Windows Remote Desktop Servers. The x11 subfolder contains settings related to UNIX X11 and Linux servers. Each of the two subfolders have one or more subfolders. Each subfolder represents an application server group, a way of configuring what server a specific user should be connected to. The commands tl-run-unixapp, tl-run-winapp, tl-run-winapp-seamless, tl-run-windesk, and tl-run-rdesktop all take the parameter -G to choose which appserver group to connect to. If no -G parameter is given, they connect to the group named default.

/appservergroups/rdp/<appgroup>/domain

The Windows NT domain to use.

/appservergroups/rdp/<appgroup>/keyboard_layout

The keyboard layout to use for connections to Windows Remote Desktop Servers. If no layout is specified, the appropriate keyboard layout will be determined automatically based on the session's locale settings.

/appservergroups/rdp/<appgroup>/novell

Set this parameter to true to improve compatibility with servers that authenticate against Novell eDirectory.

/appservergroups/rdp/<appgroup>/rdesktop_args

Extra arguments for RDP connections to Windows Remote Desktop Servers. See the documentation for tl-run-rdesktop in Chapter 13, Commands on the ThinLinc Server for information about the possible values of this parameter.

/appservergroups/rdp/<appgroup>/redirect_printers

True if printers should automatically be redirected to Windows Remote Desktop Servers. See Section 5.6, “ Printer Configuration on Windows Remote Desktop Servers ” for details.

/appservergroups/rdp/<appgroup>/servers

A space-separated list of Windows Remote Desktop Servers to connect to using the RDP protocol. This list is read by tl-run-rdesktop (and associated commands) to decide which server to connect to. The server with the least load is chosen.

/appservergroups/rdp/<appgroup>/sound

This parameter determines the sound system to use. If set to "esddsp", sound redirection using the "esddsp" wrapper will be enabled. A value of "padsp" uses the PulseAudio system instead. If "auto" is specified, "padsp" and "esddsp" are both tried, in that order. The empty string disables sound redirection.

/appservergroups/x11/<appgroup>/servers

A space-separated list of external UNIX servers to connect to when the tl-run-unixapp is called.

Note

In the current release of ThinLinc, load balancing is not supported when connecting to UNIX servers, so only the first server in this list will be used.

/appservergroups/x11/<appgroup>/use_ssh_encryption

True if X11 traffic should be encrypted via SSH.

/appservergroups/x11/<appgroup>/xauth_path

The path to the xauth executable on the remote server. This is only used if use_ssh_encryption is false.

14.2.5.  Parameters in /sessionstart/

In this section, we will describe all the parameters currently used by the session startup scripts.

/sessionstart/background_color

The initial color of the background that is set early during session startup. By default this is a dark blue color.

/sessionstart/background_image

A PNG image used as the initial background. The image will always be scaled to cover the entire screen.

If the image contains transparency then the color set by background_color will shine through.

/sessionstart/keyboard_layout

The default virtual keyboard layout used by Xvnc. The protocol is not dependent on this being configured, but some applications can misbehave if a different virtual layout is configured compared to the real keyboard layout on the client device.

A list of possible keyboard layouts is given from this command:

$ man /opt/thinlinc/share/man/man7/xkeyboard-config.7

14.2.6.  Parameters in /tlwebadm/

For details of parameters in /tlwebadm/, see Section 17.2, “ Configuring tlwebadm ”

14.2.7.  Parameters in /webaccess/

For details of parameters in /webaccess/, see Section 8.6.3.1.2, “ Configuration ”