MetaFrame Presentation Server for UNIX Administrator’s Guide

Citrix® MetaFrame® Presentation Server 4.0 for UNIX® Operating Systems Solaris SPARC®, HP-UX®, and AIX®

Citrix Systems, Inc.

Copyright and Trademark Notice Use of the product documented in the guide is subject to your prior acceptance of the End User License Agreement. A copy of the End User License Agreement is included in the root directory of the MetaFrame server CD-ROM. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc. © 1999-2005 Citrix Systems, Inc. All rights reserved. Citrix, Independent Computing Architecture (ICA), MetaFrame, MetaFrame XP, and Program Neighborhood are registered trademarks and SpeedScreen is a trademark of Citrix Systems, Inc. in the U.S.A. and other countries. Trademark Acknowledgements UNIX is a registered trademark of The Open Group in the U.S.A. and other countries. Solaris is a trademark of Sun Microsystems, Inc. in the U.S.A. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. HP-UX is a registered trademark of Hewlett-Packard Company. AIX is a registered trademark of International Business Machines Corporation. XV. Copyright 1994 by John Bradley. All rights reserved. RSA Encryption © 1996-1997 RSA Security Inc., All Rights Reserved. Portions of this documentation that relate to Globetrotter, Macrovision, and FLEXlm are copyright © 2005 Macrovision Corporation. All rights reserved. Globetrotter, Macrovision, and FLEXlm are trademarks and/or registered trademarks of Macrovision Corporation. All other trademarks and registered trademarks are the property of their owners. All other Trade Names referred to are the Servicemark, Trademark, or Registered Trademark of the respective manufacturers. Portions of the files libctwm_st.a, libctwm_st.0, and libctwm_st.so.1 are additionally copyright as follows: 1988 by Evans & Sutherland Computer Corporation, Salt Lake City, Utah; 1989 by the Massachusetts Institute of Technology, Cambridge, Massachusetts All Rights Reserved; 1992 Claude Lecommandeur; and 1987-1996 X Consortium. Portions of the files libsslsdk_b.so.1.1, libsslsdk_b.1.1, and libsslsdk_b.so.1.1 are additionally copyright as follows: 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved; and 1999 The OpenSSL Project. All rights reserved. Portions of the files libfreetype.a, libfreetype.sl.9.6, and libfreetype.so.6.3.6 are additionally copyright as follows: 2002, 2003, 2004 by Roberto Alameda; 1985, 1986, 1992, 1993 The Regents of the University of California. All rights reserved; 20002001, 2002, 2003, 2004 Catharon Productions Inc.; 1996-2004 by David Turner, Robert Wilhelm, and Werner Lemberg, portions written by Graham Asher <graham.asher@btinternet.com>; 1996-2001, 2004 by Just van Rossum, David Turner, Robert Wilhelm, and Werner Lemberg; 2003 by Masatake YAMATO, Redhat K.K; and 2000-2004 by Francesco Zappa Nardelli. Portions of the files libctxXtwa.a, libctxXtw.sl.0, and libctxXtw.so.1 are additionally copyrights as follows: 1988,1991 Adobe Systems Incorporated. All rights reserved; 1998-1999 Shunsuke Akiyama <akiyama@jp.FreeBSD.org>, All rights reserved; 1998-1999 X-TrueType Server Project, All rights reserved;1985-1987, 1991, 1993, The Regents of the University of California, All rights reserved.; 1989- 1991, Bitstream Inc., Cambridge, MA.; 1998-2003 by Juliusz Chroboczek; 2003, 2004 After X-TT Project, All rights reserved; 1997 by Mark Leisher; 1998 Go Watanabe, All rights reserved; 1998 Kazushi (Jam) Marukawa, All rights reserved; 1998 Takuya SHIOZAKI, All rights reserved; 1989, 1990, 1991, 1995 Network Computing Devices, Inc. Mountain View CA; 1987 by Digital Equipment Corporation; 1991, 1993 by Digital Equipment Corporation, Maynard,

Massachusetts, and Olivetti Research Limited, Cambridge, England. All Rights Reserved; 1994 Quarterdeck Office Systems. All Rights Reserved; 1992, 1993 Data General Corporation; 1992, 1993 OMRON Corporation; 1996-2004 by David Turner, Robert Wilhelm, and Werner Lemberg, Modified for XFree86; 1986-1988, 1994, 1995 Hewlett-Packard Company; International Business Machines Corp. 1991. All Rights Reserved; Lexmark International, Inc. 1991. All Rights Reserved; 1993, 1994 NCR Corporation - Dayton, Ohio, USA, All Rights Reserved; 1986-2001 The Open Group; 1990,91 by Thomas Roell, Dinkelscherben, Germany; 1994-2000 Silicon Graphics, Inc. All Rights Reserved; 1987, 1991 by Sun Microsystems, Inc. Mountain View, CA. All Rights Reserved; 1994 Vrije Universiteit Amsterdam, Netherlands. All Rights Reserved; and 1998-2002 The XFree86 Project, Inc. All Rights Reserved. Portions of the file ctxcapture are additionally copyright as follows: 1994 Hewlett-Packard Co.; and 1996 X Consortium. Portions of the ctxload are additionally copyright as follows: 1987-1996 X Consortium. Portions of the files libXpm.a, libXpm_st.a, libXpm.2, libXpm_st.s, libXpm.so.3, and libXpm_st.so.3 are additionally copyright as follows: 1989-95 GROUPE BULL. Portions of the files libctxos.0, libctxos_st.0, libctxos.a, libctxos_st.a, libctxos.so.1, libctxos_st.so.1, and confDBGen are additionally copyright as follows: 1994, 1996 IBM Corporation All rights reserved. In addition to the license terms of the EULA, the above-specified files are distributed subject to license terms specifically described in the file Third Party Attributions.pdf, included with the documentation of this product. Last updated: May 4, 2005 (ER)

Contents 5

Contents
Chapter 1 Welcome to MetaFrame Presentation Server for UNIX
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 UNIX Command-Line Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Getting Service and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Introducing MetaFrame Presentation Server for UNIX . . . . . . . . . . . . . . . . . . . . . 17 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 What’s New in Version 4.0?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Getting Started Quickly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 2

Deploying MetaFrame Presentation Server for UNIX
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Before You Begin Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Minimum Machine Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 UNIX Operating System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Citrix SSL Relay Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Euro Currency Symbol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Installing MetaFrame Presentation Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Creating the Administrator Users and Group. . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Installing MetaFrame Presentation Server Using the Installer Script . . . . . . . . 30 Performing an Unattended Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Setting the Paths to MetaFrame Presentation Server Commands. . . . . . . . . . . . . . 36 Configuring User Access to Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Configuring Administrator Access to Commands. . . . . . . . . . . . . . . . . . . . . . . 37 Setting the Path to the man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Starting and Stopping MetaFrame Presentation Server. . . . . . . . . . . . . . . . . . . . . . 38 Starting MetaFrame Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Stopping MetaFrame Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Identifying the Servers in a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Moving a Server to a Different Farm . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Multiple Farms and Subnet Considerations . . . . . . . . . . . . . . . . 55 Chapter 4 Licensing MetaFrame Presentation Server for UNIX Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 About Server Farms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 MetaFrame Presentation Server for UNIX Administrator’s Guide About Client Keyboard Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 About MetaFrame Access Suite Licensing . . . . . . 52 Troubleshooting Joining a Server Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Chapter 3 Introducing Server Farms Overview . . . . . . . . . . . . . . . . . . . . 48 Server Farm Components . . . . . . . . . . . . . . . . . . . . . . . 42 Reinstalling MetaFrame Presentation Server . . . . . . . . . . . 48 Communication Between Servers in a Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Configuring Non-English Keyboard Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Renaming a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 What To Do Next . . . . . . . . . . . . . . . . . . . . . . 63 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Licensing MetaFrame Presentation Server for UNIX: An Overview. . . . . . . . . . . 41 Removing MetaFrame Presentation Server. . . . . . . . . . . . . . 58 Coexisting with Earlier Citrix Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Configuring MetaFrame Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Why Publish Applications? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 What To Do Next . . . . . . . . . . . . . . . . . . . . . . . . . 50 Integrating With Other Citrix Servers . . . . . . . . . . . . . . . . 59 Configuring Communication with the License Server . . . . . . . . . . . 53 Removing a Server From a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 About Published Applications . . . . . . . . . . . . . 62 Publishing Applications for Explicit or Anonymous Use . . . . . . . . . . . . . . . . . 59 Chapter 5 Publishing Applications and Desktops Overview . . . . . . . . . . . . . . . . 51 Joining a Server Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Creating a Server Farm . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . and Sessions Overview . . 74 Changing the Settings of a Published Application. . . . . . . . . . . . 92 Disconnecting a Session . . . . . . . . . . . . 71 Publishing an Application to Accept Parameters from the Client. . . . . . . or Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Logging Off from a Session . . . . . 95 Shadowing a User’s Session . . . . . . . . . . . 84 Configuring an Initial Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Sending Messages to Users . . . . . .Contents 7 Publishing an Application. . . . . . . . . . . . . . . . . . . . . 68 Specifying a Working Directory for Published Applications . . . . . . . 82 Renaming a Published Application . . . . . . . . . . . . . . . . . . 93 Connecting to a Disconnected Session . . . . . . . . . . . . . . . . 68 Publishing an Application on a UNIX Server of Different Architecture . . . . . . . . . . . . . . . . . 72 Displaying Published Application Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Maintaining Published Applications . . . 68 Publishing a UNIX Command-Line Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Ending Shadowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Enabling and Disabling Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Resetting a Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Displaying Information about Servers on the Network. . . . . . . . . . . 83 Restricting Connections to Published Applications Only . . . . . . . . . . . . . . . . . . . . . 77 Managing the Servers that Publish an Application . . 74 Specifying Default Settings for Published Applications . . . . 91 About the Display . . . . . . . 67 Publishing a Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Reconnecting to Load Balanced Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Publishing Preconfigured Applications for Anonymous Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shell Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Creating a New Published Application from Existing Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Publishing an Application. . . . . . . . . 98 . . 87 Displaying Information about Users and Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Publishing a Java Application . . . . . . . . . . . . . . . . . . . . . . 91 Ending a Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Publishing a Shell Script. . . 88 About the Display . . . . . 85 Chapter 6 Managing Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Displaying Client Printers or Printer Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 . . . . . . . . . . . . . 123 Changing the Window Manager. . . . . . . . . . . . . . . . . . . . . . . . 111 Providing Additional Graphics Clipboard Support . . . . . . . 102 Troubleshooting Printing . . . . . . . . . . . . . . . . . . . . . . . 127 Configuring Backing Store. . . . . . . . . . . . . . . . . . . . . . 123 Customizing the Login Screen . . . . . . . . . . . . . . . 109 Enabling or Disabling Printing for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Customizing the Appearance of MetaFrame Presentation Server . . . . . . . . . 118 Generating and Using Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 128 Configuration Required for Fixes to Take Effect. . . . . . . . . . . . . . 112 Controlling Time-out Behavior . . . . . . . . . 105 Configuring the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Allowing Users to Log On without a Home Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Setting the Number of Permitted ICA Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 MetaFrame Presentation Server for UNIX Administrator’s Guide Printing . . . . . . . . . . . . . . . . . . . . . . . . 101 Printing from Applications . . . . . . . . . . . . . . . . . . 128 Interactive Performance Tuning . . . . . . . . . . . . . . . . . . . 131 Multi-Monitor Display Limitations . . . . . . . 110 Enabling or Disabling Clipboard Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Color Depth Limitations. . 111 Enabling or Disabling Shadowing . . . . . . 106 Controlling Logon Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Configuring X Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Connecting to a Remote Server from an ICA Session . . . . . . . . . . . . . . . . . . . 124 Changing the Font Path. . . . . . . . . . . . 100 Printing from a Command Line . 108 Controlling Behavior for Disconnected or Broken Connections. . 117 Configuring Mouse-Click Feedback for High Latency Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Chapter 7 Configuring MetaFrame Presentation Server Overview . . . . . . . . . . . .

. . . . . .Contents 9 Chapter 8 Advanced Topics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Configuring Non-English Language Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Troubleshooting Anonymous User Accounts . . . . . . . . . . . . . . . . . . . . . . 158 Configuring ICA Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Manipulating Master Browser Elections . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Displaying Anonymous User Settings . . . . . . . . . . . . . . . . . . . . . . . 159 Using ICA With Network Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Configuring Anonymous User Settings . . . . . . . . . . . . . 171 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Which Locales Provide Non-English Language Support? . . 165 Configuring an AIX System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Configuring a Solaris System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Configuring the TCP/IP Port Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Configuring MetaFrame Presentation Server Security . . . . . . . . . . 146 Examples. . . . . . . . . . . . . . . . . . . . . . 141 Default Security Settings . . . . . . . . . . . . . . . . . . . . . . 168 Changing the Locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Load Balancing Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Troubleshooting Load Balancing . . . . . . . . . . 148 MetaFrame Presentation Server for UNIX and the ICA Browser Service . . . . . . . . . 160 ICA Browsing with Network Address Translation . . . . . . . . . . . . . . . . . . . 163 Configuring an HP-UX System . . . . . . . . . 155 Load Balancing a Group of Servers . . . . . 168 Limitations of Non-English Language Support . . . . . . . . . . . . . 145 Configuring Security Settings. . . . . . . . . . . . . . . . . . . . . . 149 Controlling the Master Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Returning External Addresses to Clients . . . . . . . 140 Why Use MetaFrame Presentation Server Security?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Configuring Anonymous Users . . . . . . . . . . . . . . . . . . . . . . 155 Tuning Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Displaying Security Settings for a Function. . . . 169 Troubleshooting Non-English Language Support . . . . . . . . . . . . . . . . . . . . . 150 Introducing a New Server. . . . . . . . . . . . . . . . . . . . . 162 Configuring the Operating System for a Large Number of Connections . . . 141 Security Overview . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 ctxfarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Enabling and Configuring Client Drive Mapping . . 177 Configuring the XML Service for Use with SSL Relay . . . . . . . . . . . . . . . . . . . 179 Chapter 10 Using Client Drive Mapping Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 ctxcfg. . . . . . . . . 184 Configuring Access to Specific Drives . . . . . . . 206 ctxcapture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 ctxalt . . . . . . . . . 177 Stopping the Citrix XML Service. . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Configuring DNS Address Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 ctxanoncfg. . . . . . . . . . . . . . . . . . . . . . . . . 213 ctxdisconnect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Configuring the Server Port . . . . . . . . . 191 Appendix A Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 MetaFrame Presentation Server for UNIX Administrator’s Guide Chapter 9 Using the Citrix XML Service Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Disabling and Re-enabling Client Drive Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Server Farm Considerations . . . . . . . 216 ctxjoinfarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 ctxgrab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Introducing Client Drive Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Troubleshooting Client Drive Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Troubleshooting SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Features and Limitations of Client Drive Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 ctxappcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 ctxconnect . . . . . . 173 About the Citrix XML Service. . . . . . . . . . . . . . . . . 202 ctxbrcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Enabling Client Drive Mapping . . . . . . . 195 MetaFrame Presentation Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Getting Started . . 176 Starting the Citrix XML Service . . 197 ctx3bmouse . 212 ctxcreatefarm. . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 ctxmsg . . . . . . 231 ctxshutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 ctxquser . . . . . . . . . . . . . . 220 ctxmount . . . . . . . . . . . . . . . . . . 227 ctxreset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 ctxqserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Appendix B Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 ctxprinters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 ctxnfusesrv . . . . . . . . . . . . . . . . 217 ctxlpr . . . . . . . . . . . . . . . . 233 ctxsrv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 ctxqsession . . . . . . . 245 . . . . . . . . . 234 XML Service Commands. . . . . . . . . . . . . . . . . . . 228 ctxsecurity . . . . . . . .Contents 11 ctxlogoff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 ctxlsdcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 ctxshadow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 ctxmaster . . . . . . . . . . . . .

.

CHAPTER 1 Welcome to MetaFrame Presentation Server for UNIX Overview Welcome to Citrix MetaFrame Presentation Server for UNIX.0 Getting started quickly . Topics include: • • • • About this guide An introduction to MetaFrame Presentation Server for UNIX What’s new in MetaFrame Presentation Server for UNIX Version 4. This chapter introduces you to the documentation and to MetaFrame Presentation Server for UNIX.

not the brackets themselves.…] indicates that you can specify more than one device. configuring. you must type the actual name of a file.14 MetaFrame Presentation Server for UNIX Administrator’s Guide About this Guide This guide is for system administrators responsible for installing. For example. /route:devicename[. Italic ALL UPPERCASE Monospace {braces} [brackets] | (vertical bar) … (ellipsis) . Indicates a placeholder for information or parameters that you must provide. CTRL. For example. ENTER. and symbols are used throughout the documentation: Convention Bold Meaning Where appropriate. column headings. not the braces themselves. Stands for “or” and separates items within braces or brackets. Type only the information within the brackets. lists. putting commas between the device names. Represents keyboard keys (for example. text formats. Indicates that you can repeat the previous item(s) in syntax statements. this indicates boxes and buttons. For example. For example. command-line commands and options. and user input. menu names. menu commands. Type only the information within the braces. { yes | no } indicates that you must specify yes or no when using the command. For example. and maintaining MetaFrame Presentation Server for UNIX and the Citrix XML Service for UNIX. Italic also indicates new terms and the titles of other books. Encloses required items in syntax statements. [password] indicates that you can choose to type a password with the command. F2). tabs. Documentation Conventions The following conventional terms. if the procedure asks you to type filename. Encloses optional items in syntax statements. Represents text displayed at a command prompt and in text files. dialog box titles. { /hold | /release | /delete } indicates that you must type /hold or /release or /delete.

which means you type the commands to control the server at a command prompt. you may get unpredictable results. . If you are not familiar with UNIX command lines.Chapter 1 Welcome to MetaFrame Presentation Server for UNIX 15 Information that is specific to a particular UNIX platform is identified using the following symbols: Symbol Identifies instructions specific to the IBM AIX Operating System Hewlett-Packard HP-UX Operating System Sun Solaris Operating Environment A symbol with a line through it indicates information that does not apply to a particular platform. For example. unless indicated otherwise. If more than one instance runs simultaneously. note that: • • All UNIX commands are case sensitive The spacing on the command line is important and must be followed exactly as described in the instructions Note Run only one instance of some MetaFrame Presentation Server for UNIX commands at any one time—these are the commands that cause configuration changes (rather than commands that just query and display information). the following symbol is used to indicate information that does not apply to the HP-UX platform: Note The examples and screens shown throughout the documentation are for the Solaris Operating Environment. UNIX Command-Line Conventions MetaFrame Presentation Server for UNIX has a command line interface.

The client documentation is available on the Components CD-ROM.16 MetaFrame Presentation Server for UNIX Administrator’s Guide Finding More Information Your MetaFrame Presentation Server software includes the following documentation: • • An Adobe PDF version of the MetaFrame Presentation Server for UNIX Administrator’s Guide (this guide). which explains how to configure and use Citrix SSL Relay in your MetaFrame Presentation Server deployment. Using the Adobe Reader. • • • The documentation for MetaFrame Presentation Server is available in the /docs directory of the MetaFrame Presentation Server for UNIX CD-ROM. The Citrix ICA Client Administrator’s Guides tell administrators how to install. Web-based technical support tools from its Knowledge Center at http://support. Our CSN partners are trained and authorized to provide a high level of support to our customers. The MetaFrame Access Suite Licensing Guide for administrators who are deploying. and pointers to related commands.citrix. Important Consult the readme file in the root directory of your CD-ROM. configure. Contact your supplier for first-line support or check for your nearest CSN partner at http://www. warnings and important notes.com/. and using MetaFrame Access Suite licensing.citrix. In addition to the CSN channel program. Citrix offers a variety of self-service. Getting Service and Support Citrix provides technical support primarily through the Citrix Solutions Network (CSN). These provide an overview of the command.com/support/. for any last-minute updates.adobe. Man pages that can be displayed online for MetaFrame Presentation Server command-line tools. The Citrix SSL Relay for UNIX Administrator’s Guide. installation instructions. Knowledge Center features include: • • A knowledge base containing thousands of technical solutions to support your Citrix environment An online product documentation library . maintaining. and corrections to the documentation. you can view and search the documentation electronically or print it for easy reference. go to Adobe’s Web site at: http://www. To download the Adobe Reader for free.com/. and deploy the various MetaFrame Presentation Server Clients to end-users.

and is available for a range of different devices. Java applications. The MetaFrame Presentation Server Client software is provided free. For example. it appears as if the software is running locally on the client. or custom applications available to users. secure access to UNIX and Java applications. Because applications run on the server and not on the client device. so users can connect to the server from a client device. and screen updates between the server and the client. Web browsers. The application processing remains on the server. You install MetaFrame Presentation Server on a UNIX machine that will be used as a server. and IBM AIX platforms are supported. the application looks and feels the same on each client device. a particular window manager. . or another UNIX machine can be used. provides a range of options that allows you to customize the level and type of support for your organization’s Citrix products. The ICA protocol sends keystrokes. To the user of the client device. mouse clicks. Sun Solaris. a Windows PC. Introducing MetaFrame Presentation Server for UNIX MetaFrame Presentation Server for UNIX is a server-based software product that you can use to provide your users with uninterrupted. such as a Windows PC. MetaFrame Presentation Server allows multiple users to log on and run applications in separate. This allows users to connect to the server from various platforms. HP-UX. which means that processing on the client is kept to a minimum. protected sessions on the same server. you may want to make word processors.Chapter 1 Welcome to MetaFrame Presentation Server for UNIX 17 • • • • Interactive support forums for every Citrix product Access to the latest hotfixes and service packs Security bulletins Online problem reporting and tracking (for customers with valid support contracts) Another source of support. users can connect from any client device. Citrix Preferred Support Services. You install the MetaFrame Presentation Server Client software on the client devices. MetaFrame Presentation Server uses the ICA protocol to send information between the client device and the server. A Macintosh.

The user ctxsrvr must be created and added to this group. This is the administrator group. Configurable permissions for access to features: You can control which users or groups of users can use particular MetaFrame Presentation Server features.18 MetaFrame Presentation Server for UNIX Administrator’s Guide Key Features This section describes the key features and benefits of using MetaFrame Presentation Server for UNIX. See “Creating the Administrator Users and Group” on page 28 for more information. The server desktop appears in a window on the client device. you do not need to set up new user accounts for MetaFrame Presentation Server. such as logging on. protected session on the server. Therefore. . To access a published application. Users can run any application available on the desktop. this is not supported. Users at the client device can log on using their existing UNIX user account and password. disconnecting. in any order. When the user exits the application. Integration with UNIX security and accounts: MetaFrame Presentation Server uses the security setup on the UNIX server. The application runs in a separate. Solaris and HP-UX use Pluggable Authentication Modules (PAM) for user name and password validation.” Special group and account for MetaFrame administrators: MetaFrame Presentation Server requires you to create a special user group with the authority to run administration commands and start and stop the server. See “Configuring MetaFrame Presentation Server Security” on page 140 for further information. User access to UNIX desktops: You can provide users with full access to the UNIX server desktop. using the MetaFrame Presentation Server security feature. and sending messages to other sessions. You can use these accounts to provide users with guest access to published applications and a temporary working directory for use during the session. or simultaneously. For more information about configuring PAM on Solaris and HP-UX machines. users connect to it using the software on the client device. Guest user access: MetaFrame Presentation Server includes special anonymous user accounts with limited permissions. AIX uses its own authentication mechanism.” For AIX. the session closes. Note that MetaFrame Presentation Server supplies the user name and password for authentication. see the man page for “authenticate. A published application is a predefined application or shell script and its associated environment. which is called ctxadm. see the man page for “PAM. Rapid application deployment: You can provide your users with access to UNIX and Java applications by publishing these applications using MetaFrame Presentation Server for UNIX. if additional information is required for the authentication process.

Load balancing among servers: You can publish the same application on a number of servers.2 and 5. You can use Citrix SSL Relay to secure communications between an SSL-enabled client and a server running MetaFrame Presentation Server.Chapter 1 Welcome to MetaFrame Presentation Server for UNIX 19 Shadowing user sessions: You can display and interact (using your keyboard and mouse) with another user’s session from your own session. You can use shadowing to help remote users with training or technical support issues. This feature is called shadowing. which allows you to secure communications using Version 3. Copying text and graphics between applications: Users can copy text and graphics between server-based applications and applications running locally on the client device. encryption of the data stream. XML Service and Web Interface deployment: MetaFrame Presentation Server for UNIX includes support for the Citrix XML Service. Support for RSA SecurID: Support for RSA SecurID Versions 4. between the Web server and a server running MetaFrame Presentation Server. and message integrity checks. Users connect to the published application and MetaFrame Presentation Server ensures that the connections are distributed among servers so that a particular server does not become overloaded.0 is included. allowing your users to log on to computers running MetaFrame Presentation Server using RSA SecurID authentication. or in a Web Interface deployment. You can also tune the distribution of connections among a group of load balanced servers. The clipboard behaves as if all applications are running on the client device itself. SSL security: MetaFrame Presentation Server for UNIX includes support for SSL Relay. . The Citrix XML Service communicates information about the UNIX applications published in a server farm to the Web server component of the Web Interface deployment. The Citrix XML Service also provides users with HTTP (HyperText Transport Protocol) browsing. SSL provides server authentication.0 of the Secure Sockets Layer (SSL) protocol.

simplified method of licensing called MetaFrame Access Suite Licensing. The installer script guides you through each step and prompts you for the information that it requires. and an electronic backup of all licenses is stored on the Citrix Web site.20 MetaFrame Presentation Server for UNIX Administrator’s Guide What’s New in Version 4. access your licensing data remotely. Support for server farms: This feature provides powerful. you can publish the applications or resources you want to make available to users at the farm level. Ensure you download the appropriate OpenGL libraries from your operating system’s CD-ROM or Web site. Line drawing enhancements: These enhancements improve the performance of the server when drawing horizontal and vertical lines. OpenGL provides high-performance 2Dand 3D-graphics capabilities. from a central location. enterprise-level management and administration capabilities by allowing you to group servers running MetaFrame Presentation Server for UNIX into server farms that can be managed as a single unit. establishing configuration settings that pertain to all instances of the application running in the farm.sh file for more information. you will notice more efficient bandwidth usage and users will benefit from greater speed and performance. For example. to reduce demand on server resources). OpenGL capability is enabled by default when you install MetaFrame Presentation Server. Licenses can be shared across farms. see the ctxXtw-readme.0 provides a number of new features and enhancements that together extend the capabilities and flexibility of MetaFrame Presentation Server for UNIX. For example. This means you can easily configure features and settings for the entire farm. rather than configuring each server individually. with applications such as Cadence.0? Version 4. . MetaFrame Access Suite Licensing offers many benefits. License files are downloaded from the Citrix Web site and stored on the license server. This method includes a license server and a user interface for managing licenses known as the License Management Console. and create reports for analyzing trends in license usage. If you want to disable OpenGL capability (for example.0 is compatible with OpenGL. Ensure you read the sections of this guide about licensing and the MetaFrame Access Suite Licensing Guide before you install this release. Simplified licensing: MetaFrame Presentation Server for UNIX uses a new. OpenGL application compatibility: MetaFrame Presentation Server for UNIX Version 4. including the ability to centrally manage and monitor license usage. These include: Easy installation: A new installer script makes the process of installing MetaFrame Presentation Server for UNIX quick and straightforward.

which guides you through each step and prompts you for the information that it requires. Install the MetaFrame Presentation Server software on your UNIX server. Start MetaFrame Presentation Server on the server using the command ctxsrv start all. see “Creating the Administrator Users and Group” on page 28. For example. If you set up a license server after installing MetaFrame. Consider the design of the server farm. 2. . you will need to use the ctxlsdcfg command to configure communication with the license server manually. because the server that you create the farm on will become the Management Service Master (the server with authoritative control of the farm). see the installation section in the Client Administrator’s Guide for the client you plan to deploy. see “Introducing Server Farms” on page 47. Use the standard UNIX system tools to do this. 4. and add the users that you want to become administrators to this group.Chapter 1 Welcome to MetaFrame Presentation Server for UNIX 21 Getting Started Quickly This section provides an overview of the minimum steps required to install and set up a server running MetaFrame Presentation Server for UNIX. including step-by-step installation and configuration instructions. Citrix recommends that you do this before you install MetaFrame Presentation Server for UNIX so that you can tell the installer script the details of the license server. Install the client software on each client device you plan to use from the Component CD-ROM included in your MetaFrame package. Set up the accounts for the administrator. If you do not set up these accounts. For information about setting up the accounts. Log on as root and create a group called ctxadm. To install and get a server up and running 1. You must also create a ctxsrvr user and add this to the ctxadm group. For full details of how to install MetaFrame Presentation Server. For information about installing MetaFrame Presentation Server. The easiest way to do this is using the installer script. see “Deploying MetaFrame Presentation Server for UNIX” on page 23. Citrix recommends that you read this chapter before installing MetaFrame Presentation Server for the first time. 3. Configure a Citrix MetaFrame Access Suite license server. see “Licensing MetaFrame Presentation Server for UNIX” on page 57 and the MetaFrame Access Suite Licensing Guide. 5. For more information about server farms. see “Installing MetaFrame Presentation Server” on page 28. or from the Citrix Web site. For information about installing clients. ensure that you create the farm on an appropriate machine. the installer script can do this for you. For more information about configuring a license server. 6.

see the Client Administrator’s Guide for the appropriate client. After installing the client software. Note There is a Client Administrator’s Guide for each client in the documentation directory on the Component CD-ROM in your MetaFrame package.PDF is the filename for the Client Administrator’s Guide for the UNIX Client. When you can connect to your server from a client. your server is operational. The filename for the PDF refers to the client. .22 MetaFrame Presentation Server for UNIX Administrator’s Guide 7. create ICA connections to your server and test that you can connect from each type of client. for example ICAUNIX. For information about creating a connection from a client device to a server.

0 from a previous release of MetaFrame for UNIX.CHAPTER 2 Deploying MetaFrame Presentation Server for UNIX Overview This chapter describes how to install. Important You cannot upgrade to MetaFrame Presentation Server for UNIX Version 4. Topics covered in this chapter include: • • • • • • • • • System requirements Installing MetaFrame Presentation Server for UNIX Creating the administrator users and group Setting the paths to MetaFrame Presentation Server commands and man pages Starting and stopping MetaFrame Presentation Server Configuring non-English keyboard support Configuring MetaFrame Presentation Server event logging Removing MetaFrame Presentation Server Reinstalling MetaFrame Presentation Server .0. deploy. and remove MetaFrame Presentation Server for UNIX Version 4.

24 MetaFrame Presentation Server for UNIX Administrator’s Guide Before You Begin Installing Make sure that you read the following information before installing MetaFrame Presentation Server: • “Licensing MetaFrame Presentation Server for UNIX” on page 57. The UNIX Operating System must be installed before you install MetaFrame Presentation Server. Consider the design of your server farm before installing MetaFrame Presentation Server. the installer script configures communication with the license server for you. If you do this before installing MetaFrame. Note that you can configure the server to allow users whose home directories are unavailable to log on. “Introducing Server Farms” on page 47. because the server that you create the farm on will become the Management Service Master (the server with authoritative control of the farm). see “Allowing Users to Log On without a Home Directory” on page 117. and that can be written to by the user. You must also ensure that your operating system is configured to run MetaFrame Presentation Server. If you intend using the installer script. If you do it after. “UNIX Operating System Requirements” on page 26. “Creating the Administrator Users and Group” on page 28. for more information. see the MetaFrame Access Suite Licensing Guide. Unless you intend using the installer script to install MetaFrame Presentation Server. Citrix recommends that you set up the Citrix MetaFrame Access Suite license server before you install MetaFrame Presentation Server. as listed in this section. ensure that you create the farm on an appropriate machine. • • • Note Make sure that all users who connect to the server have a home directory path that is valid on the server. you will need to use the ctxlsdcfg command to configure communication with the license server manually. the logon fails. If a user has no home directory and tries to connect. For more information about setting up a license server. and that you install the required updates. you must create the ctxadm group and the ctxsrvr and ctxssl users before you begin installation. For example. .

The following specifications are guidelines only. On the HP-UX Platform One to three connections: RP2405 650MHz PA-RISC 128MB RAM More than three connections: RP2470 650MHz PA-RISC 256MB RAM. and the session properties. you may need to increase this amount of RAM depending upon the type of applications your users are running.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 25 System Requirements This section lists the minimum machine specifications and operating system requirements for MetaFrame Presentation Server for UNIX. On the Solaris SPARC Platform One to three connections: Sun Fire V100 Server 550MHz 128MB RAM More than three connections: Sun Fire V210 Server 1GHz 256MB RAM Important MetaFrame Presentation Server for UNIX Version 4. As a general rule. However. Citrix recommends that each server has between 16 and 24 MB of RAM per ICA connection.0 is supported only on processors based on SPARC V8 architecture or later. On the AIX Platform One to three connections: pSeries 615 Model 6c3 1. such as color depth and size.2GHz 128MB RAM . Minimum Machine Specifications The minimum machine specification depends upon how many connections are to be supported.

Operating System Patches Citrix recommends that you install the latest patches for the operating system you are using.26 MetaFrame Presentation Server for UNIX Administrator’s Guide More than three connections: pSeries 615 Model 6c3 1. MetaFrame Presentation Server for UNIX is compatible with the 32-bit Solaris JRE only. Java Runtime Environment Requirements Citrix recommends that you install the latest patches for the Java runtime environment (JRE) you are using. see the Web site for your operating system manufacturer. for example. SPARC version Important MetaFrame Presentation Server for UNIX Version 4. For information and downloads. see your operating system manufacturer’s Web site. or higher.0 does not support Solaris Intel. Do not use the 64-bit Solaris JRE. . Note Some platforms may require prerequisite patches for the JRE.2.4. On the Solaris Platform The Solaris edition of MetaFrame Presentation Server for UNIX requires: • • Solaris 8. SPARC version -OrSolaris 9.2GH 256MB RAM UNIX Operating System Requirements This section provides information about the operating system requirements for MetaFrame Presentation Server on each of the platforms. CDE. For all platforms. ensure that the JRE installed on your system is Version 1. The server must have an X Window system installed with the appropriate window manager for the platform. See the Web site for your operating system manufacturer or contact your hardware vendor for details about the appropriate patches. To obtain JRE versions.

5. see the Citrix SSL Relay for UNIX Administrator’s Guide. Citrix SSL Relay Requirements Citrix SSL Relay for UNIX is included automatically when you install MetaFrame Presentation Server for UNIX. CDE. The system requirements for SSL Relay are the same as for MetaFrame Presentation Server for UNIX. or 5.so 8859-1*. they are necessary for MetaFrame Presentation Server to run.3 The server must have an X Window system installed with the appropriate window manager for the platform. . these two packages are installed when you do an end-user install. CDE. 11i The server must have an X Window system installed with the appropriate window manager for the platform.so UTF-8*. For more information.2.so On the HP-UX Platform The HP-UX edition of MetaFrame Presentation Server for UNIX requires: • • HP-UX Version 11 HP-UX.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 27 The following operating system packages are required: • • SUNWxwoft SUNWuiu8 X Window System optional fonts Iconv modules for UTF-8 locale Verify that these packages are installed using the pkginfo command. Check that the following files exist in the /usr/lib/iconv folder: UCS-2*. On the AIX Platform The AIX edition of MetaFrame Presentation Server for UNIX requires: • AIX Versions 5. and message integrity checks.1. The Iconv libraries must be installed. SSL Relay provides server authentication. Note On Solaris 8. for example. encryption of the data stream. for example.

Installing MetaFrame Presentation Server This section explains how to: • • • Create the administrator users and group Install MetaFrame Presentation Server for UNIX using the installer script Perform an unattended install that allows you to install MetaFrame Presentation Server with minimal intervention Installation Overview You need to perform the following steps to install MetaFrame Presentation Server: 1. The following describes these steps in more detail. add the MetaFrame path(s) to your path. To ensure this support. so that you can run the commands. create the MetaFrame ctxadm administrator group and add the users that you want to become administrators to this group. the script will create these for you. but do not require root access to the UNIX system. Creating the Administrator Users and Group Before you install MetaFrame Presentation Server. If you create a farm containing more than one server. 2. you may need to install patches recommended by your operating system and hardware vendor. if you intend using the installer script to install MetaFrame Presentation Server. . 4. See the Web site for your operating system manufacturer or contact your hardware vendor for details about the appropriate patches and for instructions to ensure Euro symbol support. However.28 MetaFrame Presentation Server for UNIX Administrator’s Guide Euro Currency Symbol Support MetaFrame Presentation Server supports the ISO 8859-15 Euro-currency symbol. Start the MetaFrame processes on the server. The ctxadm group is required by some MetaFrame Presentation Server commands that demand special administration rights. if the underlying UNIX operating system supports it. the ctxadm group must be a network group visible to all servers in the farm. 3. If you are installing MetaFrame Presentation Server for the first time. Install MetaFrame Presentation Server from the CD-ROM. If you are installing MetaFrame Presentation Server for the first time. create the administrator user and group accounts. The users in the ctxadm group log on with their normal user accounts.

set the shell for this user to be /etc/NoShell to prevent logons). Create the administrator’s group using the group name ctxadm. The following procedure is different from the one Citrix recommended in previous versions of MetaFrame for UNIX. Citrix recommends that the ctxsrvr user is not a logon user account. Do not use the ctxssl user account for any purposes other than Citrix SSL Relay administration. 2.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 29 You must also create a ctxsrvr user and add this to the ctxadm group. This new procedure is considered a security “best practice” because users in the ctxadm group log on with their normal user accounts and the ctxsrvr user is no longer a logon account. 3. Add the users that you want to become administrators to the ctxadm group. . Make sure the ctxsrvr user is not a logon user account (for example. This account is used for Citrix SSL Relay administration. Create a Citrix SSL Relay administrator using the user name ctxssl. Create a user account called ctxsrvr and add this user to the ctxadm group. Make sure that you add the ctxssl user to the ctxadm group and that the ctxadm group is its primary group. 4. Important • • • Do not use the ctxadm group and ctxsrvr user account for any purposes other than MetaFrame Presentation Server system administration. To create administrator group and user accounts 1. You must also create a ctxssl user and add this to the ctxadm group.

For example. type: sh installmpsu This starts the package installer script. For example. depending on the configuration of your system. To install MetaFrame Presentation Server on Solaris 1. The installer script guides you through each step and prompts you for the information that it requires. Mount the MetaFrame Presentation Server CD-ROM. 8. If you do not accept the license agreement. you can configure this later using the ctxlsdcfg command. If you are creating a new farm. type c (or create) to create a new server farm or j (or join) to join an existing farm. 4. At the prompt for server farm. Log on as root at the server on which you want to install MetaFrame Presentation Server. If you are creating a new farm. At the prompt for the license agreement.. at the prompt for the license server port number.30 MetaFrame Presentation Server for UNIX Administrator’s Guide Installing MetaFrame Presentation Server Using the Installer Script This section describes how to install MetaFrame Presentation Server for UNIX using the installer script. type y to accept the agreement and continue with installation. Change to the directory for the appropriate version of MetaFrame Presentation Server you want to install. . Note If you do not know the details of the license server. To install MetaFrame Presentation Server. type the name or network address of the license server. you see different prompts if you are joining a farm rather than creating a farm. 5. 6. at the prompt for the license server. 2. type: cd /cdrom/solaris The path is usually /cdrom/. 3. You may see some or all of the following prompts. This procedure works on all platforms. type a port number or press ENTER to accept the default of 27000. but it may change depending on how your system mounts the CD.. installation terminates. 7. Note The following instructions describe a typical installation involving the creation of a new farm.

For more information about using SSL Relay. 12. For more information about the XML Service and configuring the server port. the script “S99ctxsrv” is installed in the /etc/rc2. type the name you want to give the farm. 14. 16. in accordance with your company’s security policy. If port 80 is already in use.d directory. If you answer yes. a message tells you that the installation was successful. For more information about server farms. type y to enable SSL-secure connections to the server. Confirm the passphrase.2_06.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 31 9. 11. type the port number the XML Service will use for connections to the Web Interface or press ENTER to accept the default of port 80. 17. see the Citrix SSL Relay for UNIX Administrator’s Guide. At the prompt for the XML Service port number. type the path to the JRE. 19. type a passphrase. or press ENTER to accept the default of n (not enabled). 15. At the prompt for enabling SSL Relay. 13. assign the XML Service to an unused port. 18. At the prompt for the man page installation. At the next prompt. Installation is complete and you are now ready to start MetaFrame Presentation Server. type y to set the correct file permissions for the files and processes. . see “Using the Citrix XML Service” on page 173. At the prompt for the location of the Java Runtime Environment (JRE). At the prompt for the startup/shutdown script installation.4. At the prompt for anonymous users. if you want to enable guest access. type y to create 15 anonymous user accounts. or MetaFrame Presentation Server will not operate correctly. see “Introducing Server Farms” on page 47. type y to continue installing MetaFrame Presentation Server. type y if you want to start MetaFrame Presentation Server when the machine is started and stop it when the machine is shut down. for example: /usr/j2re1. 10. Citrix recommends that you choose a suitably strong passphrase. type y to install the MetaFrame Presentation Server man pages. At the prompt for farm passphrase. Important Do not type n. At the prompt for farm name. When complete. At the prompt about security settings for setuid/setgid.

called admin. called response. you use the administration and response files supplied on the MetaFrame Presentation Server CD-ROM. is included in the /solaris directory on the MetaFrame Presentation Server CD-ROM. copy and change this file as appropriate. Unattended installation allows you to install MetaFrame Presentation Server quickly and easily on multiple servers. Performing an Unattended Install This section explains how to perform an unattended (quiet) installation on the various platforms. is included in the /solaris directory on the MetaFrame Presentation Server CD-ROM. see its man page. For more information about pkgask. without prompting. Note The admin file assumes that the Java Runtime Environment is installed in /usr/j2se. You create a script file to run the unattended install using these files. Performing an Unattended Install on Solaris This section explains how to perform an unattended installation on the Solaris platform. If it is installed elsewhere. you must either edit a copy of the response file or make a symbolic link to the JRE. About the Response File A response file. or run pkgask to create a file of responses.32 MetaFrame Presentation Server for UNIX Administrator’s Guide Note Do not attempt to share or copy the MetaFrame Presentation Server installation files between servers. . To do this. This file is used by the -a option of the pkgadd command. This file includes the following: • • • • A basic MetaFrame Presentation Server for UNIX package is installed Fifteen anonymous users are added A startup script is installed man pages are installed If you want to use different settings. and you will experience problems if you attempt to do this. This file is used by the -r option of the pkgadd command. The configuration database cannot be duplicated. About the Administration File An administration defaults file.

Mount the MetaFrame Presentation Server CD-ROM and locate the admin and response files in the Solaris directory. 4. Log on as root at the server on which you want to install MetaFrame Presentation Server. The path is usually /cdrom/solaris/. 3. 6.. at the command prompt. for example: chmod 744 scriptfile 5. Log on as root at the server on which you want to install MetaFrame Presentation Server. To perform an unattended install of MetaFrame Presentation Server 1. 2. 15 anonymous user accounts. Change permissions on the script file so that root can execute it. 3. Performing an Unattended Install on HP-UX This section explains how to perform an unattended install of MetaFrame Presentation Server on an HP-UX platform. for more information. for example: #!/bin/sh pkgadd -r /cdrom/solaris/response -a /cdrom/solaris/admin -d /cdrom/solaris/CTXSmf CTXSmf where /cdrom/solaris/admin is the administration defaults file. For example. It enforces dependency checking and disk-space checking. and installation of setuid/setgid binaries. you must configure some settings manually. Create a script file to perform the unattended install. When the unattended installation is complete. and /cdrom/ solaris/response is the response file. but it may change depending on how your system mounts the CD. and the startup script). Insert the MetaFrame Presentation Server CD-ROM in the CD-ROM drive and mount it as a read-only filesystem..Chapter 2 Deploying MetaFrame Presentation Server for UNIX 33 The admin file permits running of install-time scripts as root. To perform an unattended install 1. type: swinstall -s /mnt/cdrom/ MetaFrame. see “After Unattended Installation” on page 35. Run the script file to start the unattended install.depot MetaFrame . 2. To install the entire MetaFrame Presentation Server package (including man pages. at the command prompt type: mount -r /dev/dsk/c0t0d0 /mnt/cdrom where /dev/dsk/c0t0d0 is the file that identifies the CD-ROM drive and /mnt/cdrom is the mount point of the CD-ROM.

type: installp -X -d/dev/cd0 Citrix. Choose to install the MetaFrame manual pages. If you choose this fileset. 15 anonymous user accounts. You cannot install this fileset on its own—the Runtime fileset must also be installed. the script ctxsrv is installed in the /sbin/init. list the particular filesets you want to install. Choose to install the runtime environment (the programs and the configuration database). and the startup script).the startup link S999ctxsrv is installed in /sbin/rc3. Insert the MetaFrame Presentation Server CD-ROM in the CD-ROM drive. To perform an unattended install of MetaFrame Presentation Server 1. 3.the shutdown link K001ctxsrv is installed in /sbin/rc2. For example. see “After Unattended Installation” on page 35. You cannot install this fileset on its own—the Runtime fileset must also be installed.MetaFrame .34 MetaFrame Presentation Server for UNIX Administrator’s Guide Alternatively. 2. 4. for more information. at the command prompt. at the command prompt. you must configure some settings manually. type: swinstall -s /mnt/cdrom MetaFrame.Runtime MetaFrame. To install the entire MetaFrame Presentation Server package (including man pages.Man The following table describes the available filesets: Fileset Anon Man Runtime Startup Description Choose to create 15 anonymous user accounts. Performing an Unattended Install on AIX This section explains how to perform an unattended install of MetaFrame Presentation Server on an AIX platform. to install MetaFrame Presentation Server and the man pages. Choose if you want to start MetaFrame Presentation Server when the machine is started and stop it when the machine is shutdown.d directory and two symbolic links are added: .d . After the unattended installation is complete.d You cannot install this fileset on its own—the Runtime fileset must also be installed. Log on as root at the server on which you want to install MetaFrame Presentation Server.

rte fileset must also be installed.man 4..MetaFrame. If you choose this fileset. an entry is made in the /etc/inittab file that starts up ctxmfd and the server. the daemon ctxmfd is installed in /usr/lpp/CTXSmf/sbin and starts up automatically. for more information.MetaFrame. When the unattended installation is complete. . You cannot install this fileset on its own—the Citrix. For example. when starting. type: installp -X -d/dev/cd0 Citrix.. Choose to install the runtime environment (the programs and the configuration database).man The following table describes the available filesets: Citrix.boot fileset. see “After Unattended Installation” on page 35. Alternatively. at the command prompt. you must configure the following settings manually: • • • • • Set the XML Service port number using ctxnfusesrv -port portnumber Start the Management Service daemon using ctxsrv start msd Create or join a server farm using ctxcreatefarm or ctxjoinfarm Configure communication with the license server using ctxlsdcfg If you want to enable SSL Relay. list the particular filesets you want to install. to complete the installation. Choose to install the manual pages. write SSL_ENABLED=1 to /var/CTXSmf/ssl/config . you must configure some settings manually. to install MetaFrame Presentation Server man pages. After Unattended Installation After performing an unattended installation. Choose to create 15 anonymous user accounts. and -X ensures that there is sufficient disk space to install the package.boot Fileset description Choose if you want to start MetaFrame Presentation Server when the machine is started and stop it when the machine is shutdown.rte fileset must also be installed.rte .Chapter 2 Deploying MetaFrame Presentation Server for UNIX 35 where -d/dev/cd0 is the CD-ROM device.MetaFrame. You cannot install this fileset on its own—the Citrix. During the installation of the . . MetaFrame.anon .

profile file for the user and add the path to the user commands. To configure user access to MetaFrame Presentation Server commands • If you are using a C shell. the default system profile (/etc/profile) sets the PATH environment variable explicitly.login) overrides the path. you do not have to do anything to allow users to run user commands from their sessions.login file for the user and add the path to the user commands. They include the commands for logging off and disconnecting from a server. For example: setenv PATH ${PATH}:/opt/CTXSmf/bin setenv PATH ${PATH}:/usr/lpp/CTXSmf/bin • If you are using a Bourne or similar shell. you may have to configure access to MetaFrame Presentation Server commands if the user’s shell script startup file (for example. published application. However. use a . For example. For example: PATH=${PATH}:/opt/CTXSmf/bin export PATH PATH=${PATH}:/usr/lpp/CTXSmf/bin export PATH . Administration commands are installed in: /opt/CTXSmf/sbin /usr/lpp/CTXSmf/sbin System administration commands Configuring User Access to Commands Generally.36 MetaFrame Presentation Server for UNIX Administrator’s Guide Setting the Paths to MetaFrame Presentation Server Commands There are two types of MetaFrame Presentation Server commands: User commands Any user can run these commands. so any user can access MetaFrame Presentation Server user commands from an ICA session. use a . They include server. User commands are installed in: /opt/CTXSmf/bin /usr/lpp/CTXSmf/bin Only members of the ctxadm group can run these commands.profile or . and ICA browser configuration tools. on HP-UX. . The path to these commands is added to each user’s path upon connection to the server.

on HP-UX.profile or . To display the man pages from the server console when you log on as an administrator.login) overrides the path.profile file for the administrator and add the path to the user and administrator commands. the default system profile (/etc/profile) sets the MANPATH environment variable explicitly. you do not have to do anything to allow users to display man pages for MetaFrame Presentation Server commands from a session. you may have to configure access to the man pages if the user’s shell script startup file (for example. you need to configure your system so that administrators can run all the commands from the server console and also from an ICA session. shell use a . If you are installing MetaFrame Presentation Server for the first time. To set the MANPATH environment variable • If you are using a C shell: setenv MANPATH ${MANPATH}:/opt/CTXSmf/man setenv MANPATH ${MANPATH}:/usr/lpp/CTXSmf/man . . or similar. The path to these files is added to every user’s MANPATH environment variable upon connection to the server.login file for the administrator and add the path to the user and administrator commands. To configure administrator access to commands • If you are using a C shell. For example: PATH=${PATH}:/opt/CTXSmf/sbin:/opt/CTXSmf/bin export PATH PATH=${PATH}:/usr/lpp/CTXSmf/sbin:/usr/lpp/CTXSmf/bin export PATH Setting the Path to the man Pages Generally. use a . For example: setenv PATH ${PATH}:/opt/CTXSmf/sbin:/opt/CTXSmf/bin setenv PATH ${PATH}:/usr/lpp/CTXSmf/sbin:/usr/lpp/CTXSmf/bin • If you are using a Bourne. For example. You need to do this only if you are installing MetaFrame Presentation Server for the first time. However.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 37 Configuring Administrator Access to Commands An administrator needs to be able to run both user and system administration commands. you must set up your MANPATH environment variable to point to the location of the installed man pages.

you choose to add the startup/shutdown script. start the MetaFrame process on each server using the ctxsrv command. MetaFrame Presentation Server automatically starts when the machine is starting. The server prevents users from logging on during the shut down process. and notify users that the server is about to shut down.38 MetaFrame Presentation Server for UNIX Administrator’s Guide • If you are using a Bourne shell: MANPATH=${MANPATH}:/opt/CTXSmf/man export MANPATH MANPATH=${MANPATH}:/usr/lpp/CTXSmf/man export MANPATH Starting and Stopping MetaFrame Presentation Server Starting MetaFrame Presentation Server When installation is complete. . except for those that have registered window hints. Any sessions that are still active when this period expires are terminated and the users are automatically logged off. Log on to the server as an administrator. With ctxshutdown. use the ctxshutdown command. At a command prompt. during installation. you can specify when the shut down process will begin. This allows users to save their work and log off gracefully. 2. applications will terminate. With ctxshutdown. you can specify the maximum duration that users have to respond to these prompts. type: ctxsrv start all Note If. Stopping MetaFrame Presentation Server To stop the MetaFrame process on a server. When the shut down process begins. To start MetaFrame Presentation Server 1. These applications will attempt to interactively log users off by displaying a series of prompts.

applications that have registered window hints (the WM_DELETE_WINDOW attribute) will attempt to interactively log users off. 2. Applications that have registered window hints are given a further three minutes to attempt to interactively log users off. and the process stops. At a command prompt: To Shut down the server using the defaults. The default is 60 seconds. When this period expires and the shut down process begins. The default is 30 seconds. Specify how long applications that have registered window hints (the WM_DELETE_WINDOW attribute) have to interactively log users off. the default message “Server shutting down. Applications that have registered window hints (the WM_DELETE_WINDOW attribute) have a further 30 seconds to interactively log users off before terminating. If you do not specify a message. in seconds. Use the command ctxshutdown ctxshutdown -q ctxshutdown -m seconds ctxshutdown -l seconds ctxshutdown message Example The following example shows how to display a message and begin the shut down process after two minutes. the server shutdown process begins after 60 seconds. and how long the message will be displayed. users are automatically logged off. By default. ctxshutdown -m 120 -l 180 “Please log off now” . This reduces the amount of information displayed to the administrator by the ctxshutdown command. Applications that have not registered window hints will terminate immediately.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 39 To stop MetaFrame Presentation Server 1. Operate in quiet mode. Specify when the shut down process will begin. When this period expires. Auto logoff in 60 seconds” is sent to all users logged on to the server. Specify the message displayed to all users logged on to the server. Auto logoff in x seconds” is displayed. the message “Server shutting down. where x = the number of seconds specified in the -m option (or the default of 60 seconds if this is not specified). Log on to the server as an administrator. any remaining sessions are automatically terminated.

. MetaFrame Presentation Server supports client devices that use the following keyboards: Language US English UK English French German Swedish Spanish Italian Danish Dutch Finnish Norwegian Polish Programmers Portuguese Belgian Dutch Korean French Canadian Locale ID 409 809 40c 407 41d 40a 410 406 413 40b 414 415 816 813 e0010412 c0c Note The Korean and French Canadian keyboard locales are supported on the MetaFrame Presentation Server Client for 32-bit Windows only.40 MetaFrame Presentation Server for UNIX Administrator’s Guide About Client Keyboard Support This section describes how to use client devices with non-English keyboards with a server running MetaFrame Presentation Server.

For example. it may be that the application they are using does not support dead keys. on a generic French PC keyboard the circumflex (^) key is a dead key.info user. For further information about selecting keyboards. When this key is pressed. such as the circumflex accent (^). and then the “a” key is pressed. For example. events are not configured to be sent to the system log (syslog). Troubleshooting Non-English Keyboard Support If users experience problems obtaining accent symbols. This ensures that the session runs in an appropriate locale where fonts containing the required keyboard symbols are in the font path and keyboard symbols appear correctly on the screen. Make sure your users select the appropriate keyboard in the Settings dialog box on the client device.warning user. it modifies the character produced by the next key press. Ensure you start the server in the country locale of the client keyboard that your users are using. “â” is generated. refer to the Client Administrator’s Guides for the clients you are deploying.err user.Chapter 2 Deploying MetaFrame Presentation Server for UNIX 41 Configuring Non-English Keyboard Support Your users can make connections to the server with client devices that use nonEnglish keyboards. A dead key is a key that does not produce a character when pressed—instead. Configuring MetaFrame Event Logging When you first install MetaFrame Presentation Server. Tip You can alter the locale for an individual user by setting environment variables in the user’s start-up files—see “Customizing the Appearance of MetaFrame Presentation Server” on page 123 for further information. if your users have German keyboards.debug . start the server in a German locale. MetaFrame Presentation Server uses the following event log levels: • • • • • user. 2.notice user. To configure non-English keyboard support 1. The keyboards that MetaFrame Presentation Server supports are shown in the table above.

2.0 of MetaFrame Presentation Server. You may see messages from other software in the event log.user. see the syslog. not a space) causes all event log messages from MetaFrame Presentation Server to be put in the file /var/adm/messages: user. 4.log Note The file that you use (that is. If it does not.user. See “Stopping MetaFrame Presentation Server” on page 38 for more information. For example.conf man page.info /var/adm/syslog/syslog. 3. to ensure that all error messages appear on the console. Ensure that there are no active sessions and stop MetaFrame Presentation Server using the ctxshutdown command. To remove MetaFrame Presentation Server on Solaris 1. Log on as root. You may also want to send certain types of MetaFrame Presentation Server event details to the console. add a line to the /etc/syslog. type: pkgrm CTXSmf . Note The event log level names that MetaFrame Presentation Server uses may also be used by other programs.info /var/adm/messages user. adding the following line to the end of syslog.conf: user. Removing MetaFrame Presentation Server The following describes how to remove Version 4.notice. add this line to the file /etc/syslog.conf file and specify the event log levels that you want to record. you must create it.conf. For example.conf (separated with a tab. Log on to the server as an administrator. /var/adm/messages) must exist.notice. To remove MetaFrame Presentation Server. You must be root to edit syslog.42 MetaFrame Presentation Server for UNIX Administrator’s Guide To record MetaFrame Presentation Server events.err /dev/console For more details about configuring system event logging. .

See “Stopping MetaFrame Presentation Server” on page 38 for more information. From the Actions menu. The Remove Installed Software dialog box appears. The System Management Interface Tool dialog box appears. 3. choose Mark for Remove. In SOFTWARE name.MetaFrame. 2. Log on as root. Choose Software Installation and Maintenance. Choose OK to remove MetaFrame. 4. type: swremove MetaFrame.man. Log on as root. To remove MetaFrame Presentation Server on AIX 1. Ensure that there are no active sessions and stop MetaFrame Presentation Server using the ctxshutdown command. 8. Choose MetaFrame. 6. 3. 7. type in its name. See “Stopping MetaFrame Presentation Server” on page 38 for more information. 6. at a command prompt. The SD Remove dialog box appears. To remove a particular fileset. 4. 5. display the Logfile for further details. Log on to the server as an administrator. choose Remove (analysis) to display analysis information prior to the installation. Tip To quickly remove the entire MetaFrame Presentation Server package. 7. Choose Remove Installed Software. To remove MetaFrame Presentation Server. .Chapter 2 Deploying MetaFrame Presentation Server for UNIX 43 To remove MetaFrame Presentation Server on HP-UX 1. From the Actions menu. type Citrix. Log on to the server as an administrator 2. Presentation Server. If any warnings are generated. type: swremove 5.MetaFrame. Type smit. Ensure that there are no active sessions and stop MetaFrame Presentation Server using the ctxshutdown command. Choose Software Maintenance and Utilities. 8. for example Citrix.

type: installp -u Citrix.boot and Citrix.anon filesets. If you did not set up the license server before installation or you did not configure communication with the license server during installation.MetaFrame. set up the license server and use the ctxlsdcfg command to configure communication with it manually. 10. Reinstalling MetaFrame Presentation Server If you need to reinstall MetaFrame Presentation Server.44 MetaFrame Presentation Server for UNIX Administrator’s Guide Note If you want to remove the Citrix. select Exit SMIT from the Exit menu. When complete.MetaFrame. do the following: • • Uninstall MetaFrame Presentation Server. For information. 11. Tip To quickly remove the entire MetaFrame Presentation Server package. Set PREVIEW only? to no. it may be because you did not stop the server—see Step 2. . If you do not. see “Installing MetaFrame Presentation Server” on page 28. check the Installation Summary to make sure that the removal was successful.MetaFrame. At the prompt. To exit from smit. choose OK to confirm you want to remove the software. you must also remove the Citrix.rte fileset. see “Removing MetaFrame Presentation Server” on page 42. Install MetaFrame Presentation Server. For information. at a command prompt. your server is licensed and operational.MetaFrame. 12. 9. What To Do Next • If you set up the license server before installation and you used the installer script to install MetaFrame Presentation Server. a “Dependency Failure” occurs. Note If the removal of MetaFrame Presentation Server fails. For more information. see “Licensing MetaFrame Presentation Server for UNIX” on page 57 and the MetaFrame Access Suite Licensing Guide. Choose OK.

Chapter 2 Deploying MetaFrame Presentation Server for UNIX 45 • If you did not configure the server farm during installation. or from the Citrix Web site. • • . For information about installing clients and creating connections from a client device to a server. When you can connect to your server from a client. For more information. create ICA connections to your server and test that you can connect from each type of client. To provide your users with access to applications. see “Publishing Applications and Desktops” on page 61. see “Introducing Server Farms” on page 47. Install the client software on each client device you plan to use from the Component CD-ROM included in your MetaFrame package. For information about publishing applications. see the Client Administrator’s Guide for the appropriate client. your server is operational. publish applications using the ctxappcfg command. After installing the client software. you must create or join a server farm.

.

It explains how you can use server farms to provide users with easy access to applications and resources. Topics include: • • • • About server farms Creating a server farm using ctxcreatefarm Joining a server farm using ctxjoinfarm Removing a server from a farm using ctxfarm -r Note The ctxcreatefarm and ctxjoinfarm commands are aliases of the ctxfarm command. see the ctxfarm command in the “Command Reference” on page 195 or the ctxfarm man page. . which are a new feature in MetaFrame Presentation Server for UNIX Version 4.0.CHAPTER 3 Introducing Server Farms Overview This chapter introduces server farms. For more information about all of these commands. while taking advantage of the powerful administration capabilities that farms offer.

you use the ctxcreatefarm command. To create a server farm. Components in a typical server farm The following section explains these components in more detail. Note Only servers running MetaFrame Presentation Server for UNIX Version 4. Using a server farm allows you to: • • Deploy published applications and resources to all servers in the farm quickly and easily. and other servers that are members of the farm. Secure communication between the various Management Services running on each machine in the farm is also shown. . The diagram shows the server where the administrator is logged on. you use the ctxjoinfarm command to join other servers to the farm. Manage and administer settings for the entire farm from a single location.0 can become part of a server farm. You can administer the farm from any server in the farm. rather than configuring each server individually. Server Farm Components The following diagram illustrates the key components in a typical server farm. the Management Service Master server. After you create the farm. you do not need to connect remotely to other servers in the farm.48 MetaFrame Presentation Server for UNIX Administrator’s Guide About Server Farms A server farm is a group of servers running MetaFrame Presentation Server for UNIX that is managed as a single entity.

the data store is updated to reflect the addition of the new server. MetaFrame Presentation Server for UNIX provides a secure. you publish a new application in the farm). When a server joins the farm.The Management Service Master also holds the master copy of the farm’s data store. private communication channel between all servers in a farm. the Management Service Master communicates this change to the other servers in the farm using the Management Service. Data Store The data store is a human-readable text file that stores persistent data for the farm. such as configuration information about the servers and published applications in the farm. The Management Service The Management Service is a daemon that runs on each server in the farm that communicates server farm information. and confidentiality and integrity protection for data transmitted across the network. . The server farm passphrase is used for initial authentication when servers join the farm. Secure Communication Channel To protect sensitive information and administrator commands sent between servers. such as details about the published applications available in the farm. Authentication instead depends on a shared secret that is securely distributed to servers when they join the server farm. while other servers in the farm each hold a copy of the data store. The Management Service Master holds the master file. This secure communication channel employs the Generic Security Service Application Program Interface (GSS-API) to provide mutual authentication of servers. the server on which you create the farm becomes the Management Service Master. GSS-API is an industry-standard security framework defined by the Internet Engineering Task Force RFC 2743. When you make a configuration change to the server farm (for example. and the new server is given a copy of the farm’s data store. The Management Service Master is a server running MetaFrame Presentation Server for UNIX that has authoritative control of the farm. Authentication and data protection are performed by the Kerberos 5 GSS-API security mechanism (RFC 1964) in a way that avoids the need for an external Kerberos authentication server.Chapter 3 Introducing Server Farms 49 The Management Service Master When you create a new server farm. Communication between the various Management Services in the farm takes place over a secure communication channel.

and UDP packets directed to the ICA Master Browser to send server information updates and queries. • Communication Between Servers in a Farm Inter-server communication using the Secure Communication Channel occurs over TCP/IP on port number 2897. This communication consists of UDP broadcasts to locate or elect the ICA Master Browser for the local network or subnet. name the Diary application “DiaryA” in server farm A. If you must create multiple farms on one subnet. available applications. you must configure an ICA gateway to allow the servers to contact one another. This ensures that the Diary application is not load balanced over the two different farms and that users get consistent results. All servers must be able to resolve server names to IP addresses and IP addresses to server names. see “Configuring ICA Gateways” on page 159. Note For more information about configuring ICA gateways. For example. you must ensure that: • Clock settings on all servers in a farm are synchronized—You can set up a network time server to ensure that clock settings on all servers in a farm are synchronized. Name resolution between servers in a farm is consistent—You should ensure that all servers to be placed in a farm resolve the names of other servers in the farm consistently and vice versa.50 MetaFrame Presentation Server for UNIX Administrator’s Guide For secure communication between servers in a farm to function correctly. load. and “DiaryB” in server farm B. and disconnected sessions. Inter-server communication between ICA browsers occurs over UDP on port number 1604. This communication consists of administration commands and management information updates and queries. regardless of how they browse for applications. . If servers in a farm are on different subnets. The ICA Master Browser holds information on each server’s address. ensure that published applications have different names in the different farms. Multiple Farms and Subnet Considerations Citrix recommends that all servers in a farm are on one subnet.

ensure that you create the farm on an appropriate machine. MetaFrame Presentation Server for Windows) on a network by sharing master browser information. . To create a server farm. You can make applications published on MetaFrame Presentation Server for UNIX servers appear in the same location as applications published on MetaFrame Presentation Server for Windows farms. you use the Citrix XML Service with the multiple server farm functionality in the Web Interface. If you lose the passphrase. see the Web Interface for MetaFrame Administrator’s Guide. you will be unable to add servers to the farm. because the passphrase you specify when you create the farm will be required by administrators whenever they attempt to join servers to this farm.0 can become part of a UNIX server farm. The Citrix XML Service is included automatically when you install MetaFrame Presentation Server for UNIX. MetaFrame Presentation Server for UNIX will coexist with other servers running MetaFrame Presentation Server (for example. The Web Interface for MetaFrame Presentation Server is an application portal technology that lets you integrate and publish applications to a Web browser from any standard Web server. These sections describe how to create or join server farms manually using the ctxcreatefarm and ctxjoinfarm commands. For more information.0.Chapter 3 Introducing Server Farms 51 Integrating With Other Citrix Servers Cross-server administration between Windows and UNIX versions of MetaFrame Presentation Server is not possible. you are prompted for a passphrase. Citrix recommends that you choose a suitably strong passphrase. Similarly. Only servers running MetaFrame Presentation Server for UNIX Version 4. To do this. When you create a farm. you use the ctxcreatefarm command. Important You must remember this passphrase. You can create farms only on servers running MetaFrame Presentation Server for UNIX Version 4. Because the server that you create the farm on will become the Management Service Master. Creating a Server Farm When you install MetaFrame Presentation Server for UNIX using the installer script. you are prompted to create a server farm or join an existing farm during the installation process. only servers running MetaFrame Presentation Server for Windows can become part of a Windows server farm. in accordance with your company’s security policy.

To join a server farm 1. Confirm the passphrase. At the prompt for server name. type: ctxcreatefarm 3. type: ctxjoinfarm 3. type the passphrase specified when the farm was first created. the server is updated with a copy of the new farm’s configuration. At the prompt for farm name. At the prompt for farm name. 2. 5. MetaFrame Presentation Server communicates with the server farm and automatically joins the server to the farm. At a command prompt. For security. type the name you want to give the farm. you can join other servers to the farm using the ctxjoinfarm command. you need to know the passphrase specified for the farm when it was created. At the prompt for passphrase. type a passphrase. 2. before you can join a server to a farm. type the name of the farm you want the server to join. At a command prompt. At the prompt for passphrase. Log on to the server that you want to join to the farm as an administrator. Log on to the server that will become the Management Service Master as an administrator. . When you join a server to a farm. Joining a Server Farm After creating a server farm. 4. type the name or IP address of a server already in this farm. 4. Only servers running MetaFrame Presentation Server for UNIX Version 4.52 MetaFrame Presentation Server for UNIX Administrator’s Guide To create a server farm 1. Moving a Server to a Different Farm You can use the ctxjoinfarm command to move a server to a different farm.0 can join a server farm. 5.

type the name of the farm you want the server to join. Troubleshooting Joining a Server Farm If you experience problems attempting to join a server to a farm. confirm that you want to move the server to the new farm. If name resolution is not consistent. At the prompt for server name. type the passphrase specified when the farm was first created. see “Publishing an Application. and the server is updated with a copy of the new farm’s configuration. MetaFrame communicates with the server farm and automatically joins the server to the farm. check that: • Clock settings on all servers are synchronized—You can set up a network time server to ensure that clock settings on servers already in a farm and servers joining the farm are synchronized. the data store in the old farm is updated to reflect the removal of the server. At a command prompt. 4. However. At the prompt. new servers cannot join a farm. At the prompt for passphrase. any published applications that were on the server in the old farm are no longer available in the new farm. 2. or Desktop” on page 64. Name resolution between servers is consistent—You should ensure that all servers in a farm resolve the names of servers joining the farm consistently. To make these applications available in the new farm. 6.Chapter 3 Introducing Server Farms 53 When you move a server to a different farm. New servers cannot join the farm if clock settings are not synchronized. • . To move a server to a different farm 1. you must publish them using ctxappcfg publish. 5. type the name or IP address of a server already in this farm. For more information about publishing applications. Shell Script. Log on to the server that you want to move to a different farm as an administrator. type: ctxjoinfarm 3. At the prompt for farm name.

when you remove a server. type: ctxfarm -r [server-name] where server-name is the name of the server you want to remove from the farm. If you do not specify a server name. you must: 1. To remove a server from the farm 1. See “Removing a Server From a Farm” on page 54 for more information about removing servers. Only members of a server farm that are not the Management Service Master can be removed from a farm. 2. its copy of the farm data store is removed and published applications are no longer available from this server. At a command prompt. the local server is removed from the farm. A server can be removed from a farm even when this server is unavailable. any published applications available on this server are deleted. Renaming a Server You cannot rename a server using the ctxfarm command. See “Joining a Server Farm” on page 52 for more information. When a server is removed from a farm. Remove the server from the farm using the ctxfarm -r command. Rename the server then add the server to the farm again using the ctxjoinfarm command. If you want to rename a server. you log onto another server in the farm and remove the server. Note You cannot remove the Management Service Master from a farm. The remaining servers in the farm delete the information they hold about the removed server. 2.54 MetaFrame Presentation Server for UNIX Administrator’s Guide Removing a Server From a Farm You can remove a server from a farm using the ctxfarm -r command. You can also remove a server from a farm even when the Management Service Master is unavailable (for example. Note that you cannot remove the Management Service Master from a farm. Also. Log on to a server in the farm as an administrator. To do this. if the Management Service Master goes down). .

The list provides details of all the servers currently in a farm and also identifies the Management Service Master.Chapter 3 Introducing Server Farms 55 Identifying the Servers in a Farm You can identify the servers in a farm using the ctxfarm -l command. there is a new publish parameter in the ctxappcfg command (that replaces the add parameter) that allows you to publish and configure applications on any server in the farm. particularly for the new server farm feature. and ctxqsession to query servers in the farm. See the appropriate sections in this guide for more information about configuring and administering the server farm. At a command prompt. . For example. you may notice changes to some ctx commands. see the “Command Reference” on page 195. For example. type: ctxfarm -l What To Do Next After creating a server farm and joining servers to the farm. you can manage the farm using the various ctx commands. 2. Note If you used previous versions of MetaFrame for UNIX. Log on to a server in the farm as an administrator. For a full list of all the ctx commands available. you can use the ctxappcfg command to publish and configure applications on one or more servers in the farm. To identify the servers in a farm: 1.

.

. The guide is available on the MetaFrame Presentation Server for Windows product CD-ROM or on the Citrix Web site. The MetaFrame Access Suite Licensing Guide is designed to assist MetaFrame administrators with deploying. maintaining. Topics in this chapter include: • • • About MetaFrame Access Suite licensing How to license MetaFrame Presentation Server for UNIX Configuring communication with the license server Important Ensure you read this chapter and the MetaFrame Access Suite Licensing Guide before you install MetaFrame Presentation Server for UNIX Version 4.CHAPTER 4 Licensing MetaFrame Presentation Server for UNIX Overview This chapter introduces MetaFrame Access Suite licensing and explains how to license MetaFrame Presentation Server for UNIX.0. and using MetaFrame Access Suite licensing.

The start-up grace period lets you use these products until you download license files. and an electronic backup of all licenses is stored on the Citrix Web site. and create reports for analyzing trends in license usage. will continue to function for backwards compatibility. . Coexisting with Earlier Citrix Licensing The previous Citrix licensing method. The MetaFrame administrator can use the product indefinitely. MetaFrame Access Suite Licensing offers many benefits. License files are downloaded from the Citrix Web site and stored on the license server. This means that you use a license server and a user interface for managing licenses. the start-up grace period licenses two users to use the product for 96 hours after installation.0 uses the new. meaningful results will be displayed only for servers running versions prior to Version 4. MetaFrame Access Suite products that employ MetaFrame Access Suite licensing have a start-up grace period. upgrade licenses are also not applicable. you require MetaFrame Presentation Server Enterprise edition licenses. simplified MetaFrame Access Suite Licensing method. provided the products point to a license server. that relate to the previous Citrix licensing method.0.0 and earlier versions will coexist on a network. including the ability to centrally manage and monitor license usage.0 servers and servers running earlier versions of MetaFrame for UNIX. is no longer supported in MetaFrame Presentation Server for UNIX Version 4. However. Enterprise edition licenses enable all the features available in MetaFrame Presentation Server for UNIX.0. Licenses can be shared across farms.0. servers running Version 4. For MetaFrame Presentation Server. in which base licenses and server extension licenses were installed on each product server. including load balancing and client drive mapping. known as the License Management Console.58 MetaFrame Presentation Server for UNIX Administrator’s Guide About MetaFrame Access Suite Licensing MetaFrame Presentation Server for UNIX Version 4.0 of MetaFrame for UNIX. access your licensing data remotely. however. Licenses cannot be shared between Version 4. Commands such as ctxqserver -license. Standard and Advanced edition licenses are not applicable to MetaFrame Presentation Server for UNIX Version 4. To license MetaFrame Presentation Server for UNIX Version 4.

It explains how to display and specify the license server location and port number using ctxlsdcfg. Copy the license files to your license server. you must complete the following tasks: 1. 2. the installer script configures communication with the license server for you. see “Deploying MetaFrame Presentation Server for UNIX” on page 23. This is described in the following section. configure communication between servers running MetaFrame Presentation Server for UNIX and the Windows licensing server using ctxlsdcfg. however. Configuring Communication with the License Server This section discusses how to configure MetaFrame Presentation Server for UNIX to use MetaFrame Access Suite licensing. Note These tasks are described in detail in the MetaFrame Access Suite Licensing Guide. Citrix recommends that you read this guide before installing MetaFrame Presentation Server for UNIX. However. you may need to edit these settings after installation. Typically.mycitrix. if you use the installer script to install MetaFrame Presentation Server for UNIX. 3. these communication settings are specified during MetaFrame Presentation Server for UNIX installation. Install the license server and the License Management Console on a Windows machine. for example: • • • • • • If you decide to install the license server software after you install MetaFrame Presentation Server If you do not use the installer script to install MetaFrame Presentation Server If you rename your license server If you transfer the licenses for a server farm to another license server If you change the port your license server uses If you change a server farm so that it points to another license server . The licensing components and the License Management Console are available on the MetaFrame Presentation Server CD. 4. If necessary. For information about how to do this. 5. Connect to http://www.com to download your license files. Deploy MetaFrame Presentation Server for UNIX. Sometimes.Chapter 4 Licensing MetaFrame Presentation Server for UNIX 59 Licensing MetaFrame Presentation Server for UNIX: An Overview To deploy and license MetaFrame Presentation Server for UNIX.

4. type port port-number where port-number is the port number of the license server. The settings you specify are propagated automatically throughout the server farm. 2. At the License Config prompt. type server server-name where server-name is the name of the license server. 4. At a command prompt. Log on to the server as an administrator. 5. type exit. type exit. The current license server name and port number are displayed. type ctxlsdcfg. type ctxlsdcfg. type list. The following prompt appears: License Config> 3. By default the port number is 27000. The following prompt appears: License Config> 3. At a command prompt. At the License Config prompt. . At the License Config prompt. At the prompt to save your changes. Log on to the server as an administrator. type y (or yes). To change license server settings for a farm 1. so you need to run this command on only one server in the farm.60 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxlsdcfg is a farm-wide setting. To display license server settings for a farm 1. At the License Config prompt: • • To specify the license server name. To specify the license server port number. 2.

desktops.CHAPTER 5 Publishing Applications and Desktops Overview This chapter describes how to provide access to applications for MetaFrame Presentation Server Client users. and UNIX command lines Publishing applications on UNIX servers of different architecture Displaying published application details Maintaining published applications Configuring an initial program Publishing preconfigured applications for anonymous use . Topics in this chapter include: • • • • • • • An introduction to application publishing Publishing applications. shell scripts.

Published applications: • • • Give client users easy access to applications running on servers Increase your control over application deployment Shield users from the complexities of the UNIX environment hosting the ICA session The ctxappcfg command is the main tool for publishing applications. Administrative Control When you publish applications. This also allows administrators to change the server(s) on which applications are deployed. Connecting to applications by name eliminates the need for users to remember which servers contain which applications. Why Publish Applications? The main reasons for publishing applications are the ease of user access. A disabled application can be quickly enabled at a later stage. Load balancing. user access to those applications is greatly simplified in the following areas: • Addressing. • Enabling and disabling applications. a published application is an application that appears similar to an application running locally on the client device. You can publish any application that can run on the UNIX workstation or server on which MetaFrame Presentation Server is installed. Application publishing lets you direct client connection requests to the least busy server in a group of servers configured to run an application. This allows you to temporarily stop users from connecting to published applications. the degree of administrative control. you get greater administrative control over application deployment.62 MetaFrame Presentation Server for UNIX Administrator’s Guide About Published Applications To a client user. Instead of connecting to a server by its IP address or server name. client users can connect to a specific application or desktop by whatever name you give it. • User Access When you publish applications. You can disable published applications without having to delete their configuration. and without users being aware of the change. without reconfiguring clients. and the efficient use of resources. .

the server selects an available account from a pool of anonymous user accounts and assigns this to the user. Users are logged off after a broken connection or timeout. and no information in the home directory is retained when they log off. Publishing Applications for Anonymous Use Publishing applications for anonymous use allows you to provide “guest” user access to an application. published applications present the user with only the desired application in an ICA session. For more efficient use of server resources. Publishing Applications for Explicit Use Explicit users have their own user accounts. For information about how to change or maintain anonymous user accounts. user-specific files. or other resources created or configured by the user are discarded at the end of the ICA session. When a user starts an application published for anonymous use. the session is terminated. If the session is idle (that is. you have to specify whether the application is for anonymous or explicit use.Chapter 5 Publishing Applications and Desktops 63 • Navigation of the server desktop. Publishing Applications for Explicit or Anonymous Use When you publish an application. Users do not have a persistent identity. Instead. use published applications rather than server desktops. when the users log on. Explicit users have a “permanent” existence—their desktop and security settings are retained between sessions and their files persist from one session to another. Any desktop settings. . Instead of requiring client users to have knowledge of the UNIX desktop to find and start applications after connecting to servers. no logon box appears and the user does not have to supply a user name or password. CDE is loaded for each connection. Efficient Use of Resources ICA connections to server desktops can consume considerable resources because. A temporary home directory is also assigned to users for use during the session. If you publish an application for use by explicit users. they supply their user name and password. if there is no user activity for a specified time period). by default. see “Configuring Anonymous Users” on page 136.

passwd and chsh) so that members of the ctxanon group cannot execute these tools. if a change is made to an anonymous user account.64 MetaFrame Presentation Server for UNIX Administrator’s Guide For information about setting up configuration files for applications published for anonymous use. See the MetaFrame Access Suite Licensing Guide for details. who can be logged on to the server at the same time depends upon your licensed user count. Note The total number of users. shell scripts. or Desktop This section explains how to publish applications (including Java and legacy applications). see “Publishing Preconfigured Applications for Anonymous Use” on page 85. users can change their shell or information from a logon shell. . You may also need to change the permissions on some command-line tools (for example. restrict /etc/shells so that it contains only the desired system shell. To prevent users from changing their shell. because no user name or password is required to access these applications and. whether anonymous or explicit. change the working directory. It also explains how to publish applications on UNIX servers of different architecture. Such changes persist even after the session is terminated—that is. therefore. little meaningful audit data can be obtained. and server desktops. Citrix recommends that you do not publish applications that will provide users with a command shell. and configure the server to accept published application parameters passed by the client. the next user of this account will pick up these changes. For example. you can partition the applications onto separate servers and tune the server security so that the server with anonymous applications is more tightly controlled than the server with explicit applications. Publishing an Application. If you need to publish applications for explicit use and applications for anonymous use that may present users with a command shell. because they may be able to access and affect the system in the same way as an explicit user. Shell Script. on HP-UX. Security Considerations Take care when choosing applications to publish anonymously.

The order in which you install the application and MetaFrame does not matter. A folder containing the application. At the App Config prompt. type publish. The command prompts you for the information required to publish the application. This information is required for applications accessed using the Web Interface. The command line required to run the application or script file. for example: /usr/bin/diary. The following prompt appears: App Config> 3. yes if the application is for anonymous use only. This directory must exist.bin. Note that ~/sub-dir is supported.Chapter 5 Publishing Applications and Desktops 65 Publishing an Application Use the ctxappcfg command to publish an application. To publish an application 1. Default No default Command line Working directory No default User’s home directory Anonymous [yes|no] No default Description Blank Folder Blank . Leave blank to specify the user’s home directory. Log on to the server as an administrator. The default working directory. Application installation is not part of the application publishing process. type ctxappcfg. The user selects this name when setting up an ICA connection to this published application. Before an application can be published. ~otheruser is not. An optional description that can be displayed on the user’s Web page. 2. At a command prompt. or no if it is for use by users with explicit accounts only. it can be published at any time. both MetaFrame Presentation Server and the application must be installed. You are prompted for each item of information you need to supply: At the prompt for Name Specify The name you want to use for the published application. The name does not need to be the same as the name of the executable file for a particular program. This information is required for applications accessed using the Web Interface. After an application is installed.

70%. Enter a blank line to complete the list. type exit. At the App Config prompt. The user names of users permitted to access this application. Specify type of window as seamless (the window size is controlled by the client) or fullscreen (full screen display). Choose from 16. 8bit. To specify all current servers in the farm. . Type one server name per line. 4bit. Default ICA icon 800 x 600 pixels Color Depth 256 colors Enable SSL security Controlled by default settings No default User name Group name No default Server name No default Note Increasing window size and color depth increases demand upon memory. it may not be possible to run as many concurrent sessions without increasing memory. or % (percentage) of a desktop. The names of user groups permitted to access this application. as memory consumption increases. Consequently. or no if you do not want to use SSL. 1024x768. Enter a blank line to complete the list. The window size and type of window. for example. For example. Enter a blank line to complete the list. and 24bit. 4. This information is required for applications accessed using the Web Interface. The number of colors used to display the application. An ICA connection configured to run at the same window size but at a color depth of 24bit True Color uses approximately 64MB of memory. type an asterisk (*). 256. 16bit. Specify window size as: widthxheight. yes to use SSL to secure connections to this application. This information is required for applications accessed using the Web Interface.66 MetaFrame Presentation Server for UNIX Administrator’s Guide At the prompt for Icon File Window Size Specify The icon file displayed against a published application in the Web Interface. Type one user name per line. Type one group name per line. an ICA connection configured to run at a color depth of 256 colors and window size of 4096 x 4096 uses approximately 16MB of memory just for the ICA session (additional memory is required for the applications). The names of servers in the farm that will publish this application. for example.

you leave the command line blank. . CDE is loaded for each connection. Publish a shell script if you want to publish an application that requires a particularly complex environment. by default. If you do not configure these display settings.Chapter 5 Publishing Applications and Desktops 67 The published application is automatically enabled. For more efficient use of server resources. Publishing a Shell Script You can also publish an application by writing a script file that sets up the application environment and then executes the application. default display settings are used. When you first publish an application. to indicate you are publishing a desktop. To publish a script file. see “Specifying Default Settings for Published Applications” on page 77. see “Changing the Settings of a Published Application” on page 74 for more details. Tip To publish an application for both explicit and anonymous use. publish it under different names—once for explicit use and once for anonymous use. Publishing a Desktop You publish a server desktop in the same way you publish an application. for example. To publish a shell script in a server farm. Note ICA connections to server desktops consume considerable server resources because. for more information. use published applications rather than server desktops. window size. if you need to set particular environment variables. You can now connect to the server from a client and set up a connection to this published application. and color depth. icon. You can change the default display settings for all published applications in the server farm. You can change the configuration of a published application at any time. However. using the ctxappcfg command. You then publish the shell script file as a published application. ensure the shell script is present on all the servers in the farm on which you want to publish it. using the ctxappcfg command. enter the path to and name of the script file at a command-line prompt. you can specify display settings for folder.

If the set of commands is complex. which you set to CITRIX_REMOTE_DISPLAY. For example. The script also uses the DISPLAY environment variable. You do this using the ctxappcfg command. to display on the server. Enclose the commands within double quotes. type: xterm -e <path> “commands” where commands is the set of commands required to launch the application.68 MetaFrame Presentation Server for UNIX Administrator’s Guide Publishing a Java Application You can publish Java applications on your server by writing a script file that you publish using the ctxappcfg command. you publish the script on the server running MetaFrame Presentation Server using the ctxappcfg command. you create a script file to run the application on the remote UNIX server. and the commands to launch the Java application. In the script file include any environment variables required to set up the application environment. include this in a script file and run the script file: xterm -e <path> script_file Publishing an Application on a UNIX Server of Different Architecture You can publish applications on UNIX servers that are of a different architecture to the server running MetaFrame Presentation Server. although the application exists and runs on a Linux server. Finally. Publishing a UNIX Command-Line Application You can publish applications that require use only of the command line. At a command prompt. . you may have a legacy application that you want to publish. This script uses the remote shell command to run the script on the remote server. Then you create a script file on the server running MetaFrame Presentation Server to set up the application environment and launch the application on the remote server. you can publish an application on a computer running MetaFrame Presentation Server for UNIX. For example. To do this.

sh containing: #!/bin/sh DISPLAY=$1 shift export DISPLAY cd /export/home/apps/diary /export/home/apps/diary/diary $* 3.Chapter 5 Publishing Applications and Desktops 69 Example The following example shows how to publish an application that runs on a Linux server. create a script file /usr/local/bin/rundiary. 2. Install Diary on Mandix. the server running MetaFrame Presentation Server is called “Buffy”. In this example. the Linux server is called “Mandix” and the application is called “Diary”. . by testing locally on Mandix. Create a script file on Mandix that will run Diary on Mandix. Step 1—Create a script file on Mandix 1. Make sure that the script file works. For example.

Make sure that the script file works on Buffy. ~/group.sh on Mandix. using a display on Buffy.cal is the parameter passed to the diary application on Mandix.sh $DISPLAY ~/group.70 MetaFrame Presentation Server for UNIX Administrator’s Guide Step 2—Create a script file on Buffy 1. Create a script file on Buffy that will set up the application environment and launch rundiary.sh containing: #!/bin/sh DISPLAY=$CITRIX_REMOTE_DISPLAY # allow everyone on Mandix to access this display xhost +mandix # launch app on the machine "Mandix" rsh Mandix "/usr/local/bin/rundiary.sh. the remote shell command is remsh. For example: ctxappcfg <<EOF publish MY_DIARY /export/home/apps/diary. Step 3—Publish the application on Buffy 1. Make sure you include blank lines where appropriate. create a script file /export/home/apps/diary.sh ~/data no My diary application Applications /tmp/icon1. Create a script file on Buffy that uses the ctxappcfg command to publish diary.xpm 800x600 16bit no user1 group1 group2 buffy EOF . 2.cal" Note On HP-UX. For example. by testing that it correctly launches the application on Mandix.

add the line: WorkDirectory=/home/docs . for the Editor application. you publish the application on the server in the usual way.Chapter 5 Publishing Applications and Desktops 71 2. see “Publishing an Application. To do this. find the name of the published application. Specifying a Working Directory for Published Applications By default.ini file and open it in an editor (such as Notepad). the application starts in the user’s home directory on the server running MetaFrame Presentation Server. and configure the client to pass a working directory parameter to the server. Step 2—Configure the client 1. However. In the lines relating to the published application. add a line for the working directory (if such a line does not exist already). create an ICA connection and name it “MyEditor. when a user connects to a published application. Shell Script. In the APPSRV. For example. contained within square brackets. For example. Publish Editor in the normal way using the ctxappcfg command.” 2. Test that the script file works by making an ICA connection to MY_DIARY. Locate the APPSRV. you can change the directory in which the application runs by specifying a working directory on the client. Install Editor on the server running MetaFrame Presentation Server. find: [MyEditor]. 2. 4. Example The following example shows how to configure the published application “Editor” to run in the working directory /home/docs. or Desktop” on page 64. Create an ICA connection to the Editor application in Citrix Program Neighborhood—for example.ini file. 3. for more information. this is the name you gave the application in Program Neighborhood. Step 1—Publish Editor on the server 1.

For example.72 MetaFrame Presentation Server for UNIX Administrator’s Guide Publishing an Application to Accept Parameters from the Client You can configure the server running MetaFrame Presentation Server to accept published application parameters passed by the client. you configure the client to pass parameters to the server.ini file and open it in an editor (such as Notepad). Edit this line with the file name to be opened.” The following shows how to configure the published application to automatically open this file when the user connects. In the APPSRV. using the published application “Word. For example. Step 1—Publish Word on the server 1. For example: InitialProgram=#”METAFRAMESERVER1” 5.doc . Create an ICA connection to the Word application in Citrix Program Neighborhood. contained within square brackets. 3. 2. and configure the server to accept and use the parameters passed by the client. Locate the APPSRV. find: [MyCV]. create an ICA connection and name it “MyCV.doc.ini file. To do this. for example. 4. Publish Word using the ctxappcfg command. if users regularly update a particular document. you can publish the application that they use to automatically open the document specified by the client device. For example: InitialProgram=#”METAFRAMESERVER1” /home/docs/MyCV. include “%*” where the parameters from the client are to be included. Example A user wants to regularly update her resume.bin %* Step 2—Configure the client 1. Install Word on the server running MetaFrame Presentation Server. This allows users to connect to a published application and automatically launch a particular file. In the lines relating to the published application. which is stored in: /home/docs/ MyCV. find the name of the published application—this is the name you gave the application in Program Neighborhood. At a command prompt.” 2. For example: /usr/bin/word. find the line for the initial program.

Because client parameters are interpreted by the shell. • • Displaying Published Application Details You can use ctxappcfg to display all the applications published on the local server or in the server farm.bin Working directory: ~/tmp Icon: Inherited from default application settings. This starts the program and displays the following prompt: App Config> 3. Anonymous: no Enabled: yes . 4. environment variables. At a command prompt. If no parameters are passed by the client or the syntax is incorrect (for example. and so on. type list. If you specify client parameters. 2. use the select command with the name. the server ignores the parameters and “%*” has no effect. for example: Name: Diary Command line: /usr/bin/diary.Chapter 5 Publishing Applications and Desktops 73 Notes • If there is no “%*” in the command line on the server. To find out more details about a particular published application. At a command prompt. you can use wildcards. seamless session sharing is switched off. the quotes are missing). To display details about the applications published 1. for example: App Config> select Diary This displays the details for the published application. This displays the names of the applications published on the server or in the server farm: App Config> list Name: “Accounts” Name: “Orders” Name: “Diary” Applications that are disabled have (disabled) displayed next to them. You can then use select to display details about a particular published application. type ctxappcfg. parameters from the client are ignored. Log on to the server as an administrator.

5. type exit. Then you use the set command to configure settings. Also explained is how to configure default settings for all published applications in the server farm. You can then use the select command again with the appropriate application name. These features are described later in this chapter. You can change the settings for published applications on the local server or in the server farm. and manage the servers that publish an application. you use the select command to select the application you want to change. First. such as the working directory or the application’s description. and manage the servers that publish applications. . you can also change the icon file displayed against a published application. Maintaining Published Applications This section explains how to change a published application’s settings. If you want to list information for a different application. To exit from ctxappcfg. The set command is described below. Changing the Settings of a Published Application After publishing an application. see “Command Reference” on page 195 for more information. To configure a published application 1. configure user access to published applications. 6. Log on to the server as an administrator. you can change its settings using the ctxappcfg command. SSL security configuration: Inherited from default application settings. type drop to deselect the current application. Note After selecting an application. Tip You can also display information about published applications on the network using the ctxqserver command. Color Depth: Inherited from default application settings. configure user access to applications.74 MetaFrame Presentation Server for UNIX Administrator’s Guide Description: Folder: Window Size: Inherited from default application settings.

Note that ~/sub-dir is supported. 6. folder={folder name}. type ctxappcfg. To change the configuration. Color Depth: Inherited from default application settings. This has the following syntax: set [cmd={cmd_line}. Anonymous: no Enabled: yes Description: Folder: Window Size: Inherited from default application settings. enabled={yes|no}. description={description}. dir={dir_name}. dir={dir_name}] Option cmd dir Description The command line required to run the application or script file.Chapter 5 Publishing Applications and Desktops 75 2. At a command prompt. for example. Select the published application you want to change. or no if it is for use by users with explicit accounts only. /usr/bin/diary. SSL security configuration: Inherited from default application settings. This starts the program and displays the following prompt: App Config> 3. [cmd={cmd_line}. Type yes if the application is for anonymous use only. ~otheruser is not. window_size={window size}. 4. for example: Name: Diary Command line: /usr/bin/diary. This directory must exist. Leave blank to specify the user’s home directory. color_depth={color depth}.bin. This displays the details for the published application. for example: App Config> select Diary 5.bin Working directory: ~/tmp Icon: Inherited from default application settings. anonymous={yes|no}. anonymous . type list to check the names of the applications published on the server or in the server farm. ssl_enabled={yes|no}] -ORset server={server_name}. use the set command. At a command prompt. The default working directory.

Type yes to enable a previously disabled application. use an image editor to resize it to the correct size. To change the settings on a particular server only. enclose it within quotes. 16bit. 70%. However. You can later view this file using a suitable tool. To save your changes. Specify type of window as seamless (the window size is controlled by the client) or fullscreen (full screen display). or 24bit. type save. If the description includes spaces. using ctxappcfg. description folder window_size color_depth ssl_enabled server 7. or no if you do not want to use SSL. for example. Displaying and Changing the Icon File You can find out which icon is currently displayed against a published application when the application is accessed using the Web Interface. The icon you specify must be: • • A graphic in . 8.xpm (X pixmap) format. for example. See “Enabling and Disabling Published Applications” on page 82 for more information. Use the export icon command to save the icon to a file. Specify 16.76 MetaFrame Presentation Server for UNIX Administrator’s Guide Option enabled Description Type no to disable an application—this stops users from connecting to the application without you having to delete its configuration. Specify window size as: widthxheight. Specifies whether or not SSL is used to secure connections to the application. 8bit. type exit. 4bit. Use the import icon command to specify a new icon for the published application. the ICA icon is displayed. specify a server name. you can specify another icon to use for a published application. By default. 256. . 1024x768. The name of a folder containing the program that the Web Interface displays. Type yes to use SSL. The number of colors used to display the application in the Web Interface. or % (percentage) of a desktop. The description displayed on the user’s Web page. To exit from ctxappcfg. 32 x 32 pixels. This information is required for applications accessed using the Web Interface. The widow size and type of window that the Web Interface displays. This option applies only to the command line and working directory. If your icon is larger than this.

To save your changes. You can configure: . This starts the program and displays the following prompt: App Config> 3. Type export icon import icon 6. To Export the current icon to a file that you can later view. This displays the details for the published application. type exit. You are prompted for the file name. Select the published application you want. for example. Color Depth: Inherited from default application settings. To exit from ctxappcfg.Chapter 5 Publishing Applications and Desktops 77 To display or change the icon used for a published application 1. Specify a different icon file for the published application. for example: Name: Diary Command line: /usr/bin/diary. You are prompted for the file name. App Config> select Diary 5. 4. Log on to the server as an administrator. type ctxappcfg. 7. At a command prompt. type list to check the names of the applications published on the server or in the server farm. At a command prompt. SSL security configuration: Inherited from default application settings. type save. Anonymous: no Enabled: yes Description: Folder: Window Size: Inherited from default application settings. 2. Specifying Default Settings for Published Applications You can configure default settings for all published applications in the server farm using the ctxappcfg command.bin Working directory: ~/tmp Icon: Inherited from default application settings.

window size. Specify type of window as seamless (the window size is controlled by the client) or fullscreen (full screen display). rather than all applications. type ctxappcfg. Log on to the server as an administrator. not applications accessed using a direct client connection where display settings are controlled by the client. 1024x768. These settings include folder name. At a command prompt. 70%. • Tip To change the settings for a particular application. Description: Folder: Window Size: 800x600 Color Depth: 256 colors SSL security enabled: no 4. for example. and color depth. The default settings appear. for example: App Config> default Icon: Not configured. use the set command. To change the default settings for all published applications 1. which can organize applications into logical folders. This is used by the Web Interface. for example. At a command prompt. The widow size and type of window that the Web Interface displays. This starts the program and displays the following prompt: App Config> 3. To change the default settings. window_size={window size}. window_size . or % (percentage) of a desktop. These settings affect only applications accessed using the Web Interface. see “Changing the Settings of a Published Application” on page 74. type default. 2. Specify window size as: widthxheight.78 MetaFrame Presentation Server for UNIX Administrator’s Guide • Default display settings for applications accessed using the Web Interface. color_depth={color depth}. which has the following syntax: set [folder={folder name}. SSL secure connections to applications.ssl_enabled={yes|no}] Option folder Description The name of a folder containing the published application.

You can also add users and groups who are allowed to access an application. 5. You can display the users and groups allowed to access a published application using the list users and list groups commands. Note You cannot display the default icon using ctxappcfg. To save your changes. and 24bit. To exit from ctxappcfg. or no if you do not want to use SSL. remove users.Chapter 5 Publishing Applications and Desktops 79 Option color_depth ssl_enabled Description The number of colors used to display the application. This starts the program and displays the following prompt: App Config> 3. To configure access to an application 1. add groups. At a command prompt. Choose from 16. type save. For each application. At a command prompt. Log on to the server as an administrator. however. 6. 2. Type yes to use SSL. 256. 8bit. type ctxappcfg. The Citrix XML Service for UNIX uses the same users and groups as the server running MetaFrame Presentation Server and the underlying UNIX operating system. and prevent access to an application using the add users. the Citrix XML Service stores a list of groups and users for whom the application is visible. type exit. For more information about the icon files you can use. . see “Displaying and Changing the Icon File” on page 76. Specifies whether or not SSL is used to secure connections to the application. you can use the export icon command to save the icon to a file that you can later view using a suitable tool. 16bit. and remove groups commands. Configuring User Access to Published Applications You can configure which users and groups of users can access a published application using the ctxappcfg command. 4bit. type list to check the names of the applications published on the server or in the server farm.

type exit. Type one user name per line. Enter a blank line to complete the list. If you want to completely remove a published application from all servers in the farm. Managing the Servers that Publish an Application You can display the servers in a farm that publish an application using ctxappcfg with the list servers command. This removes the application only from the servers you specify. To remove a published application from particular servers in the farm. Select the published application you want to display information about. you use the remove servers command. . To exit from ctxappcfg. To add users who are allowed to access the published application. Enter a blank line to complete the list. see “Deleting a Published Application from All Servers” on page 81. You can also publish an application on one or more servers in the farm using the add servers command. To add groups of users who are allowed to access the published application. 6. the application remains on other servers in the farm. Note Ensure the application is installed on a server before you attempt to publish it. Type one group per line. Enter a blank line to complete the list. After an application is installed. Type one user name per line. Enter a blank line to complete the list. Type one group per line. for example: App Config> select Diary This displays the details for the published application. for more information.80 MetaFrame Presentation Server for UNIX Administrator’s Guide 4. To Display the users who are allowed to access the published application. To prevent groups of users from accessing the published application. it can be published at any time. To prevent particular users from accessing the published application. Type list users list groups add users add groups remove users remove groups 5. Display the groups of users who are allowed to access the published application. use the delete command. type save. To save your changes.

and it can be quickly enabled at a later stage. This starts the program and displays the following prompt: App Config> 3. At a command prompt. To specify all current servers in the farm.Chapter 5 Publishing Applications and Desktops 81 To manage the servers that publish an application 1. type ctxappcfg. If you want to make the application available again. Enter a blank line to complete the list. Enter a blank line to complete the list. type list to check the names of the applications published on the server or in the server farm. See “Enabling and Disabling Published Applications” on page 82 for further information. Type one server name per line. Log on to the server as an administrator. disable the published application. republish it under its old name or with a new name. 4. for example. type exit. Type list servers add servers remove servers 5. To exit from ctxappcfg. Deleting a Published Application from All Servers Deleting a published application removes all published application configuration information from all servers in the farm. type an asterisk (*). Type one server name per line. 2. that application is no longer available to client users under the published application name (although it may be available as another published application or from a server desktop session). Select the published application you want to display information about. When you delete a published application. Disabling a published application does not delete its configuration. Tip To temporarily stop users from connecting to a published application. . To Display all servers in the farm that publish the application. At a command prompt. Publish the application on another server in the farm. App Config> select Diary This displays the details for the published application. Remove the published application from one or more servers in the farm.

Confirm the deletion by typing y. Type exit. Creating a New Published Application from Existing Details After you publish an application. 5.82 MetaFrame Presentation Server for UNIX Administrator’s Guide To delete a published application from the farm 1. App Config> select Diary 3. for example. Run ctxappcfg. 2. you can re-use the settings by copying the details to a new name. 2. To copy details to create a new published application 1. 4. Type delete. At a command prompt. Enabling and Disabling Published Applications You can disable a published application without having to delete its configuration. Select the published application you want to delete. To enable or disable a published application 1. When you disable a published application. or set it to yes to enable a previously disabled application. This starts the program and displays the following prompt: App Config> . Set the enabled option to no to disable an application. for example. to upgrade the application to a newer version or to apply patches. as described previously in “Changing the Settings of a Published Application” on page 74. Use the ctxappcfg utility with the set command. type ctxappcfg. type list to display the names of the applications published on the server. Note When you publish an application. This is useful when you want to temporarily stop users from connecting to a published application. it is enabled by default. At a command prompt. 2. A disabled application can be quickly enabled at a later stage. users are no longer able to see or connect to the disabled application on any of the servers in the farm. Log on to the server as an administrator.

Chapter 5 Publishing Applications and Desktops 83 3. 7. 9. type exit. App Config> select Diary 5. Change the details for the new published application using the set command. Log on to the server as an administrator. then deleting the original. type list to check the names of the applications published on the server. To delete the original published application settings. 6. At a command prompt. Select the published application you want to rename. type save to save the changes. Select the published application that has the details you want to copy. you can change its name by copying the settings to a new name. as described previously in “Changing the Settings of a Published Application” on page 74. Renaming a Published Application After you publish an application. for example. . At a command prompt. Type drop. 4. type ctxappcfg. See “Deleting a Published Application from All Servers” on page 81 for more details. At a command prompt. select the original application and use the delete command. 8. App Config> select Diary 5. 8. This displays the details for the published application. To rename a published application 1. Type copy and the new name for the published application at the prompt. Type drop. 2. To exit from ctxappcfg. type list to check the names of the applications published on the server. This starts the program and displays the following prompt: App Config> 3. Type copy and the new name for the published application at the prompt. 4. 7. 10. for example. This displays the details of the published application. When you are finished configuring the published application. 6.

Doing so prevents users from connecting to a server by name. 2. Configuring an Initial Program An initial program is an application that MetaFrame starts automatically when a user logs on. you must run ctxcfg -i PUBONLY at each server. At a command prompt: To Configure the server so that if an initial program is set on the client. it is used. To restrict connections to published applications only 1. Because connections to server desktops consume considerable server resources. or to the server desktop. If an initial program is configured on the server and client. To configure an initial program on the server 1. Configure the server to start the initial program progname whenever a user connects. 2. Use the command ctxcfg -i INHERIT ctxcfg -i prog=progname. List the current initial program details.wd=dir ctxcfg -i list . Closing the initial program does not terminate the ICA session. Log on to the server as an administrator. the initial program configured on the server is started when a user logs on. restricting users to published applications makes more efficient use of resources.84 MetaFrame Presentation Server for UNIX Administrator’s Guide Restricting Connections to Published Applications Only You can restrict users so that they can connect only to published applications on a server. where wd is the working directory. Can be set from a client device as part of the properties for a specific client connection. Initial programs: • • Can be set on the server by an administrator. Use the ctxcfg command to allow users to run only published applications: ctxcfg -i PUBONLY Note To restrict access on several servers. Log on to the server as an administrator.

5. 6. Configure the application so that it mirrors the settings you want to provide when an anonymous user logs on. you may want to set proxy server settings or clear the cache. “anontmpl”) in each of the files in /usr/anon/anontmpl. Edit the script file ctxanoninit. the application starts in its default configuration. an application such as a Web browser may use proxy settings. Some applications use configuration files that initialize settings when the application starts. This file is installed in the following directory: /opt/CTXSmf/lib /usr/lpp/CTXSmf/lib . To create configuration files for an application 1. For example. file paths. search for occurrences of the user name or folder name (in this example. a user configures these settings once.Chapter 5 Publishing Applications and Desktops 85 Publishing Preconfigured Applications for Anonymous Use When a user logs on to use an application that you published for anonymous use. the user is assigned an empty home directory. for a Web browser application such as Netscape. In normal use. For example. You can set up configuration files for applications that you publish for anonymous use. Log on as an administrator. 4. called “anontmpl”) with home directory set to /usr/anon/anontmpl. When the user logs off. and font and display settings. 9. 7. Log on to the server as this user and run the application you want to configure. Use this user account only to preconfigure applications for anonymous use. any files that the user creates in this directory are deleted. Create a user (for example. Make the template directory readable by everyone using: chmod -R a+rX 8.sh. You create these in a special template directory called /usr/anon/anontmpl. adjust the process and repeat until you are sure that the correct configuration is in use when the application starts. Using grep or a text editor. Start the application again and make sure that the application works as required. Exit the application. If the configuration files are not available. If not. When a user logs on. all files in the template directory are copied to the assigned home directory. 2. 3.

add lines to the end of ctxanoninit.86 MetaFrame Presentation Server for UNIX Administrator’s Guide 10. so add the following lines to the end of ctxanoninit.js .js rm . Publish the application for anonymous use. Note Use the environment variable $USER. 11.netscape/preferences. repeating the above steps as necessary.sh: sed –e “s.g” $ANON_TMPL_DIR/.js # add commands here to set the correct file permissions. . which is set automatically by /bin/sh.sh that use the sed command to substitute the user name and home directory.netscape/ preferences. Make sure that the application works by launching a session from a client.netscape/preferences. to determine the name to substitute.js > newprefs. a Netscape preferences file contains references to the home directory.$USER.anontmpl.js mv newprefs. For each file containing occurrences of “anontmpl” in the files in /usr/anon/anontmpl. For example.

disconnect. and Sessions Overview This chapter describes how to manage the users. Users. sessions. It includes how to: • • • • • • • • Display information about sessions and users Display information about the servers on the network Log off. and reconnect sessions Reset sessions in case of error Shadow ICA sessions Send messages to users on your server Display available client printers and print files from the command line or from applications Connect to a remote server from within an ICA session .CHAPTER 6 Managing Servers. and processes on a server running MetaFrame Presentation Server.

another server in the farm. it does not display idle sessions or sessions in the process of connecting. . or the entire server farm. It displays active. use the ctxquser command. and state. To display session details 1. for all the current sessions.88 MetaFrame Presentation Server for UNIX Administrator’s Guide Displaying Information about Users and Sessions You can display information about ICA connections to a server running MetaFrame Presentation Server. To Display sessions on the local server Display sessions on another server in the farm Display sessions on all the servers in the farm Type ctxqsession ctxqsession -s servername where servername is the name of the server you want to query ctxqsession -S 2. Run the ctxqsession command. session id. by user name. in order of user name. You can display information about connections to the local server. connected sessions only. A dialog box similar to the following appears: Tip For details about the information that is displayed. If you want information. see “About the Display” on page 90. This command displays information about sessions on a server. such as user name.

see “About the Display” on page 90. . Users. A dialog box similar to the following appears: Tip For details about the information that is displayed. Run the ctxquser command: To Display all user sessions on the local server Display a specific user session on the local server Display all user sessions on another server in the farm Display a specific user session on another server in the farm Display all user sessions on all the servers in the farm Display a specific user session on all the servers in the farm Type ctxquser ctxquser user username where username is the name of the user you want to query ctxquser -s servername where servername is the name of the server you want to query ctxquser -s servername user username where servername is the name of the server and username is the name of the user you want to query ctxquser -S ctxquser -S user username where username is the name of the user you want to query 2. by user name 1. and Sessions 89 To display session details.Chapter 6 Managing Servers.

wdica—indicates that the ICA protocol is being used. disc—indicates a disconnected session. For example. listen—indicates the session that is listening for new incoming connections. connq—indicates a brief session initialization phase that occurs before the logon prompt appears. where servername is the name of a server in the farm. Display SESSION Description This is in the format servername:id. active connection. shadow—indicates that the user of this session is shadowing another. The name of the client device. down—indicates a broken session.90 MetaFrame Presentation Server for UNIX Administrator’s Guide About the Display The ctxqsession and ctxquser commands display. and id is the session identifier. reset—indicates a session currently being reset. active—indicates an established. init—a brief session initialization phase. The user name. The time the user logged onto the system. The length of time since there was user activity on this session. server1:34 means session 34 running on server1. conn—indicates a session that is being connected. USERNAME STATE TYPE DEVICE IDLE TIME LOGON TIME . and during reconnect.

To display information about all servers on the subnet At a command prompt. An M next to the IP address indicates that the server is the master browser. type: ctxqserver To display information about a specific server At a command prompt. and the number of connections available. The remaining number of connections the server is capable of receiving. type ctxqserver and specify the server name: ctxqserver server-name About the Display The ctxqserver command displays: Display Server Transport Conns Free Total Network Address Description The server name. and Sessions 91 Displaying Information about Servers on the Network Use the ctxqserver (query server) command to display information about servers on the subnet. The current number of ICA connections on the server. . that is TCP/IP. transport protocol.Chapter 6 Managing Servers. The IP address of the server. The current number of ICA connections plus the number of free connections. The transport protocol. You can display information such as server name and network address. Users.

or about published applications and client sessions on the subnet. For information about the other options available with ctxqserver. • Ending a Session To end a session. You can log off or disconnect sessions on the local server or on other servers in the farm. • Disconnecting a session terminates the connection between the server and client. For more information about ctxqsession. However. and the user can later reconnect to the disconnected session. the user is not logged off and all running programs remain active. identify the session id of the connection session you want to forcibly log off. see the “Command Reference” on page 195. For more information. You can also use ctxqserver to send requests to servers. Logging off a session terminates the connection and all running programs.92 MetaFrame Presentation Server for UNIX Administrator’s Guide Notes • You can use ctxqserver to display information specific to servers running MetaFrame Presentation Server (such as ICA gateways). ctxqserver displays information only about this one subnet. 3. and the user cannot reconnect to the session. From the results of ctxqsession. • Logging Off from a Session Use the ctxlogoff command to log off from a session. Log on to the server as an administrator. At a command prompt. . you can use commands that either log off or disconnect the session. see “If a Server Uses Multiple NICs” on page 154. see “Displaying Information about Users and Sessions” on page 88. If the server has more than one network interface card (NIC) and you configured it so that the ICA browser listens on only one subnet. use ctxqsession to display sessions on the local server or in the farm. To log off another user’s session 1. 2. To log off from your own session Type ctxlogoff.

To disconnect another user’s session 1.0. server1:34 means session 34 running on server1. Session names are no longer supported.Chapter 6 Managing Servers. Log on to the server as an administrator. use ctxqsession to display sessions on the local server or in the farm. 4. see “Displaying Information about Users and Sessions” on page 88. From the results of ctxqsession. and Sessions 93 Note In MetaFrame Presentation Server for UNIX Version 4. For more information about ctxqsession. Disconnecting a Session Use the ctxdisconnect command to disconnect a session. Users. and id is the session identifier. Session names are no longer supported. At a command prompt: To Log off a session on the local server Log off a session on another server in the farm Use the command ctxlogoff id ctxlogoff servername::id where servername is the name of a server in the farm. 4. you must specify a session identifier. For example. At a command prompt: To Disconnect a session on the local server Disconnect a session on another server in the farm Use the command ctxdisconnect id ctxdisconnect servername:id where servername is the name of a server in the farm. server1:34 means session 34 running on server1. For example. To disconnect your own session Close the client or type ctxdisconnect at a command prompt. .0. At a command prompt. 3. you must specify a session identifier. and id is the session identifier. 2. Note In MetaFrame Presentation Server for UNIX Version 4. identify the session id of the session you want to disconnect.

type: ctxconnect id where id is the session id of the session to which you want to connect.94 MetaFrame Presentation Server for UNIX Administrator’s Guide If a user logs on to the server and there is a disconnected session on the server belonging to them. To connect to a disconnected session 1. identify the session id associated with the session to which you want to connect. the user is given a choice of whether to connect to the disconnected session or start a new session. to reconnect to a disconnected session on the local server. An administrator can connect to any user’s session. Note Your connected session must be capable of supporting the video resolution used by the disconnected session. the session is logged off. Note You cannot disconnect an anonymous user session because you cannot reconnect to the session when the identity of the user is unknown. from within an ICA session. At a command prompt. the operation fails. At a command prompt. If an anonymous session is disconnected. the user can reconnect to the disconnected session or start a new session. 3. If the session does not support the required video resolution. Once logged on. . from within an ICA session. A user can connect to a previously disconnected session by logging on again with the same user name. A disconnected session shows disc in the State field. Other users can connect only to their own sessions. Connecting to a Disconnected Session Use the ctxconnect command. 2. if there are disconnected sessions on the server. From the results of the ctxqsession command. The server disconnects your current session and connects you to the selected session. use ctxqsession to display current sessions on this server.

You can reset a session on the local server or another server in the farm. type ctxqsession to display sessions on the local server or in the farm.0. At a command prompt. Session names are no longer supported. Reconnecting to Load Balanced Sessions Published applications allow users to run applications or access a desktop session without knowing the name or address of a particular server. To reset a session 1.Chapter 6 Managing Servers. server1:34 means session 34 running on server1. 3. If the published application is located on a single server. see “Displaying Information about Users and Sessions” on page 88. 4. . If the published application is configured to run on multiple servers. users must be reconnected to the same server to reconnect to their session. For more information about ctxqsession. Log on to the server as an administrator. At a command prompt: To Reset a session on the local server Reset a session on another server in the farm Use the command ctxreset id ctxreset servername:id. where servername is the name of a server in the farm. The ICA browser can reconnect users to their previous session on the same server under certain conditions. Resetting a session may cause applications to close without saving data. Users. users can disconnect and reconnect to the same session. The system will attempt to terminate all processes running within that session. you must specify a session identifier. For example. Note In MetaFrame Presentation Server for UNIX Version 4. identify the session id you want to reset. and Sessions 95 Resetting a Session You can reset a session in the event of an error using the ctxreset command. 2. and id is the session identifier. From the results of ctxqsession.

Use the ctxshadow command to shadow another user’s session: ctxshadow {id | servername:id} [-v] [-h[[a][c][s]+]x] The ctxshadow command is a user command. Note If users frequently disconnect and reconnect their sessions rather than logging off. and interact with their sessions. using the keyboard and mouse. Shadowing a User’s Session You can monitor the actions of users. provided the shadowed user approves the shadowing. the number of sessions on a server farm may not be evenly distributed because users are reconnected to their previous sessions on the same servers. Therefore. At a command prompt. This is called shadowing. To start shadowing a session 1. see “Displaying Information about Users and Sessions” on page 88. 2. or you want to use an alternative combination to end shadowing. any user can shadow any other session. for example.96 MetaFrame Presentation Server for UNIX Administrator’s Guide For a user to reconnect to disconnected load balanced sessions: • • The user must disconnect gracefully from the server. See “Enabling or Disabling Shadowing” on page 112 for more information. use ctxqsession to display the current sessions on this server. . Disabling shadowing notification means that a user may be unaware that shadowing is occurring. and the session being shadowed is called the shadowed session. Note The following procedure assumes that you will use the CTRL and * (asterisk) hotkey combination to end shadowing. The person who issues the ctxshadow command is called the shadower. see “Ending Shadowing” on page 97. by using ctxdisconnect The user must reconnect from the same client device (using the same client name) Use ctxqsession to view a list that displays disconnected sessions. rather than a system administration command. Log on to an ICA session. If you cannot use this hotkey combination. and MetaFrame security permits the user to shadow.

. identify the session id of the user’s session that you want to shadow. Use the -v (verbose) argument to display more information during the shadow session initiation. As shadower. At a command prompt. and Sessions 97 3. To end the shadowing session Press the CTRL key and the * (asterisk) key of your keyboard’s numeric keypad. you cannot access the contents of the shadowed session’s clipboard—information in the clipboard belongs to the shadowed session. However. this information is available to the shadowed session for pasting. About Shadowing and the Clipboard The user of the shadowed session can use the clipboard to copy and paste between the client session and applications running locally.Chapter 6 Managing Servers. If the user does not respond to the notification message. for example: ctxshadow server1:5 -v The user is notified of the pending shadowing. if you copy information to the clipboard while shadowing. and is given the opportunity to allow or deny the shadowing (unless notification was disabled for shadowing using ctxcfg—see “Enabling or Disabling Shadowing” on page 112 for details). Session names are no longer supported. Users. Note In MetaFrame Presentation Server for UNIX Version 4. Ending Shadowing By default.0. 4. you can end shadowing using the CTRL and * (asterisk) hotkey combination. type ctxshadow and specify a session id. you must specify a session identifier. the shadow request times out and is terminated. From the results of the ctxqsession command. You cannot shadow a session on another server.

type: ctxshadow server1:5 -h a+q Note The hotkey combination is not case-sensitive. you can configure your own combination. Sending Messages to Users You can send a message to users using the ctxmsg command.) Choose from the alphanumeric characters: a to z (or A to Z) and 0 to 9. you could choose ALT + Q or ALT + q to stop shadowing. . Log on to an ICA session.98 MetaFrame Presentation Server for UNIX Administrator’s Guide Configuring a Different Hotkey to End Shadowing If you cannot use the default hotkey combination from the client device you are using or you prefer to use an alternative. including all or none. 4. The hotkey you configure applies only to the current shadowed session and therefore needs to be set up each time you shadow a session. and to specify a hotkey combination of ALT and q to stop shadowing the session. 3. 2. Example To begin shadowing. You do this using the ctxshadow command. s = SHIFT (Note: you can use any combination of a. Tip If a message includes spaces or any other characters that have a special meaning in your UNIX shell. enclose all the text in double quotes. identify the session id of the user’s session that you want to shadow. in the above example. At a command prompt. c and s. type: ctxshadow {id | servername:id} [-h [[a][c][s]+]x] where [a][c][s] and x is the hotkey combination you want to use to end shadowing—choose this combination from: [a][c][s] x a = ALT. A message can be sent to a particular session or to all sessions. To configure a different hotkey to end shadowing 1. type ctxqsession to display current sessions. therefore. From the results of ctxqsession. either on the local server or in the entire server farm. At a command prompt. c = CTRL.

Note In MetaFrame Presentation Server for UNIX Version 4. For example. Users. ctxmsg -a message ctxmsg -S message ctxmsg id message timeout Send a message to all sessions on a particular server. where id is the session identifier. Send a message to all sessions on the local server. Send a message that includes a time-out period. Note that a command prompt appears only when the user responds or the message times out. 3. identify a session id for the users and sessions you want to send a message to. you must specify a session identifier. and Sessions 99 To send a message to users 1. If you want to send a message to particular sessions. The message is displayed on the user’s screen until it times out or the user dismisses it. Send a message to a session on another server in the farm. 2. Use the command ctxmsg id message. Send a message that will suspend your terminal window until the message times out or is dismissed by the user.Chapter 6 Managing Servers. For more information about ctxquser. Send a message to all sessions on all servers in the farm. in seconds. server1:34 means session 34 running on server1. ctxmsg -s servername message. Log on to the server as an administrator. and id is the session identifier. Session names are no longer supported. From the results of ctxquser.0. At a command prompt: To Send a message to a session on the local server. ctxmsg -w id message timeout . see “Displaying Information about Users and Sessions” on page 88. ctxmsg servername:id message. where servername is the name of a server in the farm. use ctxquser to display the current sessions. where servername is the name of a server in the farm.

. the building is on fire” Tip To inform users that the server is about to shut down. raw unformatted text is generated. client printers are mapped and are available from the desktop command line and from applications running in the session. In the UNIX environment. The print driver is specified inside the application or. See “Stopping MetaFrame Presentation Server” on page 38. the application performs the print rendering. To display mapped client printers At a command prompt. Printing This section describes the information your clients need to know when they want to print. From a client session. It explains how users can list available client printers and print files from a command prompt or from applications. in the case of a desktop utility. users can list the mapped client printers or available printer ports.100 MetaFrame Presentation Server for UNIX Administrator’s Guide Examples ctxmsg ctxmsg ctxmsg ctxmsg ctxmsg 11 Hello server1:34 “Happy Birthday” 5 “Fancy lunch?” 30 -w server1:34 “Are you at your desk?” 60 -S “Get out. using the ctxprinters command. use the message option with the ctxshutdown command. Displaying Client Printers or Printer Ports When a client connects to a server. type: ctxprinters A list of printers configured on the client and mapped for use from the ICA session appears.

lpt1). type ctxprinters. If no files are specified. Each file is treated as a separate print job. From the results of ctxprinters. To print to a printer other than the default. 3. the ctxlpr command takes its input from standard input (stdin). Users. To print a file from a client session 1. identify the printer or printer port that you want to use. This is for information only. Printing from a Command Line Within an ICA session. users can print a file from the command line by using ctxlpr. and Sessions 101 (default) is displayed after the printer that is the default. At a command prompt: To Print the file named filename to the default printer. 2. This is for information only. This can be used in the ctxlpr -P command to specify a printer other than the default. Print a series of files to the default printer. At a command prompt. Printer driver name.Chapter 6 Managing Servers. Use the command ctxlpr filename ctxlpr filename filename . Printer connection description. The following information is shown for each printer: • • • Printer name or printer port (for example. note the printer name (the printer name is the first item in the ctxprinters listing). instead of lpr or lp.

use the following command: ctxlpr -P '\PRINTSRVR\Sales_HP4000' mydoc. . the server redirects the output to the mapped client printer. Print a file only if the printer is not in use. This is the printer name or printer port shown in the first column of the output from ctxprinters. For example. Often. ‘\’ has a special meaning so you may need to substitute ‘\’ for ‘\’.ps Printing from Applications The exact configuration of how to set up printing from applications depends on the behavior and user interface of the UNIX application.102 MetaFrame Presentation Server for UNIX Administrator’s Guide To Print a file to a printer (or printer port) other than the default. Use this option to stop an application waiting while other printer jobs are handled. If the printer is in use.ps If you are using a client that uses direct printer port mapping: ctxlpr -P lpt2 mydoc. Print a file in the background. you can also specify the command line modifiers on a different line.ps Note In some UNIX shells. If the user interface for an application allows you to specify the actual printer command to use when printing. For example: ctxlpr -P "\\PRINTSRVR\Sales_HP4000" mydoc. Use the command ctxlpr -P [Printername | Printerport] filename ctxlpr -b filename ctxlpr -n filename Examples To send the file mydoc. and so on. You can use the same switches for ctxlpr as when printing from the command line. When a user connects to the server and prints from the application in a session. an error message appears. you can configure client printing by replacing the lpr or lp command with the ctxlpr command. in this type of application.ps to the printer \PRINTSRVR\Sales_HP4000. -P with a printer name (or printer port) to print to a printer other than the default. -b for background printing.

Therefore. When you establish a remote session. To simplify the setting of $DISPLAY. create a script file called “unix2dos” that includes the following: #!/bin/sh perl -pe 's/\n$/\r\n/' "$@" Make the script file executable using chmod a+rx unix2dos. ensure your client printers support PostScript. keystrokes. find out whether or not the application (or window manager) uses a configuration file where you can replace the lpr command functionality with ctxlpr. To print a UNIX text file to a Windows printer. use Perl instead. and Sessions 103 Tip If the user interface of an application does not allow you to specify the actual printer command to use when printing. . For example. use the $CITRIX_REMOTE_DISPLAY environment variable. use a utility such as unix2dos. Connecting to a Remote Server from an ICA Session This section explains how to establish a connection to a remote server from within an ICA session. PCL (Printer Control Language) printers are not suitable. If text does not print out correctly. you must set the $DISPLAY environment variable in the remote session to ensure that graphics. such as PCL. type: perl -pe 's/\n$/\r\n/' printfile | ctxlpr Or. this may be due to carriage return / line feed differences between UNIX and DOS text files. You can now use the script file just like the unix2dos utility. Troubleshooting Printing Because UNIX applications generally produce only UNIX ASCII text or PostScript output. Users. If you do not have a PostScript printer. to print out a UNIX text file called “printfile” type: unix2dos printfile | ctxlpr ux2dos printfile | ctxlpr Alternatively. For example.Chapter 6 Managing Servers. and mouse clicks are sent back to your ICA session. install a utility such as Ghostscript to convert PostScript files to a different output format.

Establish a remote logon session to “Emily” using the rlogin command: rlogin emily 5. At a command prompt. For example.0 . type: setenv | grep CITRIX_REMOTE The system displays a value. type: setenv DISPLAY bagpuss:10. Open a terminal window and display the value of the $CITRIX_REMOTE_DISPLAY environment variable. bagpuss:10.0 3. 6. Establish an ICA connection to Bagpuss. if you are using a C shell.104 MetaFrame Presentation Server for UNIX Administrator’s Guide Example The following example shows how to establish a connection to the remote server “Emily” from within an ICA connection to the server “Bagpuss” and how to correctly set the value of the $DISPLAY variable using $CITRIX_REMOTE_DISPLAY. To connect to the remote server Emily from an ICA session 1. Enter your logon password. 4. Open a terminal window and set the value of the $DISPLAY environment variable to the value of $CITRIX_REMOTE_DISPLAY. 2. Make a note of the value of $CITRIX_REMOTE_DISPLAY. for example.

CHAPTER 7 Configuring MetaFrame Presentation Server Overview This chapter describes how to configure a server running MetaFrame Presentation Server for UNIX to provide the required resource access and session behavior for the client users of your network. Topics in this chapter include: • • • • Configuring the server Screensaver recommendations Customizing the appearance of a server Configuring X Server settings .

The combination of settings you use depends on how you intend to use your servers. To display the current logon settings 1. client users can configure and use their local printer to print from applications that are actually running on the server. • • • • • Note User access to commands and sessions is controlled by the ctxsecurity function. Whether or not to allow users to log on without a home directory. client users can copy and paste text between applications running on the client device and the remote applications running on the server. you can configure settings that include: • • • The number of ICA sessions you want to allow at this server. You can also use the ctxcfg tool on the server to configure settings that give you and client users flexibility and security when logging on. Whether or not to allow local clipboard mapping. See “Configuring MetaFrame Presentation Server Security” on page 140 for information. From the server. or configure the client so that their user name and password are saved as part of the properties for a particular connection. Whether or not to allow shadowing. Users can either type this information in the dialog box that appears when they connect to the server or published application. Whether or not to allow local printer mapping.106 MetaFrame Presentation Server for UNIX Administrator’s Guide Configuring the Server You can configure your server in different ways to control access to services for users connecting to the server. What happens to a session if the connection is broken or times out. The maximum permitted session duration. and how long to leave idle or disconnected sessions before timing out. If you enable printer mapping from the server. Mouse-click feedback. Log on to the server as an administrator. If you enable clipboard mapping from the server. . the users need to supply a user name and password (unless they are accessing an application published for anonymous use). Controlling Logon Settings When client users connect to a server.

Chapter 7 Configuring MetaFrame Presentation Server

107

2. At a command prompt, type:
ctxcfg -a list

This displays the current logon settings.

Note The list argument never displays passwords. To change the logon settings 1. Log on to the server as an administrator. 2. At a command prompt:
To Configure the server so that if logon details are set on the client, they are used. Configure the server so that a user logging on is always prompted for a password, regardless of any password set in the server or the client. Configure the server so that a user logging on is not prompted for a password. Set a default user name for all users who log on to the server. For example, you can use this to set up a guest user account. Set a password for all users who log on to the server. Type pass as a keyword; ctxcfg then displays a prompt where you can type in the password. Note that if you did not set up a user name, this setting is ignored. Erase any user name and password details that were set (using the user and pass options) and configure the server to use logon details set on the client. Use the command
ctxcfg -a INHERIT ctxcfg -a prompt=TRUE

ctxcfg -a prompt=FALSE ctxcfg -a user=name

ctxcfg -a pass

ctxcfg -a ERASE

108

MetaFrame Presentation Server for UNIX Administrator’s Guide

Configuring RSA SecurID Support
MetaFrame Presentation Server supports RSA SecurID Versions 4.2 and 5.0, allowing your users to log on to computers running MetaFrame Presentation Server using RSA SecurID authentication. Before you configure your servers for RSA SecurID support, ensure that you installed SecurID correctly. Citrix recommends that you test whether or not you can log on to your system using RSA SecurID before you attempt to use SecurID with MetaFrame Presentation Server. To configure RSA SecurID support on MetaFrame Presentation Server 1. Log on as root to the server. 2. Go to the directory where RSA SecurID is installed, and change to the prog directory below it. 3. Find the program files Xprompt (this file is called XPrompt in Version 4.2) and sdfindshell. 4. Copy the files into the /usr/sbin directory. Note that the copy of XPrompt must use this spelling, regardless of whether the original is spelled Xprompt or not. 5. Make the copy of XPrompt executable by using chmod +x.

Setting the Number of Permitted ICA Connections
You can specify a maximum number of concurrent ICA connections that a particular server will support. To check the current number of permitted connections 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -l list

This command displays the number of logons permitted, or displays UNLIMITED if no limit is set.

Chapter 7 Configuring MetaFrame Presentation Server

109

To change the number of permitted connections 1. Log on to the server as an administrator. 2. At a command prompt:
To set A maximum, where n is the number of concurrent connections you want to allow. No limit to the number of concurrent sessions you want to allow. Use the command
ctxcfg -l max=n ctxcfg -l max=UNLIMITED

Note The number of ICA connections that a server can support is also affected by Citrix Licensing—see the MetaFrame Access Suite Licensing Guide for more information.

Controlling Behavior for Disconnected or Broken Connections
A broken connection occurs when the communication link between the client and the server is interrupted; for example, as the result of a network failure. Use the ctxcfg tool with the -c option to control the behavior for broken or timed-out connections, and to specify reconnection options. To display the current configuration for broken and timed-out connections 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -c list

110

MetaFrame Presentation Server for UNIX Administrator’s Guide

To configure the settings for disconnected and broken connections 1. Log on to the server as an administrator. 2. At a command prompt:
To configure the server so that Broken connections are immediately reset. Broken connections are disconnected. A user is automatically logged off from a broken connection. A user can connect to a disconnected session from any client device. A user can connect to a disconnected session only from the original terminal. Use the command
ctxcfg -c broken=reset ctxcfg -c broken=disconnect ctxcfg -c broken=logoff ctxcfg -c reconnect=any ctxcfg -c reconnect=original

You can configure the system so that disconnected sessions are reset or logged off automatically after a time-out interval, or continue until a user (or an administrator) resets the session. See “Controlling Time-out Behavior” on page 114 for details about how to set a time-out interval for disconnected sessions.

Enabling or Disabling Printing for Users
Client printer mapping allows client users to use printers that are available on the client device from applications running on a server. Use the ctxcfg tool with the -p switch to enable or disable client printer mapping. To check if client printing is currently enabled or disabled 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -p list

To enable or disable client printing 1. Log on to the server as an administrator. 2. At a command prompt:
To Enable client printing. Disable client printing. Use the command
ctxcfg -p enable ctxcfg -p disable

Chapter 7 Configuring MetaFrame Presentation Server

111

Enabling or Disabling Clipboard Mapping
Users can copy text and graphics between server-based applications and applications running locally on the client device. Even if an application is running on the server, the clipboard behaves as if it is on the client device. Use the ctxcfg tool with the -C switch to enable or disable client clipboard mapping. To check if the client clipboard is currently enabled or disabled 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -C list

To enable or disable the client clipboard 1. Log on to the server as an administrator. 2. At a command prompt:
To Enable client clipboard mapping. Disable client clipboard mapping. Use the command
ctxcfg -C enable ctxcfg -C disable

Providing Additional Graphics Clipboard Support
MetaFrame Presentation Server for UNIX provides users with the ctxgrab tool that lets them grab windows or screen areas and copy them from an application in a client window to an application running on the local client device. By default, ctxgrab is available to users connecting to published applications through the ctxwm window manager as follows: • In a seamless window, right click the button in the top, left hand corner of the screen to display a menu and choose the Screen Grab option.

112

MetaFrame Presentation Server for UNIX Administrator’s Guide

In a “full screen” window, right click to display the ctxwm menu and choose the Screen Grab option.

Users connecting to a server desktop can run the tool by typing ctxgrab at a command prompt. If you have users who require more extensive graphics clipboard support, you can deploy the ctxcapture tool. With ctxcapture users can: • Grab dialogs or screen areas and copy them between an application in a client window and an application running on the local client device, including nonICCCM-compliant applications. Copy graphics between the client and the X graphics manipulation utility XV. XV is a Shareware utility that is available for download from the Internet.

Providing Users with ctxcapture
You do not have to do anything to make ctxcapture available to users connecting to a server desktop; it is available from a command prompt by typing ctxcapture. To make ctxcapture available to users who are connecting to published applications, you make it available from the ctxwm window manager. To do this, you edit the ctxwmgrab.sh script to make ctxcapture, rather than ctxgrab, available. To make ctxcapture available to users of published applications 1. Log on to the server as an administrator. 2. Open the ctxwmgrab.sh script. This is located in the: /opt/CTXSmf/lib directory /usr/lpp/CTXSmf/lib directory 3. Find the following line:
exec /opt/CTXSmf/bin/ctxgrab exec /usr/lpp/CTXSmf/bin/ctxgrab

4. Substitute ctxgrab with ctxcapture.

Enabling or Disabling Shadowing
Session shadowing allows you to monitor the display of another active session. Shadowing lets you see what users are doing and interact with their sessions, using the keyboard and mouse. You can shadow active sessions on the same server. Use the ctxcfg tool with the -s switch to configure shadowing.

To display the current shadowing settings for the server 1. At a command prompt. To change this. Use the command ctxcfg -s enable Use the command ctxcfg -s input=on ctxcfg -s input=off ctxcfg -s notify=on . any user can shadow any other session. type: ctxcfg -s list The shadowing configuration for the current server is displayed.Chapter 7 Configuring MetaFrame Presentation Server 113 Note By default. 2. By default. Log on to the server as an administrator. Log on to the server as an administrator. So that the shadowed user gets a notification message requesting confirmation that the shadowing can occur. To change the input and notify options So that the shadower can input keyboard and mouse actions to the shadowed session. 2. So that the shadower cannot input keyboard and mouse actions to the shadowed session. for example: To change the shadowing settings for the server 1. input is set to on and notify to on. At a command prompt: To enable shadowing So that sessions on the server can be shadowed. use MetaFrame security. see “Configuring MetaFrame Presentation Server Security” on page 140 for further information.

Use the command ctxcfg -s notify=off Use the command ctxcfg -s disable Important Disabling shadowing notification means that users might be shadowed by another user. To allow shadowing with notification and to allow the shadower to control the mouse and keyboard. The maximum duration that a disconnected session is retained (in minutes). the session is disconnected or terminated when the specified duration elapses. use the command: ctxcfg -s enable. Example You may want to set up shadowing to help you solve technical support issues. but be unaware that they are being shadowed. Disconnected sessions can be logged off when the specified duration elapses. the connection timer is disabled.input=on. If NONE is specified. the disconnection timer is disabled. To disable shadowing So that sessions on the server cannot be shadowed. The time-outs are: Connection The maximum connection duration (in minutes). the session is reset. If a disconnection duration is specified. the disconnected session is reset unless the Disconnection time-out is also set to NONE. These settings specify time-out intervals in minutes or seconds. and idle ICA sessions. If log off fails. The system administrator can show the user how to complete a task by shadowing the user’s session. If a connection duration is specified. Controlling Time-out Behavior You can use the ctxcfg tool with the -t switch to specify time-out intervals for connected. sessions in the disconnected state are either terminated or logged off when the specified duration elapses. disconnected.114 MetaFrame Presentation Server for UNIX Administrator’s Guide To enable shadowing So that the shadowed user does not get a notification message. Disconnection Log off . If NONE is specified. If NONE is specified. You must also set the Disconnection time-out for this to take effect. Some countries require by law that users be notified before shadowing occurs.notify=on See “Shadowing a User’s Session” on page 96 for information about shadowing sessions.

the keyword NONE shows that sessions will not be timed out. If a client check time-out is set. . the session is disconnected or reset when the specified interval elapses without any activity on the connection. This is useful. prior to the user logging on or reconnecting (in minutes). If NONE is specified. if network problems result in sessions becoming stuck in the “conn” state. Authentication Client check Client response To display the current time-out intervals 1. To specify whether sessions are disconnected or reset. The maximum period of time before the server checks that a client is still connected and responsive (in seconds). If a time-out interval is configured. The maximum period of time before the server disconnects sessions associated with unresponsive clients (in seconds).Chapter 7 Configuring MetaFrame Presentation Server 115 Idle The maximum idle time (time without user activity) allowed before the session is disconnected or reset (in minutes). At a command prompt. the server disconnects all sessions associated with unresponsive clients when the specified interval elapses. see “Controlling Behavior for Disconnected or Broken Connections” on page 109. the session is reset. If no time-out interval is configured. If NONE is specified. type: ctxcfg -t list The current time-out value for each setting is displayed. using this setting means you do not have to reset these sessions manually. for example. NOTE: You must configure both client check and client response options if you want sessions to be disconnected automatically. Clients must respond to the server’s ping during the specified time period to prevent sessions being disconnected automatically. If NONE is specified. the server sends a ping to unresponsive clients when t he specified interval elapses. To specify an idle time-out period for anonymous users. see “Configuring Anonymous Users” on page 136. the value is shown in minutes. 2. If an idle duration is specified. If a client response timeout is set. the client response timer is disabled. the idle timer is disabled. NOTE: You must configure both client check and client response options if you want sessions to be disconnected automatically. Log on to the server as an administrator. When the specified duration elapses. the client check timer is disabled. The maximum duration that a session in the connected state exists on the server.

116

MetaFrame Presentation Server for UNIX Administrator’s Guide

To change the time-out intervals 1. Log on to the server as an administrator. 2. At a command prompt:
To set A connection time-out (in minutes). All connections are terminated after this period. No connection time-out. All sessions continue until the user disconnects or logs off. A disconnection time-out (in minutes). Disconnected sessions are reset after this period unless you specified that they be logged off (see below). No disconnection time-out. Disconnected sessions remain until reset by a user or an administrator. A disconnection time-out (in minutes). Disconnected sessions are logged off after this period. No logoff time-out. Disconnected sessions are reset unless the Disconnect time-out was also set to None. An idle time-out (in minutes). If no user activity is detected during this time, the connection is terminated. No idle time-out. All sessions continue until the user disconnects or logs off. Use the command
ctxcfg -t connect=num

ctxcfg -t connect=NONE

ctxcfg -t disconnect=num

ctxcfg -t disconnect=NONE

ctxcfg -t disclogoff=num

ctxcfg -t disclogoff=NONE

ctxcfg -t idle=num

ctxcfg -t idle=NONE

Chapter 7 Configuring MetaFrame Presentation Server

117

To set An authentication time-out (in minutes). If a session remains in the connected state after this period, the session is reset. No authentication time-out. A client check time-out (in seconds). If the server receives no traffic from the client during this period, it sends a ping to the client to check if the client is still responding. No client check time-out. A client response time-out (in seconds). If the server does not receive a response to the ping sent to the client during this period, the session is disconnected. No client response time-out.

Use the command
ctxcfg -t authentication=num

ctxcfg -t authentication=NONE ctxcfg -t clientcheck=num

ctxcfg -t clientcheck=NONE ctxcfg -t clientresponse=num

ctxcfg -t clientresponse=NONE

Note Only new sessions are affected by changes to the time-out intervals. ctxcfg -t has no effect on anonymous users—to specify an idle time-out period for anonymous users, see “Configuring Anonymous Users” on page 136.

Example
If you expect users to dial into the server, you may want to set the disconnect timeout to a suitable setting in case of a broken connection. Users can reconnect to their sessions during the time-out interval. To set the disconnection time-out to 15 minutes, type:
ctxcfg -t disconnect=15

Allowing Users to Log On without a Home Directory
By default, users whose home directories are unavailable cannot log on to the server. However, you can configure the server to allow users whose home directories are unavailable to log on. For example, you might do this if your users’ home directories are mounted on a network that is occasionally unreliable.

118

MetaFrame Presentation Server for UNIX Administrator’s Guide

If you allow users whose home directories are unavailable to log on, all explicit users (that is, users who have their own user accounts) can log on, regardless of whether their home directories are available or not. Anonymous user accounts are not affected by these changes, because anonymous users are never allowed to log on without a home directory. A temporary home directory is allocated to users in: /tmp/CTXSmf_uid where uid is a decimal number; for example, /tmp/CTXSmf_12345. If a user logs on and their home directory is unavailable, the following message is displayed: “Your home directory is unavailable. Logging you in with temporary home directory: /tmp/CTXSmf_uid.” Important You must make your users aware that /tmp/CTXSmf_uid is temporary and may be deleted at a later stage. Any changes and additions that users make in this directory must be applied to their normal home directory when this becomes available. In the unlikely event that there is a problem with the /tmp/CTXSmf_uid directory, the temporary home directory defaults to: / (the root directory). Note that some applications may not operate correctly when the home directory is / because users do not have write permissions. To allow users whose home directories are unavailable to log on 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -k lognohome=1

To prevent users from logging on without a home directory 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -k lognohome=0

Configuring Mouse-Click Feedback for High Latency Connections
With mouse-click feedback, when a user clicks the mouse, the client software changes the mouse pointer to an hourglass to show that the user’s input is being processed. Mouse-click feedback is enabled by default. Typically, you do not need to configure mouse-click feedback; however, for high latency connections, you may want to adjust this to improve your users’ interaction with the system.

Chapter 7 Configuring MetaFrame Presentation Server

119

You can configure the thresholds in which mouse-click feedback operates, or you can disable mouse-click feedback. To do this, you use the ctxcfg command with the -m option:
ctxcfg -m [enable|disable] [lowerthreshold=num] [upperthreshold=num] [list]

About the Thresholds
Mouse-click feedback is controlled by upper and lower threshold values, which are like switches that determine when mouse-click feedback is on or off. The thresholds are the network delay between client and server (that is, the latency) that triggers the display of the hourglass symbol. • • • Upper threshold—if the latency exceeds the upper threshold, the hourglass symbol is displayed. Lower threshold—if the latency falls below the lower threshold, the hourglass symbol is not displayed. Between the two thresholds—what happens between the upper and lower thresholds depends upon whether the latency is increasing or decreasing. If the latency was previously in the upper threshold but falls to between the two thresholds, the hourglass symbol is displayed until the latency drops below the lower threshold. If the latency was previously in the lower threshold but increases to between the two thresholds, the hourglass symbol is not displayed until the latency increases above the lower threshold. This controls the sensitivity of mouse-click feedback, and prevents the hourglass from flickering on and off as the latency fluctuates.

By default, the upper threshold is 500 milliseconds and the lower threshold is 150 milliseconds. The following diagram illustrates what happens between the default threshold values.

120

MetaFrame Presentation Server for UNIX Administrator’s Guide

To change the mouse-click feedback thresholds 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -m lowerthreshold=num,upperthreshold=num

where num is the threshold value in milliseconds. To disable mouse-click feedback 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -m disable

To display current mouse-click feedback settings 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -m list

Information similar to the following appears:
Mouse click feedback: enabled Lower threshold for mouse click feedback: 150 Upper threshold for mouse click feedback: 500

if desired. Displaying a List of the Current Configuration To display a list of the current ctxcfg settings 1. but easily restore your original settings. type: ctxcfg -g This generates a list of the current settings. the generated list contains the commands and settings for the current configuration using the ctxcfg command line syntax. Creating a Shell Script of the Current Configuration When you use the -g option with the ctxcfg command. 2.Chapter 7 Configuring MetaFrame Presentation Server 121 Generating and Using Server Configuration Details You can generate a list of the current ctxcfg settings for a particular server. You can also use a file as a temporary backup of the current configuration. You can redirect the output of this command to a file and use the file as a shell script to restore (or set) this configuration. Log on to the server as an administrator. Propagating Server Configuration to Multiple Servers You can use the output from ctxcfg -g if you want to configure a number of servers in the same way. If you send the output to a file. . allowing you to experiment with other settings. At a command prompt. you can use the file in a shell script to replicate identical configuration settings on other servers.

Tip You can use the rsh (remote shell) command to propagate the shell script on a remote server. rather than display a pattern. Citrix recommends you publish a script file that runs the xset s off command and then the application. On HP-UX. To switch the screensaver off in CDE. This causes the screen to go blank. 2. Note Although you can switch screensavers off by default. when the screensaver is activated. Screensaver Setting Recommendations ICA connections running graphical screensavers can consume considerable server resources. To switch screensavers on Although it is best to switch screensavers off. the remote shell command is remsh. choose the Screen option in the Style Manager and set Screen Blanker to off. so you need to enter this manually. for security reasons). In MetaFrame Presentation Server for UNIX Version 4. CDE may override this setting. if you prefer not to (for example. Complete the configuration of the first server. Therefore.122 MetaFrame Presentation Server for UNIX Administrator’s Guide To propagate the same configuration from one server to another 1. To switch screensavers on. piping the output of the command to a file. Note that ctxcfg -g does not generate the logon password. To switch screensavers off Run the xset command with the s option and off parameter: xset s off To ensure published applications are run in sessions with the appropriate screensaver settings. Generate a list of the server configuration using the ctxcfg command and the -g option. Log on to the next server as an administrator and run the file as a shell script. screensavers are switched off by default. run the xset command with the s option and blank parameter: xset s blank .0. Citrix recommends that you switch screensavers off. you can use the X server “prefer blanking” screensaver option.

write the security policy (see the Xserver man page for details about how to do this) and then change this option in ctxXtw. use the commands: xset s 60 xset s blank To display the current screensaver setting To display the current settings. configuring scripts.xpm (X pixmap) format. Note Information about the switches in ctxXtw. and remove the X font server from the font path. You can use this script file to customize the local environment for user sessions. The script ctxsession. Your MetaFrame installation includes script files that you can customize. .sh to point to the policy file. If you want to use a security policy.sh. run the xset command with the q option. The graphic you choose must be in .sh. xset q Customizing the Appearance of MetaFrame Presentation Server This section explains how to change the appearance of the MetaFrame Login screen and the window manager. and includes X server configuration settings such as the font path and the X security policy. By default.sh is contained in a file called ctxXtw. the MetaFrame X server does not use a security policy (for the X security extension). Customizing the Login Screen You can change the appearance of the Login screen by substituting the Citrix logo frame for a graphic of your choice.Chapter 7 Configuring MetaFrame Presentation Server 123 For example. to make the screen go blank after one minute. or setting environment variables for users.sh runs when the X server starts. It is disabled by the option -sp /dev/null in ctxXtw. such as defining the default window manager. These scripts are in the: /opt/CTXSmf/lib directory /usr/lpp/CTXSmf/lib directory The script ctxXtw.sh runs after a user logs on.readme.

. the image displayed is centered in the frame. The new graphic is displayed on the Login screen. for example: old_logo. only the 120 x 200 pixels in the center of the graphic are displayed.xpm 3. If you use a larger graphic.xpm The image that is displayed is limited to 120 x 200 pixels and 256 colors. If you use a smaller graphic./CTXSmf/data/C/ directory (see previous). By default. 2. Log on to the server as an administrator. the ctxwm window manager is loaded for all connections to published applications.sh you can configure the system to load a window manager other than CDE.. Changing the Window Manager Using ctxsession. Rename the current Citrix logo. Rename your new graphic to logo.124 MetaFrame Presentation Server for UNIX Administrator’s Guide The graphic used in the Login screen is located in: /opt/CTXSmf/data/C/logo. You can do this for every user who logs on to the server. You can change the window manager that MetaFrame Presentation Server loads for connections to server desktops and published applications running in “full screen” windows.xpm and move this to the appropriate . To display a different logo on the Login screen 1.xpm /usr/lpp/CTXmf/data/C/logo.xpm file. or for a particular user. .

ctx. create a file called . $HOME/. Changing the Window Manager for a Particular User Use the following procedure to load a new window manager for a particular user each time the user logs on. Log on to the server as an administrator. Install the new window manager.ctx. 2.sh.session. 3. Install the new window manager. 3.sh #fi 4. use the procedure described in “Changing the Window Manager for a Particular User” on page 125.sh script and locate the following lines: #if [ -f $HOME/. then # .Chapter 7 Configuring MetaFrame Presentation Server 125 Changing the Window Manager for Every User Use the following procedure to load a new window manager for every user who logs on to the server. 5. Log on to the server as an administrator. To do this. Remove the # character from the start of each line. In the user’s home directory. Change this line to: : ${CDE_WM="/path/window_manager"} where path is the location of the new window manager and window_manager is the name of the new window manager.ctx.sh ] . Note The window manager is not loaded for any initial programs that a user set on the client.session. To use a different window manager for a particular user 1.session. Open the ctxsession. so that these lines are no longer commented out. The new window manager is also loaded for any initial programs that the user set on the client. To use a different window manager for every user 1.sh script and locate the following line: : ${CDE_WM:="/usr/dt/bin/dtsession"} 4. . Open the ctxsession. 2.

and how to set it up.ctx. Add lines to load the new window manager and suppress the message that tells the user that the window manager is being loaded: DESKTOP_WM=”/path” DESKTOP_MESSAGE=”” where path is the location of the new window manager’s start file. Example The following example shows the lines required in the user’s .ctx.sh file to start the kde window manager: PATH=${PATH}:/usr/local/kde/bin DESKTOP_WM=”/usr/local/kde/bin/startkde” DESKTOP_MESSAGE=”” INITIAL_APPS_WM=”/usr/local/kde/bin/startkde” INITIAL_APPS_MESSAGE=”” The result is that every time a user logs on. the system runs it and the new window manager is loaded. If it finds this file. you can remove the X font server from the font path by editing the ctxsession.session.sh script. refer to the documentation provided with the X font server.ctx. If the file is not found. and suppress the message that tells the user that the window manager is being loaded: INITIAL_APPS_WM=”/path” INITIAL_APPS_MESSAGE=”” where path is the location of the new window manager’s start file. 8.sh file in the user’s home directory. the system checks for the . 7. add the new window manager’s bin directory to the path: PATH=${PATH}:/path where path is the location of the new window manager’s bin directory. or the user connects to a published application.126 MetaFrame Presentation Server for UNIX Administrator’s Guide 6. For information about the X font server. Changing the Font Path By default. However. Add lines to load the new window manager when an initial program is launched. In the .session.sh file. the font path contains the X font server. CDE is loaded. .session.

Removing the Font Server from the Font Path You can remove the font server from the font path by editing the ctxsession. 2. Typically. For example. Citrix recommends that you enable the font server to start automatically.sh script and locate the following line: USE_FONT_SERVER=1 3. that performance problems are unlikely to occur unless many short-term applications run on the server and make demands on the font server. that runs after a user logs on.sh script on the server. To remove the font server from the font path 1. Log on to the server as an administrator. checks whether or not the font path contains the X font server.sh script. that runs when the X server starts.sh adds it (provided the X font server is running). Set the USE_FONT_SERVER flag to zero: USE_FONT_SERVER=0 Configuring X Server Settings This section explains how to configure X server settings. such as TrueType fonts. Therefore. The ctxXtw. sets the default font path. A font server provides sessions with fonts and performs font conversion.sh script. . it is also useful for applications that have particular font requirements. The path that a session takes to search for fonts is determined by the font path. a font server is used to deploy a set of fonts across a network. Note. ctxsession. Open the ctxsession. Important MetaFrame Presentation Server does not start the font server. The ctxsession. such as how to switch on the backing store feature.Chapter 7 Configuring MetaFrame Presentation Server 127 About Font Servers and Font Paths An X Windows session can obtain the fonts that it requires locally or from a font server. you may want to remove the font server from the font path if the font server causes performance problems on the server running MetaFrame Presentation Server. however. and how to configure settings for particular fixes to take effect. If the font path does not contain the X font server.

Recommended settings are between 5ms and 100ms. Switching Backing Store On and Off To switch backing store on 1.You can do this by setting two parameters.sh which is a script file that runs when the X server starts. Setting the delay time to a lower value makes the session more responsive to graphics updates. To switch backing store off To switch backing store off. where necessary. Open the ctxXtw. Backing store caches the contents of the window displayed by an application and. Citrix recommends that you do not switch backing store on.sh.sh. Delete the -bs parameter from this line to turn backing store on. 2. An application may require backing store if the application appears to be running very slowly or users experience screen corruption problems. By default. . see “Customizing the Appearance of MetaFrame Presentation Server” on page 123 and the ctxXtw.sh script. unless you are deploying applications that require it. Configuring Backing Store You can switch on the backing store feature in the X server for applications that rely on this functionality. When Should Backing Store be Switched On? Only some applications require backing store to be switched on. For more information about ctxXtw. Log on to the server as an administrator.readme file. backing store is switched off. Both set a delay time in milliseconds. automatically repaints the window from the cache.128 MetaFrame Presentation Server for UNIX Administrator’s Guide To configure X server settings. reinstate the -bs parameter in the ctxXtw.sh script and locate the following line: XTW_OPTS=”-session $CITRIX_SESSION_ID -terminate -bs” 3. Because the use of backing store can increase the bandwidth between the server and the client. but may increase the bandwidth requirements for the connection. Interactive Performance Tuning MetaFrame Presentation Server lets you control the display of graphics in ICA sessions by allowing you to specify the length of delay for the buffering of graphics. you edit ctxXtw.

sh script and find the line that begins with XTW_OPTS 3. Open the ctxXtw. for example. To do this. you include the bindings file.alias file. For example: XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -notransfills -bs" Enabling the Left-Hand Keypad of SPARC Keyboards If you are using the CDE window manager. Fixing the Disappearing Text Cursor Problem To fix the disappearing text cursor problem. 2. If you do not require these fixes. edit the xmbind. Add the command line option -qandtdelay n. Log on to the server as an administrator. you can disregard this section. At a command prompt: To Set the delay time. you need to configure your server to enable the left-hand keypad of SPARC keyboards. Log on to the server as an administrator.sh. 2. XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -qandtdelay 10 -bs" Configuration Required for Fixes to Take Effect This section explains how to configure your server for particular fixes to take effect. find the line that begins with XTW_OPTS and add -notransfills. In ctxXtw. as follows: . and edit users’ logon scripts. include the -notransfills switch in ctxXtw.Chapter 7 Configuring MetaFrame Presentation Server 129 To control the outbuffer delay time 1. where n is the time in milliseconds List the current setting To reset the current setting to 100ms Use the command ctxcfg -o set=n ctxcfg -o list ctxcfg -o reset To control the buffer delay for Thinwire 2 graphics operations 1. This switch turns off the transparent fills optimization setting that can cause this problem with some clients and 256-color sessions.sh.

This switch forces the server to redraw the application from the server’s frame buffer. find the line that begins with XTW_OPTS and add -notranscursor.130 MetaFrame Presentation Server for UNIX Administrator’s Guide To enable the left-hand keypad of SPARC keyboards 1. With complex screen displays. include the -notranscursor switch in ctxXtw. you must edit your users’ logon scripts. 2. For example: XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -frameexpose -bs" . Copy the bindings file.alias file. as follows: If you are using a C shell. In ctxXtw. This switch stops the application from causing the X cursor to disappear. to the /usr/dt/lib/bindings directory.sh. To fix the disappearing X cursor problem. and you encounter screen refresh problems. included on the MetaFrame Presentation Server CDROM or in the download. find the line that begins with XTW_OPTS and add -frameexpose. this method is faster than allowing the application to redraw itself. This file contains server and bindings file mapping information. In ctxXtw. add the command: xmodmap -e "keysym F19 = SunFind" >& /dev/null If you are using a Bourne shell. The bindings file contains keyboard mapping information.sh. include the -frameexpose switch in ctxXtw. problems with the X cursor can occur over high-latency connections. Edit the /usr/dt/lib/bindings/xmbind. Include the following line in the list of mappings: "Citrix Systems Inc" citrix 3. Fixing the Disappearing X Cursor Problem In applications.sh.sh. you must also ensure that your users are running Version 6 (or later) of the MetaFrame Presentation Server Clients. For example: XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -notranscursor -bs" Fixing Screen Refresh Problems If an application has a complex graphical interface. add the command: xmodmap -e "keysym F19 = SunFind" 1>/dev/null 2>&1 Note For this fix to take effect. To activate the Find key on the SPARC keypad. such as Sunguard Forex. that hide the X cursor and use their own bitmap cursor.

objects may appear in unexpected colors until the new palette is sent.Chapter 7 Configuring MetaFrame Presentation Server 131 Cadence Applications For Cadence applications. The -noredrawpalette switch reduces the communication between the server and the client. For example. at first. This is because High Color and True Color sessions use TrueColor visuals. However. Color Depth Limitations Applications Requiring Writable Palettes Some X applications require writable palettes. known as PseudoColor visuals. for color or image manipulation. applications requiring PseudoColor visuals will not work in ICA sessions using High Color and True Color color depths. if the application changes colors that are not currently visible in the session. XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -frameexpose -palette 1500 -noredrawpalette" If this setting does not improve performance sufficiently. for more information about switching this on. Therefore. Use the -palette switch to filter out these unnecessary palette changes.5 seconds). This means that it can take longer for objects to be displayed properly and. Note A possible side-effect of including the -palette switch is that the sending of palette changes from server to client is delayed. use -palette 3500 instead: XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -frameexpose -palette 3500 -noredrawpalette" Tip Switching backing store on has also been found to be beneficial.0 supports only writable palettes in ICA sessions using a color depth of 256 colors. Other palette changes are sent to the client. . This is normal. but only after a delay of 1500 milliseconds (1. see “Configuring Backing Store” on page 128. you may see this effect when a splash screen is first displayed or when CDE first appears. in which colors are predefined and cannot be changed. you must also include the -palette and -noredrawpalette switches because Cadence uses palette animation that sends one palette change per second. MetaFrame Presentation Server 4.

causing screen corruption. If you require a high color resolution to run these applications. see “Publishing an Application” on page 65 for more information. not run in a 15-bit High Color connection. Some applications explicitly require a 16-bit display and will. If you attempt to use a seamless window in multi-monitor mode with another configuration. Limitations Using Seamless Windows If you use a seamless window.0 supports 15-bit High Color connections. refer to the application’s documentation. ensure that the ICA connection uses a color depth of 256 colors. the application may display an error message. regardless of the monitor on which the session is displayed. ICA sessions are maximized to fill the virtual desktop. the ICA session reverts to running a full-screen window that spans the virtual desktop.132 MetaFrame Presentation Server for UNIX Administrator’s Guide If users connect to applications that require PseudoColor visuals. or test the application on the server console or in a published desktop to ensure that it works. If you are using graphics card drivers that create a virtual desktop. on a dual-monitor system. Other applications that require a 16-bit display may attempt to run in a 15-bit connection and fail. Multi-Monitor Display Limitations The limitations of multi-monitor display depend upon whether users connect to applications running in multi-monitor mode using seamless or remote desktop windows. although some clients refer to High Color as 16-bit in the Window Color property settings. therefore. Applications Requiring 16-bit High Color MetaFrame Presentation Server for UNIX Version 4. For example. use the ctxappcfg tool with the Color Depth option. The color depth of an ICA session is limited by the lowest color depth in the display. if one graphics card is configured to display 256 colors and the other graphics card is configured to display 24-bit color. If a connection is made at a higher color depth. . to configure an application to use a color depth of 256 colors. In the Web Interface. To check if an application requires PseudoColor visuals. the primary monitor must be the left-most and topmost monitor. the ICA session color depth is limited to 256 colors. use a True Color (24-bit) connection instead.

dialog boxes. these elements are centered relative to the center of the virtual desktop. pop-up message boxes. and windows appear centered in the session window. and windows displayed by applications running in a seamless window may appear centered relative to the center of the entire desktop. . dialog boxes.Chapter 7 Configuring MetaFrame Presentation Server 133 Pop-up message boxes. Limitations Using Remote Desktop Windows If you use a remote desktop window. When using graphics card drivers that create a virtual desktop. regardless of how the ICA session window is displayed across multiple monitors.

.

CHAPTER 8 Advanced Topics Overview This chapter discusses advanced system administration topics. Topics discussed include: • • • • • • • • • Configuring anonymous user settings Configuring MetaFrame Presentation Server security Understanding and configuring the ICA browser Service Load balancing published applications Configuring ICA gateways Using ICA with network firewalls Configuring the TCP/IP port number Configuring the operating system for a large number of connections Configuring non-English language support .

2. however their properties can be displayed and modified using the ctxanoncfg command. the naming of the accounts. At a command prompt.136 MetaFrame Presentation Server for UNIX Administrator’s Guide Configuring Anonymous Users During installation. To display anonymous user settings 1. you can create a special user group called ctxanon on the server. run ctxanoncfg with the -l option to display anonymous user settings: ctxanoncfg -l . the anonymous user group name. Note You must be root to display and update anonymous user settings. Anonymous user accounts do not usually require further maintenance. together with 15 local anonymous user accounts. These accounts allow 15 users guest access to applications that you publish for anonymous use. Displaying Anonymous User Settings Use ctxanoncfg to display the current number of anonymous user accounts. Log on to the server as the root user. and the idle time-out period.

To create anonymous users 1. 3. Important You must stop MetaFrame Presentation Server on the server before you create anonymous users. At a command prompt. the names of the anonymous user accounts. Tip The ctxanoncfg command displays what it is doing at each stage. You can also use ctxanoncfg to specify a particular shell or assign user-ids to anonymous user accounts. To suppress the display of this information.Chapter 8 Advanced Topics 137 Configuring Anonymous User Settings You can use ctxanoncfg to change the number of anonymous user accounts. Examples To specify 20 anonymous user accounts. You can create any number of anonymous user accounts. type: ctxanoncfg -n 20 -q Changing the Number of Anonymous Users Use ctxanoncfg with the -n option to change the number of anonymous user accounts. Start MetaFrame Presentation Server—see “Starting and Stopping MetaFrame Presentation Server” on page 38 for instructions. use the ctxshutdown command to stop it—see “Stopping MetaFrame Presentation Server” on page 38 for further information. Ensure MetaFrame Presentation Server is not running on the server and log on as root. and the idle time-out period for anonymous user sessions. use ctxanoncfg with the -n option to specify the new number of anonymous user accounts you require: ctxanoncfg -n number where number is the new number of anonymous user accounts. For example. 2. but the number you can use simultaneously is limited by your licensed user count. If MetaFrame is running. use the -q (quiet) option with the ctxanoncfg command. together with any errors that may occur. type: ctxanoncfg -n 20 . Further options are available that allow you to change the naming of anonymous user accounts and the idle time-out period.

After stopping MetaFrame Presentation Server. -b cannot be used to change existing anonymous user accounts.” type: ctxanoncfg -n 25 -b guest Setting an Idle Time-Out Period Use ctxanoncfg with the -t option to specify the idle time-out period. unless they resume use of the session.. . in minutes.. a warning message informs the user that they will be logged off after five minutes. log on as root. where x is a number from 1 to 15. type: ctxanoncfg -n number -b name where number is the new number of anonymous user accounts. The default idle time-out period is 10 minutes. the ctxanon group contains 15 user accounts with names in the format anonx. type: ctxanoncfg -n 0 Changing the Naming of Anonymous User Accounts Use ctxanoncfg with the -b option to change how anonymous user accounts are named. At a command prompt.” “guest2” . User account names can have a maximum of 8 characters. and name is the new name of the accounts. To change how anonymous user accounts are named 1. To specify an idle time-out period 1. and minutes is the idle time-out period. If there is no user activity within this time. type: ctxanoncfg -n number -t minutes where number is the new number of anonymous user accounts. 2. log on as root. At a command prompt. After stopping MetaFrame Presentation Server. for anonymous user sessions. By default. Note You can use the -b option only when creating new anonymous user accounts.138 MetaFrame Presentation Server for UNIX Administrator’s Guide To delete all anonymous user accounts. Example To create 25 anonymous user accounts called “guest1. up to “guest 25. 2.

type: ctxanoncfg -n 25 -t 30 To alter only the time-out period to 20 minutes. and specify the first user-id in the range. you can assign specific user-ids to anonymous user accounts. the default system shell is assigned to these accounts. MetaFrame Presentation Server automatically assigns available user-ids to these accounts. After stopping MetaFrame Presentation Server. log on as root. type: ctxanoncfg -n number -s shell where number is the new number of anonymous user accounts. type: ctxanoncfg -n 25 -s /bin/csh Specifying User-Ids for Anonymous Users When anonymous user accounts are created. At a command prompt. To specify a particular shell 1. . After stopping MetaFrame Presentation Server. To assign specific user-ids 1. log on as root. However. 2. At a command prompt. and uidnumber is the first user-id you want to generate. However. type: ctxanoncfg -n number -u uid-number where number is the new number of anonymous user accounts. 2. Example To create 25 anonymous user accounts that use the C shell. type: ctxanoncfg -t 20 Specifying a Particular Shell for Anonymous Users When anonymous user accounts are created. using ctxanoncfg with the -s option. To do this.Chapter 8 Advanced Topics 139 Examples To create 25 anonymous user accounts with a time-out period of 30 minutes. and shell is the shell you want to assign to these accounts. you use ctxanoncfg with the -u option. you can specify a particular shell to use for anonymous user accounts. for example: /bin/sh.

delete the current anonymous user configuration. and shadow other sessions. To delete all anonymous user account configuration 1. send messages.036. NFS) file systems. create a symbolic link from /usr/anon to the desired file system. type: ctxanoncfg -clear For information about creating new anonymous user accounts. After stopping MetaFrame Presentation Server. When you install MetaFrame Presentation Server. users can log on. To create user home directories on another file system. Citrix recommends that you do not attempt to reconfigure these accounts to be NIS accounts.140 MetaFrame Presentation Server for UNIX Administrator’s Guide Example To create 10 anonymous user accounts with user-ids 10. type: ctxanoncfg -n 10 -u 10027 Troubleshooting Anonymous User Accounts If you experience problems with anonymous user accounts. default security settings automatically control user access to various commands. The -clear option removes all internal anonymous user account configuration. using ctxanoncfg with the -clear option. such as the home directories and entries in the password file. log on as root. with home directories in /usr/anon. but they are denied access to all other commands. see “Changing the Number of Anonymous Users” on page 137. and then create new anonymous user accounts. By default. or move the home directories for these users onto non-local (for example. See “Default Security Settings” on page 145 for information about which functions are allowed or denied. Anonymous User Accounts and NIS Domains All anonymous user accounts are created as local (non-NIS) accounts. . 2.027 to 10. and it tells you how to display and configure security settings. At a command prompt. It provides an overview of security. Configuring MetaFrame Presentation Server Security This section describes the MetaFrame Presentation Server security function that controls user access to commands and sessions.

However. For example. Deal with exceptions on an individual user basis. Provide groups of users with access to commands and sessions. Functions/commands Install and remove MetaFrame Presentation Server Start and stop server processes Configure the server Log on to the server Query who is on the server root user Yes Yes No ctxsecurity Yes ctxadm No Yes Yes Yes Yes Other users No No No ctxsecurity Yes . For example. you may want to prevent a particular user from being able to send messages to other users’ sessions. For example. Who Can Do What in MetaFrame Presentation Server The following table provides a brief summary of which users can do what in MetaFrame Presentation Server. Security controls the access rights of the root user and ordinary users (explicit and anonymous users).Chapter 8 Advanced Topics 141 Why Use MetaFrame Presentation Server Security? MetaFrame Presentation Server security lets you tighten or relax user access to commands and sessions. all users can shadow other users’ sessions. This means the ctxadm group is unaffected by MetaFrame Presentation Server security. by default. and reset other users’ sessions. and how the security checking process works. • Security Overview This overview explains which users are affected by security. With MetaFrame Presentation Server security you can: • • Change the default security settings. you may want to give the “helpdesk” user group the rights to connect. Which Users Are Affected by Security? MetaFrame Presentation Server security controls user access to specific commands and sessions. how security can be controlled at different levels. disconnect. which functions are secured. Only the functions indicated by “ctxsecurity” are controlled using security. but you may want to prevent this. security does not control administrator access to commands and sessions.

Controlling Security at Different Levels Security can be controlled at the: • • • User level—that is. Which users can use ctxconnect to connect to other users’ sessions.. The ctxsecurity command cannot be used to override the CONSOLE setting. Which users can use ctxreset to reset other users’ sessions. UNIX group level Global level—that is.. this may be due to the CONSOLE setting in the /etc/default/login file (the /etc/security/user file on AIX).142 MetaFrame Presentation Server for UNIX Administrator’s Guide Functions/commands Perform actions on others’ sessions. Which users can use ctxlogoff to log off other users’ sessions. that can be used to prevent root logging on at a terminal other than the one specified. such as shadowing or resetting sessions Perform actions on their own sessions Send messages root user ctxsecurity Yes ctxsecurity ctxadm Yes Yes Yes Other users ctxsecurity Yes ctxsecurity Note If root is unable to log on at the server. Which users can use ctxshadow to shadow other users’ sessions. Which Functions Can ctxsecurity Control? MetaFrame Presentation Server security controls access to specific functions called secured functions. The secured functions are shown in the following table: Secured function login sendmsg connect disconnect logoff reset shadow cdm Security determines. Which users can log onto the server running MetaFrame Presentation Server. Which users can use ctxmsg to send messages to other users’ sessions. UNIX user level Group level—that is. Which users can use ctxdisconnect to disconnect other users’ sessions. Which users can use client drive mapping to access their local drives. UNIX global level .

all users can send messages to other sessions. by default. MetaFrame Presentation Server checks whether or not the user has the rights to do so. If neither user nor group-level security exists. you need to understand how the security checking process works. It first checks the user security level.Chapter 8 Advanced Topics 143 A global security setting exists for every secured function. a final check is made at global security level. depending on the result. When a user attempts to run a secured function. However. you can also configure security for individual users. you can set up user-level security to deny access to ctxmsg You can set up group-level security for the Support group to allow members of this group to reset other users’ sessions using ctxreset If no user or group-level security exists. or for groups of users. For example: • • If you want to prevent a user from sending messages to other sessions. . the global security level determines user access rights. For example. The Security Checking Process To configure MetaFrame Presentation Server security or troubleshoot security. the group security level. security is automatically controlled at the global level for each secured function. then. When you install MetaFrame Presentation Server.

using the example of a user attempting to run the ctxshadow command: .144 MetaFrame Presentation Server for UNIX Administrator’s Guide The following diagram shows each step in the security checking process.

root cannot log on to the server from a client. if your super user has a different account name to “root” or multiple account names. The global setting acts as the default. All levels of security (user. type: ctxsecurity secured-function -l . when neither user-level nor group-level security exists. see “Changing the Global Security Settings” on page 146. Displaying Security Settings for a Function Use the -l (list) option with the ctxsecurity command to display security settings for a particular function. To display security settings for a function 1. and global) are displayed for the function. the global security setting can be thought of as the last line of defense. Log on to the server as an administrator. group. At a command prompt. You must specify the secured function for which you want to display settings. After installation. Because the primary function of security is to deny access to unauthorized users.Chapter 8 Advanced Topics 145 Default Security Settings A global security setting always exists for each secured function. the default settings are: Secured function Login Sendmsg (ctxmsg) Connect (ctxconnect) Disconnect (ctxdisconnect) Logoff (ctxlogoff) Reset (ctxreset) Shadow (ctxshadow) Cdm Default global setting Allow Allow Deny for anonymous users Deny Deny Deny Deny Allow Deny for anonymous users Allow Note By default. To change the default settings. 2. However. the super user can log on from a client.

you might want to allow a particular user access to a function that is denied at the global level. type: ctxsecurity shadow -l Security settings such as the following are displayed: global allow group users deny Configuring Security Settings You can use the ctxsecurity command to change the global security settings or to configure user. shadow or cdm. sendmsg. Log on to the server as an administrator. Log on to the server as an administrator. To configure security for a user 1. logoff. disconnect. sendmsg. For example. type: ctxsecurity secured-function -a allow|deny where secured-function is one of: login. To change a global security setting 1. Example To change the global security setting for the ctxshadow tool to deny. connect. . reset. shadow or cdm. connect. Example To display security settings for the ctxshadow function. type: ctxsecurity shadow -a deny Configuring Security for a User You can use the ctxsecurity command with the -u (user) option to configure security at the user level.and group-level security. 2. At a command prompt.146 MetaFrame Presentation Server for UNIX Administrator’s Guide where secured-function is one of: login. disconnect. logoff. reset. Changing the Global Security Settings You can use the ctxsecurity command with the -a (all) option to change the global security setting for a secured function.

disconnect. In effect. Log on to the server as an administrator. type: ctxsecurity reset -g support allow Using Inherit to Remove Settings You can use the inherit option with the ctxsecurity command to remove previously set security settings. To configure security for a group of users 1. type: ctxsecurity secured-function -g group-name allow|deny where secured-function is one of: login. shadow or cdm. Example To allow the user “fred” to use the ctxreset command to reset other users’ sessions. At a command prompt. For example. the Management group is allowed to shadow other sessions. 2. For example. the administrator can use inherit to reinstate the group’s security setting. This option is useful when you want to remove settings that are exceptional cases. you might want to allow a group of users access to a function that is denied at the global level. type: ctxsecurity reset -u fred allow Configuring Security for Groups of Users You can use the ctxsecurity command with the -g (group) option to configure security at the group level. reset. a member of this group. reset. disconnect. When it is later decided to allow Fred to shadow. logoff. is an exception and has been denied access to shadowing. connect. connect. sendmsg. At a command prompt. and picks up the security setting from group level. inherit removes Fred’s user-level security setting. Example To allow the group Support to use the ctxreset command to reset other users’ sessions. shadow or cdm. logoff. type: ctxsecurity secured-function -u user-name allow|deny where secured-function is one of: login. while a group can inherit settings from the global level. Users can inherit settings from the group or global level. Global security settings cannot inherit values.Chapter 8 Advanced Topics 147 2. sendmsg. . but the user Fred.

Fred inherits rights from the global level. MetaFrame Presentation Server checks which groups Fred belongs to. However. At a command prompt. sendmsg. reset. and whether any of these groups have a group-level security setting. Example 1: Locking Down Security After installation. Otherwise. type: ctxsecurity secured-function {-u user-name|-g group-name} inherit where secured-function is one of: login. The administrator uses security to provide the “helpdesk” user group access to the shadowing function: ctxsecurity shadow -g helpdesk allow . logoff. Fred is not permitted to shadow. the default security settings allow users to shadow other users’ sessions. Log on to the server as an administrator. shadow or cdm. If at least one group-level setting exists that allows shadowing. if at least one group-level setting exists that denies shadowing. type: ctxsecurity shadow -u fred inherit The result is that Fred inherits a security setting. Examples In the following examples. The administrator does this by changing the global security setting for the shadowing function: ctxsecurity shadow -a deny Example 2: Giving Rights to a Group of Users Security is configured so that users are prevented from shadowing other users’ sessions. Example To remove Fred’s user-level security setting for the ctxshadow command and reinstate the group’s security setting. connect. security is tightened and then used to provide a group of users access to a particular function. the “helpdesk” group needs to be able to shadow so they can help users with problems. Fred inherits the right to shadow. the administrator decides to tighten security to prevent this. If no grouplevel setting exists. However. 2.148 MetaFrame Presentation Server for UNIX Administrator’s Guide To inherit a security setting 1. disconnect.

Chapter 8 Advanced Topics 149 MetaFrame Presentation Server for UNIX and the ICA Browser Service The ICA browser maintains data on published applications and servers running MetaFrame Presentation Server. and client systems. The ICA browser consists of a master browser. you may want to ensure that a server running MetaFrame Presentation Server for UNIX in the network does not become the master browser. The master browser is a browser acting as a central information store. Controlling the Master Browser Every server runs the ICA browser service. Citrix clients query the browser service to obtain a list of published applications and servers running MetaFrame Presentation Server. The ICA browser uses directed packets to communicate with other ICA browser services running on servers. . if you have servers running MetaFrame Presentation Server for Windows in your network. The client queries the browser service for the network address of servers and published applications when a session is launched. a new master browser election is held automatically. In particular. you may want to manipulate the possibility of a particular machine becoming the master browser. The master browser keeps track of the following information: • • • The available servers The available published applications Performance and load information for servers The master browser for each network is chosen by a master browser election. In general use. the browser service is invisible to you and does not affect the continued operation of MetaFrame Presentation Server. member browsers. This provides high reliability for the browser service. This can affect the features available to users. all other servers running MetaFrame Presentation Server on the network are member browsers. One server running MetaFrame Presentation Server is elected the master browser. However. If the current master browser on a network is not responding. because: • Servers running different versions of MetaFrame Presentation Server provide different versions of the browser service when they are master browser.

MetaFrame Server for UNIX 1. If no master browser is running. The two main factors are: • The version of the server running MetaFrame Presentation Server. 2.0 and Release 1.1 (note that MetaFrame Server for UNIX Release 1. Log on to the server as an administrator. you can configure the settings of one or more dedicated machines in the network so that one of these machines is more likely to become the master browser. Locating the Current Master Browser You can use the ctxqserver command with the -master option to locate the server acting as the master browser. for example. you may want to make sure that machines that receive many connections are less likely to become the master browser.1 are treated the same) The master browser preference setting for each server • . Therefore. If necessary. At a command prompt.150 MetaFrame Presentation Server for UNIX Administrator’s Guide • The master browser service consumes more resources and may respond slowly if it is running on a heavily loaded machine. the error message “Error obtaining requested information” appears. To locate the master browser 1. type: ctxqserver -master The address of the master browser on the local subnet is displayed. Manipulating Master Browser Elections The browsers on a network subnet elect a master browser under any of the following conditions: • • • • The current master browser does not respond to another browser The current master browser does not respond to a client A server running MetaFrame Presentation Server is started Two master browsers are detected on the same network subnet A combination of factors affect the outcome of the election. for example during a browser election.

If you add a server with this default setting to a network that includes servers running MetaFrame Presentation Server for Windows in mixed mode that are also configured as unbiased in elections. as appropriate for the type of server. Tip You can force a master browser election using the ctxqserver -election command. it may become master browser if all the other servers are set to neutral. Introducing a New Server Introducing any type of server running MetaFrame Presentation Server into your network forces an election. the server running MetaFrame Presentation Server for UNIX will not become the master browser. • The default master browser preference setting for a server running MetaFrame Presentation Server for UNIX is neutral. Other factors. Biasing the Results of Elections If you do not mind which server becomes master browser Leave the master browser preference setting on each server to the default setting of neutral or no preference. a server running MetaFrame Presentation Server for Windows in mixed mode automatically has preference to become the master browser. that is. Always attempt to become master browser. Never attempt to become master browser. such as the length of time a server has been running and whether the server is also a Windows NT domain controller (not applicable to MetaFrame Presentation Server for UNIX). • Important It is the combination of settings for all servers on the network that decides the results of an election. can also affect an election result.Chapter 8 Advanced Topics 151 You set this preference using the ctxbrcfg tool for servers running MetaFrame Presentation Server for UNIX. unbiased. . Under these circumstances. For more information. A server running MetaFrame Presentation Server for UNIX could still win a master browser election with a server running MetaFrame Presentation Server for Windows if the master browser preference on the Windows server is set to never. Servers can be set to: neutral always never The default value of “no preference” behavior in elections. see “ctxqserver” on page 224. If you add a server running MetaFrame Presentation Server for UNIX to a network that includes only other such servers.

for details. Important Do not set the master browser preference on all servers in a network to be never because unpredictable election results will occur. See “Configuring the ICA Browser” on page 152 in this section for more detailed instructions. 2. Any changes you make using ctxbrcfg will cause a master browser election to take place. Configuring the ICA Browser The ICA browser maintains data about published applications and servers running MetaFrame Presentation Server. 2. Configure the master browser preference on the server you want to become master browser to be always. Note If the server running MetaFrame Presentation Server for UNIX has more than one network interface card and is connected on more than one subnet. using the ctxbrcfg command. Configure the master browser preference on the server that you do not want as the master browser to be never.152 MetaFrame Presentation Server for UNIX Administrator’s Guide If you want a particular server to be the master browser 1. Leave the master browser preference on the other servers that can become the master browser to be neutral or no preference as appropriate for the type of server. To control how the ICA browser behaves during browser elections 1. Log on to the server as an administrator. . see the MetaFrame Presentation Server Administrator’s Guide. You can display and change the browser settings on a server using the ctxbrcfg tool. For servers running MetaFrame Presentation Server for Windows. restrict the server to one subnet. If you want to stop a particular server from becoming the master browser 1. The changes you make using ctxbrcfg will cause a master browser election to occur. Do not set the other servers to be never—reserve this setting for a particular server that should never become master browser. see “If a Server Uses Multiple NICs” on page 154. Any changes you make using the ctxbrcfg command will cause a master browser election to occur. as appropriate for the type of server. Use the ctxbrcfg command for servers running MetaFrame Presentation Server for UNIX. Wait a few moments for the election to take place and then check the master browser status using the ctxmaster command. Leave the master browser preference on the other servers to be neutral or no preference.

2.” Use the command ctxbrcfg -m always ctxbrcfg -m never ctxbrcfg -m neutral The refresh period controls how often the browser on this server updates the master browser. If you stop the browser process on the master browser. Log on to the server as an administrator. although they will still be able to connect to the server desktop. A short refresh period makes the master browser data more accurate.Chapter 8 Advanced Topics 153 2. users cannot connect to published applications on this server. Configure the server so that it refrains from participating in an election. Use the command ctxbrcfg -r list ctxbrcfg -r set=num Note The default settings work for most installations. Note that the server can still become the master browser under some circumstances. but increases CPU and network load. a master browser election will occur among the other servers on the network. without having to stop and start all the MetaFrame Presentation Server processes. Starting and Stopping the ICA Browser You can start and stop the ICA browser process on a server. Configure the default behavior of “no preference. To view or change the refresh interval for the ICA browser service 1. If you stop the browser on a server. Change them only when you understand the implication of each setting. using the ctxsrv tool. At a command prompt: To Display the current refresh interval. At a command prompt: To Configure the server so that it always attempts to become the master browser in an election. The browser updates the master browser after the specified amount of time elapses. To start or stop the ICA browser using ctxsrv 1. . Set a period (in minutes) at which the local browser service will update the master browser. subject to the presence and actions of other browsers. Log on to the server as an administrator.

ccc. Log on to the server as an administrator. problems may occur if this server attempts to become master browser on a subnet.bbb. ctxsrv stop browser 4. type: ctxsrv {start|stop} browser If a Server Uses Multiple NICs If a server running MetaFrame Presentation Server has more than one network interface card (NIC) and is connected on more than one subnet. you must configure the server so that the browser communicates only with other browsers on a particular subnet or NIC. 4. type: ctxbrcfg -b unset 5. At a command prompt. To do this. it may assume it is also master browser on another subnet that already has a master browser. Log on to the server as an administrator. type: ctxbrcfg -b set=address where address is the IP address or subnet address you want to restrict the ICA browser to. Stop the browser by typing: 3. Stop the browser by typing: ctxsrv stop browser 3. .ddd format—for example.20. 10. At a command prompt. To prevent this from occurring. Restart the browser by typing: ctxsrv start browser To display current restrictions on an ICA browser 1. This means that you must bind the server to a particular subnet or NIC. At a command prompt. To restrict the ICA browser to a particular subnet or NIC 1. in aaa.154 MetaFrame Presentation Server for UNIX Administrator’s Guide 2.123. 2.123. 2. If the server becomes master browser on one subnet. Log on to the server as an administrator. you use the ctxbrcfg command with the -b option. Restart the browser by typing: ctxsrv start browser To remove a restriction on an ICA browser 1.

ddd” appears (where aaa. For more information about the master browser. the message “Browser bound to adapter address aaa. Troubleshooting Multiple NICs If you bind the server to a subnet. Instead. binding to all available adapters” appears. load balancing works in the normal way. The master browser then distributes connections among the servers.ccc. see “MetaFrame Presentation Server for UNIX and the ICA Browser Service” on page 149. However. based on server load. The Web Interface contacts the XML Service. Load Balancing Published Applications This section introduces load balancing and explains how to tune load balancing in your MetaFrame Presentation Server installation. When a published application or desktop is launched from a client. you can easily bring servers off-line for maintenance or add more servers for increased performance without affecting application availability. or the browser will not start and an error will be written to the system log. make sure that there is only one NIC on this subnet. the message “No address specified. regardless of how busy the server is. By configuring a pool of servers capable of running your users’ applications. taking load factors into account. Load balancing determines which servers are least busy and can best run an application. which in-turn contacts the master browser. . At a command prompt.ddd is the IP address or subnet address to which the ICA browser is restricted). If there are restrictions. MetaFrame Presentation Server automatically monitors the number of users connected to each server and sends new connections to the server that is least busy. bind to a specific NIC rather than the network.Chapter 8 Advanced Topics 155 2. The master browser keeps track of the load levels and the number of users connected on each server. if a user already has a disconnected session on a server. Load Balancing a Group of Servers By default. the disconnected session is reconnected. If you are deploying applications using the Web Interface. Load balancing also offers increased availability. type: ctxbrcfg -b list If there are no restrictions.ccc.bbb. the master browser selects which server will run the application or desktop session.bbb.

you can increase the load factor to ensure that this server receives more connections. However. Tuning Load Balancing Different types of servers—for example. 2. Note Load balancing works by identifying the names of published applications. Likewise. The load factor can be any number between 1 and 10000. type: ctxcfg -k loadfactor=num where num is a load factor value between 1 and 10000. Publish the application on each server.156 MetaFrame Presentation Server for UNIX Administrator’s Guide To load balance a group of servers 1. each server has a load factor of 100. if you have a server that is more powerful relative to the other servers in the group. At a command prompt. you can tune load balancing so that this is taken into account. Therefore. Connections are distributed among all the servers on which the application is published. To tune the load on each server 1. you use ctxcfg with the -k loadfactor option to adjust the load factor. Allow users to connect to the published application. 3. you can use ctxcfg with the -l option to control the number of connections permitted on each server. By default. make sure that the application you want to load balance over a group of servers is given the same name in ctxappcfg on each server. If you find that some servers become busier than others with evenly distributed connections. You can bias the distribution of connections to take into account the relative speed and power of a server. To do this. if you have a server that is less powerful. with different processor speeds or available memory—can accept a different number of connections before becoming busy. you can decrease the load factor to ensure that it receives fewer connections. Start the browser by typing: ctxsrv start browser Alternatively. Stop the browser by typing: ctxsrv stop browser 2. .

on the other servers.0. On the less powerful server. Count the active number of sessions on the server that is causing the problem. One server has a lower than average processor. 2. and you estimate that it can handle 50% more load than the other servers. This is due to a high number of users concurrently using the application (rather than that the application places a high demand on server resources. a server becomes overloaded. and you estimate that it can handle 25% less load than the others. At a command prompt type: ctxsrv stop browser ctxcfg -k loadfactor=75 ctxsrv start browser Example 3 A word-processing application is published on a number of servers. such as in the case of a CAD application). Example 1 There are 10 servers in a server farm. For best results. in a similar way. On the more powerful server. you decide to limit the number of connections permitted on each server to 200. Limit the maximum number of users who can log on. use the ctxqsession command to identify the server to which the user is connected. and then limit the maximum number of users who can log on to the server using ctxcfg and the -l option. . Occasionally. One server has a higher than average processor than the others. allow 25% less load than on the other servers in the group. When a user experiences problems running a session. each running MetaFrame Presentation Server 4.Chapter 8 Advanced Topics 157 To tune the number of connections on each server 1. allow 50% more load than on the other servers in the group.0. set a value on each server. At a command prompt type: ctxsrv stop browser ctxcfg -k loadfactor=150 ctxsrv start browser Example 2 There are five servers in a server farm. each running MetaFrame Presentation Server 4. Therefore. 3.

restrict the number of connections to a maximum of 200. if users are using clients that support session sharing and they start multiple applications. type: ctxcfg -l max=200 Displaying the Load Factor If you tuned the load using ctxcfg -k loadfactor. To display the load factor At a command prompt. and server-name is the name of the server for which you want to display the load. rather than create a new session. the load may not be distributed evenly among the servers. Troubleshooting Load Balancing If users frequently disconnect and reconnect to sessions on load balanced servers rather than logging off. This may lead to uneven application load distribution among the servers. type: ctxqserver -app [application-name | server-name ] where application-name is the name of a published application. At a command prompt. . type: ctxcfg -g | grep loadfactor Displaying the Load You can display the load for a particular server or application using the ctxqserver -app command.158 MetaFrame Presentation Server for UNIX Administrator’s Guide On each server on which the word-processor is published. the clients will attempt to start subsequent applications within the existing session. Also. To display the load At a command prompt. you can display the current load factor setting for an application using the ctxcfg -g command.

Use the command ctxbrcfg -g add=gateway ctxbrcfg -g remove=gateway Note You can also use the ctxqserver -gateway command to display information about the ICA gateways known to each server on the network. an ICA gateway must be configured. The master browser maintains the browse list and periodically receives updates from other browsers (servers running MetaFrame Presentation Server) on the same network. you must establish an ICA gateway on the participating networks. At a command prompt: To Add a gateway host name or IP address to the list. To display the ICA gateways configured on a server 1. 2.Chapter 8 Advanced Topics 159 Configuring ICA Gateways For servers or clients to contact servers running MetaFrame Presentation Server on a different network. Remove a gateway host name or IP address from the list. if you use a router or a WAN to connect two networks—you need to set up an ICA gateway to allow the master browsers on each network to share information about available servers and published applications. The local server is responsible for contacting the other network and setting up a link between the master browsers on each network. To communicate and exchange information with other networks. 2. . see the “Command Reference” on page 195 for details. At a command prompt. An ICA gateway consists of at least two servers running MetaFrame Presentation Server. The remote server is a server on the other network that communicates with the local server to establish the ICA gateway. The exchange of information between the master browser and the other browsers takes place over the local subnet. Log on to the server as an administrator. If you have more than one network subnet—for example. Log on to the server as an administrator. type: ctxbrcfg -g list To add or remove an ICA gateway 1.

for more information see “Using the Citrix XML Service” on page 173. See “Configuring the TCP/IP Port Number” on page 162 for details.” Note You can configure the server running MetaFrame Presentation Server to use a different port number than 1494. If the firewall is not configured to pass ICA packets. The firewall must be configured to allow inbound UDP port 1604 packets to servers running MetaFrame Presentation Server for load balancing and ICA server browsing to function correctly. 2. If you have a firewall or other TCP/IP network security. The ICA Browser The ICA browser service uses UDP port 1604. If you are using ICA through a network firewall. configure it to allow TCP/ IP packets on port 1494 to pass to servers on your network.160 MetaFrame Presentation Server for UNIX Administrator’s Guide Using ICA With Network Firewalls Network firewalls can allow or block packets based on the destination address and port. Citrix recommends you use the XML Service to avoid passing UDP through the firewall. ICA TCP/IP Connection Sequence 1. Clients must be configured to use the different port. CAUTION Allowing untrusted access to the ICA browser service entails some security risk. . The client sends a packet to port 1494 on the server running MetaFrame Presentation Server requesting a response to a randomly selected port above 1023. Configure the firewall to pass browser data only if load balancing and server browsing across the firewall are essential. users may receive the error message “There is no route to the specified subnet address. The server responds by sending packets to the client with the destination port set to the port requested in Step 1. use the information provided in this section to configure the firewall. Configure the firewall to allow TCP/IP packet on ports above 1023 to pass to clients. Browser responses are sent to a high port number above 1023. see the MetaFrame Presentation Server Client Administrator’s Guides for the clients you plan to deploy.

Chapter 8 Advanced Topics

161

ICA Browsing with Network Address Translation
Some firewalls use IP address translation to convert private (Intranet) IP addresses into public (Internet) IP addresses. Public IP addresses are called “external” addresses because they are external to the firewall, whereas private IP addresses are said to be “internal” addresses. Hosts on the internal network have one set of addresses that is translated to another set when passing through the firewall. For example, an internal host has a private address 192.168.12.3. The firewall translates this into a different public address such as 206.103.132.20. To browse published applications and servers running MetaFrame Presentation Server, the client contacts a server and requests the address of the master browser. If the client is external to the firewall, it must be configured to use the public address of a server running MetaFrame Presentation Server. The server returns the IP address of the current master browser to the client. By default, the IP address returned to the client is the internal address. If the client is outside the firewall and the firewall is configured for address translation, the IP address returned to the client for the master browser will be incorrect.

Returning External Addresses to Clients
Use the ctxalt command to configure the browser to return the external IP address to clients. You must configure every server that can be elected as the master browser. The ctxalt command sets an alternate address for the browser on that machine. The external address for the server is specified as the alternate address. The client requests the alternate address when contacting servers inside the firewall. The alternate address must be specified for each server. To set an alternate address for a server 1. Determine the correct external IP address. 2. At a command prompt, type ctxalt -a browser-address alternate-address See Appendix A for more information about the ctxalt command. 3. Repeat on each server. In addition to specifying the alternate address on the server, the client must be configured to request the alternate address when contacting the master browser. For information about configuring clients to request the alternate address, see the MetaFrame Presentation Server Client Administrator’s Guides for the clients you plan to deploy.

162

MetaFrame Presentation Server for UNIX Administrator’s Guide

Configuring the TCP/IP Port Number
By default, the TCP/IP port number used by the ICA protocol is 1494. You can change the port number using the ctxcfg command with the -P option. The port number should be in the range 1024–65535 and must not conflict with other port numbers being used. Whenever the port number is changed, the server must be restarted for the new value to take effect. Important If you change the port number on the server, you must also change it on every client that will connect to that server. For instructions about changing the port number on clients, see the MetaFrame Presentation Server Client Administrator’s Guides for the clients that you plan to deploy. To display the current TCP/IP port number 1. Log on to the server as an administrator. 2. At a command prompt, type:
ctxcfg -P list

To change the TCP/IP port number 1. Log on to the server as an administrator. 2. At a command prompt:
To set The port number to the value num The port number back to the default, 1494 Use the command
ctxcfg -P set=num ctxcfg -P reset

Examples
To set the TCP/IP port number to 5000:
ctxcfg -P set=5000

Chapter 8 Advanced Topics

163

To reset the port number to 1494:
ctxcfg -P reset

Configuring the Operating System for a Large Number of Connections
This section explains how to configure your system for a large number of connections. A large number of connections consumes resources; therefore, it is important that you choose the optimum values for your environment. This section also explains where to get more information about this topic.

Configuring a Solaris System
This section provides guidelines for configuring your Solaris system for more than 30 connections. You may need to configure the total number of pseudo-terminals or increase the limits on the number of files. Also, with the default configuration of Solaris, there is a limit to the number of concurrent CDE sessions that can be run, and you may need to increase this number. For further information about how best to configure your system, see your Solaris documentation. CAUTION Be careful when using the set command in /etc/system—it causes unchecked, arbitrary, and automatic changes to variables in the kernel. If the server will not start and you suspect a problem with /etc/system, use the boot -a command. See the boot man page for more information.

Changing the Number of Pseudo-Terminals
In a large number of ICA connections, the number of ptys (pseudo-terminals) can easily surpass the default value (usually a session has at least one pty). To change the number of pseudo-terminals 1. Add the following lines to the /etc/system file:
# set limit on pseudo-terminals set pt_cnt = 500

Note Do not set pt_cnt above 3000. 2. Shut down the server—for example, type:
init 0

164

MetaFrame Presentation Server for UNIX Administrator’s Guide

3. Restart the server:
boot -r

Increasing File Limits
There is a limit to the number of files a process can have open; the default value is 64. To increase the file limits for an individual process, use the ulimit command in a script before launching the process, as in the following example. To change the file descriptor limits for all processes 1. Add the following lines to the /etc/system file:
# set hard limit on file descriptors set rlim_fd_max = 4096 # set soft limit on file descriptors set rlim_fd_cur = 256

2. Restart the server:
boot -r

Increasing the Number of Concurrent CDE Sessions
With the default configuration of Solaris, there is a limit to the number of concurrent CDE sessions that can be run (approximately 60, depending upon session configuration). This is due to the tooltalk database reaching a limit of available file descriptors. However, you can increase the number of possible concurrent CDE sessions. To increase the limit on concurrent CDE sessions Check to see if the file /usr/dt/bin/rpc.ttdbserverd is a link to /usr/openwin/bin/rpc.ttdbserverd. If the file is a link, do the following (if it is not a link, see later): 1. Remove the file /usr/dt/bin/rpc.ttdbserverd:
rm /usr/dt/bin/rpc.ttdbserverd

2. Replace the link with the following script file. In this example, ulimit is used to increase the limit to 1024:
#!/bin/sh ulimit -n 1024 exec /usr/openwin/bin/rpc.ttdbserverd

3. Make the file executable:
/bin/chmod a+x /usr/dt/bin/rpc.ttdbserverd

Chapter 8 Advanced Topics

165

4. Kill the currently running rpc.ttdbserverd process. 5. Restart rpc.ttdbserverd to ensure the new limit is applied. If the file is not a link, do the following: 1. Edit the file /usr/dt/bin/rpc.ttdbserverd and change the limit. 2. Kill the currently running rpc.ttdbserverd process. 3. Restart rpc.ttdbserverd to ensure the new limit is applied.

If the Database Gets Corrupted
Files in /TT_DB occasionally get corrupted, and messages such as the following may appear in your /var/adm/messages file:
/usr/dt/bin/ttsession[11627]: Error: rpc.ttdbserverd on 127.0.0.1 is not running /usr/dt/bin/ttsession[11627]: _Tt_db_client::connectToDb(): fcntl(F_SETFD): Bad file number /usr/dt/bin/ttsession[11627]: _Tt_db_file::_Tt_db_file(): _file_cache->insert(<your hostname>:/etc/tt/types.xdr), dbStatus 16

If you suspect that the database is corrupted, remove all the files in the /TT_DB directory and repeat Steps 4 and 5 (see previous). Restarting the server automatically creates new database files.

Configuring an HP-UX System
This section provides guidelines for configuring your HP-UX system for more than 10 connections. For further information about how best to configure your system, see the relevant white papers on Hewlett-Packard’s Web site at: http://docs.hp.com/hpux/. To configure your HP-UX system for more than 10 connections 1. Choose System_Admin from the Application Manager. 2. Choose Sam. 3. Enter the root password at the prompt. The System Administration Manager dialog box appears. 4. Choose Kernel Configuration. 5. Choose Configurable Parameters. The Kernel Configuration dialog box appears.

see the relevant white papers on IBM’s Web site at: http://www. To change the number of pseudo-terminals 1. Changing the Number of Pseudo-terminals In a large number of ICA connections.com/.166 MetaFrame Presentation Server for UNIX Administrator’s Guide 6. the number of ptys (pseudo-terminals) can easily surpass the default value (usually an ICA session has at least one pty). Note Change the value of maxusers first—this allows you to update the other settings.ibm. For further information about how best to configure your system. This tunes your system to run multiple processes (each of which may have many threads and open files) and increases the number of users that can log on concurrently. . Update your system with the following settings. Parameter maxusers dbc_max_pct max_thread_proc maxfiles maxfiles_lim maxssiz maxssiz_64bit maxswapchunks nflocks npty Setting 1000 (or as required) 20 2048 2048 2048 401604608 1073741824 4096 3461 2000 Description Allocates system resources for macros on expected maximum users Maximum dynamic buffer cache Maximum threads per process Soft limit of files per process Hard limit of files per process Maximum process storage segment size Maximum process storage segment size— 64bit Maximum swap space configurable on the system Maximum number of file locks on the system Maximum number of ptys (pseudo-terminals) on the system Configuring an AIX System This section provides guidelines for configuring your AIX system for more than 30 connections. Log on as root on the server that you want to configure. The System Management Interface Tool dialog box appears. Type smit. 2.

To increase the number of processes per user 1. The System Management Interface Tool dialog box appears. Select OK. the user will be unable to run any commands or log off from the session until more processes are made available. 4. Choose Change/Show Characteristics of the PTY. this situation may occur in a training scenario where several users are logged on to the server using only the one training user id. 2. 4. Change the number of Pseudo-Terminals. Type smit. 5. Increase the value of Maximum number of PROCESSES allowed per user (Num). You can increase the number of processes a user can run simultaneously using SMIT. The default is 128 processes per user. Choose System Environments. Log on as root on the server. For example. Choose Devices. Choose Change/Show Characteristics of Operating System.Chapter 8 Advanced Topics 167 3. 6. Choose PTY. 7. If a user runs out of processes. pty0 changed is displayed. Increasing the Number of Processes Per User On AIX. 3. 5. by default. . there is a limit to the number of processes a user can have running simultaneously.

ISO 8859-15 ISO 8859-1. ISO 8859-15 For example. that is.sh. or Spanish. you must edit the ctxenv.sh. For example. the server starts in the currently active locale. ICA connections are displayed in US English. and system messages that appear in ICA sessions are displayed in the language appropriate to your users. French dialog boxes and system messages are displayed to client users. you can run MetaFrame Presentation Server in a non-English locale by configuring the server so that dialog boxes and system messages are displayed in French.sh file and restart the server. user dialog boxes. ICA connections are displayed in the appropriate language: French. ISO 8859-15 ISO 8859-1. German. German. If the currently active locale does not provide non-English language support. the server uses the locale that is active when it starts. see “Changing the Locale” on page 169. but dialog boxes and system messages are displayed in US English. which is the default language. . not Italian. Which Locales Provide Non-English Language Support? MetaFrame Presentation Server provides non-English language support for the following locales: French German Spanish ISO 8859-1. The MetaFrame Login screen. if the server is configured to use the French ISO 8859-1 locale. If you do not edit ctxenv. To ensure the server uses the appropriate locale. the server can run in an Italian locale and support Italian keyboards. Although MetaFrame Presentation Server will run in other locales. the server starts in the locale that is active when you log on to the console. or Spanish language support is provided. Before you edit ctxenv. For information about editing ctxenv. For information about configuring the server for non-English language support. Limitations of Non-English Language Support Only French. However. see “Changing the Locale” on page 169. German. If this locale provides non-English language support (see below for details of locales that provide non-English language support). no language support is provided. and this may produce unexpected results.168 MetaFrame Presentation Server for UNIX Administrator’s Guide Configuring Non-English Language Support MetaFrame dialog boxes and system messages are displayed in US English. or Spanish. Configuring MetaFrame Presentation Server for non-English language support is a simple process that involves editing the ctxenv.sh script to change the locale in which the server runs.sh.

sh. only the messages within dialog boxes are displayed in the appropriate language. such as dates and times. • • Changing the Locale To configure the server for non-English language support. an incorrect date and time may appear in the Reconnect dialog box. This does not localize the commands you use to administer MetaFrame Presentation Server.sh script to change the locale in which the server runs.Chapter 8 Advanced Topics 169 If you configure the server for non-English language support. Other information. Getting More Information about Language Support To fully localize your installation in a language other than US English. For example. see the appropriate Client Administrator’s Guide. Deploy appropriate language versions of applications—for information about how to publish applications. If your users are using non-English keyboards. the ctxenv. see the Client Administrator’s Guide for the appropriate client. To change the locale in which the server runs.sh script includes standard entries for commonly used locales. or the man pages and shell scripts. you uncomment the line for the appropriate locale in ctxenv. you need to: • Deploy appropriate language versions of the client software. this localizes only the Login screen. This script is located in the: /opt/CTXSmf/slib directory /usr/lpp/CTXSmf/slib directory To make this process as simple as possible. see “Configuring Non-English Keyboard Support” on page 41.com/download/ For information about how to install.sh on the Solaris platform: . see “Publishing Applications and Desktops” on page 61. The following example shows the standard entries in ctxenv. you edit the ctxenv. and deploy clients to end-users. may be incorrect. For information about supported keyboards.citrix. In addition. configure. dialog boxes. You can download clients from: http://www. and system messages that appear within ICA sessions. for information about selecting keyboards. ensure they select the appropriate keyboard in the client software.

170 MetaFrame Presentation Server for UNIX Administrator’s Guide To change the locale 1.LC_MESSAGES=.LC_MONETARY=.sh file and locate the following lines: # Reset all environment variables so inherited values are ignored.LC_NUMERIC=. # UNCOMMENT THE NEXT LINE and the line for your chosen locale. see “Stopping MetaFrame Presentation Server” on page 38. Log on to the server as an administrator. 3. 2.LC_ALL= 4. Open the ctxenv. Remove the # character from the start of the line beginning with #LANG=. #LANG=.LC_COLLATE =. .LC_TIME=.LC_CTYPE=. Stop the server using the ctxshutdown command. For information about ctxshutdown.

sh The ctxenv. Include the following line: LANG=de_DE.LC_ALL= 2. Example To use the German ISO 8859-15 locale: 1. you can edit ctxenv. If you include a locale that is not listed.sh If the locale you require is not included in the ctxenv.sh file.sh to include this locale.sh script. Find the line containing the locale you want to apply and remove the # character from the start of this line. Remove the # character from the start of the following line: #LANG=. Note that you can apply only one locale. US English is displayed by default. to choose the French ISO 8859-1 locale. and that you apply only the one locale. 7.LC_CTYPE=. Make sure you remove the # character from the start of the #LANG= line (as described in the above procedure).LC_MESSAGES=. Start the server using the ctxsrv start all command.Chapter 8 Advanced Topics 171 5.LC_TIME=.LC_MESSAGES=de Troubleshooting Non-English Language Support Cannot Find ctxenv. Save the changes to the ctxenv. remove the # character from the following line: #LANG=fr_FR.ISO8859-1. Note Only the locales listed in “Which Locales Provide Non-English Language Support?” on page 168 provide non-English language support.LC_MESSAGES=fr 6. The server starts in the appropriate locale. For example.LC_COLLATE =.sh script is located in: /opt/CTXSmf/slib /usr/lpp/CTXSmf/slib . If the Locale You Require Is not Listed in ctxenv.LC_NUMERIC=.ISO8859-1.LC_MONETARY=.

sh. or Spanish.172 MetaFrame Presentation Server for UNIX Administrator’s Guide After Editing ctxenv. be disregarded. If a user’s startup script overrides the server’s locale setting. . user dialog boxes. German. How Do I Find Out My Current Locale? Use the locale command to display information about the current locale environment. For example. and does not offer per-session selection.sh script was edited correctly. and the man pages and shell scripts remain in US English. The Locale Selection Menu Does not Appear on the Login Screen MetaFrame Presentation Server supports only the use of one locale at a time. see the locale man page or consult your UNIX software documentation. For more information about configuring your server console for non-English language support. an incorrect date and time may be displayed in the Reconnect dialog box. • Dates and Times Are Incorrect Only the messages in user dialog boxes are in French. information may appear in more than one language. therefore. The commands that you use to administer MetaFrame Presentation Server. • Dialog Boxes and System Messages Appear in the Wrong Language • Check that the ctxenv. or Spanish. Information Is Still Displayed in English • If you configure the server to display in French. For more information about the locale command. This means that the date and time for the locale may be incorrect and should. Ensure that users’ start-up scripts do not contain locale settings. US English is used by default. German. If you select a locale that is not supported by MetaFrame Presentation Server. only the Login screen. and system messages that appear in ICA sessions are displayed in the appropriate language. see your UNIX software documentation. otherwise the server uses the locale that is active when the server starts. and this may produce unexpected results.

CHAPTER 9 Using the Citrix XML Service Overview This chapter introduces the Citrix XML Service for MetaFrame Presentation Server for UNIX and explains how to configure and use the XML Service. Topics include: • • • • • An overview of the Citrix XML Service Getting started Configuring the server port Configuring the XML Service for use with SSL Relay Configuring DNS address resolution .

For more information about configuring and using SSL Relay.0 of the Secure Sockets Layer (SSL) protocol. and message integrity checks. and the default window settings for the application when run. Users can access their published applications using a standard Web browser. see the Web Interface for MetaFrame Administrator’s Guide. The key features and benefits of using the XML Service include: Web-based application deployment. encryption of the data stream. The client uses HTTP to communicate with the Citrix XML Service to fulfill browser requests. HTTP browsing. This means that. For more information about the Web Interface. Citrix SSL Relay provides the ability to secure data communications using Version 4. which offers enhanced authentication security by eliminating user credentials from the ICA files sent from the Web server to client devices. . SSL provides server authentication. The XML Service provides support for ticketing. see the Citrix SSL Relay for UNIX Administrator’s Guide. The Web Interface provides users with an HTML-based presentation of the server farm. You can use Citrix SSL Relay to secure communications in a Web Interface deployment between the Web server and the server running MetaFrame Presentation Server. you can deploy applications published on servers running MetaFrame Presentation Server to your users through the Web. there is no need to open an additional port on the firewall for browser requests. HTTP browsing uses the standard HTTP port on the firewall—port 80—to allow users to browse applications and servers that exist on the other side of a firewall. Ticketing. The XML Service provides Citrix SSL Relay support. For more information about how to use ticketing in your Web Interface deployment. SSL Relay support. The use of the Web Interface’s ticketing feature eliminates the danger of an attacker intercepting user credential information and using this to access a server running MetaFrame Presentation Server. You can specify the name and icon used to display the link to each application in the Web page. Using the XML Service. see the Web Interface for MetaFrame Administrator’s Guide.174 MetaFrame Presentation Server for UNIX Administrator’s Guide About the Citrix XML Service The Citrix XML Service for MetaFrame Presentation Server for UNIX runs as a daemon on all servers in a server farm. You can provide your users with HTTP (HyperText Transport Protocol) browsing. The XML Service communicates information about the UNIX applications published in a server farm to the Web Interface for MetaFrame Presentation Server. provided port 80 is not being used by a Web server running on the server.

they need to be on the same subnet or connected by Citrix ICA gateways. followed by application icons. Applications from multiple server farms are displayed in the same way as a single farm. you use the multiple server farm functionality in the Web Interface. Multiple server farm functionality is transparent to users because they are not informed that their application set is an aggregation from multiple server farms. see “Multiple Farms and Subnet Considerations” on page 50. For more information. You can make applications published on MetaFrame Presentation Server for UNIX server farms appear in the same location as applications published on MetaFrame Presentation Server for Windows farms. see the Web Interface for MetaFrame Administrator’s Guide. To do this.Chapter 9 Using the Citrix XML Service 175 Server Farm Considerations For servers running MetaFrame Presentation Server for UNIX to be included in a farm. For more information. . folders are displayed first.

which is the standard port for SSL-secured communications. it is best to direct clients to the master browser server. and the XML process starts automatically. If you create a server farm. and the window size and color depth. If you are not using TCP port 443. you must configure the XML Service for use with SSL Relay. Typically. little or no configuration is required to get the XML Service up and running quickly in your MetaFrame Presentation Server for UNIX installation. For more information about configuring application display settings. To do this. For more information about the ICA browser. Configuring the SSL Relay port. You can configure your applications for use with the Web Interface using the ctxappcfg command. Configuring the XML Service port. For information about how to do this. see “Configuring the XML Service for Use with SSL Relay” on page 178. . This section explains what configuration is required and where to find more information.cfg. If port 80 is already in use on the server running the XML Service. you can configure display settings that include the name of the folder containing the application and the icon that the Web Interface displays. However. Citrix recommends that you direct the Web Interface to this server. see “MetaFrame Presentation Server for UNIX and the ICA Browser Service” on page 149. you must specify the port number that SSL Relay listens for connections on using the ctxnfusesrv command. assign the XML Service to an unused port. Using ctxappcfg. By default.0 for UNIX. Configuring display settings.176 MetaFrame Presentation Server for UNIX Administrator’s Guide Getting Started The Citrix XML Service is included automatically when you install MetaFrame Presentation Server 4. the Web server communicates with the XML Service using port 80. the XML Service runs on each server in the farm. Note If you configured a particular server to be the master browser. see “Publishing Applications and Desktops” on page 61. if clients are using HTTP browsing. Also. you may need to configure the XML Service to use port numbers other than the defaults or to enable DNS address resolution. Configuration information required by the XML Service is stored in ctxxmld. See your client documentation for more information. To enable your users to make SSL-secure connections to applications via the Web Interface. See “Configuring the Server Port” on page 177 for more information. you use the ctxappcfg command to specify whether SSL is used to secure connections on all published applications or on a particular application only (see “Publishing Applications and Desktops” on page 61 for more information).

. If the port is already in use by another process.Chapter 9 Using the Citrix XML Service 177 Starting the Citrix XML Service When you start and stop MetaFrame Presentation Server. Note The XML Service port number must be unique. To start the Citrix XML Service 1. type: ctxsrv stop msd Configuring the Server Port By default. the Web Interface communicates with the Citrix XML Service using port 80. type: ctxsrv start msd Starting a server causes an election. Stopping the Citrix XML Service 1. Using the ctxsrv command. 2. To configure the Citrix XML Service port 1. and the master browser may change. 2. Log on to the server as an administrator. you can start and stop the Citrix XML Service on the local server. the Citrix XML Service automatically starts and stops. type: ctxnfusesrv -port portnumber where portnumber is an unused port. it can take up to 10 minutes before these applications are visible through the Web Interface. Log on to the server as an administrator. Log on to the server as an administrator. The master browser takes some time to acquire information about applications available on the farm. If the Citrix XML Service is started at the same time as a server running MetaFrame Presentation Server. At a command prompt. assign the XML Service to an unused port. for example. If port 80 is already in use on the server running the XML Service. You must configure the Web Interface to use the same port number as you specified for the XML Service—see the Web Interface for MetaFrame Administrator’s Guide for information on how to do this. 8080. At a command prompt. 2. results may be unpredictable. At a command prompt.

type: ctxnfusesrv -ssl-port port-number where port-number is the port number on which SSL Relay listens for connections. To allow users who connect to the server through the Web Interface to make SSLsecure connections to applications. To do this you use the: • ctxappcfg command to specify whether SSL is used to secure connections on all published applications or on a particular application only. Log on to the server as an administrator. type: ctxnfusesrv -ssl-port 444 . The SSL Relay port number you specify must be the same on every server in the farm. if SSL Relay listens on port 444.178 MetaFrame Presentation Server for UNIX Administrator’s Guide Note You must restart the XML Service for the new port to be used. You need to run this command only if you are not using TCP port 443. see “Publishing an Application. • For more information about configuring and using SSL Relay. Shell Script. ctxnfusesrv command to specify the port number on which SSL Relay listens for connections. To display the current port number At a command prompt. 2. For example. If SSL Relay listens for connections on a port other than 443. which is the standard port for SSL-secured communications. see the Citrix SSL Relay for UNIX Administrator’s Guide. use ctxnfusesrv with the -l (‘l’ as in ‘list’) option: ctxnfusesrv -l Configuring the XML Service for Use with SSL Relay Citrix SSL Relay is included automatically when you install MetaFrame Presentation Server 4. To configure the SSL Relay port number 1. specify this port number. you must configure the XML Service for use with SSL Relay. For more information. or Desktop” on page 64. At a command prompt.0 for UNIX.

However. Displaying the Current Setting You can display the current DNS address resolution setting using ctxnfusesrv and the -l (‘l’ as in ‘list’) option. it cannot connect. Log on to the server as an administrator. servers reply to client browsing requests with an IP address. in preference to NIS. Configuring DNS Address Resolution By default. You can enable DNS address resolution using the ctxnfusesrv -dns command. type: ctxnfusesrv -l . In most situations. configure the server to use DNS. At a command prompt. To display the current DNS address resolution setting At a command prompt. the server cannot support SSL-enabled ICA connections because NIS does not supply the fully qualified domain name (FQDN). If the client is not configured correctly. To enable DNS address resolution 1. called Domain Name System (DNS) address resolution. clients can only connect reliably to servers if they can resolve the fully qualified domain name. a server can respond with the fully qualified domain name. because DNS supplies the FQDN. 2.Chapter 9 Using the Citrix XML Service 179 Troubleshooting SSL If you configured your server to use NIS for name resolution. To solve this problem. Ping a server with its DNS host name to verify this. for name resolution. The FQDN is required by the XML Service to direct requests from the Web Interface and clients. This feature. type: ctxnfusesrv -dns enable Note If DNS addressing is enabled. is available to clients using the XML Service. the use of IP addresses works well and with less overhead.

.

CHAPTER 10 Using Client Drive Mapping Overview This chapter discusses client drive mapping. Topics discussed include: • • • • • An introduction to client drive mapping Enabling client drive mapping Configuring client drive mapping Features and limitations of client drive mapping Troubleshooting client drive mapping .

You use ctxcfg to enable client drive mapping. network drives. and hard disk drives. see “Enabling and Configuring Client Drive Mapping” on page 183. By default. you can also access the local. the client drive mapping feature is disabled because it consumes server resources. and so that you can be certain that no one is moving files between the server and clients. all the mapped drives belonging to the session are immediately released. the user’s local drives are automatically mounted.0 or later clients. mapped drives belonging to the shadowed session. CD-ROM drives.182 MetaFrame Presentation Server for UNIX Administrator’s Guide Introducing Client Drive Mapping The client drive mapping feature enables users to access their local drives from within an ICA session. When a session is disconnected. If you shadow a users’s session using ctxshadow. For users to take advantage of client drive mapping: • • Users must be running Version 6. . such as floppy disk drives. These drives are available for the duration of the session. When a user makes an ICA connection to a server running MetaFrame Presentation Server. For information about enabling and configuring client drive mapping.

To enable client drive mapping. See “Enabling Client Drive Mapping” on page 184 for information. Therefore.Chapter 10 Using Client Drive Mapping 183 Enabling and Configuring Client Drive Mapping This section tells you how to enable and disable client drive mapping on the server. you can configure user access to specific mapped drives using the ctxmount command. which you include in the ctxsession. if the client is configured to mount only drive C. see “Features and Limitations of Client Drive Mapping” on page 189. and ensure the settings do not conflict. then mounting drive A on the server will have no effect. . Before your users can take advantage of client drive mapping. For example. You can also enable and disable client drive mapping on a global basis using the ctxsrv command. see the appropriate Client Administrator’s Guide. and how to configure user access to drives. you must enable it on the client. you must ensure that the settings on the client are consistent with the settings on the server running MetaFrame Presentation Server. For example. You can also configure access to client drive mapping on a user or group-level basis. and on the server. for client drive mapping to work. see “Enabling Client Drive Mapping” on page 184 and “Disabling and Re-enabling Client Drive Mapping” on page 188. you may want to temporarily stop client drive mapping for all users during a virus scare. Once enabled. you must enable it on the server running MetaFrame Presentation Server using the ctxcfg command. Important Client drive mapping can also be configured using options available within the client. For more information about configuring client drive mapping on the client. For more information about enabling and disabling client drive mapping. To understand how client drive mapping works and for information about the limitations in this release. using the security function ctxsecurity.sh script.

. this cannot be overridden using ctxmount. For example. 2. you can restrict access on a user or group-level basis using the ctxsecurity security command. However. For more information about configuring access to specific drives. Log on to the server as an administrator. By default.access={ro |rw} where ro is read-only access. When client drive mapping is enabled. For example. if you enable access as read-only using ctxcfg. You use the ctxcfg tool with the -D option to enable client drive mapping. You can do this for all users or for particular users. To enable client drive mapping on the server 1. it is enabled for all users and all their available local drives.184 MetaFrame Presentation Server for UNIX Administrator’s Guide Enabling Client Drive Mapping This section explains how to enable client drive mapping on a server running MetaFrame Presentation Server. For example. When you enable client drive mapping. use the ctxsecurity command to deny this group access. you must enable it on the server. client drive mapping is disabled. Note The access policy you implement using ctxcfg takes precedence over any settings configured using ctxmount. you must choose whether to enable the mapped drives with read-write access or with read-only access. and rw is read-write access. before users can take advantage of this feature. see “Configuring MetaFrame Presentation Server Security” on page 140. see “Configuring Access to Specific Drives” on page 185. For more information about using ctxsecurity. Therefore. At a command prompt. type: ctxcfg -D enable. you can configure client drive mapping so that users can access only drive C. when you install MetaFrame Presentation Server. including any settings in the ctxsession. You can also restrict user access to specific drives using the ctxmount command. to prevent anonymous users (the ctxanon group) from using client drive mapping.sh file.

Note Settings configured using ctxcfg take precedence over any settings configured using ctxmount. You can do this for particular users or for every user who connects to the server. read-write access cannot be granted using ctxmount. you modify it within the ctxsession.Chapter 10 Using Client Drive Mapping 185 Configuring Access to Specific Drives This section explains how to configure user access to specific mapped drives. . Configuring Access to Specific Drives for Every User Use the following procedure to configure access to specific drives for every user who logs on to the server. all the local drives available to a user are mapped.sh because ctxmount affects only the session in which it runs.sh script. The ctxmount command is contained within ctxsession. you can configure access to particular mapped drives using the ctxmount command. However. ctxsession. 2.sh script and locate the following line: $CTXMOUNT 3. Open the ctxsession. Log on to the server as an administrator. To configure access to specific drives for every user 1. For example. For example. When you enable client drive mapping using ctxcfg. if you enable read-only access to mapped drives using ctxcfg. you can configure the system so that in an ICA session: • • • • The user Fred cannot access drive A Fred’s drive C is read-only All users cannot access drive C All users’ drives A are read-only To use the ctxmount command.sh runs after a user logs on. so you can use it to customize the local environment for a session. Update the ctxmount command: $CTXMOUNT [ -d | -ro ] [ drivelist ] The following table explains the options: Option -d Use this to: Disconnect a drive.

186 MetaFrame Presentation Server for UNIX Administrator’s Guide Option -ro drivelist Use this to: Configure access to a drive as read-only. Log on to the server as an administrator. use the command: $CTXMOUNT -d M N T Configuring Access to Specific Drives for a Particular User There are two methods of doing this.session. depending upon whether or not you trust your users. N.sh ] . use the following procedure to allow users to configure access to specific drives. If you trust your users. To configure access to specific drives for a particular user 1.sh . use the command: $CTXMOUNT -d To disconnect drives M. Open the ctxsession. Specify the drive letters to which you want to configure access: (A B C . and T. use the commands: $CTXMOUNT all ctxmount -d C • • To disconnect all drives. #fi $HOME/. the default of all is used. 2.sh script and locate the following lines: #if [ -f $HOME/. Examples • • • To connect all drives as read-only.ctx. If you specify a currently connected drive. use the command: $CTXMOUNT -ro To connect drive C only. use the command: $CTXMOUNT C To connect all drives except drive C. then #. this drive is made read-only. Important With this method users can overwrite these settings using the ctxmount command. Z) or all to specify all available drives. If you do not specify a drivelist.ctx...session.

and E.ctx.sh file and run any commands that they choose. then #. Users can modify the . mandy) ctxmount -ro C . *) ctxmount -d . If you do not trust your users. C. insert lines similar to the following (in this example..sh script and locate the following lines: #if [ -f $HOME/.ctx. create a file called . users cannot overwrite these settings using the ctxmount command.sh. Under here. Log on to the server as an administrator.ctx. #fi $HOME/.session. use the following procedure to configure access to specific drives. 2. To configure access to specific drives for a particular user 1.session.Chapter 10 Using Client Drive Mapping 187 3. In the user’s home directory. see “Configuring Access to Specific Drives for Every User” on page 185.session. include the ctxmount command: ctxmount [ -d | -ro ] [ drivelist ] For information about the command options and for examples on how to use the ctxmount command.sh file. so that these lines are no longer commented out. With this method. “mandy” is given read-only access to drive C. Notes • • This script is run for every session..sh 3. In the . 4.session.ctx. 5.ctx.sh ] . Open the ctxsession.session. and for all other users drives are disconnected): case $USER in bill) ctxmount ACE . the user “bill” is given read/write access to drives A. Remove the # character from the start of each line.

At a command prompt. including existing ones 1. 2. For example. Disabling and Re-enabling Client Drive Mapping This section discusses the different methods of disabling and re-enabling client drive mapping. That is.. Client drive mapping will still be available for existing connections. see “Configuring Access to Specific Drives for Every User” on page 185. use the ctxcfg command. type: ctxcfg -D disable To disable client drive mapping for all connections. To disable client drive mapping for all connections. 2. type: ctxsrv stop cdm . or disable it for all connections including any existing ones. except as you define here. Log on to the server as an administrator. • • To disable client drive mapping for new connections only. give your users access only to published applications. Note If you do not trust your users. To disable client drive mapping for new connections 1. use the ctxsrv stop command. This command immediately stops the client drive mapping process on the server.188 MetaFrame Presentation Server for UNIX Administrator’s Guide . Log on to the server as an administrator. Disabling Client Drive Mapping How you disable client drive mapping depends upon whether you want to disable it for new connections only. At a command prompt. use this method to immediately disable client drive mapping for all users during a virus scare. esac For information about the command options and for examples about how to use the ctxmount command. and do not want them to use client drive mapping. do not give them access to a command prompt from which they can run ctxmount. including any existing connections.

To restart client drive mapping (if disabled using ctxsrv) 1. use ctxcfg to re-enable it. How Does Client Drive Mapping Work? When you install MetaFrame Presentation Server. this directory holds information about clients’ mapped drives for each session that connects to the server. Note. and about the limitations of client drive mapping in this release.access={ ro | rw } where ro is read-only access. permissions and formats. . type: ctxsrv start cdm Tip Use ctxcfg -D list to display whether client drive mapping is currently enabled or disabled.Chapter 10 Using Client Drive Mapping 189 Re-enabling Client Drive Mapping How you re-enable client drive mapping depends upon how you disabled it. • • If you disabled client drive mapping using ctxcfg. use ctxsrv start to re-enable it. that this shows only the enabled or disabled status configured using the ctxcfg command—it does not display whether client drive mapping is enabled or disabled using ctxsrv. 2. At a command prompt. If you disabled client drive mapping on the server using ctxsrv stop. and rw is read-write access. Features and Limitations of Client Drive Mapping This section provides further information about how client drive mapping works. When client drive mapping is enabled. 2. Log on to the server as an administrator. To re-enable client drive mapping (if disabled using ctxcfg) 1. however. It tells you about the /ctxmnt directory and the $CTXCLIENT environment variable. Log on to the server as an administrator. It also provides information that you and your users need to know about file names. type: ctxcfg -D enable. At a command prompt. the /ctxmnt directory is created on the server.

do not use an asterisk (*) within quotation marks in file names.txt” and “README.TXT” are treated as the same file. are always converted to upper case. the additional drive mappings are held as: /ctxmnt/username/$CITRIX_SESSION_ID/driveletters Each session uses the $CTXCLIENT environment variable to point to the appropriate drive mappings on the server. For example.txt. on a local UNIX machine. mapped drives. You cannot change the permissions on files in the /ctxmnt directory using chmod or chown. File names containing non-English characters can also appear differently between the client and the server. for example. /ctxmnt/fred/20/C/accounts/ payments. or type: cd /ctxmnt/username/default/driveletter/Ne* File Permissions File permissions are set at the user name level. However. For example. the Windows operating system does not allow file names that match devices. This file is mapped as /ctxmnt/fred/default/C/ accounts/expenses. if you run ls -l on the mapped drive. the file permissions are listed as rw-------.txt. such as: \ / : * ? “ < >. the file permissions are listed as rwxr-xr-x.out. If Fred starts another session. only the user who owns the file can access and update files on their local. for example. When you run ls -l on the local machine. . however.190 MetaFrame Presentation Server for UNIX Administrator’s Guide When a user makes a connection to the server. For example. For example. Client drive letters.” either type out the full name of the file. the files “readme. Client drive mapping does not take the case of file names into consideration. you have a file called a. if you want to change directory to “New Folder. Files that are executable locally cannot be executed within a mapped client drive. If you are using the Client for 32-bit Windows. the user’s drive mappings are held in this directory as: /ctxmnt/username/default/driveletters If a user starts additional sessions that run concurrently with the user’s first session. some operating systems do not permit file names that contain certain characters. File Names File names permitted in one operating system may not be permitted in another. Execute permissions cannot be set on any files served by client drive mapping. therefore.txt. the session id is used to map additional files and directories. Likewise. within an ICA session the user Fred accesses a file on his hard disk called: C:\accounts\expenses.

such as UNIX. Similarly. files stored on the server may appear differently when saved to the local client device. Troubleshooting Client Drive Mapping This section describes problems that you and your users may experience. files created on a DOS file system may contain both carriage returns and line feeds as line terminators. However. To prevent this. while files created on a UNIX system may contain line feeds only. if you use ctxcfg -a to allow automatic logon. using the ls command in UNIX) and they can access and display the contents of the files because users are logged on under the same user id. File Attributes File attributes that apply on one operating system may be ignored on another.Chapter 10 Using Client Drive Mapping 191 CAUTION UNIX permissions prevent users from being able to display and access each other’s files. This means that files stored on local client devices may appear differently in an ICA connection that uses client drive mapping. your users can see directory listings of each others’ files (for example. For example. DOS file attributes (with the exception of readonly) are ignored in UNIX. and provides possible solutions and answers to these. File Formats Although client drive mapping provides users with access to their local drives. or typical questions that may be asked about client drive mapping. Client Drive Mapping Does not Work The following diagram shows the steps you need to perform on the server if client drive mapping does not work: . do not use ctxcfg -a with client drive mapping. For example. file format conversion does not occur automatically. files that are hidden in Windows may appear when displayed in a different operating system.

and that these settings are consistent with the settings on the server.192 MetaFrame Presentation Server for UNIX Administrator’s Guide Tip Remember to check also that client drive mapping is enabled on the client. .

However. For example.” To access files that contain characters that are not available on the keyboard.txt in the application. in Windows these characters are: \ / : * ? “ < > File names containing non-English characters may also appear differently due to mismatches in the character encoding used by the client and the server. when the user views this file in an ICA session she sees “?results. Similarly. the Windows operating system does not allow file names that match devices. lpt1.txt.txt.txt. the path is no longer valid and error messages such as “invalid directory” or “stale file” appear. for example. and so on. For example. For example. the file format must be converted. using a utility such as “dos2unix. aux.” however. Fred’s connection breaks and he reconnects the session. when Fred attempts to access expenses. for example. files stored on the server may appear differently when saved to the local client device. so users of Windows clients may experience problems attempting to write files called com1. If a session is disconnected and later reconnected. a user has a text file on their local Windows client device. all the mapped drives belonging to the session are immediately released. in an application running in an ICA connection. a user has a file on her hard drive called “¼results. before the user can work with the file. When the user displays this file in an ICA connection. Therefore.” . Fred edits a file that is mapped as /ctxmnt/fred/default/C/accounts/expenses. However.Chapter 10 Using Client Drive Mapping 193 “Invalid Directory” or “Stale File” Error Messages When a session is disconnected. vi *results. some applications store the paths of files on which a user recently worked. This is due to the different text file formats in the operating systems. Some operating systems do not permit file names that contain certain characters. For example. ^M appears at the end of each line.txt.txt. Therefore. use wildcards. This means that files stored on local client devices may appear differently in an ICA connection that uses client drive mapping. Problems Accessing and Updating Files File names permitted in one operating system may not be permitted in another. for example. A File Looks Different when Displayed in an ICA Session File format conversion does not occur automatically. the path to a file may be invalid in the reconnected session. This time the system maps the file as /ctxmnt/fred/10/C/accounts/expenses.txt.

To restart client drive mapping 1. However. to do this.194 MetaFrame Presentation Server for UNIX Administrator’s Guide NFS Error Messages Not Responding Error Message In the unlikely event that the client drive mapping process on the server is slow in responding. For example.0.” This happens because information about the mapped drive is lost when the drive is disconnected. all subsequent accesses to the mapped directories will result in the error message “Stale NFS Handle. Ensure that there are no users in the /ctxmnt directory (users should not be reading or writing to this directory.1 not responding still trying”) appears. use the ctxmsg -a command to send a message to all users. 2. Stop client drive mapping. you may want to ask your users to log off from the server. At a command prompt. if the problem persists. Restart client drive mapping. type: ctxsrv start cdm Stale NFS Handle Error Message If you disconnect while your current directory is within a mapped directory tree and then reconnect. change directory so that you are no longer in the mapped drive. for example. by typing cd to go back to the home directory.0. Tip To interrupt the request and get a command prompt. press CTRL and C or send a SIGINT to the process. . you must restart the client drive mapping process on the server.0. an error message (such as “NFS server CDM server not responding still trying” or “NFS server 127. At a command prompt. Normally. In the reconnected session. type: ctxsrv stop cdm 3. nor should it be their current directory). this request is fulfilled and the message “NFS server CDM server ok” or “NFS server 127.1 ok” appears.0.

See ctxfarm. or remove a server from a farm. log off from a server print to a client printer configure communication with a license server show master ICA browser configures user access to mapped drives . disconnect from a session create a farm. join a farm.APPENDIX A Command Reference Overview This appendix describes the MetaFrame Presentation Server for UNIX and XML Service for UNIX command line utilities. MetaFrame Presentation Server commands The MetaFrame Presentation Server commands listed in this appendix are: ctx3bmouse ctxalt ctxanoncfg ctxappcfg ctxbrcfg ctxcapture ctxcfg ctxconnect ctxcreatefarm ctxdisconnect ctxfarm ctxgrab ctxjoinfarm ctxlogoff ctxlpr ctxlsdcfg ctxmaster ctxmount configure 3-button mouse emulation alternate address configuration for ICA browsers configure anonymous users configure published applications configure ICA browser settings graphics copy and paste (between ICA and local applications) configure server settings connect to a session create a server farm. graphics copy and paste (from ICA to local applications) join a server farm. See ctxfarm.

196 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxmsg ctxprinters ctxqserver ctxqsession ctxquser ctxreset ctxsecurity ctxshadow ctxshutdown ctxsrv send a message list printers installed on the client display information about servers display session details display session user details reset a session configure security start a shadowing session shut down the server processes start up or stop the server processes XML Service commands The XML Service commands listed in this appendix are: ctxnfusesrv configure the Citrix XML Service HTTP port. DNS address resolution. enable publishing mode. and specify the SSL Relay port .

Parameters missing_button mouse_button number_of_ modifier_key The missing button which is to be emulated: left| middle| right The existing mouse button which. This version of the application is published using a script file that includes ctx3bmouse settings. many ICA Clients run on devices that have only a 2-button mouse. simulates the missing mouse button. For example. Number of modifier to use. . or pointing device available. you publish another version of the application for use by these ICA Clients. you ensure the application is run in a session with the appropriate mouse mappings. when pressed with the modifier key. However. 1-button mouse. You may need to use MetaFrame Presentation Server to deploy UNIX applications that are designed for use with a 3-button mouse. Use the xmodmap command to show which keys correspond to which modifiers. Clear all mouse mappings for the current session. a missing button might be simulated by clicking the left mouse button and pressing the SHIFT key. By running a script file that includes ctx3bmouse settings.Appendix A Command Reference 197 MetaFrame Presentation Server Commands ctx3bmouse Description ctx3bmouse configures 3-button mouse emulation. The ctx3bmouse command lets users represent a missing mouse button by combining an existing mouse button with a modifier key. Syntax ctx3bmouse ctx3bmouse ctx3bmouse missing_button=mouse_button. To do this.number_of_modifier_key -r -c Options -r -c Display mouse mappings for the current session.

198 MetaFrame Presentation Server for UNIX Administrator’s Guide Remarks With xmodmap it is possible to remap almost any aspect of the keyboard and mouse. Specifies the default alternate address. Display usage message Parameters alt_addr Specifies the alternate address. Take care when using xmodmap with ctx3bmouse because the combination may be confusing. browser_addr . Set an alternate address. of the Win32 ICA Client. Syntax ctxalt ctxalt ctxalt ctxalt ctxalt -l -d alt_addr -a browser_addr alt_addr -r addr -h Options -l -d -a -r -h List current alternate address configuration. The -r option also accepts the (case-insensitive) keyword DefaultAddress to erase the default address setting. With the exception of the -r option. or later. Middle mouse button emulation is included in version 6. ctxalt Description ctxalt specifies alternate address configuration for ICA browsers. If users are connecting to the MetaFrame server using this client.20. disable any ctx3bmouse settings configured on the server. Remove an alternate address. all addresses must be supplied in standard IP address format. Set the default alternate address.

Appendix A Command Reference 199 Remarks You must be an administrator to run this command. .

Specify the idle time-out period. Specify a particular shell for anonymous user accounts. By default the group name is ctxanon. a warning message appears stating that the user will be logged off if the session remains inactive for a further five minutes. -t -s -u -g -d -clear -h . Use this option only when creating new anonymous user accounts—do not use it to change existing accounts. for anonymous user sessions. Remove all anonymous user configuration.200 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxanoncfg Description ctxanoncfg configures anonymous users. Quiet mode. where user-id is the first id in the range. Specify the number of anonymous user accounts. If there is no activity within this time. Assign specific user-ids to anonymous user accounts. Change how anonymous user accounts are named. Syntax ctxanoncfg ctxanoncfg ctxanoncfg ctxanoncfg ctxanoncfg -l [-q] [-g group] [-d path] [-q] -t minutes [-q] -clear -h -n number [-b anonymous_user_name ] [-t minutes] [-s shell] [-u user-id] Options -l -q -n -b List current anonymous user settings. Specify the name of the anonymous user group. Display help message. in minutes. Use with the other options to suppress the display of error messages and what the command is doing at each stage. By default all anonymous user accounts are created with home directories in /usr/anon. Specify the home directory for anonymous user accounts.

minutes shell user-id group path Remarks You must be root to run this command.. Shell you want to assign to anonymous user accounts—for example: /bin/csh. and so on. This must be 8 characters or less. First user-id you want to start generating anonymous user accounts from. Home directory for anonymous user accounts. You must stop the MetaFrame Presentation Server process on the server before you configure anonymous users.Appendix A Command Reference 201 Parameters number anonymous_user_name New number of anonymous user accounts. Idle time-out period. in minutes. account names are in the format anonx where x is a number from 1. Name of the anonymous user group. New name of anonymous user accounts.. You do not need to specify the trailing “/”.2 . . See also ctxshutdown—to stop the MetaFrame Presentation Server process. By default.

Working Directory . You are prompted for the following details: Name .whether the application is for use by anonymous or explicit users. Choose from 16. 8bit. or % (percentage) of a desktop.type yes to use SSL to secure connections to this application. enclose it within quotes. . the App Config> command prompt appears and you can enter the following commands: list publish Displays a list of published application names. Enable SSL security . Allows you to publish an application.the working directory used by the application. 70%. 4bit.an optional description that can be displayed on the user’s Web page. press ENTER without specifying a command line. To specify the user’s home directory. 16bit.the command line used to launch the application. Enter yes if the application is for use by anonymous users only. or no if it is for explicit users only. for example. Anonymous . or no if you do not want to use SSL. Icon File . Window Size .the number of colors used to display the application.202 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxappcfg Description ctxappcfg is an interactive command that allows you to publish and configure applications. Syntax ctxappcfg Usage When you run ctxappcfg.the window size and type of window. and 24bit. Description .the icon file displayed against a published application. 256. Command Line . for example.a folder containing the application. If the description includes spaces. Specify type of window as seamless (the window size is controlled by the client) or fullscreen (full screen display). Folder . Specify window size as widthxheight. leave this blank. 1024x768. To publish the desktop. Color Depth .the name used to refer to the published application.

8bit. dir={dir_name}. If the description includes spaces.the group names of user groups permitted to access this application. Type yes to use SSL. 256. This option applies only to the command line and working directory. set . After you select an application. enabled . enclose it within quotes.allows you to change the configuration. color_depth={color depth}.lists the configuration details of the selected application.the widow size (width x height or percentage of a desktop) and type of window (desktop or seamless) color_depth . select [name] Allows you to configure a published application. you are prompted for it. or 24bit ssl_enabled .the names of servers in the farm that will publish this application. Specify 16. Type one group name per line. 16bit. description={description}. anonymous .indicates if the application is for use by anonymous or explicit users.the command line required for the program to run.the name of the server you want to configure. Type one user name per line. all users and groups are permitted access to this application. Group name . all users and groups are permitted access to this application. description . type an asterisk (*). or no if you do not want to use SSL. Enter a blank line to complete the list. 4bit. If you do not enter any user or group names.specifies whether or not SSL is used to secure connections to the application.the description displayed on the user’s Web page. .the initial working directory. [cmd={cmd_line}. dir={dir_name}] where the parameters are as follows: cmd .ssl_enabled={yes|no}] -ORset server={server_name}. folder={folder name}. window_size . Enter a blank line to complete the list. Server name . server . The full syntax is: set [cmd={cmd_line}. dir .the number of colors used to display the application. the prompt changes to the name of the application and you can enter the following commands: list . folder . window_size={window size}. If you do not enter any user or group names. enabled={yes|no}. To specify all current servers in the farm.the user names of users permitted to access this application.indicates if the application is enabled or disabled.the name of a folder containing the program. Type one server name per line. anonymous={yes|no}.Appendix A Command Reference 203 publish User name . Enter a blank line to complete the list. If you do not specify the name of the application you want to configure. Note that the application name is case-sensitive.

Enter a blank line to complete the list. Enter a blank line to complete the list.exits the command. help / ? . list servers . add groups .displays a brief usage message. add servers . export icon . remove groups .204 MetaFrame Presentation Server for UNIX Administrator’s Guide select [name] list users .saves the changes you make. Type one user name per line. To specify all current servers in the farm. drop . Type one group per line. import icon .creates a new published application by copying the configuration of the current application. Enter a blank line to complete the list.prevents users from accessing the published application. You are prompted for the file name.specify a different icon file for the published application. remove servers . You are prompted to enter a name for the new application. copy . Type one group per line. .remove the published application from one or more servers in the farm.lists groups of users who are allowed to access the published application. Enter a blank line to complete the list.prevents groups of users from accessing the published application. You are prompted for the file name.publish the application on another server in the farm. list groups . add users .export the current icon to a file that you can later view. save .lists the users who are allowed to access the published application. delete . Type one server name per line. exit . Note that an application must be installed on a server before it can be published.adds users who are allowed to access the published application. The new configuration is saved and automatically selected.deselects the currently application and returns you to the App Config> prompt. Enter a blank line to complete the list.lists all servers in the farm that publish the application.adds groups of users who are allowed to access the published application.deletes the currently selected application and returns you to the App Config> prompt. Enter a blank line to complete the list remove users . Type one user name per line. type an asterisk (*). Type one server name per line.

use the set command.export the current icon to a file that you can later view. drop . which has the following syntax: set [folder=[folder name]. 16bit. Remarks You must be an administrator to run this command. 8bit. or 24bit ssl_enabled .the widow size (width x height or percentage of a desktop) and type of window (desktop or seamless) color_depth . window_size .specifies whether or not SSL is used to secure connections to the application. import icon . .the name of a folder containing the published application. Exits the command. or no if you do not want to use SSL. export icon . Type yes to use SSL. ssl_enabled] where the parameters are as follows: folder . help / ? exit Displays a brief usage message. 4bit.specify a different default icon file for the published application. 256. save .the number of colors used to display the application.deselects the currently application and returns you to the App Config> prompt. Specify 16. See also ctxqserver—to list all published applications on the network.saves the changes you make. color_depth={color depth}. To change the default settings. window_size={window size}.Appendix A Command Reference 205 default Allows you to display and configure the default settings for all published applications in the server farm.

Use set to restrict the browser to a subnet. -r -b Restrict the ICA browser to one subnet.206 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxbrcfg Description ctxbrcfg configures ICA browser settings.20.] [list] -m [always | never | neutral. neutral reinstates the default behavior of “no preference. Display usage message -h Parameters num gateway address Specifies the interval (in minutes) at which the local browser will update the master browser. never instructs the browser to refrain from standing in an election. Allows you to influence the criteria used for the master election.bbb. Master election. in aaa. The IP address or subnet address to which you want to restrict the browser.123.] [remove=gateway. always makes the local browser try to become the master. Specifies the gateway host name or IP address. configure the server so that the browser listens on only one subnet and ignores broadcasts on the others. 10. If a server running MetaFrame Presentation Server has more than one network interface card (NIC) and is connected on more than one subnet.ddd format—that is. Syntax ctxbrcfg ctxbrcfg ctxbrcfg ctxbrcfg ctxbrcfg -g [add=gateway. Allows you to specify the interval (in minutes) at which the local browser will update the master browser.] [list] -b [set=address | unset | list] -h Options -g -m Gateways. Use unset to remove a restriction. Use list to display current restrictions. Allows you to add or remove ICA Gateways.] [list] -r [set=num.ccc. .” Refresh period.123.

it is also available when you connect to published applications through the ctxwm window manager. • ctxcapture is available from the command prompt. make sure that there is only one NIC on this subnet. as follows: • • In a seamless window. For more information. a dialog box appears. Copy graphics between the client and the X graphics manipulation utility XV. Syntax ctxcapture See also ctxgrab—a simple tool to cut and paste graphics from ICA applications to applications running locally on the client device. including non-ICCCM-compliant applications. If you bind the server to a subnet. if your administrator has made it available. ctxcapture Description ctxcapture lets you: • Capture windows or screen areas and copy them between an application in a client window and an application running on the local client device. see “If a Server Uses Multiple NICs” on page 154. See also ctxqserver—to display information about gateways and the master browser. XV is a Shareware utility that is available for download from the Internet. . right click the button in the top.Appendix A Command Reference 207 Remarks You must be an administrator to run this command. right click to display the ctxwm menu and choose the Screen Grab option When ctxcapture starts. left hand corner of the screen to display a menu and choose the Screen Grab option In a “full screen” window.

] [list] -c [broken={DISCONNECT | RESET | LOGOFF}.] [reconnect={ORIGINAL | ANY}.] [clientcheck={NONE | seconds}.] [authentication={NONE | minutes}.access={ro | rw} -D disable -D list -k [loadfactor=num] | [lognohome= {0|1}] | [autoreconnect= {0|1}] -m [enable | disable] [lowerthreshold=num] [upperthreshold=num] [list] -o [set=n] [reset] [list] -h ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg ctxcfg .] [list] -p [enable | disable] [list] -C [enable | disable] [list] -P [set=num | reset] [list] -g -e {none | basic} [list] -i [ INHERIT | PUBONLY | ([prog=name.] [clientresponse={NONE | seconds}.] [pass]] [list] -l [max={UNLIMITED | num }] [list] -t [connect={NONE | minutes}.] [INHERIT | [user=name.] [disconnect={NONE | minutes}.][wd=dir])] [list] -s enable [. Syntax ctxcfg ctxcfg ctxcfg -a [ERASE | [[prompt={TRUE | FALSE}.208 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxcfg Description ctxcfg configures server settings.] [disclogoff={NONE | minutes}.notify={on|off}] -s disable -s list -D enable.] [idle={NONE | minutes}.input={on|off}] [.

Allows you to limit the number of users who can be logged on concurrently to the server. Use authentication to specify the maximum duration that a session in the connected state exists on the server. Allows you to specify time-out intervals (in minutes) for connected. Logons. Use INHERIT to make the server use logon details specified on the client. To specify that a timed-out session be logged off rather than reset. Use the pass option to prompt users for a logon password. Use client response to specify the maximum period of time the server waits for a response from a client before disconnecting sessions automatically. prior to the user logging on or reconnecting. regardless of whether one is specified on the server or the client. Specify an unsigned number or the keyword UNLIMITED to allow an unlimited number of users to log on. Note that using -g with the list option will not display the password. -l -t . Only new sessions are affected by changes to the time-out intervals. and idle sessions. Alternatively you can specify a user name and/or password for all users who log on to the server. For example. rather than setting a user name and password for the server using user and pass. When the specified duration elapses. Use client check to specify the maximum period of time a client can be unresponsive before the server checks that the client is still connected. Set prompt to TRUE to prompt users for a password. use -t disconnect=10.Appendix A Command Reference 209 Options -a Allows you to set automatic logon details. disconnected. to specify a time-out interval of 10 minutes for disconnected sessions. the session is reset. use -t disclogoff=num in addition to the -t disconnect setting. ERASE erases any user name and password details that were set using the user and pass options and makes the server use logon details specified on the client. NOTE: You must configure both client check and client response options to disconnect sessions interrupted by network failure automatically. Timers. Use the keyword NONE to disable all time-out settings.

You can redirect these commands to a file that you can later execute as a shell script. Client clipboard. Shadowing. set to RESET to terminate broken sessions. Allows you to define how the server handles timed out or broken sessions. Use to enable or disable client drive mapping. Note that when enabling shadowing. INHERIT uses the program and path specified on the client. Port number. Logging off sessions allows some applications to exit more cleanly than with RESET. Use to enable or disable client printing. Set input to on to allow the shadower to interact with the shadowed session using the keyboard and mouse. Set reconnect to ORIGINAL to allow reconnection only to a broken or timed out session from the original terminal. This generates a list of commands that. When client drive mapping is enabled. Use to specify a program. restores all settings to their current values (except the password). and path if necessary. Set broken to LOGOFF to log off broken sessions. A RESET is performed on the session after 30 seconds if logging off does not fully terminate the session. Use to specify a TCP/IP port number on which the server can listen for connections. Use to enable or disable the client clipboard. Client drive mapping. -g cannot be used with any other argument. Set notify to on to give users the option to approve or deny the shadowing of their session. You must restart the server for the new value to take effect. Use set to use a specific number or reset to use the default number. where ro is read-only access. Generate. Set broken to DISCONNECT to disconnect sessions that are broken. PUBONLY restricts users so that they can connect only to published applications. and rw is read-write access. Use to enable or disable shadowing. Note: Use the LOGOFF and RESET options with care because users will not be prompted to save their data before sessions are logged off or reset in this way. and prevents users from connecting to the server by name. -p -C -P -g -e -i -s -D . However. you can restrict access using ctxsecurity and ctxmount. or to the server desktop. it is enabled for all users and all their available local drives. Initial program. if executed. Client printing. set to ANY to allow reconnection to the session from any terminal. to run when the client initially connects. Use to force clients to use encryption and prevent clients who do not use encryption from connecting.210 MetaFrame Presentation Server for UNIX Administrator’s Guide -c Connections. Encryption. the default for input is on and the default for notify is on.

where num is a load factor value between 1 and 10000. Mouse-click feedback is enabled by default. use ctxcfg -k loadfactor=num. set lognohome=1. By default. the upper threshold is 500 milliseconds. Display usage message -m -o -h Remarks You must be an administrator to run this command. ctxmount—to restrict user access to specific mapped drives. Use set=n to specify the delay and reset to reset the current setting to 100ms. Allows you to set the length of delay (in milliseconds) for buffering of graphics. and the lower threshold is 150 milliseconds. use the list option. To display the current setting. ctxcfg -t has no effect on anonymous users. set lognohome=0 To allow sessions interrupted by network errors to be automatically reconnected. ctxsecurity—to restrict access to client drive mapping on a user or group-level basis. To display the current settings. To prevent sessions interrupted by network errors from being automatically reconnected. set autoreconnect=0. Mouse-click feedback.Appendix A Command Reference 211 -k Switch that allows you to turn features on and off (for example. You can also configure the thresholds in which mouse-click feedback operates by setting upper and lower threshold values. in milliseconds. To tune the load factor on a server. each server has a load factor of 100. To allow users whose home directories are unavailable to log on. By default. the ability to log on without a home directory) and set numeric factors (such as the load factor). The thresholds are like switches that determine when mouse-click feedback is on or off. . Use this option to enable and disable mouseclick feedback. To prevent users from logging on without a home directory. set autoreconnect=1. See also ctxanoncfg—to specify an idle time-out period for anonymous users. use the list option.

Syntax ctxconnect ctxconnect id -h Options -h Display usage message. See also ctxsecurity—to control which users can connect to other users’ sessions. other users can connect only to their own sessions. Parameters id Specifies the session id to which to connect. MetaFrame administrators can connect to any session. Remarks By default. .212 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxconnect Description ctxconnect lets you connect to a session.

. administrators can disconnect any session. Specifies the name of a server in the farm to disconnect. ctxdisconnect Description ctxdisconnect lets you disconnect a session. server1:34 means session 34 running on server1. Syntax ctxdisconnect [ id | servername:id ] Parameters id servername Specifies the session id to disconnect. By default. See also ctxsecurity—to control which users can disconnect other users’ sessions. your own session is disconnected. For example.Appendix A Command Reference 213 ctxcreatefarm ctxcreatefarm is an alias of ctxfarm—see the ctxfarm command for more information. You can disconnect sessions on the local server or on other servers in the farm. other users can disconnect only their own sessions. Remarks If you do not specify a session id.

The ctxcreatefarm and ctxjoinfarm commands are aliases of ctxfarm. If the server is already in a farm. Farm passphrase . If you are joining a farm. Usage When you run ctxfarm. use ctxjoinfarm. the following information: Farm name If you are creating a farm. Join a server to a farm. ctxcreatefarm or ctxjoinfarm. specify the name of the farm you want the server to join. Alternatively. type the name of the farm you want the server to join and then confirm you want to move the server to the new farm. This will be required by administrators whenever they want to join servers to this farm. Lists servers in a farm and specifies which server is the Management Service Master. or you can enter. or remove servers from the farm.214 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxfarm Description ctxfarm lets you create a server farm. use ctxcreatefarm. you are prompted for. Remove a server from the farm. specify the name you want to give the farm. specify a passphrase. join a server farm. this is the passphrase specified when the farm was first created. Syntax ctxfarm ctxcreatefarm ctxjoinfarm -c | -j | -l | -r [server-name] Options -c -j -l -r Create a server farm. If you are joining a farm. If you are creating a farm. Alternatively.

Remarks You must be an administrator to run this command. If you do not specify a server name. because the passphrase you specify when you create the farm will be required by administrators whenever they want to join servers to this farm. Only servers running MetaFrame Presentation Server for UNIX Version 4.Appendix A Command Reference 215 Server name If you are joining a farm. the local server is removed from the farm. you cannot add servers to the farm. . you can specify the server you want to remove from the farm.0. if you are removing a farm. CAUTION You must remember the passphrase. The server that you create the farm on will become the Management Service Master. specify the name or IP address of a server already in this farm. Optionally. so ensure that you create the farm on an appropriate machine. If you lose the passphrase. You can create farms only on servers running MetaFrame Presentation Server for UNIX Version 4.0 can join a server farm.

if you are using a published application. ctxgrab is available from a command prompt or. . as follows: • • In a seamless window. a dialog box appears.216 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxgrab Description ctxgrab lets you: • Capture dialog boxes or screen areas and copy them from an application in a client window to an application running on the local client device. right click to display the ctxwm menu and choose the Screen Grab option When ctxgrab starts. from the ctxwm window manager. right click the button in the top. left hand corner of the screen to display a menu and choose the Screen Grab option In a “full screen” window. Syntax ctxgrab See also ctxcapture—a more extensive tool that lets you cut and paste graphics between ICA applications and applications running on the client device.

See also ctxsecurity—to control which users can log off other users’ sessions. Remarks If a user is not specified. where servername is the name of a server in the farm.Appendix A Command Reference 217 ctxjoinfarm ctxjoinfarm is an alias of ctxfarm—see the ctxfarm command for more information. . Specifies the session id to log off on a particular server. For example. Parameters id servername :id Specifies the session id to log off. You can log off sessions on the local server or on other servers in the farm. By default. you are logged off. other users can log only themselves off. server1:34 means session 34 running on server1. Syntax ctxlogoff ctxlogoff [servername:id | id] -h Options -h Display usage message. administrators can log off any user. ctxlogoff Description ctxlogoff logs off a user from a server running MetaFrame Presentation Server.

If a call is made to ctxlpr while a previous job is still printing. If no files are specified. the default behavior is for the second command to wait for the first job to end before continuing. Print the job in the background. Name of the printer (or printer port) other than the default.. each file is treated as a separate print job. Use the -n option to cause a second print job to fail rather than wait. . . -b -n -h Parameters file Specifies the name of a file to print. Up to 10 files can be specified. Use this to stop applications waiting while other printer jobs are handled.file10] -h Options -P Print a file to a printer (or printer port) other than the default. This is the printer name or printer port shown in the first column of the output from ctxprinters..218 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxlpr Description ctxlpr prints to a client printer. Display usage message. ctxlpr takes its input from standard input (stdin). Only one print job can be handled at a time in any one session. Syntax ctxlpr ctxlpr [-P printerName] [-b] [-n] [file1. printerName See also ctxprinters—to list printers installed on the client.

using the License Config> command prompt. Use the ctxlsdcfg command to configure communication with the license server interactively. Use the ctxlsdcfg command with the s or -p option to configure communication with the license server noninteractively. Specify the name of the license server. the License Config> command prompt appears and you can enter the following commands: list server server_name port port_number exit Display the current license server name and port number. Specify the port number of the license server. Usage When you run the ctxlsdcfg command interactively. Display usage message. You can run this command interactively or non-interactively. Exit the program. Remarks You must be an administrator to run this command. .Appendix A Command Reference 219 ctxlsdcfg Description ctxlsdcfg configures communication with the license server. Syntax ctxlsdcfg ctxlsdcfg ctxlsdcfg -s server_name -p port_number -h Options -s -p -h Specify the name of the license server. Specify the port number of the license server.

. Remarks Citrix recommends you use the ctxqserver -master command instead to display the server acting as the master browser. Syntax ctxmaster [-h] Options -h Display usage message.220 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxmaster Description ctxmaster shows the master ICA browser address. See also ctxqserver—to display the master browser address.

Appendix A Command Reference 221 ctxmount Description ctxmount configures user access to specific mapped drives. Syntax ctxmount [ -d | -ro ] [ drivelist | all ] Options -d -ro Disconnect a drive. If you specify a currently connected drive. if you enable read-only access to mapped drives using ctxcfg. Z) or all to specify all available drives. For example.. you can configure access to particular mapped drives using the ctxmount command. If you do not specify a drivelist. ctxsecurity—to restrict access to client drive mapping on a user or group-level basis. To use the ctxmount command. Remarks Settings configured using ctxcfg take precedence over any settings configured using ctxmount. Parameters drivelist Specify the drive letters to which you want to configure access (A B C . When you enable client drive mapping using ctxcfg. read-write access cannot be granted using ctxmount. However.sh script. You can do this for particular users or for every user who connects to a server running MetaFrame Presentation Server.. all the local drives available to a user are mapped. the default of all is used. . this drive is made read-only. you modify it within the ctxsession. See also ctxcfg—to enable or disable client drive mapping for all users and all available local drives. Configure access to a drive as read-only.

Send a message to all users on the local server. Specify a time-out (in seconds) for the message. Send a message to all users on a particular server.222 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxmsg Description ctxmsg sends a message to a particular session or to all sessions. The text you want to send. -a -s -S -h Parameters id servername message timeout Session id of the user to whom you want to send the message. If no time-out is specified. or the time-out is specified to be 0. That is. Name of a server in the farm. Display usage message. See also ctxquser or ctxqsession—to display users’ session IDs. Syntax ctxmsg ctxmsg ctxmsg ctxmsg ctxmsg [-w] {id | servername:id} message [timeout] -a message -s servername message -S message -h Options -w Suspends the ctxmsg program until the message either times out or the user dismisses it. the message dialog box remains displayed until dismissed by the user. enclose it within double quotes. For example. To send a message that contains spaces. the command prompt returns only when the user responds or the message times out. . either on the local server or in the entire server farm. Send a message to all users on all servers in the farm. server1:34 means session 34 running on server1.

For each printer. The name of the device driver. lpt1). .Appendix A Command Reference 223 ctxsecurity—to control which users can send messages to other users’ sessions. See also ctxlpr—to print to a client printer. Syntax ctxprinters [-h] Options -h Display usage message. ctxprinters Description ctxprinters lists printers installed on the client and indicates which is the default. The name of the port to which the printer is attached. the list displays: • • • The printer name or printer port (for example. You can use this in the ctxlpr -P command to specify a printer other than the default. ctxshutdown—to inform users that the server is about to shut down.

see the MetaFrame Access Suite Licensing Guide. Note Some options. such as -license. display information only for servers running versions prior to MetaFrame Presentation Server for UNIX Version 4. Syntax ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver ctxqserver [server_name] -addr server_name -app [application_name | server_name] -disc [application_name | client_name] -gateway [server_name] -gatewaylicense:IP_address -license [server_name] -load server_name -master -netlicense -ping [-count:value] [-size: value] server_name -reset server_name -serial [server_name] -stats server_name -tcpserver:x -h .0 that use the previous licensing method. For information about the new MetaFrame Access Suite licensing method.224 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxqserver Description ctxqserver displays information about servers running MetaFrame Presentation Server on the network.

Specify a server name to narrow the list. List all disconnected sessions.123.Appendix A Command Reference 225 Options -addr -app Display the network address of a specific server. List all published applications and the server load. Display the loading for a particular server. Display information about the number of licenses installed and in use on the local network. Display statistics about the activities of the browser for a particular server. Specify the name of an application or client to narrow the list. packets sent/received) for the named server. Display the IP address of the master browser. Pool displays the number of pooled licenses. -load -master -netlicense -ping -reset -serial -stats -tcpserver:x -h . Display the licenses on each server. that is. Specify a server name to narrow the list. Display the number of remote licenses available from a gateway. Sets the TCP/IP default server address to x. Specify the IP address of the gateway. Specify the name of an application or server to narrow the list.12. Reset statistics about the activities of the browser (for example. List the ICA gateways known to each server. Ping the named server. Total shows the sum of the local and pooled licenses. elections sent/received. The number of licenses kept local to the machine and the number pooled is also shown.12 -disc -gateway -gatewaylicense -license List the licenses on each server. Mach displays the number of licenses kept local to the machine. ctxqserver -gatewaylicense:12. Display usage message. Specify a server name to narrow the list.

Parameters servername Name of a specific server. or the entire server farm. where appropriate. Name of a published application. state. See also ctxquser—to display session user details. ctxqsession Description ctxqsession displays session details. another server in the farm. Use with the ping option to specify the number of packets to send. . TCP/IP address of a server. The default is 256 bytes. Display information about all servers in the farm. The default is five packets. type. Display usage message. session ID. ctxqsession displays information about ICA connections to the local server. and device. Syntax ctxqsession ctxqsession ctxqsession [-s servername] -S -h Options -s -S -h Display information about a particular server.226 MetaFrame Presentation Server for UNIX Administrator’s Guide Parameters server_name application_name -count:value -size: value IP_address Name of a specific server. Use with the ping option to specify the packet size. user name. The information includes.

Parameters servername user username Name of a specific server. The information displayed includes the user name. another server in the farm. . Syntax ctxquser ctxquser ctxquser ctxquser [user username] -s servername [user username] -S [user username] -h Options -s -S -h Display information about a particular server. Display usage message. the state. the time the user has been idle. the session ID. Name of a particular user you want to query See also ctxqsession—to display session details.Appendix A Command Reference 227 ctxquser Description ctxquser displays session user details. Display information about all servers in the farm. and the total time the user has been logged on. ctxquser displays information about users logged on to the local server. or the entire server farm.

Display usage message. ctxsecurity—to control which users can use ctxreset to reset other users’ sessions. ctxreset resets an ICA connection on the local server or another server in the farm. Remarks By default. administrators can reset any session. You specify the session to be reset using its session id. server1:34 means session 34 running on server1. Name of a server in the farm. See also ctxqsession—to display the current sessions. ctxquser—to display session user details.228 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxreset Description ctxreset resets a session. For example. . other users can reset only their own sessions. Syntax ctxreset ctxreset {id | servername:id } -h Parameters id servername -h Session id of the session you want to reset.

When you install MetaFrame Presentation Server. . Change security at group level for a secured function. shadow. Syntax ctxsecurity ctxsecurity ctxsecurity ctxsecurity ctxsecurity ctxsecurity secured_function -l secured_function -a {allow | deny} secured_function -u {user_name} {allow | deny} secured_function -g {group_name} {allow | deny} secured_function {-u user_name | -g group_name} inherit -h Options -l -a -u -g -h Display security settings for a particular secured function. Security can also be controlled at user and group levels. The secured functions are shown in the following table. Prevent access to the secured function.Appendix A Command Reference 229 ctxsecurity Description ctxsecurity configures MetaFrame Presentation Server security. Permit access to the secured function. default security settings are applied that automatically control access at a global level to MetaFrame-secured functions. Display usage message. Change the global security setting for a secured function. for example. Parameters secured_ function allow deny A particular tool. Change security at user level for a secured function. MetaFrame Presentation Server security controls a user’s access to commands and sessions.

Remove previous user or group security settings and inherit settings from the level above. Which users can use ctxshadow to shadow other users’ sessions.230 MetaFrame Presentation Server for UNIX Administrator’s Guide user_name group_name inherit User account name. Which users can use ctxlogoff to log off other users’ sessions. Allow Allow Deny for anonymous users Deny Deny Deny Deny Allow Deny for anonymous users Allow Remarks You must be an administrator to run this command. Which users can use ctxreset to reset other users’ sessions. . Which users can use ctxmsg to send messages to other users’ sessions. Group name to which the user belongs. Which users can use client drive mapping to access their local drives. See also ctxcfg—to enable and disable shadowing and client drive mapping. Which users can use ctxdisconnect to disconnect other users’ sessions. Secured function login sendmsg (ctxmsg) connect (ctxconnect) disconnect (ctxdisconnect) logoff (ctxlogoff) reset (ctxreset) shadow (ctxshadow) cdm MetaFrame security determines Default global setting Which users can log onto the server. Which users can use ctxconnect to connect to other users’ sessions. Secured Functions The following table lists the secured functions together with their default settings after installation.

Alternatively. Syntax ctxshadow {id | servername:id} [-v] [-h[[a][c][s]+]x] Options -v -h Verbose output. ctxshadow id [-h[[a][c][s]+]x] -ORSpecify ctxshadow -h to display a usage message. Choose this combination from: a|c|s where a = ALT. c. Use with a session id to configure a hotkey combination to end shadowing. server1:34 means session 34 running on server1. Shadowing lets you monitor and interact with another active session. Parameters id -ORservername :id {a|c|s}+x Specify the session to be shadowed using its session ID. including all or none. c = CTRL. Note: you can use any combination of a. specify the local server name and ID. for example. and the session being shadowed is called the shadowed session. to begin shadowing and to specify a hotkey combination of ALT and q to stop shadowing. type: ctxshadow {id | name} -h a+q . The session that issues the ctxshadow command is referred to as the shadower. Specify the hotkey combination you want to use to end shadowing.Appendix A Command Reference 231 ctxshadow Description ctxshadow starts a shadowing session. for example. Displays additional information. For example. and s. Note that you cannot shadow a session on another server. s = SHIFT x where x is an alphanumeric character (a to z and 0 to 9).

ctxsecurity—to control which users can shadow other users’ sessions. ctxquser or ctxqsession—to display session ID. However. if you cannot use this hotkey combination or you prefer to use an alternative. if you print a file while shadowing a session. if you copy information to the clipboard while shadowing. you can end shadowing by holding down the CTRL key and pressing the asterisk (*) key on your keyboard’s numeric keypad. For example. . Remarks Note that virtual channel data (instructions to the server that affect only the shadowed session) is not shadowed. this information is available to the shadowed session for pasting. You may also get some unexpected results using the clipboard channel. the file is queued at the shadowed session’s printer. However. The user of the shadowed session can use the clipboard to copy and paste between the client session and applications running locally. As shadower. you can configure a different combination using the -h option. you cannot access the contents of the shadowed session’s clipboard—information in the clipboard belongs to the shadowed session.232 MetaFrame Presentation Server for UNIX Administrator’s Guide To End a Shadowing Session By default. See also ctxcfg—for shadowing configuration at the server.

Syntax ctxshutdown ctxshutdown [-q] [-m seconds] [-l seconds] [message] -h Options -q -m Quiet mode. users are automatically logged off. and the MetaFrame Presentation Server process stops. the default message “Server shutting down. Applications that have not registered “window hints” will terminate immediately. Specify when the shut down process will begin. The default is 30 seconds. Specify how long applications that have registered “window hints” have to interactively log users off. Auto logoff in x seconds” is displayed. The default is 60 seconds. -l -h Parameters message Specify the message displayed to all users logged on to the server. applications that have registered “window hints” (the WM_DELETE_WINDOW attribute) will attempt to interactively log the user off. where x = the number of seconds specified in the -m option (or the default of 60 seconds if this is not specified). Display usage message. and how long the message will be displayed. any remaining sessions are automatically terminated. If you do not specify a message. When this period expires. See also ctxsrv—to stop the MetaFrame Presentation Server processes on a server. When this period expires and the shut down process begins. in seconds. Use to reduce the amount of information displayed to the administrator by the ctxshutdown command. Remarks You must be an administrator to run this command.Appendix A Command Reference 233 ctxshutdown Description ctxshutdown stops the MetaFrame Presentation Server processes. .

You can use ctxsrv to start up and stop all the processes on the server. Do not run the commands ctxsrv start all. The connection server. this immediately stops the client drive mapping process on the server. You must be root or an administrator to run this command. Syntax ctxsrv ctxsrv ctxsrv start [browser|sslrelay|cdm|lsd|msd|server|all] stop [browser|sslrelay|cdm|lsd|msd|server|all] -h Options browser sslrelay cdm The Citrix ICA browser service. ctxsrv start cdm and ctxsrv stop cdm from within the /ctxmnt directory. the sessions are terminated and unsaved applications or user data can be lost. License Service daemon. such as the ICA browser or Citrix SSL Relay. or to start up and stop an individual process. Client drive mapping. Display usage message. or the client drive mapping process fails. All server processes. . If you use ctxsrv to stop MetaFrame Presentation Server. including any existing connections. Management Service daemon. and disables client drive mapping for all connections. lsd msd server all -h Remarks Citrix recommends you use the ctxshutdown command to stop the MetaFrame Presentation Server processes on a server. ctxsrv stop all. Citrix SSL Relay.234 MetaFrame Presentation Server for UNIX Administrator’s Guide ctxsrv Description ctxsrv starts up or stops the server processes. and sessions are still active when the server is stopped. If you stop client drive mapping using ctxsrv stop.

and the DNS address resolution setting. Syntax ctxnfusesrv ctxnfusesrv ctxnfusesrv ctxnfusesrv {–l | –port portnumber} -ssl-port portnumber -dns [ enable | disable ] -bind {all | subnet-address [subnet-mask]} Options –port -l Configures the HTTP server listening port. ctxnfusesrv can also be used to enable users to make secure connections using SSL and to enable and disable DNS address resolution. the SSL port number. XML Service Commands ctxnfusesrv Description ctxnfusesrv configures the server listening port. Lists the current HTTP server listening port.Appendix A Command Reference 235 See also ctxshutdown—to shut down the processes on a server. . or lists the current listening port. the publishing mode. The default port number is 80. ctxcfg—to disable client drive mapping for new connections only.

0. If you make changes using ctxnfusesrv -port.20.236 MetaFrame Presentation Server for UNIX Administrator’s Guide -ssl-port Specifies the port number on which SSL Relay listens for connections (this is the SSL port you configured using the Citrix SSL Relay configuration tools). Disables DNA address resolution. By default. DNS is disabled and computers running MetaFrame Presentation Server reply to client browsing requests with an IP address. Enables and disables Domain Name System (DNS) address resolution. 255. Specifies the subnet or interface address to which ICA master browser broadcasts are sent.255.bbb. which is the standard port for SSL-secured communications. The format of the subnet mask is aaa.ccc. By default. -dns -bind Parameters portnumber enable disable subnetaddress subnet-mask TCP port number.ccc. the appropriate subnet network mask must be specified.ddd. .240. If the network is subnetted. You need to run this command only if you are not using TCP port 443. Restricts ICA master browser broadcasts made by the XML Service to one subnet. you must stop and restart the XML Service using ctxsrv {start | stop} msd for the changes to take effect.123. this option configures the network to which ICA master browser broadcasts are sent.131. 10.bbb. See also ctxsrv—to start and stop the XML Service. Enables DNA address resolution. ICA master browser requests are broadcast locally on all available interfaces.ddd. for example. If the server has more than one network interface and is connected to more than one network or subnet. Specifies the netmask corresponding to the subnet address. for example. The format of the subnet address is aaa. Remarks You must be an administrator to run this command.

as the result of a client device failure. See Web Interface. It is now called the Web Interface for MetaFrame Presentation Server. anonymous application An application published exclusively for use by anonymous users. and message integrity checks. anonymous user account A user account defined on a server for accessing applications published for anonymous use. In Solaris. CDE See Common Desktop Environment. broken session A broken session occurs when the communication link between a client and the server is interrupted. Bourne shell A type of UNIX shell. browser election See master browser election. encryption of the data stream. Bourne is the default shell. SSL provides server authentication.APPENDIX B Glossary administrator A member of the user group ctxadm. C shell A type of UNIX shell based on the C programming language. Citrix SSL Relay A Citrix product that provides the ability to secure data communications using the SSL protocol. anonymous session The session of an anonymous user. Citrix NFuse Classic NFuse Classic has been integrated as a feature in MetaFrame Presentation Server. who has special permissions regarding the administration of MetaFrame Presentation Server for UNIX. An external address is a public (Internet) IP address. for example. alternate address The external address of a server. anonymous user A guest user granted restricted access to a published application on a server. . Citrix Connection Configuration The Citrix utility you use to configure ICA and other connections to your servers.

ctxjoinfarm Command-line tool for joining a server farm. ctxalt Command-line tool for alternate address configuration. and application developers across platforms. See ctxfarm. csh See C shell. ctxlogoff Command-line tool for logging off the server. ctxbrcfg Command-line tool for configuring ICA browser settings ctxcapture Command-line tool for graphics copy and paste (between ICA and local applications). ctxgrab Command-line tool for graphics copy and paste (from ICA to local applications). ctxdisconnect Command-line tool for disconnecting a session. client drive mapping The feature that enables applications running on the server to access physical and logical drives configured on the client device. ctxcfg Command-line tool for configuring servers running MetaFrame Presentation Server. ctxconnect Command-line tool for connecting to a session. ctxlsdcfg Command-line tool for configuring communication with a license server. ctxappcfg Command-line tool for controlling published applications. client device Any device capable of running one of the MetaFrame Presentation Server Clients. or removing a server from a farm. and menus to provide services to end-users. allowing connections across most firewalls. joining a server farm. . systems administrators. ctxanoncfg Command-line tool for configuring anonymous users. See ctxfarm. ctxlpr Command-line tool for printing to a client printer. ctxadm The MetaFrame administrator group name. icons. The XML Service also provides an HTTP interface to the ICA browser. ctxmaster Command-line tool for showing the master browser address and alternate address. ctxlsd The License Service daemon.238 MetaFrame Presentation Server for UNIX Administrator’s Guide Citrix XML Service A daemon running on the server that communicates information about UNIX applications published in a server farm to Web Interface. Common Desktop Environment (CDE) A standard desktop for UNIX that uses windows. ctxfarm Command-line tool for creating a server farm. ctxcreatefarm Command-line tool for creating a server farm. See License Service. connection See ICA connection.

dtterm The standard terminal emulator used by CDE. users are not logged off. Each server farm has a single data store that can be physically replicated to improve performance or availability. external address The public (Internet) IP address of a server. ctxquser Command-line tool for displaying session user details. disconnected session An ICA session in which the client is no longer connected to the server. ctxprinters Command-line tool for listing the printers installed on the client. users. and they can reconnect to the disconnected session. ctxshutdown . ctxsrvr Default member of the administrator group. ctxshadow Command-line tool for shadowing a user’s session. ctxsecurity Command-line tool for displaying and configuring user access to commands and sessions.Command-line tool for stopping the MetaFrame Presentation Server process on a server. ctxqserver Command-line tool for displaying information about servers running MetaFrame Presentation Server on the subnet. ctxreset Command-line tool for resetting a session.239 ctxmount Command-line tool for configuring user access to specific mapped drives. DNS Domain Name System. Explicit users log on using user accounts created and maintained by system administrators and when they log on they supply a user name and password. their applications are still running. However. firewall A network node that provides security by controlling traffic between network segments. FQDN Fully Qualified Domain Name. ctxsrv Command-line tool for starting up or stopping the server processes on a server. explicit user A user who has an account name and password. Examples of persistent data include configuration information about published applications. ctxssl User account required for Citrix SSL Relay administration. data store A database or text file that stores persistent data for a farm. . ctxnfusesrv Command-line tool for configuring the Citrix XML Service HTTP port. directed packet A packet containing a destination address equal to the station address of the NIC. ctxqsession Command-line tool for displaying session details. printers. and servers. The ctxssl user is a member of the ctxadm group. ctxmsg Command-line tool for sending messages to sessions.

and screen updates pass between the client and server on the network. identified by a specific user ID and ICA connection. mouse clicks. Independent Computing Architecture (ICA) The architecture that Citrix uses to separate an application’s logic from its user interface. It consists of the status of the connection. With ICA. ICA protocol The protocol used by clients and servers running MetaFrame Presentation Server to exchange information. and any applications executing during the session. the server resources allocated to the user for the duration of the session. and start a session on. The client communicates with the Citrix XML Service to fulfill the browser requests. An ICA connection is associated with a network connection or a serial connection (modems or direct cables).240 MetaFrame Presentation Server for UNIX Administrator’s Guide HTTP browsing HyperText Transport Protocol browsing. ICA gateway A gateway between two network subnets that enables the servers running MetaFrame Presentation Server on those subnets to exchange information. ICA See Independent Computing Architecture. ICA PassThrough Allows non-Win32 Clients to take advantage of the Citrix Program Neighborhood features. installer script A script that guides you through each step of the installation procedure and prompts you for the information that it requires. ICA session A lasting connection between a client and a server running MetaFrame Presentation Server. ICA browser The background process on a server running MetaFrame Presentation Server that maintains information about other servers and published applications. ICCCM Inter-Client Communication Conventions Manual. . ICA Client The software installed on a client device that enables end users to connect to servers running MetaFrame Presentation Server. This is done by publishing the pre-installed client on the server and having clients “pass through” the server’s Citrix Program Neighborhood client while trying to access a server farm. only the keystrokes. a server running MetaFrame Presentation Server. JRE Java Runtime Environment ksh See Korn shell. ICA connection The logical “port” used by ICA to connect to. ICCCM is a proposed X Consortium standard for inter-client communications. internal address The private IP address of a server. while the application’s logic executes on the server. initial program An application that starts automatically when a session begins. A feature available in MetafRame Presentation Server clients that allows users to browse applications and servers that exist on the other side of a firewall.

that user’s ICA session is established on the most lightly loaded server. performance. such as information about the published applications available in the farm.” load balancing A feature for adjusting the load on servers running MetaFrame Presentation Server. the syntax. license file A digitally signed text-only file downloaded from MyCitrix. Communication between Management Services takes place over a secure communications channel. and run reports to evaluate license usage. License Server A computer installed with licensing software and. Management Service Master The server running MetaFrame Presentation Server for UNIX that holds the master copy of the farm’s data store and that has authoritative configuration for the farm. The Management Service Master is the server on which you first create the farm. When a user launches a published application that is configured for load balancing. man page A man page (literally a “manual page”) exists for most UNIX commands. the License Management Console. warnings and important notes. . and related commands. based on criteria you can configure. copy license files to the license server. License Service A daemon that runs on a computer running MetaFrame Presentation Server for UNIX that communicates with the Citrix MetaFrame Access Suite license server. master ICA browser or master browser The ICA browser on one server running MetaFrame Presentation Server in a network that gathers and maintains information about published applications. optionally. License servers can host licenses for multiple products. plus additional ones such as aliasing and history. This daemon handles the allocation of licenses and grace period licensing. Management Service A daemon that runs on a computer running MetaFrame Presentation Server for UNIX that communicates server farm information.241 Korn shell A superset of the Bourne shell. Some License Management Console features help you download license files from Citrix. Each man page includes a description of the command. It has many of the Bourne shell features. You can share license servers between farms. The Management Service on the Management Service Master is responsible for communicating information to the Management Services running on other servers in the farm. and server load from the other member browsers within the network. The daemon runs as “ctxlsd. License Management Console An optional Web-based tool that runs on the license server. This server responds to requests for licenses from Citrix products.com that contains product licenses and information the license server requires to manage the licenses.

MetaFrame security The feature that controls user access to MetaFrame Presentation Server commands and sessions. To a client user. and plug-in and make available new authentication service modules without having to modify your applications. Also known as the super user. permissions In UNIX. minimizing. See Web Interface. NIS+ provides automatic information updating and adds security features such as authorization and authentication. A network naming service that allows resources to be centrally administered. permissions determine which users have read. the client software immediately changes the mouse pointer to an hourglass to show that the user’s input is being processed. If a published application runs in a seamless window. It is now called the Web Interface for MetaFrame. Browser elections occur when a new server is started. or when two master browsers are detected by another server or a client. Formerly called “Yellow Pages. NFuse Classic Citrix NFuse Classic has been integrated as a feature in MetaFrame Presentation Server. Permissions are associated with each file and directory. PAM allows you to select the authentication service you want to use. pkgadd A tool on the Solaris platform for installing software. published application An application installed on a server running MetaFrame Presentation Server that is configured for multiuser access by clients.” NIS+ is available on the Solaris. NIC Network Interface Card. write. mouse-click feedback A feature that enables visual feedback for mouse clicks.242 MetaFrame Presentation Server for UNIX Administrator’s Guide master browser election The process ICA browsers go through to choose (elect) a master browser from among the servers running MetaFrame Presentation Server on a given network. PAM Pluggable Authentication Modules. and execute access to files and directories. root The name given to the UNIX administration account that has special permissions. these defaults can be changed using the ctxsecurity command. PassThrough client See ICA PassThrough. script See shell script. the published application appears similar to an application running locally on the client device. . when the current master browser does not respond. Default security settings are applied at installation. HP-UX and AIX platforms. NIS+ Network Information Service. the user can take advantage of all the client platform’s window management features. and dragging and dropping between remote and local applications. seamless window One of the settings client users can specify for a published application. When a user clicks the mouse. such as resizing.

and workstations. A security protocol that provides server authentication. and message integrity checks. and executes commands. however. The start-up grace period does not apply to the administrator of MetaFrame Presentation Server. shell The interface between the user and the kernel. security See MetaFrame security. shadowing A feature that enables authorized users to remotely join or take control of another user’s session for diagnosis. supported. swinstall A tool on the HP-UX platform for installing and configuring software. UDP. hosts. session See ICA session. A suite of communication protocols that enables resources to be shared among PCs. sh See Bourne shell. unlike TCP. interprets. super user See root. uses IP for delivery. Ticketing eliminates user credentials from the ICA files sent from the Web server to client devices. A transport protocol in the Internet suite of protocols. provided the products point to a license server. smit The System Management Interface Tool on the AIX platform. .243 secured function A function to which the MetaFrame security tool “ctxsecurity” controls user access. UDP provides for exchange of datagrams without acknowledgments or guaranteed delivery. TCP/IP Transmission Control Protocol/Internet Protocol. managed. and executed on a server. who can use the product indefinitely without a license. server farm A group of computers running MetaFrame Presentation Server and managed as a single entity. the license server must have valid licenses on it or the products stop functioning. The shell acts as a command processor that accepts. like TCP. ticketing A feature that provides enhanced authentication security. UDP User Datagram Protocol. server-based computing A model in which applications are deployed. encryption of the data stream. SSL Secure Sockets Layer. with some form of physical connection between servers and the farm’s data store. After 96 hours. session ID A unique identifier for the session on a specific server. shell script An executable file that contains a set of UNIX shell commands. Start up grace period The start-up grace period allows limited use of MetaFrame Access Suite products before you download license files. training. or technical support. subnet A subset of a network.

and a client device with a Web browser.244 MetaFrame Presentation Server for UNIX Administrator’s Guide Web Interface The Web Interface is an application portal technology that provides organizations with the ability to integrate and publish interactive applications into any standard Web browser. X See X Window system. XV A UNIX graphics application that allows users to select and cut and paste areas of a screen and save graphics in different formats. workstation A computer designed for running UNIX Operating Systems. Formerly referred to as NFuse Classic. window manager A program that handles general window-management jobs. not just UNIX. Note that X runs on various platforms. XML Service See Citrix XML Service xterm A terminal emulator for the X Window system. . The Web Interface is a three-tier solution that includes a server running MetaFrame Presentation Server. X Window system The X Window system is a UNIX GUI (graphical user interface). a Web server. such as creating borders around an application’s main windows and controlling how you move and resize windows.

104 client documentation 16 keyboards 41 software 17 Client Administrator’s Guides locating 16 client drive mapping 181–194 troubleshooting 191 clipboard and shadowing 97 clipboard mapping enabling and disabling 111 graphics clipboard support 111 color depth in the Web Interface 66. See licensing Citrix SSL Relay configuring the Web Interface for 176.Index 245 Index A accented characters 41 active sessions. 178 starting and stopping 234 system requirements 27 Citrix XML Service 51. 181 installation 31 security considerations 64 template directory 85 troubleshooting 140 application publishing about application publishing 62 and load balancing 155 copying from existing details 82 deleting applications 81 displaying details about 73 for explicit or anonymous use 63 on servers of different architecture 68 parameter passing from the client 72 pre-configured for anonymous use 85 renaming a published application 83 restricting access to 84 specifying a working directory 71 C CDE changing the window manager 124 increasing concurrent sessions 164 publishing a desktop 64 Citrix Licensing. 136 adding and configuring settings 137 and NIS domains 140 displaying settings 136. 79 limitations 131 command line conventions 15 printing 101 publishing 68 B backing store 128 broken connections setting time-out intervals 114 browser. See ICA browser . 173 configuring 176 overview 174 starting 177 stopping 177 CITRIX_REMOTE_DISPLAY environment variable 68. displaying 88 address resolution 179 administration defaults file 32 administrator configuring access to commands 37 configuring the group 28 permissions 141 see also ctxsrvr user alternate address configuration 161 anonymous users accounts 63.

and ctxsecurity 142 conventions command line 15 in the documentation 14 copying published applications 82 server configuration to other servers 121 ctxadmn group 28. 213 ctxfarm 54. 234 ctx3bmouse 197 types of MetaFrame commands 36 concurrent sessions. 220 ctxmount 183. 229 ctxshadow 96. 217 ctxlogoff 92. 218 ctxlsdcfg 59. 185. 217 ctxlpr 100–102. 219 ctxmaster 150. 216 ctxjoinfarm 52. 200 ctxappcfg 62. 235 ctxprinters 100. 214 ctxgrab 111. 185. 217 ctxlogoff 92. 224 ctxqsession 88–90. 227 ctxreset 95. 141 ctxalt 161. limiting 108 configuring an initial program 84 anonymous users 136. 226 ctxquser 88–90. 221 ctxmsg 98. 216 ctxjoinfarm 52. 214. 213–214 ctxdisconnect 93. 229 ctxsession. 200 ctxanoninit. 212 ctxcreatefarm 51. 202 ctxbrcfg 152–159. 154. 202 ctxbrcfg 152–159. 231 ctxshutdown 38.246 MetaFrame Presentation Server for UNIX Administrator’s Guide shadowing 112 sharing licenses between subnets 160 TCP/IP port number 162 time-out intervals 114 connecting to a remote server 103 CONSOLE setting. 208 ctxconnect 94. 223 ctxqserver 91. 222 ctxnfusesrv 176–178. 223 ctxqserver 91. 198 ctxanoncfg 136–140. 228 ctxsecurity 141–148. 222 ctxnfusesrv 176–178. 213–214 ctxdisconnect 93. 212 ctxcreatefarm 51. 214. 181 applications to print 102 backing store 128 ICA browsers 152 ICA gateways 159 logging off disconnected sessions 114 network firewalls 160 non-English language support 168. 150. 206 ctxcapture 112. 214 ctxgrab 111. 65–83. 221 ctxmsg 98. 162. 218 ctxlsdcfg 59. 206 ctxcapture 112. 217 ctxlpr 100–102. 198 ctxanon group 138 ctxanoncfg 136–140.sh 85 ctxappcfg 62. 226 ctxquser 88–90. 213 ctxfarm 54. 219 ctxmaster 220 ctxmount 183. 208 configuring client drive mapping 184 configuring shadowing 112 configuring TCP/IP port number 162 controlling logon settings 106 enabling / disabling clipboard 111 enabling / disabling printing 110 listing server configuration 121 setting the number of permitted connections 108 setting time-out intervals 114 ctxconnect 94. 233 ctxsrv 38. 172 troubleshooting 171 performance tuning enhancements 128 published applications 74 RSA SecurID support 108 security 146 servers 106 . 207 ctxcfg 108–122. 207 ctxcfg 84.sh 123–127 commands 195–235 configuring access to 36 ctxalt 161. 228 ctxsecurity 141–148. 224 ctxqsession 88–90. 235 ctxprinters 100. 227 ctxreset 95.

128 ctx3bmouse 197 currency symbol support 28 current sessions. See fully qualified domain name fully qualified domain name 179 G gateways configuring ICA gateways 159 generating server configuration details 121 graphics clipboard support 111 .Index ctxshadow 96. window manager 124 ctxXtw. on non-English keyboards 41 default printer 100 published application settings 77 security settings 145 deleting anonymous user accounts 138 published applications 81 desktop. 76. 104 displaying anonymous user settings 136 client printers or printer ports 100 event logs 41 information about servers 91 load information 158 master browser name 150 mouse-click feedback settings 120 published application information 73 security settings 145 server configuration 121 user/session information 88 F file limits.sh 123. 188 client printing 110 notification of shadowing 113 published applications 62. 103 Euro currency symbol support 28 event logging 41 explicit users 63 external addresses 161 D data store 49 dead keys. 82 shadowing 112 encryption forcing clients to use 210 environment variables 36–37. 233 ctxsrv 38. 234 ctxsrvr user configuring access to commands 37 creating 28 see also administrator ctxwm. publishing 67 disabling client clipboard mapping 111 client drive mapping 188 client printing 110 mouse-click feedback 120 notification of shadowing 113 published applications 62. 154. displaying 88 DNS address resolution 179 documentation Client Administrator’s Guides 16 conventions 14 online 16 other sources 16 247 E elections about elections 150 configuring server behavior 152 forcing 151 manipulating 150 enabling client clipboard mapping 111 client drive mapping 184. 86. 231 ctxshutdown 38. 76. 82 shadowing 112 disconnected sessions logging off 114 setting time-out intervals 114 disconnecting a session 93 DISPLAY environment variable 68. increasing 164 firewalls 160 and network address translation 161 font path 126 forcing an election 151 foreign keyboards 41 language support 171 FQDN. 67–68.

customizing 123 logon settings 106 I ICA browser 149 configuring 152 locating 150 refresh interval 153 restarting and stopping 153 UDP port 160 with firewalls 160 with network address translation 161 ICA gateways 159 ICAPORT (configure TCP/IP port number) 162 idle sessions setting for anonymous sessions 138 setting time-out intervals 114 inheriting logon details 107. 129 security settings 147 initial program configuration 84 installer script 30 installing MetaFrame 28 on AIX unattended installation 34 on HP-UX unattended installation 33 on Solaris unattended install 32 overview 28 reinstalling 44 using the installer script 30 integrating with other servers 51 ISO 8859-15 28 J Java applications 68 Java runtime environment 26 M man pages configuring access to 37 displaying 37 installing on AIX 35 on HP-UX 34 on Solaris 31 Management Service daemon 49 Management Service Master 49 K kernel tuning on AIX 166 on HP-UX 165 on Solaris 163 . to end shadowing 98 HTTP browsing 174 L License Management Console 58 license server 58 configuring communication with 59 licensing MetaFrame Presentation Server 57 overview 59 limiting the number of connections 108 listing anonymous user settings 136 information about servers 91 load information 158 mapped printers 100 mouse-click feedback settings 120 published applications 73 security settings 145 server configuration 121 the default printer 100 user/session information 88 load balancing a group of servers 155 about 155 displaying the load 158 displaying the load factor 158 reconnecting to load balanced sessions 95 troubleshooting 158 tuning the load on a server 156 tuning the number of connections 157 load factor displaying 158 locale.248 MetaFrame Presentation Server for UNIX Administrator’s Guide keyboards. non-English support 41 H home directory allowing users to log on without 117 hotkey. and non-English keyboards 41 logging events 41 logging off a session 92 logging off disconnected sessions configuring 114 Login screen.

141 Pluggable Authentication Modules (PAM) 18 port number configuring 162. 82 for explicit or anonymous use 63 Java applications 68 managing servers 80 on servers of different architecture 68 pre-configured for anonymous use 85 renaming 83 restricting access to 84 N name resolution 50. 166 ptys. 165–166 requirements on AIX 27 on HP-UX 27 on Solaris 26 .Index MANPATH environment variable 37 mapping client clipboard 111 client drive 181 client printers 110 master browser 149–150 elections 150 locating 150 refresh interval 153 messages during server shut down 39 sending to users 98 MetaFrame Access Suite licensing 57 MetaFrame Presentation Server about 17 getting more information on 16 key features 18 what’s new 20 mouse-click feedback 118–120 multi-monitor display limitations 132 multiple NICs 154 multiple servers and farms 50 installing MetaFrame on 32 propagating server configuration to 121 249 optimizing MetaFrame configuring for a large number of users 163. 53 network address translation and ICA browsing 161 network firewalls 160 network interface card binding to 154 NIS domains and anonymous users 140 and SSL 179 notification. 76. See pseudo-terminals publishing a UNIX command line 68 publishing applications about 62 and load balancing 155 configuring user access to 79 copying from existing details 82 deleting applications 81 displaying details about 73 enabling and disabling 62. of shadowing 113 O online documentation 16 OpenGL support 20 operating system configuring for a large number of users 163. 165–166 publishing applications 62 setting a blank screensaver 122 P PAM. See Pluggable Authentication Modules parameter passing from the client 72 passphrase 51–53 password and explicit / anonymous users 63 forcing a user to enter 106 pasting enabling clipboard mapping 111 PATH environment variable 36 performance tuning enhancements configuring 128 permissions 28. 165–166 optimizing 163. 177 printer mapping 110 printing 100–103 configuring applications to print 102 enabling / disabling for users 110 from applications 102 from the command line 101 troubleshooting 103 propagating configuration between servers 121 pseudo-terminals 163.

security 140–148 and anonymous users 64 configuring 146 displaying settings 145 examples 148 integration with UNIX 18 removing settings 147 support for RSA SecurID 19. 108 X security policy 123 sending messages to users 98 server farms components 48 creating a farm 51 identifying servers in 55 introduction to 48 joining a farm 52 removing a server from 54 servers configuring 106–121 displaying information about 91 integrating with other servers 51 renaming 54 session name/id displaying 88 session size 66 sessions configuring session shadowing 112 connecting to disconnected sessions 94 disconnecting 93 displaying information about 88 ending a session 92 resetting 95 setting the number of 108 setting time-out intervals 114 shadowing 96 shadowing and the clipboard 97 configuring a hotkey to end 98 configuring session shadowing 112 shadowing a user’s session 96 stopping shadowing 97 sharing licenses between subnets configuring 160 shell setting for anonymous users 139 setting defaults 77 updating the settings 74 using ctxappcfg 202 publishing desktops 64 publishing shell scripts 64 Q quiet installation on AIX 34 on HP-UX 33 on Solaris 32 quiet mode.sh 85 for installation 32 publishing 64 server configuration 121 S99ctxsrv 31 . See RSA SecurID support. 122 S screensaver settings 122 script files ctxanoninit. 141 RSA SecurID support 19 configuring 108 rsh command 70. connecting to 103 removing MetaFrame Presentation Server 42 published applications 81 remsh command 70 renaming anonymous user accounts 138 published applications 83 servers 54 replicating server configuration to other servers 121 resetting a session 95 response file 32 restarting the ICA browser 153 root access 28. during shut down 39 R reconnecting. to load balanced sessions 95 refresh interval for ICA browser service 153 reinstalling MetaFrame Presentation Server 44 remote configuration of servers 121 remote server.250 MetaFrame Presentation Server for UNIX Administrator’s Guide secured functions 142 SecurID support.

141 USER environment variable 86 user-id setting for anonymous users 139 T TCP/IP port number.Index shell scripts ctxanoninit. See Citrix XML Service .sh 85 for installation 32 publishing 64 server configuration 121 S99ctxsrv 31 shutting down MetaFrame Presentation Server 38 silent installation on AIX 34 on HP-UX 33 on Solaris 32 SSL Relay. 36. configuring 162 template directory 85 ticketing 174 time-out settings 114. specifying 71 X X font server 126 X security policy 123 X server settings 127 XML Service.conf 41 system requirements 25 S99ctxsrv 31 troubleshooting anonymous users 140 client drive mapping 191 disappearing text cursor 129 disappearing X cursor 130 errors and warnings 41 joining servers to a farm 53 left-hand SPARC keypads 129 load balancing 158 non-English keyboards 41 non-English language support 171 operating system requirements 26 printing 103 screen refresh 130 SSL 179 tuning load balancing 156 251 U UDP port and ICA browser 160 unattended installation on AIX 34 on HP-UX 33 on Solaris 32 uninstalling MetaFrame Presentation Server 42 UNIX command line. See Citrix SSL Relay starting client drive mapping 189 MetaFrame Presentation Server 38 the ICA browser 153 the XML Service 177 stopping client drive mapping 188 MetaFrame Presentation Server 38 shadowing 97 the ICA browser 153 the XML Service 177 subnet configuring ICA gateways 159 support for RSA SecurID 19 configuring 108 syslog. 138 W Web Interface 174 window manager customizing 124–126 window size 66 working directory. publishing 68 unix2dos 103 user anonymous users 63 logon settings 106 permissions 28.