Citrix Presentation Server for UNIX Administrator's Guide

Citrix Presentation Server for UNIXAdministrator’s GuideCitrix Presentation Server TM 4.0 for UNIX® Operating SystemsSolaris TM SPARC®, Solaris TM x86/x64, HP-UX®, and AIX®Citrix® Systems, Inc.

Copyright and Trademark NoticeUse of the product documented in the guide is subject to your prior acceptance of the End User License Agreement. A copy ofthe End User License Agreement is included in the root directory of the Presentation Server CD-ROM.Information in this document is subject to change without notice. Companies, names, and data used in examples herein arefictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means,electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.© 1999-2007 Citrix Systems, Inc. All rights reserved.Citrix, ICA (Independent Computing Architecture), and Program Neighborhood are registered trademarks, and CitrixPresentation Server is a trademark of Citrix Systems, Inc. in the United States and other countries.Trademark AcknowledgementsSun, Sun Microsystems, the Sun logo, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. inthe United States and other countries.All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in theUnited States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by SunMicrosystems, Inc.UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd.HP-UX is a registered trademark of Hewlett-Packard Company.AIX is a registered trademark of International Business Machines Corporation.XV. Copyright 1994 by John Bradley. All rights reserved.RSA Encryption © 1996-1997 RSA Security Inc., All Rights Reserved.Linux is a registered trademark of Linus Torvalds.Portions of this documentation that relate to Globetrotter, Macrovision, and FLEXlm are copyright © 2005 MacrovisionCorporation. All rights reserved.Globetrotter, Macrovision, and FLEXlm are trademarks and/or registered trademarks of Macrovision Corporation.All other trademarks and registered trademarks are the property of their owners.All other Trade Names referred to are the Servicemark, Trademark, or Registered Trademark of the respective manufacturers.Portions of the files libctwm_st.a, libctwm_st.0, and libctwm_st.so.1 are additionally copyright as follows: 1988 by Evans &Sutherland Computer Corporation, Salt Lake City, Utah; 1989 by the Massachusetts Institute of Technology, Cambridge,Massachusetts All Rights Reserved; 1992 Claude Lecommandeur; and 1987-1996 X Consortium.Portions of the files libsslsdk_b.so.1.1, libsslsdk_b.1.1, and libsslsdk_b.so.1.1 are additionally copyright as follows: 1995-1998Eric Young (eay@cryptsoft.com) All rights reserved; and 1999 The OpenSSL Project. All rights reserved.Portions of the files libfreetype.a, libfreetype.sl.9.6, and libfreetype.so.6.3.6 are additionally copyright as follows: 2002, 2003,2004 by Roberto Alameda; 1985, 1986, 1992, 1993 The Regents of the University of California. All rights reserved; 2000-2001, 2002, 2003, 2004 Catharon Productions Inc.; 1996-2004 by David Turner, Robert Wilhelm, and Werner Lemberg,portions written by Graham Asher ; 1996-2001, 2004 by Just van Rossum, David Turner,Robert Wilhelm, and Werner Lemberg; 2003 by Masatake YAMATO, Redhat K.K; and 2000-2004 by Francesco ZappaNardelli.Portions of the files libctxXtwa.a, libctxXtw.sl.0, and libctxXtw.so.1 are additionally copyrights as follows: 1988,1991 AdobeSystems Incorporated. All rights reserved; 1998-1999 Shunsuke Akiyama , All rights reserved;1998-1999 X-TrueType Server Project, All rights reserved;1985-1987, 1991, 1993, The Regents of the University of California,All rights reserved.; 1989- 1991, Bitstream Inc., Cambridge, MA.; 1998-2003 by Juliusz Chroboczek; 2003, 2004 After X-TTProject, All rights reserved; 1997 by Mark Leisher; 1998 Go Watanabe, All rights reserved; 1998 Kazushi (Jam) Marukawa, All

ights reserved; 1998 Takuya SHIOZAKI, All rights reserved; 1989, 1990, 1991, 1995 Network Computing Devices, Inc.Mountain View CA; 1987 by Digital Equipment Corporation; 1991, 1993 by Digital Equipment Corporation, Maynard,Massachusetts, and Olivetti Research Limited, Cambridge, England. All Rights Reserved; 1994 Quarterdeck Office Systems.All Rights Reserved; 1992, 1993 Data General Corporation; 1992, 1993 OMRON Corporation; 1996-2004 by David Turner,Robert Wilhelm, and Werner Lemberg, Modified for XFree86; 1986-1988, 1994, 1995 Hewlett-Packard Company;International Business Machines Corp. 1991. All Rights Reserved; Lexmark International, Inc. 1991. All Rights Reserved;1993, 1994 NCR Corporation - Dayton, Ohio, USA, All Rights Reserved; 1986-2001 The Open Group; 1990,91 by ThomasRoell, Dinkelscherben, Germany; 1994-2000 Silicon Graphics, Inc. All Rights Reserved; 1987, 1991 by Sun Microsystems,Inc. Mountain View, CA. All Rights Reserved; 1994 Vrije Universiteit Amsterdam, Netherlands. All Rights Reserved; and1998-2002 The XFree86 Project, Inc. All Rights Reserved.Portions of the file ctxcapture are additionally copyright as follows: 1994 Hewlett-Packard Co.; and 1996 X Consortium.Portions of the ctxload are additionally copyright as follows: 1987-1996 X Consortium.Portions of the files libXpm.a, libXpm_st.a, libXpm.2, libXpm_st.s, libXpm.so.3, and libXpm_st.so.3 are additionallycopyright as follows: 1989-95 GROUPE BULL.Portions of the files libctxos.0, libctxos_st.0, libctxos.a, libctxos_st.a, libctxos.so.1, libctxos_st.so.1, and confDBGen areadditionally copyright as follows: 1994, 1996 IBM Corporation All rights reserved.In addition to the license terms of the EULA, the above-specified files are distributed subject to license terms specificallydescribed in the file Third Party Attributions.pdf, included with the documentation of this product.Last updated: August 6, 2007 (GR)

CONTENTSContentsChapter 1Chapter 2Welcome to Citrix Presentation Server for UNIXOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Documentation Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14UNIX Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Finding More Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Getting Service and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Introducing Citrix Presentation Server for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . .16Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17What’s New in Version 4.0? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Getting Started Quickly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Deploying Citrix Presentation Server for UNIXOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Before You Begin Installing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Minimum Computer Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25UNIX Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Citrix SSL Relay Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27Euro Currency Symbol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27Installing Citrix Presentation Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28Creating the Administrator Users and Group . . . . . . . . . . . . . . . . . . . . . . . . . . .28Installing Citrix Presentation Server Using the Installer Script . . . . . . . . . . . . .29Performing an Unattended Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32Setting the Paths to Citrix Presentation Server Commands. . . . . . . . . . . . . . . . . . .37Configuring User Access to Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37Configuring Administrator Access to Commands . . . . . . . . . . . . . . . . . . . . . . .38Setting the Path to the man Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

6 Citrix Presentation Server for UNIX Administrator’s GuideStarting and Stopping Citrix Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . .39Starting Citrix Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39Stopping Citrix Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39About Client Keyboard Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41Configuring Non-English Keyboard Support. . . . . . . . . . . . . . . . . . . . . . . . . . .42Configuring Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43Removing Citrix Presentation Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44Reinstalling Citrix Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46What to Do Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46Chapter 3Chapter 4Chapter 5Introducing Server FarmsOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47About Server Farms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47Server Farm Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48Communication between Servers in a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . .50Multiple Farms and Subnet Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .50Integrating with Other Citrix Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50Creating a Server Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51Joining a Server Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Moving a Server to a Different Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Troubleshooting Joining a Server Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Removing a Server from a Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Renaming a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Identifying the Servers in a Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54What to Do Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Licensing Citrix Presentation Server for UNIXOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57About Citrix Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57Citrix License Server for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58Coexisting with Earlier Citrix Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58Licensing Citrix Presentation Server for UNIX: an Overview . . . . . . . . . . . . . . . .58Configuring Communication with the License Server . . . . . . . . . . . . . . . . . . . . . .59Publishing Applications and DesktopsOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61About Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61Why Publish Applications?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62Publishing Applications for Explicit or Anonymous Use . . . . . . . . . . . . . . . . .63

Contents 7Publishing an Application, Shell Script, or Desktop . . . . . . . . . . . . . . . . . . . . . . . .64Publishing an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Publishing a Shell Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67Publishing a Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67Publishing a Java Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67Publishing a UNIX Command-Line Application . . . . . . . . . . . . . . . . . . . . . . . .68Publishing an Application on a UNIX Server of Different Architecture. . . . . .68Specifying a Working Directory for Published Applications. . . . . . . . . . . . . . .70Publishing an Application to Accept Parameters from the Client . . . . . . . . . . .71Displaying Published Application Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73Maintaining Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74Changing the Settings of a Published Application . . . . . . . . . . . . . . . . . . . . . . .74Specifying Default Settings for Published Applications . . . . . . . . . . . . . . . . . .77Configuring User Access to Published Applications . . . . . . . . . . . . . . . . . . . . .78Managing the Servers that Publish an Application. . . . . . . . . . . . . . . . . . . . . . .80Enabling and Disabling Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . .82Creating a New Published Application from Existing Details . . . . . . . . . . . . . . . .82Renaming a Published Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Restricting Connections to Published Applications Only . . . . . . . . . . . . . . . . . . . .83Configuring an Initial Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84Publishing Preconfigured Applications for Anonymous Use . . . . . . . . . . . . . . . . .85Chapter 6Managing Servers, Users, and SessionsOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87Displaying Information about Users and Sessions. . . . . . . . . . . . . . . . . . . . . . . . . .87Displaying Session Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Displaying Session Details by User Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Displaying More Details or Details in a Different Format. . . . . . . . . . . . . . . . .90About the Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91Displaying Information about Servers on the Network . . . . . . . . . . . . . . . . . . . . . .92About the Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Ending a Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Logging off from a Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Disconnecting a Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Connecting to a Disconnected Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95Resetting a Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96Reconnecting to Load Balanced Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97Shadowing a User’s Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97Ending Shadowing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99Sending Messages to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

8 Citrix Presentation Server for UNIX Administrator’s GuidePrinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102Displaying Client Printers or Printer Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . .102Printing from a Command-Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103Printing from Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Troubleshooting Printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Connecting to a Remote Server from an ICA Session. . . . . . . . . . . . . . . . . . . . . .105Chapter 7Chapter 8Configuring Citrix Presentation ServerOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Configuring the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Controlling Logon Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108Setting the Number of Permitted ICA Connections . . . . . . . . . . . . . . . . . . . . .110Controlling Behavior for Disconnected or Broken Connections . . . . . . . . . . .111Enabling or Disabling Printing for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112Enabling or Disabling Clipboard Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . .113Providing Additional Graphics Clipboard Support . . . . . . . . . . . . . . . . . . . . .114Enabling or Disabling Shadowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115Controlling Time-Out Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116Allowing Users to Log on without a Home Directory . . . . . . . . . . . . . . . . . . .120Configuring Mouse-Click Feedback for High Latency Connections . . . . . . .121Generating and Using Server Configuration Details . . . . . . . . . . . . . . . . . . . .123Screensaver Setting Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124Customizing the Appearance of Citrix Presentation Server . . . . . . . . . . . . . . . . .125Customizing the Login Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Changing the Window Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126Changing the Font Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128Configuring X Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129Configuring Backing Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129Interactive Performance Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Configuration Required for Fixes to Take Effect . . . . . . . . . . . . . . . . . . . . . . .131Color Depth Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133Multimonitor Display Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134Advanced TopicsOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Configuring Anonymous Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Displaying Anonymous User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136Configuring Anonymous User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136Troubleshooting Anonymous User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . .139

Contents 9Configuring Citrix Presentation Server Security . . . . . . . . . . . . . . . . . . . . . . . . . .140Why Use Citrix Presentation Server Security?. . . . . . . . . . . . . . . . . . . . . . . . .140Security Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141Default Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143Displaying Security Settings for a Function . . . . . . . . . . . . . . . . . . . . . . . . . . .144Configuring Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147Citrix Presentation Server for UNIX and the ICA Browser Service. . . . . . . . . . .148Controlling the Master Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148Manipulating Master Browser Elections . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Introducing a New Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150Load Balancing Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Load Balancing a Group of Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Tuning Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155Troubleshooting Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157Configuring ICA Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157Using ICA with Network Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159ICA Browsing with Network Address Translation . . . . . . . . . . . . . . . . . . . . . . . .160Returning External Addresses to Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Configuring the TCP/IP Port Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Configuring Session Status Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162Configuring the Operating System for a Large Number of Connections . . . . . . .163Configuring a Solaris System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Configuring an HP-UX System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165Configuring an AIX System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166Configuring Non-English Language Support . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Which Locales Provide Non-English Language Support?. . . . . . . . . . . . . . . .168Limitations of Non-English Language Support . . . . . . . . . . . . . . . . . . . . . . . .168Changing the Locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169Troubleshooting Non-English Language Support . . . . . . . . . . . . . . . . . . . . . .171Chapter 9Using the Citrix XML ServiceOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173About the Citrix XML Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173Server Farm Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175Starting and Stopping the Citrix XML Service . . . . . . . . . . . . . . . . . . . . . . . . . . .176Configuring the Server Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177Configuring the XML Service for Use with SSL Relay . . . . . . . . . . . . . . . . . . . .177Troubleshooting SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178

10 Citrix Presentation Server for UNIX Administrator’s GuideConfiguring DNS Address Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Chapter 10Appendix AUsing Client Drive MappingOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181Introducing Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181Enabling and Configuring Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . . .182Enabling Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183Configuring Access to Specific Drives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184Disabling and Enabling Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . .188Features and Limitations of Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . .189Troubleshooting Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191Command ReferenceOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195Citrix Presentation Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196ctx3bmouse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196ctxalt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197ctxanoncfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198ctxappcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200ctxbrcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203ctxcapture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205ctxcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205ctxconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209ctxcreatefarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209ctxdisconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210ctxfarm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210ctxgrab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212ctxjoinfarm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212ctxlogoff. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213ctxlpr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213ctxlsdcfg. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214ctxmaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215ctxmount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216ctxmsg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217ctxprinters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218ctxqserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218ctxqsession. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220ctxquery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221ctxquser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223

Contents 11ctxreset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224ctxsecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225ctxshadow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227ctxshutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228ctxsrv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229XML Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231ctxnfusesrv. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

12 Citrix Presentation Server for UNIX Administrator’s Guide

CHAPTER 1Welcome to Citrix PresentationServer for UNIXOverviewWelcome to Citrix Presentation Server for UNIX. This chapter introduces you tothe documentation and to Citrix Presentation Server for UNIX. Topics include:About this Guide• About this guide• An introduction to Citrix Presentation Server for UNIX• What’s new in Citrix Presentation Server for UNIX Version 4.0• Getting started quicklyThis guide is for system administrators responsible for installing, configuring,and maintaining Citrix Presentation Server for UNIX and the Citrix XML Servicefor UNIX.

14 Citrix Presentation Server for UNIX Administrator’s GuideDocumentation ConventionsThe following conventional terms, text formats, and symbols are used throughoutthe documentation:ConventionBoldItalicALL UPPERCASEMonospace{braces}[brackets]MeaningWhere appropriate, this indicates boxes and buttons, columnheadings, command-line commands and options, dialog boxtitles, lists, menu names, tabs, menu commands, and userinput.Indicates a placeholder for information or parameters that youmust provide. For example, if the procedure asks you to typefilename, you must type the actual name of a file. Italic alsoindicates new terms and the titles of other books.Represents keyboard keys (for example, CTRL, ENTER, F2).Represents text displayed in text files.Encloses required items in syntax statements. For example,{ yes | no } indicates that you must specify yes or no whenusing the command. Type only the information within thebraces, not the braces themselves.Encloses optional items in syntax statements. For example,[password] indicates that you can choose to type a passwordwith the command. Type only the information within thebrackets, not the brackets themselves.| (vertical bar) Stands for “or” and separates items within braces or brackets.For example, { /hold | /release | /delete } indicates that youmust type/hold or /release or /delete.… (ellipsis)Indicates that you can repeat the previous item(s) in syntaxstatements. For example, /route:devicename[,…] indicates thatyou can specify more than one device, putting commasbetween the device names.Information that is specific to a particular UNIX platform is identified using thefollowing symbols:SymbolIdentifies instructions specific to theIBM AIX Operating SystemHewlett-Packard HP-UX Operating SystemSun Solaris Operating Environment

Chapter 1 Welcome to Citrix Presentation Server for UNIX 15A symbol with a line through it indicates information that does not apply to aparticular platform. For example, the following symbol is used to indicateinformation that does not apply to the HP-UX platform:Note The examples and screens shown throughout the documentation are for theSolaris Operating Environment, unless indicated otherwise.UNIX Command-Line ConventionsCitrix Presentation Server for UNIX has a command line interface, which meansyou type the commands to control the server at a command prompt. If you are notfamiliar with UNIX command lines, note that:• All UNIX commands are case sensitive• The spacing on the command line is important and must be followedexactly as described in the instructionsNote Run only one instance of some Citrix Presentation Server for UNIXcommands at any one time—these are the commands that cause configurationchanges (rather than commands that just query and display information). If morethan one instance runs simultaneously, you may get unpredictable results.Finding More InformationYour Citrix Presentation Server software includes the following documentation:• An Adobe PDF version of the Citrix Presentation Server for UNIXAdministrator’s Guide (this guide).• Man pages that can be displayed online for Citrix Presentation Servercommand-line tools. These provide an overview of the command, warningsand important notes, and pointers to related commands.• The Getting Started with Citrix Licensing Guide for administrators who aredeploying, maintaining, and using Citrix Licensing.• The Citrix Client Administrator’s Guides tell administrators how to install,configure, and deploy the various Citrix Presentation Server Clients to endusers.• The Citrix SSL Relay for UNIX Administrator’s Guide, which explains howto configure and use Citrix SSL Relay in your Citrix Presentation Serverdeployment.

16 Citrix Presentation Server for UNIX Administrator’s GuideThe documentation for Citrix Presentation Server is available in the /docsdirectory of the Citrix Presentation Server for UNIX CD-ROM. The clientdocumentation is available on the Components CD-ROM. Using the AdobeReader, you can view and search the documentation electronically or print it foreasy reference. To download the Adobe Reader for free, go to Adobe’s Web siteat: http://www.adobe.com/.Important Consult the readme file in the root directory of your CD-ROM, forany last-minute updates, installation instructions, and corrections to thedocumentation.Getting Service and SupportCitrix provides technical support primarily through the Citrix Solutions Network(CSN). Our CSN partners are trained and authorized to provide a high level ofsupport to our customers. Contact your supplier for first-line support or check foryour nearest CSN partner at http://www.citrix.com/support/.In addition to the CSN channel program, Citrix offers a variety of self-service,Web-based technical support tools from its Knowledge Center athttp://support.citrix.com/. Knowledge Center features include:• A knowledge base containing thousands of technical solutions to supportyour Citrix environment• An online product documentation library• Interactive support forums for every Citrix product• Access to the latest hotfixes and service packs• Security bulletins• Online problem reporting and tracking (for customers with valid supportcontracts)Another source of support, Citrix Preferred Support Services, provides a range ofoptions that allows you to customize the level and type of support for yourorganization’s Citrix products.Introducing Citrix Presentation Server for UNIXCitrix Presentation Server for UNIX is a server-based software product that youcan use to provide your users with uninterrupted, secure access to UNIX and Javaapplications.

Chapter 1 Welcome to Citrix Presentation Server for UNIX 17You install Citrix Presentation Server on a UNIX computer that will be used as aserver. Sun Solaris, HP-UX, and IBM AIX platforms are supported. CitrixPresentation Server allows multiple users to log on and run applications inseparate, protected sessions on the same server. For example, you may want tomake word processors, Web browsers, Java applications, a particular windowmanager, or custom applications available to users.You install the Citrix Presentation Server Client software on the client devices, sousers can connect to the server from a client device, such as a Windows PC. TheCitrix Presentation Server Client software is provided free, and is available for arange of different devices. This allows users to connect to the server from variousplatforms.Presentation Server uses the ICA protocol to send information between the clientdevice and the server. The ICA protocol sends keystrokes, mouse clicks, andscreen updates between the server and the client. The application processingremains on the server, which means that processing on the client is kept to aminimum. To the user of the client device, it appears as if the software is runninglocally on the client.Because applications run on the server and not on the client device, users canconnect from any client device. A Macintosh, a Windows PC, or another UNIXcomputer can be used; the application looks and feels the same on each clientdevice.Key FeaturesThis section describes the key features and benefits of using Citrix PresentationServer for UNIX.Rapid application deployment. You can provide your users with access toUNIX and Java applications by publishing these applications using CitrixPresentation Server for UNIX. A published application is a predefined applicationor shell script and its associated environment. To access a published application,users connect to it using the software on the client device. The application runs ina separate, protected session on the server. When the user exits the application, thesession closes.User access to UNIX desktops. You can provide users with full access to theUNIX server desktop. Users can run any application available on the desktop, inany order, or simultaneously. The server desktop appears in a window on theclient device.

18 Citrix Presentation Server for UNIX Administrator’s GuideIntegration with UNIX security and accounts. Presentation Server uses thesecurity setup on the UNIX server. Therefore, you do not need to set up new useraccounts for Presentation Server. Users at the client device can log on using theirexisting UNIX user account and password. Solaris and HP-UX use PluggableAuthentication Modules (PAM) for user name and password validation; AIX usesits own authentication mechanism. Note that Citrix Presentation Server suppliesthe user name and password for authentication; if additional information isrequired for the authentication process, this is not supported. For moreinformation about configuring PAM on Solaris and HP-UX computers, see theman page for “PAM.” For AIX, see the man page for “authenticate.”Special group and account for Citrix administrators. Citrix PresentationServer requires you to create a special user group with the authority to runadministration commands and start and stop the server. This is the administratorgroup, which is called ctxadm. The user ctxsrvr must be created and added tothis group. See “Creating the Administrator Users and Group” on page 28 formore information.Configurable permissions for access to features. You can control which usersor groups of users can use particular Presentation Server features, such as loggingon, disconnecting, and sending messages to other sessions, using the PresentationServer security feature. See “Configuring Citrix Presentation Server Security” onpage 140 for further information.Guest user access. Citrix Presentation Server includes special anonymous useraccounts with limited permissions. You can use these accounts to provide userswith guest access to published applications and a temporary working directory foruse during the session.Shadowing user sessions. You can display and interact (using your keyboardand mouse) with another user’s session from your own session. This feature iscalled shadowing. You can use shadowing to help remote users with training ortechnical support issues.Copying text and graphics between applications. Users can copy text andgraphics between server-based applications and applications running locally onthe client device. The clipboard behaves as if all applications are running on theclient device itself.Load balancing among servers. You can publish the same application on anumber of servers. Users connect to the published application and CitrixPresentation Server ensures that the connections are distributed among servers sothat a particular server does not become overloaded. You can also tune thedistribution of connections among a group of load balanced servers.

Chapter 1 Welcome to Citrix Presentation Server for UNIX 19SSL security. Citrix Presentation Server for UNIX includes support for SSLRelay, which allows you to secure communications using Version 3.0 of theSecure Sockets Layer (SSL) protocol. SSL provides server authentication,encryption of the data stream, and message integrity checks. You can use CitrixSSL Relay to secure communications between an SSL-enabled client and a serverrunning Presentation Server, or in a Web Interface deployment, between the Webserver and a server running Presentation Server.Support for RSA SecurID. Support for RSA SecurID Versions 4.2 and 5.0 isincluded, allowing your users to log on to computers running Presentation Serverusing RSA SecurID authentication.XML Service and Web Interface deployment. Citrix Presentation Server forUNIX includes support for the Citrix XML Service. The Citrix XML Servicecommunicates information about the UNIX applications published in a serverfarm to the Web server component of the Web Interface deployment. The CitrixXML Service also provides users with HTTP (HyperText Transport Protocol)browsing.What’s New in Version 4.0?Version 4.0 provides a number of new features and enhancements that togetherextend the capabilities and flexibility of Citrix Presentation Server for UNIX.These include:Easy installation. A new installer script makes the process of installing CitrixPresentation Server for UNIX quick and straightforward. The installer scriptguides you through each step and prompts you for the information that it requires.Simplified licensing. Citrix Presentation Server for UNIX uses a new,simplified method of licensing called Citrix Licensing. This method includes alicense server and, if you use the Citrix License Server for Windows, alsoincludes a user interface for managing licenses known as the LicenseManagement Console. License files are downloaded from the Citrix Web site andstored on the license server. Citrix Licensing offers many benefits, including theability to centrally manage and monitor license usage, access your licensing dataremotely, and create reports for analyzing trends in license usage. Licenses can beshared across farms, and an electronic backup of all licenses is stored on theCitrix Web site. Ensure you read the sections of this guide about licensing and theGetting Started with Citrix Licensing Guide before you install this release.

20 Citrix Presentation Server for UNIX Administrator’s GuideSupport for server farms. This feature provides powerful, enterprise-levelmanagement and administration capabilities by allowing you to group serversrunning Citrix Presentation Server for UNIX into server farms that can bemanaged as a single unit. This means you can easily configure features andsettings for the entire farm, from a central location, rather than configuring eachserver individually. For example, you can publish the applications or resourcesyou want to make available to users at the farm level, establishing configurationsettings that pertain to all instances of the application running in the farm.OpenGL application compatibility. Citrix Presentation Server for UNIXVersion 4.0 is compatible with OpenGL. OpenGL provides high-performance2D- and 3D-graphics capabilities. OpenGL capability is enabled by default whenyou install Presentation Server. Ensure you download the appropriate OpenGLlibraries from your operating system’s CD-ROM or Web site. If you want todisable OpenGL capability (for example, to reduce demand on server resources),see the ctxXtw-readme.sh file for more information.Line drawing enhancements. These enhancements improve the performanceof the server when drawing horizontal and vertical lines. For example, withapplications such as Cadence, you will notice more efficient bandwidth usage andusers will benefit from greater speed and performance.Getting Started QuicklyThis section provides an overview of the minimum steps required to install andset up a server running Citrix Presentation Server for UNIX. For full details ofhow to install Presentation Server, including step-by-step installation andconfiguration instructions, see “Deploying Citrix Presentation Server for UNIX”on page 23. Citrix recommends that you read this chapter before installingPresentation Server for the first time.To install and get a server up and running1. Configure a Citrix License Server. Citrix recommends that you do thisbefore you install Citrix Presentation Server for UNIX so that you can tellthe installer script the details of the license server. If you set up a licenseserver after installing Presentation Server, you will need to use thectxlsdcfg command to configure communication with the license servermanually. For more information about configuring a license server, see“Licensing Citrix Presentation Server for UNIX” on page 57 and theGetting Started with Citrix Licensing Guide.2. Consider the design of the server farm. For example, because the server thatyou create the farm on will become the Management Service Master (theserver with authoritative control of the farm), ensure that you create the

Chapter 1 Welcome to Citrix Presentation Server for UNIX 21farm on an appropriate server. For more information about server farms, see“Introducing Server Farms” on page 47.3. Set up the accounts for the administrator. Use the standard UNIX systemtools to do this. Log on as root and create a group called ctxadm, and addthe users that you want to become administrators to this group. You mustalso create a ctxsrvr user and add this to the ctxadm group. If you do not setup these accounts, the installer script can do this for you. For informationabout setting up the accounts, see “Creating the Administrator Users andGroup” on page 28.4. Install the Citrix Presentation Server software on your UNIX server. Theeasiest way to do this is by using the installer script, which guides youthrough each step and prompts you for the information that it requires. Forinformation about installing Presentation Server, see “Installing CitrixPresentation Server” on page 28.5. Start Citrix Presentation Server on the server using the command ctxsrvstart all.6. Install the client software on each client device you plan to use from theComponent CD-ROM included in your Presentation Server package, orfrom the Citrix Web site. For information about installing clients, see theinstallation section in the Client Administrator’s Guide for the client youplan to deploy.7. After installing the client software, create ICA connections to your serverand test that you can connect from each type of client. For informationabout creating a connection from a client device to a server, see the ClientAdministrator’s Guide for the appropriate client.When you can connect to your server from a client, your server isoperational.Note There is a Client Administrator’s Guide for each client in thedocumentation directory on the Component CD-ROM in your PresentationServer package. The filename for the PDF refers to the client, for exampleUnixCAG.PDF is the filename for the Client Administrator’s Guide for theUNIX Client.

22 Citrix Presentation Server for UNIX Administrator’s Guide

CHAPTER 2Deploying Citrix Presentation Serverfor UNIXOverviewThis chapter describes how to install, deploy, and remove Citrix PresentationServer for UNIX Version 4.0.Important You cannot upgrade to Citrix Presentation Server for UNIX Version4.0 from a previous release of Presentation Server for UNIX.Topics covered in this chapter include:• System requirements• Installing Citrix Presentation Server for UNIX• Creating the administrator users and group• Setting the paths to Citrix Presentation Server commands and man pages• Starting and stopping Citrix Presentation Server• Configuring non-English keyboard support• Configuring Citrix Presentation Server event logging• Removing Citrix Presentation Server• Reinstalling Citrix Presentation Server

24 Citrix Presentation Server for UNIX Administrator’s GuideBefore You Begin InstallingMake sure that you read the following information before installing CitrixPresentation Server:• “Licensing Citrix Presentation Server for UNIX” on page 57. If you intendto use the installer script, Citrix recommends that you set up the CitrixLicense Server before you install Citrix Presentation Server. If you do thisbefore installing Presentation Server, the installer script configurescommunication with the license server for you. If you do it after, you needto use the ctxlsdcfg command to configure communication with the licenseserver manually. For more information about setting up a license server, seethe Getting Started with Citrix Licensing Guide.• “Introducing Server Farms” on page 47. Consider the design of your serverfarm before installing Citrix Presentation Server. For example, because theserver that you create the farm on will become the Management ServiceMaster (the server with authoritative control of the farm), ensure that youcreate the farm on an appropriate server.• “UNIX Operating System Requirements” on page 25. The UNIX OperatingSystem must be installed before you install Citrix Presentation Server. Youmust also ensure that your operating system is configured to runPresentation Server, and that you install the required updates, as listed inthis section.• “Creating the Administrator Users and Group” on page 28. Unless youintend to use the installer script to install Citrix Presentation Server, youmust create the ctxadm group and the ctxsrvr and ctxssl users before youbegin installation.Note Make sure that all users who connect to the server have a home directorypath that is valid on the server, and that can be written to by the user. If a user hasno home directory and tries to connect, the logon fails. Note that you can configurethe server to allow users whose home directories are unavailable to log on; formore information, see “Allowing Users to Log on without a Home Directory” onpage 120.

System RequirementsChapter 2 Deploying Citrix Presentation Server for UNIX 25This section lists the minimum computer and operating system requirements forCitrix Presentation Server for UNIX.Minimum Computer RequirementsThe minimum computer specification depends upon how many connections areto be supported. As a general rule, Citrix recommends that each server hasbetween 16 and 24 MB of RAM per ICA connection. However, you may need toincrease this amount of RAM depending upon the type of applications your usersare running and the session properties, such as color depth and size.Note On the Solaris SPARC platform, Citrix Presentation Server for UNIXVersion 4.0 is supported only on processors based on SPARC V8 architecture orlater.UNIX Operating System RequirementsThis section provides information about the operating system requirements forCitrix Presentation Server on each of the platforms.Operating System PatchesCitrix recommends that you install the latest patches for the operating system youare using. For information and downloads, see your operating systemmanufacturer’s Web site.On Solaris 8 SPARC, to prevent sessions from freezing when running CitrixPresentation Server, apply patch 108993-37 (or later). This patch is availablefrom the Sun Microsystems Web site.Java Runtime Environment RequirementsCitrix recommends that you install the latest patches for the Java runtimeenvironment (JRE) you are using. For all platforms, ensure that the JRE installedon your system is Version 1.4.2. or higher. To obtain JRE versions, see the Website for your operating system manufacturer.Do not use the 64-bit Solaris JRE. Citrix Presentation Server for UNIX iscompatible with the 32-bit Solaris JRE only.Citrix Presentation Server for UNIX runs only with JRE Version 1.4.2 (any patchlevel) on the AIX platform.

26 Citrix Presentation Server for UNIX Administrator’s GuideYou must use a JRE of 1.4.2.08 or lower when installing Citrix PresentationServer for UNIX on the HP-UX platform. Using a JRE of 1.4.2.09 or later willresult in a Java compatibility error when the ctxxmld daemon is started. Afterinstallation, you can apply a later JRE version and install the latest public hotfixthat addresses this issue. The hotfix is available from the Citrix Web site:http://support.citrix.com/.Note Some platforms may require prerequisite patches for the JRE. See the Website for your operating system manufacturer or contact your hardware vendor fordetails about the appropriate patches.On the Solaris PlatformThe Solaris edition of Citrix Presentation Server for UNIX requires:• Solaris 8, SPARC version—Or—• Solaris 9, SPARC version—Or—• Solaris 10, x86/x64 or SPARC versionsNote The Solaris x86/x64 edition of Citrix Presentation Server for UNIX isavailable only on Solaris 10.The server must have an X Window system installed with the appropriate windowmanager for the platform; for example, CDE.The following operating system packages are required:• SUNWxwoftX Window System optional fonts• SUNWuiu8Iconv modules for UTF-8 localeVerify that these packages are installed using the pkginfo command.Note On Solaris 8, these two packages are installed when you do an end-userinstall.The Iconv libraries must be installed; they are necessary for Citrix PresentationServer to run. Check that the following files exist in the /usr/lib/iconv folder:

Chapter 2 Deploying Citrix Presentation Server for UNIX 27UCS-2*.soUTF-8*.so8859-1*.soOn the HP-UX PlatformThe HP-UX edition of Citrix Presentation Server for UNIX requires:• HP-UX Version 11• HP-UX 11iThe server must have an X Window system installed with the appropriate windowmanager for the platform; for example, CDE.Note Due to an HP-UX system limitation, you cannot specify server names ofmore than eight characters when running Presentation Server for UNIX Version4.0 on the HP-UX operating system.On the AIX PlatformThe AIX edition of Citrix Presentation Server for UNIX requires AIX Versions5.1, 5.2, or 5.3.The server must have an X Window system installed with the appropriate windowmanager for the platform; for example, CDE.Citrix SSL Relay RequirementsCitrix SSL Relay for UNIX is included automatically when you install CitrixPresentation Server for UNIX. SSL Relay provides server authentication,encryption of the data stream, and message integrity checks. The systemrequirements for SSL Relay are the same as for Citrix Presentation Server forUNIX. For more information, see the Citrix SSL Relay for UNIX Administrator’sGuide.Euro Currency Symbol SupportCitrix Presentation Server supports the ISO 8859-15 Euro-currency symbol, if theunderlying UNIX operating system supports it. To ensure this support, you mayneed to install patches recommended by your operating system and hardwarevendor. See the Web site for your operating system manufacturer or contact yourhardware vendor for details about the appropriate patches and for instructions toensure Euro symbol support.

28 Citrix Presentation Server for UNIX Administrator’s GuideInstalling Citrix Presentation ServerThis section explains how to:• Create the administrator users and group• Install Citrix Presentation Server for UNIX using the installer script• Perform an unattended install that allows you to install Presentation Serverwith minimal interventionInstallation OverviewYou need to perform the following steps to install Presentation Server:1. If you are installing Presentation Server for the first time, create theadministrator user and group accounts. However, if you intend to use theinstaller script to install Presentation Server, the script creates these for you.2. Install Presentation Server from the CD-ROM.3. If you are installing Presentation Server for the first time, add thePresentation Server path(s) to your path, so that you can run the commands.4. Start the Presentation Server processes on the server.The following describes these steps in more detail.Creating the Administrator Users and GroupBefore you install Citrix Presentation Server, create the Presentation Serverctxadm administrator group and add the users that you want to becomeadministrators to this group. The ctxadm group is required by some PresentationServer commands that demand special administration rights, but do not requireroot access to the UNIX system. The users in the ctxadm group log on with theirnormal user accounts. If you create a farm containing more than one server, thectxadm group must be a network group visible to all servers in the farm.You must also create a ctxsrvr user and add this to the ctxadm group. Citrixrecommends that the ctxsrvr user not be a logon user account.

Chapter 2 Deploying Citrix Presentation Server for UNIX 29You must also create a ctxssl user and add this to the ctxadm group. This accountis used for Citrix SSL Relay administration.Important• Do not use the ctxadm group and ctxsrvr user account for any purposesother than Presentation Server system administration.• Do not use the ctxssl user account for any purposes other than SSL Relayadministration.• The following procedure is different from the one Citrix recommended inprevious versions of Presentation Server for UNIX. This new procedure isconsidered a security “best practice” because users in the ctxadm grouplog on with their normal user accounts and the ctxsrvr user is no longer alogon account.To create administrator group and user accounts1. Create the administrator’s group using the group name ctxadm.2. Add the users that you want to become administrators to the ctxadm group.3. Create a user account called ctxsrvr and add this user to the ctxadm group.Make sure the ctxsrvr user is not a logon user account (for example, set theshell for this user to be /etc/NoShell to prevent logons).4. Create an SSL Relay administrator using the user name ctxssl. Make surethat you add the ctxssl user to the ctxadm group and that the ctxadm groupis its primary group.Installing Citrix Presentation Server Using theInstaller ScriptThis section describes how to install Citrix Presentation Server for UNIX usingthe installer script. This procedure works on all platforms. The installer scriptguides you through each step and prompts you for the information that it requires.Note The following instructions describe a typical installation involving thecreation of a new farm. You may see some or all of the following prompts,depending on the configuration of your system. For example, you see differentprompts if you are joining a farm rather than creating a farm.

30 Citrix Presentation Server for UNIX Administrator’s GuideTo install Citrix Presentation Server on Solaris1. Log on as root at the server on which you want to install PresentationServer.2. Mount the Citrix Presentation Server CD-ROM.3. Change to the base directory of the Citrix Presentation Server CD-ROM.For example, type:cd /cdromThe path is usually /cdrom/... but it may change depending on how yoursystem mounts the CD.4. To start the package installer script and install Presentation Server, type:sh installcpsu [-b package_dir] [-p patch_dir]The install script has two options, -b and -p, which you can optionally useto customize your install process. By default, the install script looks for theinstall package on the CD-ROM as follows:• $CDROOT/solaris/CTXSmf, for Solaris SPARC• $CDROOT/solaris_x86/CTXSmf, for Solaris x86/x64• $CDROOT/usr/sys/inst.images/Citrix.MetaFrame.bff, for AIX• $CDROOT/hpux/MetaFrame.depot, for HP-UXUsing the -b option and supplying a location for package_dir, you caninstruct the install script to look in the specified directory for the installpackage.Any hotfixes for the appropriate platform located on the CD-ROM in$CDROOT/hotfix will be installed automatically as part of the install, afterthe base install package has been installed and before the finalconfiguration of the system takes place. These hotfixes are patch files thatfollow the Citrix patch file naming convention for this product:PSE4.0[SOL|SOLX|AIX|HPUX][0-9][0-9][0-9].tar[.Z]. These files donot require any uncompressing or unpacking to be used by the install script.Using the -p option and supplying a location for patch_dir, you can instructthe install script to look in the specified directory for hotfix patches toinstall. As Citrix Presentation Server for UNIX hotfixes contain all thechanges from previous hotfixes, only the latest hotfix needs to be applied tofully patch an installation.5. At the prompt for the license agreement, type y to accept the agreement andcontinue with installation. If you do not accept the license agreement,installation terminates.

Chapter 2 Deploying Citrix Presentation Server for UNIX 316. At the prompt for server farm, type c (or create) to create a new server farmor j (or join) to join an existing farm.7. If you are creating a new farm, at the prompt for the license server, type thename or network address of the license server.8. If you are creating a new farm, at the prompt for the license server portnumber, type a port number or press ENTER to accept the default of 27000.9. If you are creating a new farm, at the prompt for the product edition, typeEnterprise or Platinum depending on which Presentation Server editionyou are licensed to use, or press ENTER to accept the default of Enterprise.Note If you do not know the details of the license server, you can configurethe license server name, port, and product edition later using the ctxlsdcfgcommand.10. At the prompt for the XML Service port number, type the port number theXML Service will use for connections to the Web Interface or pressENTER to accept the default of port 80. If port 80 is already in use, assignthe XML Service to an unused port. For more information about the XMLService and configuring the server port, see “Using the Citrix XMLService” on page 173.11. At the prompt for enabling SSL Relay, type y to enable SSL-secureconnections to the server, or press ENTER to accept the default of n (notenabled). For more information about using SSL Relay, see the Citrix SSLRelay for UNIX Administrator’s Guide.12. At the prompt for the location of the Java Runtime Environment (JRE),type the path to the JRE; for example: /usr/j2re1.4.2_06.13. At the prompt for the startup/shutdown script installation, type y if youwant to start Presentation Server when the server is started and stop it whenthe server is shut down. If you answer yes, the script “S99ctxsrv” isinstalled in the /etc/rc2.d directory.14. At the prompt for the man page installation, type y to install thePresentation Server man pages.15. At the prompt for anonymous users, type y to create 15 anonymous useraccounts, if you want to enable guest access.16. At the prompt about security settings for setuid/setgid, type y to set thecorrect file permissions for the files and processes.ImportantDo not type n, or Presentation Server will not operate correctly.

32 Citrix Presentation Server for UNIX Administrator’s Guide17. At the next prompt, type y to continue installing Presentation Server. Whencomplete, a message tells you that the installation was successful.18. At the prompt for farm name, type the name you want to give the farm. Formore information about server farms, see “Introducing Server Farms” onpage 47.19. At the prompt for farm passphrase, type a passphrase. Citrix recommendsthat you choose a suitably strong passphrase, in accordance with yourcompany’s security policy.Note You can use the ctxfarm command to change this passphrase laterif necessary.20. Confirm the passphrase.Installation is complete and you are now ready to start Citrix Presentation Server.Note Do not attempt to share or copy the Citrix Presentation Server installationfiles between servers. The configuration database cannot be duplicated, and youwill experience problems if you attempt to do this.Performing an Unattended InstallThis section explains how to perform an unattended (quiet) installation on thevarious platforms. Unattended installation allows you to install CitrixPresentation Server quickly and easily on multiple servers, without prompting.Performing an Unattended Install on SolarisThis section explains how to perform an unattended installation on the Solarisplatform. To do this, you use the administration and response files supplied on theCitrix Presentation Server CD-ROM. You create a script file to run the unattendedinstall using these files.

Chapter 2 Deploying Citrix Presentation Server for UNIX 33About the Response FileA response file, called response, is included in the /solaris or /solaris_x86directory (as appropriate) on the Citrix Presentation Server CD-ROM. This file isused by the -r option of the pkgadd command. This file includes the following:• A basic Citrix Presentation Server for UNIX package is installed• Fifteen anonymous users are added• A startup script is installed• man pages are installedIf you want to use different settings, copy and change this file as appropriate, orrun pkgask to create a file of responses. For more information about pkgask, seeits man page.About the Administration FileAn administration defaults file, called admin, is included in the /solaris or/solaris_x86 directory (as appropriate) on the Citrix Presentation Server CD-ROM. This file is used by the -a option of the pkgadd command.Note The admin file assumes that the Java Runtime Environment is installed in/usr/j2se. If it is installed elsewhere, you must either edit a copy of the response fileor make a symbolic link to the JRE.The admin file permits running of install-time scripts as root, and installation ofsetuid/setgid binaries. It enforces dependency checking and disk-space checking.To perform an unattended install on Solaris1. Log on as root at the server on which you want to install Citrix PresentationServer.2. Mount the Citrix Presentation Server CD-ROM and locate the admin andresponse files in the Solaris directory.3. Create a script file to perform the unattended install; for example:#!/bin/shpkgadd -r /cdrom/solaris/response -a /cdrom/solaris/admin -d /cdrom/solaris/CTXSmf CTXSmf

34 Citrix Presentation Server for UNIX Administrator’s Guidewhere /cdrom/solaris/admin is the administration defaults file, and /cdrom/solaris/response is the response file. The path is usually /cdrom/solaris/...but it may change depending on how your system mounts the CD.Note If you are installing on Solaris x86/x64, replace solaris in the abovepaths with solaris_x86.4. Change permissions on the script file so that root can execute it; forexample:chmod 744 scriptfile5. Run the script file to start the unattended install.6. When the unattended installation is complete, you must configure somesettings manually; for more information, see “After UnattendedInstallation” on page 36.Performing an Unattended Install on HP-UXThis section explains how to perform an unattended install of Citrix PresentationServer on an HP-UX platform.To perform an unattended install on HP-UX1. Log on as root at the server on which you want to install PresentationServer.2. Insert the Citrix Presentation Server CD-ROM in the CD-ROM drive andmount it as a read-only filesystem. For example, at a command prompttype:mount -r /dev/dsk/c0t0d0 /mnt/cdromwhere /dev/dsk/c0t0d0 is the file that identifies the CD-ROM drive and/mnt/cdrom is the mount point of the CD-ROM.3. To install the entire Citrix Presentation Server package (including manpages, 15 anonymous user accounts, and the startup script), at the commandprompt, type:swinstall -s /mnt/cdrom/ MetaFrame.depot MetaFrameAlternatively, list the particular filesets you want to install. For example, toinstall Presentation Server and the man pages, at a command prompt, type:swinstall -s /mnt/cdrom MetaFrame.Runtime MetaFrame.Man

Chapter 2 Deploying Citrix Presentation Server for UNIX 35The following table describes the available filesets:FilesetAnonManRuntimeStartupDescriptionChoose to create 15 anonymous user accounts. You cannot installthis fileset on its own—the Runtime fileset must also be installed.Choose to install the Presentation Server manual pages. You cannotinstall this fileset on its own—the Runtime fileset must also beinstalled.Choose to install the runtime environment (the programs and theconfiguration database).Choose if you want to start Citrix Presentation Server when thecomputer is started and stop it when the machine is shut down. Ifyou choose this fileset, the script ctxsrv is installed in the/sbin/init.d directory and two symbolic links are added:- The startup link S999ctxsrv is installed in /sbin/rc3.d- The shutdown link K001ctxsrv is installed in /sbin/rc2.dYou cannot install this fileset on its own—the Runtime fileset mustalso be installed.4. After the unattended installation is complete, you must configure somesettings manually; for more information, see “After UnattendedInstallation” on page 36.Performing an Unattended Install on AIXThis section explains how to perform an unattended install of Presentation Serveron an AIX platform.To perform an unattended install on AIX1. Log on as root at the server on which you want to install PresentationServer.2. Insert the Citrix Presentation Server CD-ROM in the CD-ROM drive.3. To install the entire Citrix Presentation Server package (including manpages, 15 anonymous user accounts, and the startup script), at a commandprompt, type:installp -X -d/dev/cd0 Citrix.MetaFramewhere -d/dev/cd0 is the CD-ROM device, and -X ensures that there issufficient disk space to install the package.Alternatively, list the particular filesets you want to install. For example, toinstall Presentation Server man pages, at a command prompt, type:installp -X -d/dev/cd0 Citrix.MetaFrame.man

36 Citrix Presentation Server for UNIX Administrator’s GuideThe following table describes the available filesets:Citrix.Metaframe....boot.anon.rte.manFileset descriptionChoose if you want to start Citrix Presentation Server when thecomputer is started and stop it when the computer is shut down.If you choose this fileset, the daemon ctxmfd is installed in/usr/lpp/CTXSmf/sbin and starts up automatically.During the installation of the .boot fileset, an entry is made inthe /etc/inittab file that starts up ctxmfd and the server, whenstarting.You cannot install this fileset on its own—theCitrix.MetaFrame.rte fileset must also be installed.Choose to create 15 anonymous user accounts. You cannotinstall this fileset on its own—the Citrix.MetaFrame.rte filesetmust also be installed.Choose to install the runtime environment (the programs and theconfiguration database).Choose to install the manual pages.4. When the unattended installation is complete, you must configure somesettings manually; for more information, see “After UnattendedInstallation” on page 36.After Unattended InstallationAfter performing an unattended installation, to complete the installation, youmust configure the following settings manually:• Set the XML Service port number using ctxnfusesrv -port portnumber• Start the Management Service daemon using ctxsrv start msd• Create or join a server farm using ctxcreatefarm or ctxjoinfarm• Configure communication with the license server using ctxlsdcfg• If you want to enable SSL Relay, write SSL_ENABLED=1 to/var/CTXSmf/ssl/config

Chapter 2 Deploying Citrix Presentation Server for UNIX 37Setting the Paths to Citrix Presentation ServerCommandsThere are two types of Presentation Server commands:User commandsSystem administrationcommandsAny user can run these commands. They include thecommands for logging off and disconnecting from aserver.User commands are installed in:/opt/CTXSmf/bin/usr/lpp/CTXSmf/binOnly members of the ctxadm group can run thesecommands. They include server, publishedapplication, and ICA browser configuration tools.Administration commands are installed in:/opt/CTXSmf/sbin/usr/lpp/CTXSmf/sbinConfiguring User Access to CommandsGenerally, you do not have to do anything to allow users to run user commandsfrom their sessions. The path to these commands is added to each user’s pathupon connection to the server, so any user can access Citrix Presentation Serveruser commands from an ICA session.However, you may have to configure access to Presentation Server commands ifthe user’s shell script startup file (for example, .profile or .login) overrides thepath. For example, on HP-UX, the default system profile (/etc/profile) sets thePATH environment variable explicitly.To configure user access to Citrix Presentation Server commands• If you are using a C shell, use a .login file for the user and add the path tothe user commands. For example:setenv PATH ${PATH}:/opt/CTXSmf/binsetenv PATH ${PATH}:/usr/lpp/CTXSmf/bin• If you are using a Bourne or similar shell, use a .profile file for the user andadd the path to the user commands. For example:PATH=${PATH}:/opt/CTXSmf/binexport PATHPATH=${PATH}:/usr/lpp/CTXSmf/binexport PATH

38 Citrix Presentation Server for UNIX Administrator’s GuideConfiguring Administrator Access to CommandsAn administrator needs to be able to run both user and system administrationcommands. If you are installing Presentation Server for the first time, you need toconfigure your system so that administrators can run all the commands from theserver console and also from an ICA session.To configure administrator access to commands• If you are using a C shell, use a .login file for the administrator and add thepath to the user and administrator commands. For example:setenv PATH ${PATH}:/opt/CTXSmf/sbin:/opt/CTXSmf/binsetenv PATH ${PATH}:/usr/lpp/CTXSmf/sbin:/usr/lpp/CTXSmf/bin• If you are using a Bourne or similar shell use a .profile file for theadministrator and add the path to the user and administrator commands. Forexample:PATH=${PATH}:/opt/CTXSmf/sbin:/opt/CTXSmf/binexport PATHPATH=${PATH}:/usr/lpp/CTXSmf/sbin:/usr/lpp/CTXSmf/binexport PATHSetting the Path to the man PagesGenerally, you do not have to do anything to allow users to display man pages forPresentation Server commands from a session. The path to these files is added toevery user’s MANPATH environment variable upon connection to the server.However, you may have to configure access to the man pages if the user’s shellscript startup file (for example, .profile or .login) overrides the path. For example,on HP-UX, the default system profile (/etc/profile) sets the MANPATHenvironment variable explicitly.To display the man pages from the server console when you log on as anadministrator, you must set up your MANPATH environment variable to point tothe location of the installed man pages. You need to do this only if you areinstalling Presentation Server for the first time.To set the MANPATH environment variable• If you are using a C shell:setenv MANPATH ${MANPATH}:/opt/CTXSmf/mansetenv MANPATH ${MANPATH}:/usr/lpp/CTXSmf/man• If you are using a Bourne shell:

Chapter 2 Deploying Citrix Presentation Server for UNIX 39MANPATH=${MANPATH}:/opt/CTXSmf/manexport MANPATHMANPATH=${MANPATH}:/usr/lpp/CTXSmf/manexport MANPATHStarting and Stopping Citrix Presentation ServerStarting Citrix Presentation ServerWhen installation is complete, start the Presentation Server process on eachserver using the ctxsrv command.To start Citrix Presentation Server1. Log on to the server as an administrator.2. At a command prompt, type:ctxsrv start allNote If, during installation, you choose to add the startup/shutdown script,Presentation Server automatically starts when the computer starts.Stopping Citrix Presentation ServerTo stop the Presentation Server process on a server, use the ctxshutdowncommand. With ctxshutdown, you can specify when the shut down process willbegin, and notify users that the server is about to shut down. This allows users tosave their work and log off gracefully.When the shut down process begins, applications will terminate, except for thosethat have registered window hints. These applications will attempt to interactivelylog users off by displaying a series of prompts.With ctxshutdown, you can specify the maximum duration that users have torespond to these prompts. Any sessions that are still active when this periodexpires are terminated and the users are automatically logged off.The server prevents users from logging on during the shut down process.

40 Citrix Presentation Server for UNIX Administrator’s GuideTo stop Citrix Presentation Server1. Log on to the server as an administrator.2. At a command prompt:ToShut down the server using the defaults. By default, theserver shutdown process begins after 60 seconds; themessage “Server shutting down. Auto logoff in 60seconds” is sent to all users logged on to the server.Applications that have registered window hints (theWM_DELETE_WINDOW attribute) have a further 30seconds to interactively log users off before terminating.Operate in quiet mode. This reduces the amount ofinformation displayed to the administrator by thectxshutdown command.Specify when the shut down process will begin, and howlong the message will appear, in seconds. The default is60 seconds. When this period expires and the shut downprocess begins, applications that have registered windowhints (the WM_DELETE_WINDOW attribute) willattempt to interactively log users off. Applications thathave not registered window hints will terminateimmediately.Specify how long applications that have registeredwindow hints (the WM_DELETE_WINDOW attribute)have to interactively log users off. The default is 30seconds. When this period expires, any remainingsessions are automatically terminated, users areautomatically logged off, and the process stops.Specify the message displayed to all users logged on tothe server. If you do not specify a message, the defaultmessage “Server shutting down. Auto logoff in xseconds” appears, where x = the number of secondsspecified in the -m option (or the default of 60 seconds ifthis is not specified).Use the commandctxshutdownctxshutdown -qctxshutdown -msecondsctxshutdown -lsecondsctxshutdownmessageExampleThe following example shows how to display a message and begin the shut downprocess after two minutes. Applications that have registered window hints aregiven a further three minutes to attempt to interactively log users off.ctxshutdown -m 120 -l 180 “Please log off now”

About Client Keyboard SupportChapter 2 Deploying Citrix Presentation Server for UNIX 41This section describes how to use client devices with non-English keyboards witha server running Citrix Presentation Server.Presentation Server supports client devices that use the following keyboards:LanguageUS English 409UK English 809French40cGerman 407SwedishSpanishLocale ID41d40aItalian 410Danish 406Dutch 413Finnish40bNorwegian 414Polish Programmers 415Portuguese 816Belgian Dutch 813Korean (see note)French Canadian (see note)e0010412c0cSwiss German 807IcelandicJapanese (see note)40fe0010411Note The Korean and French Canadian keyboard locales are supported on theCitrix Presentation Server Clients for Windows only. Only partial support forJapanese keyboards is available, allowing typing of English characters using aJapanese keyboard.

42 Citrix Presentation Server for UNIX Administrator’s GuideConfiguring Non-English Keyboard SupportYour users can make connections to the server with client devices that use non-English keyboards. The keyboards that Citrix Presentation Server supports areshown in the table above.To configure non-English keyboard support1. Ensure you start the server in the country locale of the client keyboard thatyour users are employing. For example, if your users have Germankeyboards, start the server in a German locale. This ensures that the sessionruns in an appropriate locale where fonts containing the required keyboardsymbols are in the font path and keyboard symbols appear correctly on thescreen.2. Make sure your users select the appropriate keyboard in the Settings dialogbox on the client device. For further information about selecting keyboards,refer to the Client Administrator’s Guides for the clients you are deploying.Tip You can alter the locale for an individual user by setting environmentvariables in the user’s start-up files—see “Customizing the Appearance of CitrixPresentation Server” on page 125 for further information.Troubleshooting Non-English Keyboard SupportIf users experience problems obtaining accent symbols, such as the circumflexaccent (^), it may be that the application they are using does not support deadkeys. A dead key is a key that does not produce a character when pressed—instead, it modifies the character produced by the next key press. For example, ona generic French PC keyboard, the circumflex (^) key is a dead key. When thiskey is pressed, and then the “a” key is pressed, “â” is generated.

Configuring Event LoggingChapter 2 Deploying Citrix Presentation Server for UNIX 43When you first install Citrix Presentation Server, events are not configured to besent to the system log (syslog).Citrix Presentation Server uses the following event log levels:• user.notice• user.info• user.warning• user.err• user.debugTo record Citrix Presentation Server events, add a line to the /etc/syslog.conf fileand specify the event log levels that you want to record. You must be root to editsyslog.conf.Note The event log level names that Presentation Server uses may also be usedby other programs. You may see messages from other software in the event log.For example, adding the following line to the end of syslog.conf (separated with atab, not a space) causes all event log messages from Citrix Presentation Server tobe put in the file /var/adm/messages:user.notice;user.info /var/adm/messagesuser.notice;user.info /var/adm/syslog/syslog.logNote The file that you use (that is, /var/adm/messages) must exist. If it does not,you must create it.You may also want to send certain types of Citrix Presentation Server eventdetails to the console. For example, to ensure that all error messages appear onthe console, add this line to the file /etc/syslog.conf:user.err /dev/consoleNote You can configure the logging of session logons, logoffs, disconnects, andreconnects using the ctxcfg command with the -k option. For information, see“Configuring Session Status Logging” on page 162. For further details aboutconfiguring system event logging, see the syslog.conf man page.

44 Citrix Presentation Server for UNIX Administrator’s GuideRemoving Citrix Presentation ServerThe following describes how to remove Version 4.0 of Citrix Presentation Server.To remove Citrix Presentation Server on Solaris1. Log on to the server as an administrator.2. Ensure that there are no active sessions and stop Presentation Server usingthe ctxshutdown command. See “Stopping Citrix Presentation Server” onpage 39 for more information.3. Log on as root.4. To remove Presentation Server, type:pkgrm CTXSmfTo remove Citrix Presentation Server on HP-UX1. Log on to the server as an administrator.2. Ensure that there are no active sessions and stop Presentation Server usingthe ctxshutdown command. See “Stopping Citrix Presentation Server” onpage 39 for more information.3. Log on as root.4. To remove Presentation Server, type:swremove5. The SD Remove dialog box appears. Choose MetaFrame.6. From the Actions menu, choose Mark for Remove.7. From the Actions menu, choose Remove (analysis) to display analysisinformation prior to the installation. If any warnings are generated, displaythe Logfile for further details.8. Choose OK to remove Presentation Server.Tip To quickly remove the entire Citrix Presentation Server package, at acommand prompt, type: swremove MetaFrame.

Chapter 2 Deploying Citrix Presentation Server for UNIX 45To remove Citrix Presentation Server on AIX1. Log on to the server as an administrator2. Ensure that there are no active sessions and stop Presentation Server usingthe ctxshutdown command. See “Stopping Citrix Presentation Server” onpage 39 for more information.3. Log on as root.4. Type smit. The System Management Interface Tool dialog box appears.5. Choose Software Installation and Maintenance.6. Choose Software Maintenance and Utilities.7. Choose Remove Installed Software. The Remove Installed Softwaredialog box appears.8. In SOFTWARE name, type Citrix.MetaFrame. To remove a particularfileset, type in its name; for example Citrix.MetaFrame.man.Note If you want to remove the Citrix.MetaFrame.rte fileset, you must alsoremove the Citrix.MetaFrame.boot and Citrix.MetaFrame.anon filesets. Ifyou do not, a “Dependency Failure” error message appears.9. Set PREVIEW only? to no.10. Choose OK.11. At a prompt, choose OK to confirm you want to remove the software.When complete, check the Installation Summary to make sure that theremoval was successful.Note If the removal of Citrix Presentation Server fails, it may be becauseyou did not stop the server—see Step 2.12. To exit from smit, select Exit SMIT from the Exit menu.Tip To quickly remove the entire Citrix Presentation Server package, at acommand prompt, type: installp -u Citrix.MetaFrame.

46 Citrix Presentation Server for UNIX Administrator’s GuideReinstalling Citrix Presentation ServerWhat to Do NextIf you need to reinstall Citrix Presentation Server, do the following:• Uninstall Presentation Server. For information, see “Removing CitrixPresentation Server” on page 44.• Install Presentation Server. For information, see “Installing CitrixPresentation Server” on page 28.• If you set up the license server before installation and you used the installerscript to install Presentation Server, your server is licensed and operational.If you did not set up the license server before installation or you did notconfigure communication with the license server during installation, set upthe license server and use the ctxlsdcfg command to configurecommunication with it manually. For more information, see “LicensingCitrix Presentation Server for UNIX” on page 57 and the Getting Startedwith Citrix Licensing Guide.• If you did not configure the server farm during installation, you must createor join a server farm. For more information, see “Introducing ServerFarms” on page 47.• Install the client software on each client device you plan to use from theComponent CD-ROM included in your Presentation Server package, orfrom the Citrix Web site. After installing the client software, create ICAconnections to your server and test that you can connect from each type ofclient. For information about installing clients and creating connectionsfrom a client device to a server, see the Client Administrator’s Guide for theappropriate client.When you can connect to your server from a client, your server isoperational.• To provide your users with access to applications, publish applicationsusing the ctxappcfg command. For information about publishingapplications, see “Publishing Applications and Desktops” on page 61.

CHAPTER 3Introducing Server FarmsOverviewThis chapter introduces server farms, which are a new feature in CitrixPresentation Server for UNIX Version 4.0. It explains how you can use serverfarms to provide users with easy access to applications and resources, whiletaking advantage of the powerful administration capabilities that farms offer.Topics include:• About server farms• Creating a server farm using ctxcreatefarm• Joining a server farm using ctxjoinfarm• Removing a server from a farm using ctxfarm -rNote The ctxcreatefarm and ctxjoinfarm commands are aliases of the ctxfarmcommand. For more information about all of these commands, see the ctxfarmcommand in the “Command Reference” on page 195 or the ctxfarm man page.About Server FarmsA server farm is a group of servers running Citrix Presentation Server for UNIXthat is managed as a single entity. Using a server farm allows you to:• Deploy published applications and resources to all servers in the farmquickly and easily.• Manage and administer settings for the entire farm from a single location,rather than configuring each server individually. You can administer thefarm from any server in the farm; you do not need to connect remotely toother servers in the farm.

48 Citrix Presentation Server for UNIX Administrator’s GuideTo create a server farm, you use the ctxcreatefarm command. After you create thefarm, you use the ctxjoinfarm command to join other servers to the farm.Note Only servers running Citrix Presentation Server for UNIX Version 4.0 canbecome part of a server farm.Server Farm ComponentsThe following diagram illustrates the key components in a typical server farm.The diagram shows the server where the administrator is logged on, theManagement Service Master server, and other servers that are members of thefarm. Secure communication between the various Management Services runningon each server in the farm is also shown.Components in a typical server farmThe following section explains these components in more detail.The Management Service MasterWhen you create a new server farm, the server on which you create the farmbecomes the Management Service Master. The Management Service Master is aserver running Citrix Presentation Server for UNIX that has authoritative controlof the farm.The Management Service Master also holds the master copy of thefarm’s data store.Data StoreThe data store is a human-readable text file that stores persistent data for the farm,such as configuration information about the servers and published applications inthe farm. The Management Service Master holds the master file, while otherservers in the farm each hold a copy of the data store.

Chapter 3 Introducing Server Farms 49When a server joins the farm, the data store is updated to reflect the addition ofthe new server, and the new server is given a copy of the farm’s data store.The Management ServiceThe Management Service is a daemon that runs on each server in the farm thatcommunicates server farm information, such as details about the publishedapplications available in the farm.When you make a configuration change to the server farm (for example, youpublish a new application in the farm), the Management Service Mastercommunicates this change to the other servers in the farm using the ManagementService.Communication between the various Management Services in the farm takesplace over a secure communication channel.Secure Communication ChannelTo protect sensitive information and administrator commands sent betweenservers, Citrix Presentation Server for UNIX provides a secure, privatecommunication channel between all servers in a farm. This securecommunication channel employs the Generic Security Service ApplicationProgram Interface (GSS-API) to provide mutual authentication of servers, andconfidentiality and integrity protection for data transmitted across the network.GSS-API is an industry-standard security framework defined by the InternetEngineering Task Force RFC 2743. Authentication and data protection areperformed by the Kerberos 5 GSS-API security mechanism (RFC 1964) in a waythat avoids the need for an external Kerberos authentication server.Authentication instead depends on a shared secret that is securely distributed toservers when they join the server farm. The server farm passphrase is used forinitial authentication when servers join the farm.Note You can use the ctxfarm command to change the farm passphrase andshared secret if necessary.For secure communication between servers in a farm to function correctly, youmust ensure that:• Clock settings on all servers in a farm are synchronized. You can set upa network time server to ensure that clock settings on all servers in a farmare synchronized.• Name resolution between servers in a farm is consistent. You shouldensure that all servers to be placed in a farm resolve the names of other

50 Citrix Presentation Server for UNIX Administrator’s Guideservers in the farm consistently. All servers must be able to resolve servernames to IP addresses and IP addresses to server names.Communication between Servers in a FarmInterserver communication using the Secure Communication Channel occursover TCP/IP on port number 2897. This communication consists ofadministration commands and management information updates and queries.Interserver communication between ICA browsers occurs over UDP on portnumber 1604. This communication consists of UDP broadcasts to locate or electthe master browser for the local network or subnet, and UDP packets directed tothe master browser to send server information updates and queries. The masterbrowser holds information about each server’s address, load, availableapplications, and disconnected sessions.Multiple Farms and Subnet ConsiderationsCitrix recommends that all servers in a farm are on one subnet. If servers in afarm are on different subnets, you must configure an ICA gateway to allow theservers to contact one another.If you must create multiple farms on one subnet, ensure that publishedapplications have different names in the different farms. For example, name theDiary application “DiaryA” in server farm A, and “DiaryB” in server farm B.This ensures that the Diary application is not load balanced over the two differentfarms and that users get consistent results, regardless of how they browse forapplications.Note For more information about configuring ICA gateways, see “ConfiguringICA Gateways” on page 157.Integrating with Other Citrix ServersCross-server administration between Windows and UNIX versions of CitrixPresentation Server is not possible. Only servers running Citrix PresentationServer for UNIX Version 4.0 can become part of a UNIX server farm. Similarly,only servers running Citrix Presentation Server for Windows can become part ofa Windows server farm.Citrix Presentation Server for UNIX will coexist with other servers runningPresentation Server (for example, Citrix Presentation Server for Windows) on anetwork by sharing master browser information.

Chapter 3 Introducing Server Farms 51You can make applications published on Citrix Presentation Server for UNIXservers appear in the same location as applications published on CitrixPresentation Server for Windows farms. To do this, you use the Citrix XMLService with the multiple server farm functionality in the Web Interface. TheCitrix Web Interface is an application portal technology that lets you integrate andpublish applications to a Web browser from any standard Web server. For moreinformation, see the Web Interface Administrator’s Guide. The Citrix XMLService is included automatically when you install Citrix Presentation Server forUNIX.Creating a Server FarmWhen you install Citrix Presentation Server for UNIX using the installer script,you are prompted to create a server farm or join an existing farm during theinstallation process. These sections describe how to create or join server farmsmanually using the ctxcreatefarm and ctxjoinfarm commands.To create a server farm, you use the ctxcreatefarm command. You can createfarms only on servers running Citrix Presentation Server for UNIX Version 4.0.Because the server that you create the farm on will become the ManagementService Master, ensure that you create the farm on an appropriate computer.When you create a farm, you are prompted for a passphrase. Citrix recommendsthat you choose a suitably strong passphrase, in accordance with your company’ssecurity policy. You can use the ctxfarm command to change the farm passphraselater if necessary.Important You must remember this passphrase, because the passphrase youspecify when you create the farm will be required by administrators whenever theyattempt to join servers to this farm. If you lose the passphrase, you cannot addservers to the farm.To create a server farm1. Log on to the server that will become the Management Service Master as anadministrator.2. At a command prompt, type:ctxcreatefarm3. At the prompt for farm name, type the name you want to give the farm.4. At the prompt for passphrase, type a passphrase.5. Confirm the passphrase.

52 Citrix Presentation Server for UNIX Administrator’s GuideJoining a Server FarmAfter creating a server farm, you can join other servers to the farm using thectxjoinfarm command. For security, before you can join a server to a farm, youneed to know the passphrase specified for the farm. When you join a server to afarm, the server is updated with a copy of the new farm’s configuration.Only servers running Citrix Presentation Server for UNIX Version 4.0 can join aserver farm.To join a server farm1. Log on to the server that you want to join to the farm as an administrator.2. At a command prompt, type:ctxjoinfarm3. At the prompt for farm name, type the name of the farm you want the serverto join.4. At the prompt for passphrase, type the passphrase specified for the farm.5. At the prompt for server name, type the name or IP address of a serveralready in this farm.Citrix Presentation Server communicates with the server farm and automaticallyjoins the server to the farm.Moving a Server to a Different FarmYou can use the ctxjoinfarm command to move a server to a different farm.When you move a server to a different farm, the data store in the old farm isupdated to reflect the removal of the server, and the server is updated with a copyof the new farm’s configuration. However, any published applications that wereon the server in the old farm are no longer available in the new farm. To makethese applications available in the new farm, you must publish them usingctxappcfg publish. For more information about publishing applications, see“Publishing an Application, Shell Script, or Desktop” on page 64.To move a server to a different farm1. Log on to the server that you want to move to a different farm as anadministrator.2. At a command prompt, type:ctxjoinfarm3. At the prompt for farm name, type the name of the farm you want the serverto join.

Chapter 3 Introducing Server Farms 534. At the prompt for passphrase, type the passphrase specified for the farm.5. At the prompt for server name, type the name or IP address of a serveralready in this farm.6. At the prompt, confirm that you want to move the server to the new farm.Presentation Server communicates with the server farm and automaticallyjoins the server to the farm.Troubleshooting Joining a Server FarmNote Due to an HP-UX system limitation, you cannot specify server names ofmore than eight characters when running Presentation Server for UNIX Version4.0 on the HP-UX operating system.If you experience problems attempting to join a server to a farm, check that:• Clock settings on all servers are synchronized. You can set up a networktime server to ensure that clock settings on servers already in a farm andservers joining the farm are synchronized. New servers cannot join the farmif clock settings are not synchronized.• Name resolution between servers is consistent. You should ensure that allservers in a farm resolve the names of servers joining the farm consistently.If name resolution is not consistent, new servers cannot join a farm.Removing a Server from a FarmYou can remove a server from a farm using the ctxfarm -r command.Note You cannot remove the Management Service Master from a farm. Onlymembers of a server farm that are not the Management Service Master can beremoved from a farm.When a server is removed from a farm, its copy of the farm data store is removedand published applications are no longer available from this server.

54 Citrix Presentation Server for UNIX Administrator’s GuideRenaming a ServerA server can be removed from a farm even when this server is unavailable. To dothis, you log onto another server in the farm and remove the server. Theremaining servers in the farm delete the information they hold about the removedserver. You can also remove a server from a farm even when the ManagementService Master is unavailable (for example, if the Management Service Mastergoes down).To remove a server from the farm1. Log on to a server in the farm as an administrator.2. At a command prompt, type:ctxfarm -r [server-name]where server-name is the name of the server you want to remove from thefarm. If you do not specify a server name, the local server is removed fromthe farm.You cannot rename a server using the ctxfarm command. If you want to rename aserver, you must:1. Remove the server from the farm using the ctxfarm -r command. Note thatyou cannot remove the Management Service Master from a farm. Also,when you remove a server, any published applications available on thisserver are deleted. See “Removing a Server from a Farm” on page 53 formore information about removing servers.2. Rename the server, then add the server to the farm again using thectxjoinfarm command. See “Joining a Server Farm” on page 52 for moreinformation.Identifying the Servers in a FarmYou can identify the servers in a farm using the ctxfarm -l command. The listprovides details of all the servers currently in a farm and also identifies theManagement Service Master.To identify the servers in a farm1. Log on to a server in the farm as an administrator.2. At a command prompt, type:ctxfarm -l

What to Do NextChapter 3 Introducing Server Farms 55After creating a server farm and joining servers to the farm, you can manage thefarm using the various ctx commands. For example, you can use the ctxappcfgcommand to publish and configure applications on one or more servers in thefarm, and ctxqsession to query servers in the farm. See the appropriate sections inthis guide for more information about configuring and administering the serverfarm. For a full list of all the ctx commands available, see the “CommandReference” on page 195.Note If you used previous versions of Presentation Server for UNIX, you maynotice changes to some ctx commands, particularly for the new server farm feature.For example, there is a new publish parameter in the ctxappcfg command (thatreplaces the add parameter) that allows you to publish and configure applicationson any server in the farm.

56 Citrix Presentation Server for UNIX Administrator’s Guide

CHAPTER 4Licensing Citrix Presentation Serverfor UNIXOverviewThis chapter introduces Citrix Licensing and explains how to license CitrixPresentation Server for UNIX. Topics in this chapter include:• About Citrix Licensing• How to license Citrix Presentation Server for UNIX• Configuring communication with the license serverImportant Ensure you read this chapter and the Getting Started with CitrixLicensing Guide before you install Citrix Presentation Server for UNIX Version4.0. The Getting Started with Citrix Licensing Guide is designed to assist Citrixadministrators with deploying, maintaining, and using Citrix Licensing. The guideis available on the Citrix Presentation Server for Windows product CD-ROM or onthe Citrix Web site.About Citrix LicensingCitrix Presentation Server for UNIX Version 4.0 uses the new, simplified CitrixLicensing method. This means that you use a license server and, if you use theCitrix License Server for Windows, a user interface for managing licenses,known as the License Management Console. License files are downloaded fromthe Citrix Web site and stored on the license server.Citrix Licensing offers many benefits, including the ability to centrally manageand monitor license usage, access your licensing data remotely, and create reportsfor analyzing trends in license usage. Licenses can be shared across farms, and anelectronic backup of all licenses is stored on the Citrix Web site.

58 Citrix Presentation Server for UNIX Administrator’s GuideTo license Citrix Presentation Server for UNIX Version 4.0, you require CitrixPresentation Server Enterprise edition or Platinum edition licenses. Theselicenses enable all the features available in Citrix Presentation Server for UNIX,including load balancing and client drive mapping. Other edition licenses are notapplicable to Citrix Presentation Server for UNIX Version 4.0; upgrade licensesare also not applicable.Citrix License Server for UNIXA license server that runs on the Solaris SPARC platform, rather than onWindows, is available, called the Citrix License Server for UNIX. This licenseserver can be downloaded from the Citrix Web site. For more information aboutinstalling and configuring this license server, see the documentation thataccompanies the download.Coexisting with Earlier Citrix LicensingThe previous Citrix licensing method, in which base licenses and server extensionlicenses were installed on each product server, is no longer supported in CitrixPresentation Server for UNIX Version 4.0.Licenses cannot be shared between Version 4.0 servers and servers runningearlier versions of Presentation Server for UNIX. However, servers runningVersion 4.0 and earlier versions will coexist in a network.Commands such as ctxqserver -license, that relate to the previous Citrix licensingmethod, will continue to function for backwards compatibility; however,meaningful results will appear only for servers running versions prior to Version4.0 of Presentation Server for UNIX.Licensing Citrix Presentation Server for UNIX:an OverviewTo deploy and license Citrix Presentation Server for UNIX, you must completethe following tasks:1. Install the license server and the License Management Console on asuitable computer. The Windows licensing components and the LicenseManagement Console are available on the Citrix Presentation Server CD.Note To run a license server on the Solaris SPARC platform, download theCitrix License Server for UNIX from the Citrix Web site. The downloadincludes documentation about installing and configuring this license server.Note that this download does not include the License Management Console.

Chapter 4 Licensing Citrix Presentation Server for UNIX 592. Connect to http://www.mycitrix.com to download your license files.3. Copy the license files to your license server.Note These tasks are described in detail in the Getting Started with CitrixLicensing Guide. Citrix recommends that you read this guide beforeinstalling Citrix Presentation Server for UNIX.4. Deploy Citrix Presentation Server for UNIX. For information about how todo this, see “Deploying Citrix Presentation Server for UNIX” on page 23.5. If necessary, configure communication between servers running CitrixPresentation Server for UNIX and the license server using ctxlsdcfg. Thisis described in the following section. However, if you use the installer scriptto install Citrix Presentation Server for UNIX, the installer script configurescommunication with the license server for you.Configuring Communication with the License ServerThis section discusses how to configure Citrix Presentation Server for UNIX touse Citrix Licensing. It explains how to display and specify the license serverlocation and port number using ctxlsdcfg.Typically, these communication settings are specified during Citrix PresentationServer for UNIX installation. Sometimes, however, you may need to edit thesesettings after installation; for example:• If you decide to install the license server software after you installPresentation Server• If you do not use the installer script to install Presentation Server• If you rename your license server• If you transfer the licenses for a server farm to another license server• If you change the port your license server uses• If you change a server farm so that it points to another license serverctxlsdcfg is a farm-wide setting, so you need to run this command on only oneserver in the farm. The settings you specify are propagated automaticallythroughout the server farm.

60 Citrix Presentation Server for UNIX Administrator’s GuideTo change license server settings for a farm1. Log on to the server as an administrator.2. At a command prompt, type ctxlsdcfg.The following prompt appears:License Config>3. At the License Config prompt:• To specify the license server name, type server server-namewhere server-name is the name of the license server.• To specify the license server port number, type port port-numberwhere port-number is the port number of the license server. Bydefault the port number is 27000.• To specify the product edition, type edition product-editionwhere product-edition is either Enterprise or Platinum depending onwhich Presentation Server edition you are licensed to use. By defaultthe product edition is Enterprise.4. At the License Config prompt, type exit.5. At the prompt to save your changes, type y (or yes).To display license server settings for a farm1. Log on to the server as an administrator.2. At a command prompt, type ctxlsdcfg.The following prompt appears:License Config>3. At the License Config prompt, type list. The current license server name,port number, and product edition appear.4. At the License Config prompt, type exit.

CHAPTER 5Publishing Applications andDesktopsOverviewThis chapter describes how to provide access to applications for CitrixPresentation Server Client users. Topics in this chapter include:• An introduction to application publishing• Publishing applications, desktops, shell scripts, and UNIX command-lines• Publishing applications on UNIX servers of different architecture• Displaying published application details• Maintaining published applications• Configuring an initial program• Publishing preconfigured applications for anonymous useAbout Published ApplicationsTo a client user, a published application appears similar to an application runninglocally on the client device.Published applications:• Give client users easy access to applications running on servers• Increase your control over application deployment• Shield users from the complexities of the UNIX environment hosting theICA sessionThe ctxappcfg command is the main tool for publishing applications. You canpublish any application that can run on the UNIX workstation or server on whichPresentation Server is installed.

62 Citrix Presentation Server for UNIX Administrator’s GuideWhy Publish Applications?The main reasons for publishing applications are the ease of user access, thedegree of administrative control, and the efficient use of resources.Administrative ControlWhen you publish applications, you get greater administrative control overapplication deployment.• Enabling and disabling applications. You can disable publishedapplications without having to delete their configuration. This allows you totemporarily stop users from connecting to published applications. Adisabled application can be quickly enabled at a later stage.• Load balancing. Application publishing lets you direct client connectionrequests to the least busy server in a group of servers configured to run anapplication.User AccessWhen you publish applications, user access to those applications is greatlysimplified in the following areas:• Addressing. Instead of connecting to a server by its IP address or servername, client users can connect to a specific application or desktop bywhatever name you give it. Connecting to applications by name eliminatesthe need for users to remember which servers contain which applications.This also allows administrators to change the server(s) on whichapplications are deployed, without reconfiguring clients, and without usersbeing aware of the change.• Navigation of the server desktop. Instead of requiring client users to haveknowledge of the UNIX desktop to find and start applications afterconnecting to servers, published applications present the user with only thedesired application in an ICA session.Efficient Use of ResourcesICA connections to server desktops can consume considerable resources because,by default, CDE is loaded for each connection. For more efficient use of serverresources, use published applications rather than server desktops.

Chapter 5 Publishing Applications and Desktops 63Publishing Applications for Explicit orAnonymous UseWhen you publish an application, you have to specify whether the application isfor anonymous or explicit use.Publishing Applications for Explicit UseExplicit users have their own user accounts.If you publish an application for use by explicit users, when the users log on, theysupply their user name and password. Explicit users have a “permanent”existence—their desktop and security settings are retained between sessions andtheir files persist from one session to another.Publishing Applications for Anonymous UsePublishing applications for anonymous use allows you to provide “guest” useraccess to an application.When a user starts an application published for anonymous use, no logon boxappears and the user does not have to supply a user name or password. Instead,the server selects an available account from a pool of anonymous user accountsand assigns this to the user.A temporary home directory is also assigned to users for use during the session.Users do not have a persistent identity, and no information in the home directoryis retained when they log off. Any desktop settings, user-specific files, or otherresources created or configured by the user are discarded at the end of the ICAsession.If the session is idle (that is, if there is no user activity for a specified timeperiod), the session is terminated. Users are logged off after a broken connectionor time-out.For information about how to change or maintain anonymous user accounts, see“Configuring Anonymous Users” on page 135.For information about setting up configuration files for applications published foranonymous use, see “Publishing Preconfigured Applications for AnonymousUse” on page 85.Note The total number of users, whether anonymous or explicit, who can belogged on to the server at the same time depends upon your licensed user count.See the Getting Started with Citrix Licensing Guide for details.

64 Citrix Presentation Server for UNIX Administrator’s GuideSecurity ConsiderationsTake care when choosing applications to publish anonymously, because no username or password is required to access these applications and, therefore, littlemeaningful audit data can be obtained. Citrix recommends that you do notpublish applications that will provide users with a command shell, because theymay be able to access and affect the system in the same way as an explicit user.For example, on HP-UX, users can change their shell or information from a logonshell. Such changes persist even after the session is terminated—that is, if achange is made to an anonymous user account, the next user of this account willpick up these changes. To prevent users from changing their shell, restrict /etc/shells so that it contains only the desired system shell.If you need to publish applications for explicit use and applications foranonymous use that may present users with a command shell, you can partitionthe applications onto separate servers and tune the server security so that theserver with anonymous applications is more tightly controlled than the serverwith explicit applications. You may also need to change the permissions on somecommand-line tools (for example, passwd and chsh) so that members of thectxanon group cannot execute these tools.Publishing an Application, Shell Script, or DesktopThis section explains how to publish applications (including Java and legacyapplications), shell scripts, and server desktops. It also explains how to publishapplications on UNIX servers of different architecture, change the workingdirectory, and configure the server to accept published application parameterspassed by the client.Publishing an ApplicationUse the ctxappcfg command to publish an application. The command promptsyou for the information required to publish the application.Application installation is not part of the application publishing process. Beforean application can be published, both Presentation Server and the applicationmust be installed. The order in which you install the application and PresentationServer does not matter. After an application is installed, it can be published at anytime.

Chapter 5 Publishing Applications and Desktops 65To publish an application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg.The following prompt appears:App Config>3. At the App Config prompt, type publish. You are prompted for each itemof information you need to supply:At the prompt for Specify DefaultNameCommand-lineWorking directoryAnonymous[yes|no]DescriptionFolderIcon FileWindow SizeThe name you want to use for the publishedapplication. The user selects this name whensetting up an ICA connection to thispublished application. The name does notneed to be the same as the name of theexecutable file for a particular program.The command-line required to run theapplication or script file; for example: /usr/bin/diary.bin.The default working directory. Thisdirectory must exist. Leave blank to specifythe user’s home directory. Note that ~/subdiris supported; ~otheruser is not.yes if the application is for anonymous useonly, or no if it is for use by users withexplicit accounts only.An optional description that appears on theuser’s Web page. This information isrequired for applications accessed using theWeb Interface.A folder containing the application. Thisinformation is required for applicationsaccessed using the Web Interface.The icon file displayed against a publishedapplication in the Web Interface.The window size and type of window. Thisinformation is required for applicationsaccessed using the Web Interface.Specify window size as: widthxheight, forexample, 1024x768; or % (percentage) of adesktop, for example, 70%.Specify type of window as seamless (thewindow size is controlled by the client) orfullscreen (full screen display).No defaultNo defaultUser’s homedirectoryNo defaultBlankBlankICA icon800 x 600pixels

66 Citrix Presentation Server for UNIX Administrator’s GuideAt the prompt for Specify DefaultColor DepthEnable SSLsecurityUser nameGroup nameServer nameThe number of colors used to display theapplication. Choose from 16, 256, 4bit, 8bit,16bit, and 24bit. This information isrequired for applications accessed using theWeb Interface.yes to use SSL to secure connections to thisapplication, or no if you do not want to useSSL.The user names of users permitted to accessthis application. Type one user name perline. Leave a blank line to complete the list.The names of user groups or netgroupspermitted to access this application. Typeone group name per line. Leave a blank lineto complete the list. To denote a netgroup,use an @ as the first character of the name;for example @netgroup1.The names of servers in the farm that willpublish this application. Type one servername per line. Leave a blank line tocomplete the list. To specify all currentservers in the farm, type an asterisk (*). Tospecify all current and future servers in thefarm, type a plus sign (+).256 colorsControlledby defaultsettingsNo defaultNo defaultNo default4. At the App Config prompt, type exit.Note• Increasing window size and color depth increases demand uponmemory. For example, an ICA connection configured to run at a colordepth of 256 colors and window size of 4096 x 4096 usesapproximately 16MB of memory just for the ICA session (additionalmemory is required for the applications). An ICA connectionconfigured to run at the same window size but at a color depth of 24-bitTrue Color uses approximately 64MB of memory. Consequently, asmemory consumption increases, it may not be possible to run as manyconcurrent sessions without increasing memory.• If you specify a netgroup, only the presence of a user in a netgroup ischecked; the host and domain fields are ignored.The published application is enabled automatically. You can now connect to theserver from a client and set up a connection to this published application.

Chapter 5 Publishing Applications and Desktops 67You can change the configuration of a published application at any time; see“Changing the Settings of a Published Application” on page 74 for more details.When you first publish an application, you can specify display settings for folder,icon, window size, and color depth. If you do not configure these display settings,default display settings are used. You can change the default display settings forall published applications in the server farm; for more information, see“Specifying Default Settings for Published Applications” on page 77.Tip To publish an application for both explicit and anonymous use, publish itunder different names—once for explicit use and once for anonymous use.Publishing a Shell ScriptYou can also publish an application by writing a script file that sets up theapplication environment and then executes the application. You then publish theshell script file as a published application, using the ctxappcfg command. Topublish a script file, enter the path to and name of the script file at a commandprompt.Publish a shell script if you want to publish an application that requires aparticularly complex environment; for example, if you need to set particularenvironment variables.To publish a shell script in a server farm, ensure the shell script is present on allthe servers in the farm on which you want to publish it.Publishing a DesktopYou publish a server desktop in the same way you publish an application, usingthe ctxappcfg command. However, to indicate you are publishing a desktop, youleave the command-line blank.Note ICA connections to server desktops consume considerable server resourcesbecause, by default, CDE is loaded for each connection. For more efficient use ofserver resources, use published applications rather than server desktops.Publishing a Java ApplicationYou can publish Java applications on your server by writing a script file that youpublish using the ctxappcfg command. In the script file, include any environmentvariables required to set up the application environment and the commands tostart the Java application.

68 Citrix Presentation Server for UNIX Administrator’s GuidePublishing a UNIX Command-Line ApplicationYou can publish applications that require use only of the command-line. Forexample, you may have a legacy application that you want to publish. You do thisusing the ctxappcfg command. At a command prompt, type:xterm -e “commands”where commands is the set of commands required to start the application. Enclosethe commands within double quotes. If the set of commands is complex, includethis in a script file and run the script file:xterm -e script_filePublishing an Application on a UNIX Server ofDifferent ArchitectureYou can publish applications on UNIX servers that are of an architecture differentfrom the server running Citrix Presentation Server. For example, you can publishan application on a computer running Citrix Presentation Server for UNIX,although the application exists and runs on a Linux server.To do this, you create a script file to run the application on the remote UNIXserver. Then you create a script file on the server running Citrix PresentationServer to set up the application environment and start the application on theremote server. This script uses the remote shell command to run the script on theremote server. The script also uses the DISPLAY environment variable, whichyou set to CITRIX_REMOTE_DISPLAY, to display on the server.Finally, you publish the script on the server running Citrix Presentation Serverusing the ctxappcfg command.ExampleThe following example shows how to publish an application that runs on a Linuxserver. In this example, the server running Citrix Presentation Server is called“Buffy,” the Linux server is called “Mandix,” and the application is called“Diary.”

Chapter 5 Publishing Applications and Desktops 69ICA connectionClient- makes ICAconnection to DiaryBuffyCitrix Presentation Server- ctxappcfg used to publish ascript that launches DiaryResult = Clientruns DiaryLaunch DiaryMandixLinux server- hosts DiaryStep 1—Create a script file on Mandix1. Install Diary on Mandix.2. Create a script file on Mandix that will run Diary on Mandix. For example,create a script file /usr/local/bin/rundiary.sh containing:#!/bin/shDISPLAY=$1shiftexport DISPLAYcd /export/home/apps/diary/export/home/apps/diary/diary $*3. Make sure that the script file works by testing locally on Mandix.Step 2—Create a script file on Buffy1. Create a script file on Buffy that will set up the application environmentand start rundiary.sh on Mandix. For example, create a script file/export/home/apps/diary.sh containing:#!/bin/shDISPLAY=$CITRIX_REMOTE_DISPLAY# allow everyone on Mandix to access this display

70 Citrix Presentation Server for UNIX Administrator’s Guidexhost +mandix# launch app on the machine "Mandix"rsh Mandix "/usr/local/bin/rundiary.sh $DISPLAY ~/group.cal"NoteOn HP-UX, the remote shell command is remsh.2. Make sure that the script file works on Buffy, by testing that it correctlylaunches the application on Mandix, using a display on Buffy. ~/group.calis the parameter passed to the Diary application on Mandix.Step 3—Publish the application on Buffy1. Create a script file on Buffy that uses the ctxappcfg command to publishdiary.sh. Make sure you include blank lines where appropriate. Forexample:ctxappcfg

Chapter 5 Publishing Applications and Desktops 71To do this, you publish the application on the server in the usual way, andconfigure the client to pass a working directory parameter to the server.ExampleThe following example shows how to configure the published application“Editor” to run in the working directory /home/docs.Step 1—Publish Editor on the server1. Install Editor on the server running Citrix Presentation Server.2. Publish Editor in the normal way using the ctxappcfg command; for moreinformation, see “Publishing an Application, Shell Script, or Desktop” onpage 64.Step 2—Configure the client1. Create an ICA connection to the Editor application in Citrix ProgramNeighborhood—for example, create an ICA connection and name it“MyEditor.”2. Locate the APPSRV.ini file and open it in an editor (such as Notepad).3. In the APPSRV.ini file, find the name of the published application; this isthe name you gave the application in Program Neighborhood, containedwithin square brackets. For example, find: [MyEditor].4. In the lines relating to the published application, add a line for the workingdirectory (if such a line does not exist already). For example, for the Editorapplication, add the line:WorkDirectory=/home/docsPublishing an Application to Accept Parametersfrom the ClientYou can configure the server running Citrix Presentation Server to acceptpublished application parameters passed by the client. This allows users toconnect to a published application and automatically launch a particular file. Forexample, if users regularly update a particular document, you can publish theapplication that they use to automatically open the document specified by theclient device.To do this, you configure the client to pass parameters to the server, and configurethe server to accept and use the parameters passed by the client.

72 Citrix Presentation Server for UNIX Administrator’s GuideExampleA user wants to regularly update a resume, which is stored in: /home/docs/MyCV.doc, using the published application “Word.” The following shows how toconfigure the published application to automatically open this file when the userconnects.Step 1—Publish Word on the server1. Install Word on the server running Citrix Presentation Server.2. Publish Word using the ctxappcfg command. At a command prompt,include “%*” where the parameters from the client are to be included. Forexample:/usr/bin/word.bin %*Step 2—Configure the client1. Create an ICA connection to the Word application in Citrix ProgramNeighborhood; for example, create an ICA connection and name it“MyCV.”2. Locate the APPSRV.ini file and open it in an editor (such as Notepad).3. In the APPSRV.ini file, find the name of the published application—this isthe name you gave the application in Program Neighborhood, containedwithin square brackets. For example, find: [MyCV].4. In the lines relating to the published application, find the line for the initialprogram. For example:InitialProgram=#”METAFRAMESERVER1”5. Edit this line with the file name to be opened. For example:InitialProgram=#”METAFRAMESERVER1” /home/docs/MyCV.docNote• If there is no “%*” in the command-line on the server, parameters fromthe client are ignored. If no parameters are passed by the client or thesyntax is incorrect (for example, the quotes are missing), the serverignores the parameters and “%*” has no effect.• Because client parameters are interpreted by the shell, you can usewildcards, environment variables, and so on.• If you specify client parameters, seamless session sharing is switchedoff.

Displaying Published Application DetailsChapter 5 Publishing Applications and Desktops 73You can use ctxappcfg to display all the applications published on the localserver or in the server farm. You can then use select to display details about aparticular published application.To display details about the applications published1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list. This displays the names of theapplications published on the server or in the server farm:App Config> listName: “Accounts”Name: “Orders”Name: “Diary”Applications that are disabled have (disabled) displayed next to them.4. To find out more details about a particular published application, use theselect command with the name, for example:App Config> select DiaryThis displays the details for the published application, for example:Name: DiaryCommand line: /usr/bin/diary.binWorking directory: ~/tmpIcon: Inherited from default application settings.Anonymous: noEnabled: yesDescription:Folder:Window Size: Inherited from default application settings.Color Depth: Inherited from default application settings.SSL security configuration: Inherited from default applicationsettings.5. If you want to list information for a different application, type drop todeselect the current application. You can then use the select command againwith the appropriate application name.

74 Citrix Presentation Server for UNIX Administrator’s Guide6. To exit from ctxappcfg, type exit.Tip You can also display information about published applications on thenetwork using the ctxqserver command; see “Command Reference” on page 195for more information.Maintaining Published ApplicationsThis section explains how to change a published application’s settings, configureuser access to published applications, and manage the servers that publishapplications. Also explained is how to configure default settings for all publishedapplications in the server farm.Changing the Settings of a Published ApplicationAfter publishing an application, you can change its settings using the ctxappcfgcommand. You can change the settings for published applications on the localserver or in the server farm.First, you use the select command to select the application you want to change.Then you use the set command to configure settings, such as the workingdirectory or the application’s description. The set command is described below.Note After selecting an application, you can also change the icon file displayedagainst a published application, configure user access to applications, and managethe servers that publish an application. These features are described later in thischapter.To configure a published application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list to check the names of the applicationspublished on the server or in the server farm.4. Select the published application you want to change; for example:App Config> select Diary

Chapter 5 Publishing Applications and Desktops 755. This displays the details for the published application, for example:Name: DiaryCommand line: /usr/bin/diary.binWorking directory: ~/tmpIcon: Inherited from default application settings.Anonymous: noEnabled: yesDescription:Folder:Window Size: Inherited from default application settings.Color Depth: Inherited from default application settings.SSL security configuration: Inherited from default applicationsettings.6. To change the configuration, use the set command. This has the followingsyntax:set [cmd={cmd_line}, dir={dir_name}, anonymous={yes|no},enabled={yes|no}, description={description}, folder={foldername}, window_size={window size}, color_depth={color depth},ssl_enabled={yes|no}]—Or—set server={server_name}, [cmd={cmd_line}, dir={dir_name}]Optioncmddiranonymousenableddescriptionfolderwindow_sizeDescriptionThe command line required to run the application or scriptfile; for example, /usr/bin/diary.bin.The default working directory. This directory must exist.Leave blank to specify the user’s home directory. Note that ~/sub-dir is supported; ~otheruser is not.Type yes if the application is for anonymous use only, or no ifit is for use by users with explicit accounts only.Type no to disable an application—this stops users fromconnecting to the application without you having to delete itsconfiguration. Type yes to enable a previously disabledapplication. See “Enabling and Disabling PublishedApplications” on page 82 for more information.The description displayed on the user’s Web page. If thedescription includes spaces, enclose it within quotes. Thisinformation is required for applications accessed using theWeb Interface.The name of a folder containing the program that the WebInterface displays.The window size and type of window that the Web Interfacedisplays. Specify window size as: widthxheight, for example,1024x768; or % (percentage) of a desktop, for example, 70%.Specify type of window as seamless (the window size iscontrolled by the client) or fullscreen (full screen display).

76 Citrix Presentation Server for UNIX Administrator’s GuideOptioncolor_depthssl_enabledserverDescriptionThe number of colors used to display the application in theWeb Interface. Specify 16, 256, 4bit, 8bit, 16bit, or 24bit.Specifies whether or not SSL is used to secure connections tothe application. Type yes to use SSL, or no if you do not wantto use SSL.To change the settings on a particular server only, specify aserver name. This option applies only to the command-lineand working directory.7. To save your changes, type save.8. To exit from ctxappcfg, type exit.Displaying and Changing the Icon FileUse ctxappcfg to find out which icon is currently displayed against a publishedapplication when the application is accessed using the Web Interface.Use the export icon command to save the icon to a file. You can later view thisfile using a suitable tool. Use the import icon command to specify a new icon forthe published application.By default, the ICA icon appears. However, you can specify another icon to usefor a published application. The icon you specify must be:• A graphic in .xpm (X pixmap) format.• 32 x 32 pixels. If your icon is larger than this, use an image editor to resizeit to the correct size.To display or change the icon used for a published application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list to check the names of the applicationspublished on the server or in the server farm.4. Select the published application you want; for example,App Config> select Diary5. This displays the details for the published application; for example,Name: DiaryCommand line: /usr/bin/diary.binWorking directory: ~/tmp

Chapter 5 Publishing Applications and Desktops 77Icon: Inherited from default application settings.Anonymous: noEnabled: yesDescription:Folder:Window Size: Inherited from default application settings.Color Depth: Inherited from default application settings.SSL security configuration: Inherited from default applicationsettings.ToExport the current icon to a file that you can later view. You areprompted for the file name.Specify a different icon file for the published application. Youare prompted for the file name.Typeexport iconimport icon6. To save your changes, type save.7. To exit from ctxappcfg, type exit.Specifying Default Settings for PublishedApplicationsYou can configure default settings for all published applications in the serverfarm using the ctxappcfg command. You can configure:• Default display settings for applications accessed using the Web Interface.These settings include folder name, window size, and color depth. Thesesettings affect only applications accessed using the Web Interface, notapplications accessed using a direct client connection where displaysettings are controlled by the client.• SSL secure connections to applications.Tip To change the settings for a particular application, rather than allapplications, see “Changing the Settings of a Published Application” on page 74.To change the default settings for all published applications1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>

78 Citrix Presentation Server for UNIX Administrator’s Guide3. At a command prompt, type default. The default settings appear; forexample,App Config> defaultIcon: Not configured.Description:Folder:Window Size: 800x600Color Depth: 256 colorsSSL security enabled: no4. To change the default settings, use the set command, which has thefollowing syntax:set [folder={folder name}, window_size={window size},color_depth={color depth},ssl_enabled={yes|no}]Optionfolderwindow_sizecolor_depthssl_enabledDescriptionThe name of a folder containing the published application.This is used by the Web Interface, which can organizeapplications into logical folders.The window size and type of window that the Web Interfacedisplays. Specify window size as: widthxheight, for example,1024x768; or % (percentage) of a desktop, for example, 70%.Specify type of window as seamless (the window size iscontrolled by the client) or fullscreen (full screen display).The number of colors used to display the application. Choosefrom 16, 256, 4bit, 8bit, 16bit, and 24bit.Specifies whether or not SSL is used to secure connections tothe application. Type yes to use SSL, or no if you do not wantto use SSL.Note You cannot display the default icon using ctxappcfg; however, youcan use the export icon command to save the icon to a file that you can laterview using a suitable tool. For more information about the icon files you canuse, see “Displaying and Changing the Icon File” on page 76.5. To save your changes, type save.6. To exit from ctxappcfg, type exit.Configuring User Access to PublishedApplicationsYou can configure which users and groups of users can access a publishedapplication using the ctxappcfg command.

Chapter 5 Publishing Applications and Desktops 79For each application, the Citrix XML Service stores a list of groups and users forwhom the application is visible. The Citrix XML Service for UNIX uses the sameusers and groups as the server running Citrix Presentation Server and theunderlying UNIX operating system.You can display the users and groups allowed to access a published applicationusing the list users and list groups commands. You can also add users and groupswho are allowed to access an application, and prevent access to an applicationusing the add users, add groups, remove users, and remove groups commands.You can add netgroups in addition to normal groups. To denote a netgroup, use anat symbol (@) as the first character of the name; for example, @netgroup1. Notethat only the presence of a user in a netgroup is checked; the host and domainfields are ignored.To configure access to an application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list to check the names of the applicationspublished on the server or in the server farm.4. Select the published application you want to display information about; forexample,App Config> select DiaryThis displays the details for the published application.ToDisplay the users who are allowed to access the publishedapplication.Display the groups of users who are allowed to access thepublished application.Add users who are allowed to access the publishedapplication. Type one user name per line. Leave a blank lineto complete the list.Add groups of users or netgroups who are allowed to accessthe published application. Type one group per line. Leave ablank line to complete the list. To denote a netgroup, use an@ as the first character of the name; for example,@netgroup1.Typelist userslist groupsadd usersadd groups

80 Citrix Presentation Server for UNIX Administrator’s GuideToPrevent particular users from accessing the publishedapplication. Type one user name per line. Leave a blank lineto complete the list.Prevent groups of users from accessing the publishedapplication. Type one group per line. Leave a blank line tocomplete the list.Typeremove usersremove groups5. To save your changes, type save.6. To exit from ctxappcfg, type exit.Managing the Servers that Publish an ApplicationYou can display the servers in a farm that publish an application using ctxappcfgwith the list servers command. You can also publish an application on one ormore servers in the farm using the add servers command.Note Ensure the application is installed on a server before you attempt to publishit. After an application is installed, it can be published at any time.To remove a published application from particular servers in the farm, you use theremove servers command. This removes the application only from the serversyou specify; the application remains on other servers in the farm. If you want tocompletely remove a published application from all servers in the farm, use thedelete command; for more information, see “Deleting a Published Applicationfrom All Servers” on page 81.To manage the servers that publish an application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list to check the names of the applicationspublished on the server or in the server farm.4. Select the published application you want to display information about; forexample,App Config> select Diary

Chapter 5 Publishing Applications and Desktops 81This displays the details for the published application.ToDisplay all servers in the farm that publish the application.Publish the application on another server in the farm. Typeone server name per line. Leave a blank line to complete thelist. To specify all current servers in the farm, type anasterisk (*). To specify all current and future servers in thefarm, type a plus sign (+).Remove the published application from one or more serversin the farm. Type one server name per line. Leave a blankline to complete the list.Typelist serversadd serversremove servers5. To exit from ctxappcfg, type exit.Deleting a Published Application from All ServersDeleting a published application removes all published application configurationinformation from all servers in the farm. When you delete a publishedapplication, that application is no longer available to client users under thepublished application name (although it may be available as another publishedapplication or from a server desktop session).Tip To temporarily stop users from connecting to a published application, disablethe published application. Disabling a published application does not delete itsconfiguration, and it can be quickly enabled at a later stage. See “Enabling andDisabling Published Applications” on page 82 for further information.If you want to make the application available again, republish it under its oldname or with a new name.To delete a published application from the farm1. Run ctxappcfg. At a command prompt, type list to display the names of theapplications published on the server.2. Select the published application you want to delete; for example,App Config> select Diary3. Type delete.4. Confirm the deletion by typing y.5. Type exit.

82 Citrix Presentation Server for UNIX Administrator’s GuideEnabling and Disabling Published ApplicationsYou can disable a published application without having to delete itsconfiguration. This is useful when you want to temporarily stop users fromconnecting to a published application; for example, to upgrade the application toa newer version or to apply patches. A disabled application can be quicklyenabled at a later stage.When you disable a published application, users can no longer see or connect tothe disabled application on any of the servers in the farm.NoteWhen you publish an application, it is enabled by default.To enable or disable a published application1. Use the ctxappcfg utility with the set command, as described previously in“Changing the Settings of a Published Application” on page 74.2. Set the enabled option to no to disable an application, or set it to yes toenable a previously disabled application.Creating a New Published Application from ExistingDetailsAfter you publish an application, you can reuse the settings by copying the detailsto a new name.To copy details to create a new published application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list to check the names of the applicationspublished on the server.4. Select the published application that has the details you want to copy; forexample,App Config> select DiaryThis displays the details for the published application.5. Type copy and the new name for the published application at the prompt.

Chapter 5 Publishing Applications and Desktops 836. Type drop.7. Change the details for the new published application using the setcommand, as described previously in “Changing the Settings of a PublishedApplication” on page 74.8. When you are finished configuring the published application, type save tosave the changes.9. To exit from ctxappcfg, type exit.Renaming a Published ApplicationAfter you publish an application, you can change its name by copying the settingsto a new name, then deleting the original.To rename a published application1. Log on to the server as an administrator.2. At a command prompt, type ctxappcfg. This starts the program anddisplays the following prompt:App Config>3. At a command prompt, type list to check the names of the applicationspublished on the server.4. Select the published application you want to rename; for example,App Config> select DiaryThis displays the details of the published application.5. Type copy and the new name for the published application at the prompt.6. Type drop.7. To delete the original published application settings, select the originalapplication and use the delete command. See “Deleting a PublishedApplication from All Servers” on page 81 for more details.Restricting Connections to Published Applications OnlyYou can restrict users so that they can connect only to published applications on aserver. Doing so prevents users from connecting to a server by name or to theserver desktop.Because connections to server desktops consume considerable server resources,restricting users to published applications makes more efficient use of resources.

84 Citrix Presentation Server for UNIX Administrator’s GuideTo restrict connections to published applications only1. Log on to the server as an administrator.2. Use the ctxcfg command to allow users to run only published applications:ctxcfg -i PUBONLYNote To restrict access on several servers, you must run ctxcfg -i PUBONLY ateach server.Configuring an Initial ProgramAn initial program is an application that Presentation Server starts automaticallywhen a user logs on. Closing the initial program does not terminate the ICAsession.Initial programs:• Can be set on the server by an administrator.• Can be set from a client device as part of the properties for a specific clientconnection. If an initial program is configured on the server and client, theinitial program configured on the server is started when a user logs on.To configure an initial program on the server1. Log on to the server as an administrator.2. At a command prompt:ToConfigure the server so that if aninitial program is set on the client, itis used.Configure the server to start theinitial program progname whenevera user connects, where wd is theworking directory.List the current initial programdetails.Use the commandctxcfg -i INHERITctxcfg -iprog=progname,wd=dirctxcfg -i list

Chapter 5 Publishing Applications and Desktops 85Publishing Preconfigured Applications for AnonymousUseWhen a user logs on to use an application that you published for anonymous use,the user is assigned an empty home directory. When the user logs off, any filesthat the user creates in this directory are deleted.Some applications use configuration files that initialize settings when theapplication starts. For example, an application such as a Web browser may useproxy settings, file paths, and font and display settings. In normal use, a userconfigures these settings once. If the configuration files are not available, theapplication starts in its default configuration.You can set up configuration files for applications that you publish foranonymous use. You create these in a special template directory called/usr/anon/anontmpl. When a user logs on, all files in the template directory arecopied to the assigned home directory.To create configuration files for an application1. Create a user (for example, called “anontmpl”) with home directory set to/usr/anon/anontmpl. Use this user account only to preconfigure applicationsfor anonymous use.2. Log on to the server as this user and run the application you want toconfigure.3. Configure the application so that it mirrors the settings you want to providewhen an anonymous user logs on. For example, for a Web browserapplication such as Netscape, you may want to set proxy server settings orclear the cache.4. Exit the application.5. Start the application again and make sure that the application works asrequired. If not, adjust the process and repeat until you are sure that thecorrect configuration is in use when the application starts.6. Using grep or a text editor, search for occurrences of the user name orfolder name (in this example, “anontmpl”) in each of the files in /usr/anon/anontmpl.7. Make the template directory readable by everyone using:chmod -R a+rX8. Log on as an administrator.

86 Citrix Presentation Server for UNIX Administrator’s Guide9. Edit the script file ctxanoninit.sh. This file is installed in the followingdirectory:/opt/CTXSmf/lib/usr/lpp/CTXSmf/lib10. For each file containing occurrences of “anontmpl” in the files in/usr/anon/anontmpl, add lines to the end of ctxanoninit.sh that use the sedcommand to substitute the user name and home directory.For example, a Netscape preferences file contains references to the homedirectory, so add the following lines to the end of ctxanoninit.sh:sed –e “s,anontmpl,$USER,g” $ANON_TMPL_DIR/.netscape/preferences.js >newprefs.jsrm .netscape/preferences.jsmv newprefs.js .netscape/preferences.js# add commands here to set the correct file permissions.Note Use the environment variable $USER, which is set automatically by/bin/sh, to determine the name to substitute.11. Publish the application for anonymous use. Make sure that the applicationworks by launching a session from a client, repeating the above steps asnecessary.

CHAPTER 6Managing Servers, Users, andSessionsOverviewThis chapter describes how to manage the users, sessions, and processes on aserver running Citrix Presentation Server. It includes how to:• Display information about sessions and users• Display information about the servers on the network• Log off, disconnect, and reconnect sessions• Reset sessions in case of error• Shadow ICA sessions• Send messages to users on your server• Display available client printers and print files from the command-line orfrom applications• Connect to a remote server from within an ICA sessionDisplaying Information about Users and SessionsYou can display information about connections to one or more computers runningCitrix Presentation Server in a farm. This includes information about the userswho are connecting and session details, such as the session id and session state.To display a default listing of session details, use the ctxqsession command. Todisplay a similar listing, ordered by user name, use the ctxquser command. If yourequire more information about sessions, such as the X display number, or youwant to display information in a format that differs from the default listing, usethe ctxquery command. You can also use ctxquery to produce machine-readableoutput. These commands are described in the following section.

88 Citrix Presentation Server for UNIX Administrator’s GuideDisplaying Session DetailsTo display a default listing of session details, use the ctxqsession command.To display session details1. Run the ctxqsession command.ToDisplay sessions on the local serverDisplay sessions on another server inthe farmDisplay sessions on all the servers inthe farmTypectxqsessionctxqsession -s servernamewhere servername is the name of theserver you want to queryctxqsession -S2. A list similar to the following appears:For details about the information that appears, see “About the Display” on page91.Displaying Session Details by User NameTo display a default listing of session details by user name for all the currentsessions, use the ctxquser command. This command displays information aboutsessions on a server, in order of user name. It displays active, connected sessionsonly; it does not display idle sessions or sessions in the process of connecting.

Chapter 6 Managing Servers, Users, and Sessions 89To display session details, by user name1. Run the ctxquser command:ToDisplay all user sessions on thelocal serverDisplay a specific user sessionon the local serverDisplay all user sessions onanother server in the farmDisplay a specific user sessionon another server in the farmDisplay all user sessions on allthe servers in the farmDisplay a specific user sessionon all the servers in the farmTypectxquserctxquser user usernamewhere username is the name of the user youwant to queryctxquser -s servernamewhere servername is the name of the server youwant to queryctxquser -s servername user usernamewhere servername is the name of the server andusername is the name of the user you want toqueryctxquser -Sctxquser -S user usernamewhere username is the name of the user youwant to query2. A list similar to the following appears:Note For details about the information that appears, see “About the Display” onpage 91.

90 Citrix Presentation Server for UNIX Administrator’s GuideDisplaying More Details or Details in a DifferentFormatYou can display more information about users and sessions than ctxquser orctxqsession can provide, using the ctxquery command. For example, you can usectxquery to display the X display number or the name of a published application.You can also use ctxquery to configure the display format. This is useful if yourequire information in a format other than the default provided by ctxquser orctxqsession; for example, to display fields in a particular order or producemachine-readable output.ctxquery has the following syntax:ctxquery -f short_format_options | -o long_format_options |[-m] | [-S | -s server_name user user_name]You can use ctxquery to display information about sessions and users using the-S | -s server_name user user_name options, in the same way as you do usingctxqsession and ctxquser. For information about using these options, refer to thectxquser and ctxqsession commands.This section discusses how to configure the display format using the-f short_format_options and -o long_format_options. With these options, youinput either characters or keywords, respectively, to produce your listing. Thecommands generate the same information so it is a matter of preference as towhich one you choose. For a list of the short and long format options, see “Aboutthe Display” on page 91. The use of ctxquery is illustrated in the followingexample.ExampleTo locate a user called “Fred,” the X display number he is using, and thepublished application he launched, type:ctxquery -o user,id,state,xdpy,app user fred—Or—ctxquery -f uiSxp user fredTipFor additional examples of how to use ctxquery, see the ctxquery man page.Producing Machine-Readable OutputYou can use ctxquery with the -m option to produce machine-readable output.This alters the column headers to remove spaces so that a constant number ofcolumns appears on every line, making the output machine-readable. Forexample:

Chapter 6 Managing Servers, Users, and Sessions 91ctxquery -f uiSxp user fred -mAbout the DisplayThe following table shows the information displayed by the ctxqsession,ctxquser and ctxquery commands. It also shows the keywords and charactersyou can use to configure the display format with ctxquery.Display Description ctxquery-o optionctxquery-f optionSESSIONThis is in the format servername:id, where servername is the nameof a server in the farm, and id is the session identifier. For example,server1:34 means session 34 running on server1.idiSESSIONNUMBERThe session id number only. Use this to display the session numberwithout the “servername:” prefix.sess#NSESSIONNAMEThe session name; for example, tcp#41. sess nUSERNAME The name of the user. user uSTATElisten—indicates the session that is listening for new incomingconnections.active—indicates an established, active connection.connq—indicates a brief session initialization phase that occursbefore the logon prompt appears, and during reconnect.init—a brief session initialization phase.conn—indicates a session that is being connected.disc—indicates a disconnected session.down—indicates a broken session.shadow—indicates that the user of this session is shadowinganother.reset—indicates a session currently being reset.stateSTYPE wdica—indicates that the ICA protocol is being used. type tDEVICE The name of the client device. dev dIDLE TIMEThe length of time since there was user activity in this session. Itmay take some time to display this, depending on the number ofusers and how they are distributed across servers.idleILOGON TIME The time the user logged on to the system. logon lCLIENTADDRESSThe hardware address of the client device. addr a

92 Citrix Presentation Server for UNIX Administrator’s GuideDisplay Description ctxquery-o optionAPPLICATIONNAMESERVERNAMEDISPLAYThe name of the published application. app pThe name of the server in the farm. srvr sThe X display number.To display this without the “:” prefix using ctxquery, use a capitalX.Displaying Information about Servers on the NetworkUse the ctxqserver (query server) command to display information about serverson the subnet. You can display information such as server name and networkaddress, transport protocol, and the number of connections available.To display information about all servers on the subnetAt a command prompt, type:ctxqserverTo display information about a specific serverxdpyXdpyAt a command prompt, type ctxqserver and specify the server name:ctxqserver server-namectxquery-f optionxX

Chapter 6 Managing Servers, Users, and Sessions 93About the DisplayThe ctxqserver command displays:DisplayServerTransportConnsFreeTotalNetworkAddressDescriptionThe server name.The transport protocol; that is TCP/IP.The current number of ICA connections on the server.The remaining number of connections the server is capable ofreceiving.The current number of ICA connections plus the number of freeconnections.The IP address of the server. An M next to the IP address indicatesthat the server is the master browser.Note• You can use ctxqserver to display information specific to serversrunning Citrix Presentation Server (such as ICA gateways), or aboutpublished applications and client sessions on the subnet. You can alsouse ctxqserver to send requests to servers. For information about theother options available with ctxqserver, see the “Command Reference” onpage 195.• If the server has more than one network interface card (NIC) and youconfigured it so that the ICA browser listens on only one subnet,ctxqserver displays information only about this one subnet. For moreinformation, see “If a Server Uses Multiple Network Interface Cards” onpage 153.Ending a SessionTo end a session, you can use commands that either log off or disconnect thesession. You can log off or disconnect sessions on the local server or on otherservers in the farm.• Disconnecting a session terminates the connection between the server andclient. However, the user is not logged off, all running programs remainactive, and the user can later reconnect to the disconnected session.• Logging off a session terminates the connection and all running programs,and the user cannot reconnect to the session.

94 Citrix Presentation Server for UNIX Administrator’s GuideLogging off from a SessionUse the ctxlogoff command to log off from a session.To log off from your own sessionType ctxlogoff.To log off another user’s session1. Log on to the server as an administrator.2. At a command prompt, type ctxqsession to display sessions on the localserver or in the farm. For more information about ctxqsession, see“Displaying Information about Users and Sessions” on page 87.3. From the results of ctxqsession, identify the session id of the connectionsession you want to forcibly log off.Note In Citrix Presentation Server for UNIX Version 4.0, you must specifya session identifier. Session names are no longer supported.4. At a command prompt:ToLog off a session on the local serverLog off a session on another server inthe farmUse the commandctxlogoff idctxlogoff servername:id , whereservername is the name of a server in thefarm, and id is the session identifier. Forexample, server1:34 means session 34running on server1.Disconnecting a SessionUse the ctxdisconnect command to disconnect a session.To disconnect your own sessionClose the client or type ctxdisconnect at a command prompt.To disconnect another user’s session1. Log on to the server as an administrator.2. At a command prompt, type ctxqsession to display sessions on the localserver or in the farm. For more information about ctxqsession, see“Displaying Information about Users and Sessions” on page 87.

Chapter 6 Managing Servers, Users, and Sessions 953. From the results of ctxqsession, identify the session id of the session youwant to disconnect.Note In Citrix Presentation Server for UNIX Version 4.0, you must specifya session identifier. Session names are no longer supported.4. At a command prompt:ToDisconnect a session on the localserverDisconnect a session on anotherserver in the farmUse the commandctxdisconnect idctxdisconnect servername:id,where servername is the name of a serverin the farm, and id is the session identifier.For example, server1:34 means session 34running on server1.If a user logs on to the server and there is a disconnected session on the serverbelonging to that user, the user is given a choice of whether to connect to thedisconnected session or start a new session.Note You cannot disconnect an anonymous user session because you cannotreconnect to the session when the identity of the user is unknown. If an anonymoussession is disconnected, the session is logged off.Connecting to a Disconnected SessionUse the ctxconnect command from within an ICA session to reconnect to adisconnected session on the local server.A user can connect to a previously disconnected session by logging on again withthe same user name. Once logged on, if there are disconnected sessions on theserver, the user can reconnect to the disconnected session or start a new session.An administrator can connect to any user’s session. Other users can connect onlyto their own sessions.

96 Citrix Presentation Server for UNIX Administrator’s GuideTo connect to a disconnected session1. At a command prompt, type ctxqsession to display current sessions on thisserver. A disconnected session shows disc in the State field.2. From the results of the ctxqsession command, identify the session idassociated with the session to which you want to connect.3. At a command prompt from within an ICA session, type:ctxconnect idwhere id is the session id of the session to which you want to connect.The server disconnects your current session and connects you to the selectedsession.Note Your connected session must be capable of supporting the video resolutionused by the disconnected session. If the session does not support the required videoresolution, the operation fails.Resetting a SessionYou can reset a session in the event of an error using the ctxreset command. Youcan reset a session on the local server or another server in the farm. The systemwill attempt to terminate all processes running within that session. Resetting asession may cause applications to close without saving data.To reset a session1. Log on to the server as an administrator.2. At a command prompt, type ctxqsession to display sessions on the localserver or in the farm. For more information about ctxqsession, see“Displaying Information about Users and Sessions” on page 87.3. From the results of ctxqsession, identify the session id you want to reset.Note In Citrix Presentation Server for UNIX Version 4.0, you must specifya session identifier. Session names are no longer supported.

Chapter 6 Managing Servers, Users, and Sessions 974. At a command prompt:ToReset a session on the local serverReset a session on another serverin the farmUse the commandctxreset idctxreset servername:id, where servername isthe name of a server in the farm, and id is thesession identifier. For example, server1:34means session 34 running on server1.Reconnecting to Load Balanced SessionsPublished applications allow users to run applications or access a desktop sessionwithout knowing the name or address of a particular server. If the publishedapplication is located on a single server, users can disconnect and reconnect to thesame session.If the published application is configured to run on multiple servers, users mustbe reconnected to the same server to reconnect to their session. The ICA browsercan reconnect users to their previous session on the same server under certainconditions.For a user to reconnect to disconnected load balanced sessions:• The user must disconnect gracefully from the server; for example, by usingctxdisconnect• The user must reconnect from the same client device (using the same clientname)Use ctxqsession to view a list that displays disconnected sessions; see“Displaying Information about Users and Sessions” on page 87.Note If users frequently disconnect and reconnect their sessions rather thanlogging off, the number of sessions on a server farm may not be evenly distributedbecause users are reconnected to their previous sessions on the same servers.Shadowing a User’s SessionYou can monitor the actions of users, and interact with their sessions, using thekeyboard and mouse. This is called shadowing. The person who issues thectxshadow command is called the shadower, and the session being shadowed iscalled the shadowed session.

98 Citrix Presentation Server for UNIX Administrator’s GuideUse the ctxshadow command to shadow another user’s session:ctxshadow {id | servername:id} [-v] [-h[[a][c][s]+]x]The ctxshadow command is a user command, rather than a system administrationcommand. Therefore, any user can shadow any other session, provided theshadowed user approves the shadowing, and Presentation Server security permitsthe user to shadow. Disabling shadowing notification means that a user may beunaware that shadowing is occurring. See “Enabling or Disabling Shadowing” onpage 115 for more information.Note The following procedure assumes that you will use the CTRL+* (asterisk)hotkey combination to end shadowing. If you cannot use this hotkey combination,or you want to use an alternative combination to end shadowing, see “EndingShadowing” on page 99.To start shadowing a session1. Log on to an ICA session.2. At a command prompt, type ctxqsession to display the current sessions onthis server.3. From the results of the ctxqsession command, identify the session id of theuser’s session that you want to shadow.Note In Citrix Presentation Server for UNIX Version 4.0, you must specifya session identifier. Session names are no longer supported. You cannotshadow a session on another server.4. At a command prompt, type ctxshadow and specify a session id. Use the -v(verbose) argument to display more information during the shadow sessioninitiation; for example:ctxshadow server1:5 -vThe user is notified of the pending shadowing, and is given the opportunity toallow or deny the shadowing (unless notification was disabled for shadowingusing ctxcfg—see “Enabling or Disabling Shadowing” on page 115 for details).If the user does not respond to the notification message, the shadow request timesout and is terminated.

Chapter 6 Managing Servers, Users, and Sessions 99About Shadowing and the ClipboardThe user of the shadowed session can use the clipboard to copy and pastebetween the client session and applications running locally. As shadower, youcannot access the contents of the shadowed session’s clipboard—information inthe clipboard belongs to the shadowed session. However, if you copy informationto the clipboard while shadowing, this information is available to the shadowedsession for pasting.Ending ShadowingBy default, you can end shadowing using the CTRL+* (asterisk) hotkeycombination.To end the shadowing sessionPress CTRL+* (asterisk) key of your keyboard’s numeric keypad.Configuring a Different Hotkey to End ShadowingIf you cannot use the default hotkey combination from the client device you areusing or you prefer to use an alternative, you can configure your owncombination. You do this using the ctxshadow command.The hotkey you configure applies only to the current shadowed session andtherefore needs to be set up each time you shadow a session.To configure a different hotkey to end shadowing1. Log on to an ICA session.2. At a command prompt, type ctxqsession to display current sessions.3. From the results of ctxqsession, identify the session id of the user’s sessionthat you want to shadow.4. At a command prompt, type:ctxshadow {id | servername:id} [-h [[a][c][s]+]x]where [a][c][s] and x is the hotkey combination you want to use to endshadowing—choose this combination from:[a][c][s]xa = ALT; c = CTRL; s = SHIFTNote: you can use any combination of a, c and s, including all ornone.)Choose from the alphanumeric characters: a to z (or A to Z) and0 to 9.

100 Citrix Presentation Server for UNIX Administrator’s GuideExampleTo begin shadowing, and to specify a hotkey combination of ALT+q to stopshadowing the session, type:ctxshadow server1:5 -h a+qNote The hotkey combination is not case-sensitive; therefore, in the aboveexample, you could choose ALT+Q or ALT+q to stop shadowing.Sending Messages to UsersYou can send a message to users using the ctxmsg command. A message can besent to a particular session or to all sessions, either on the local server or in theentire server farm.Tip If a message includes spaces or any other characters that have a specialmeaning in your UNIX shell, enclose all the text in double quotes.To send a message to users1. Log on to the server as an administrator.2. If you want to send a message to particular sessions, use ctxquser todisplay the current sessions. From the results of ctxquser, identify a sessionid for the users and sessions you want to send a message to. For moreinformation about ctxquser, see “Displaying Information about Users andSessions” on page 87.Note In Citrix Presentation Server for UNIX Version 4.0, you must specifya session identifier. Session names are no longer supported.

Chapter 6 Managing Servers, Users, and Sessions 1013. At a command prompt:ToSend a message to a session on the localserver.Send a message to a session on anotherserver in the farm.Send a message to all sessions on aparticular server.Send a message to all sessions on the localserver.Send a message to all sessions on allservers in the farm.Send a message that includes a time-outperiod, in seconds. The message appearson the user’s screen until it times out orthe user dismisses it.Send a message that will suspend yourterminal window until the message timesout or is dismissed by the user. Note that acommand prompt appears only when theuser responds or the message times out.Use the commandctxmsg id message, where id is thesession identifier.ctxmsg servername:id message,where servername is the name of aserver in the farm, and id is thesession identifier. For example,server1:34 means session 34 runningon server1.ctxmsg -s servername message,where servername is the name of aserver in the farm.ctxmsg -a messagectxmsg -S messagectxmsg id message timeoutctxmsg -w id message timeoutExamplesctxmsg 11 Helloctxmsg server1:34 “Happy Birthday”ctxmsg 5 “Fancy lunch?” 30ctxmsg -w server1:34 “Are you at your desk?” 60ctxmsg -S “Get out, the building is on fire”Tip To inform users that the server is about to shut down, use the message optionwith the ctxshutdown command. See “Stopping Citrix Presentation Server” onpage 39.

102 Citrix Presentation Server for UNIX Administrator’s GuidePrintingThis section describes the information your clients need to know when they wantto print. It explains how users can list available client printers and print files froma command prompt or from applications.In the UNIX environment, the application performs the print rendering. The printdriver is specified inside the application or, in the case of a desktop utility, rawunformatted text is generated.Displaying Client Printers or Printer PortsWhen a client connects to a server, client printers are mapped and are availablefrom the desktop command-line and from applications running in the session.From a client session, users can list the mapped client printers or available printerports using the ctxprinters command.To display mapped client printersAt a command prompt, type:ctxprintersA list of printers configured on the client and mapped for use from the ICAsession appears.(default) appears after the printer that is the default. The following information isshown for each printer:• Printer name or printer port (for example, lpt1). This can be used in thectxlpr -P command to specify a printer other than the default.• Printer driver name. This is for information only.• Printer connection description. This is for information only.

Chapter 6 Managing Servers, Users, and Sessions 103Printing from a Command-LineWithin an ICA session, users can print a file from the command-line by usingctxlpr, instead of lpr or lp. If no files are specified, the ctxlpr command takes itsinput from standard input (stdin).To print a file from a client session1. At a command prompt, type ctxprinters.2. From the results of ctxprinters, identify the printer or printer port that youwant to use. To print to a printer other than the default, note the printername (the printer name is the first item in the ctxprinters listing).3. At a command prompt:ToPrint the file named filename to thedefault printer.Print a series of files to the default printer.Each file is treated as a separate print job.Print a file to a printer (or printer port)other than the default. This is the printername or printer port shown in the firstcolumn of the output from ctxprinters.Print a file in the background.Print a file only if the printer is not in use.Use this option to stop an applicationwaiting while other printer jobs arehandled. If the printer is in use, an errormessage appears.Use the commandctxlpr filenamectxlpr filename filenamectxlpr -P [Printername | Printerport]filenamectxlpr -b filenamectxlpr -n filenameExamplesTo send the file mydoc.ps to the printer \\PRINTSRVR\Sales_HP4000, use thefollowing command:ctxlpr -P '\\PRINTSRVR\Sales_HP4000' mydoc.psNote In some UNIX shells, a backslash (\) has a special meaning so you mayneed to substitute a double backslash (\\). For example:ctxlpr -P "\\\\PRINTSRVR\\Sales_HP4000" mydoc.psIf you are using a client that uses direct printer port mapping:ctxlpr -P lpt2 mydoc.ps

104 Citrix Presentation Server for UNIX Administrator’s GuidePrinting from ApplicationsThe exact configuration of how to set up printing from applications depends onthe behavior and user interface of the UNIX application.If the user interface for an application allows you to specify the actual printercommand to use when printing, you can configure client printing by replacing thelpr or lp command with the ctxlpr command.When a user connects to the server and prints from the application in a session,the server redirects the output to the mapped client printer.Often, in this type of application, you can also specify the command-linemodifiers on a different line. You can use the same switches for ctxlpr as whenprinting from the command-line. For example, use -P with a printer name (orprinter port) to print to a printer other than the default; -b for background printing,and so on.Tip If the user interface of an application does not allow you to specify the actualprinter command to use when printing, find out whether or not the application (orwindow manager) uses a configuration file where you can replace the lprcommand functionality with ctxlpr.Troubleshooting PrintingBecause UNIX applications generally produce only UNIX ASCII text orPostScript output, PCL (Printer Control Language) printers are not suitable.Therefore, ensure your client printers support PostScript. If you do not have aPostScript printer, install a utility such as Ghostscript to convert PostScript filesto a different output format, such as PCL.If text does not print correctly, this may be due to carriage return / line feeddifferences between UNIX and DOS text files. To print a UNIX text file to aWindows printer, use a utility such as unix2dos. For example, to print a UNIXtext file called “printfile” type:unix2dos printfile | ctxlprux2dos printfile | ctxlprAlternatively, use Perl instead. For example, type:perl -pe 's/\n$/\r\n/' printfile | ctxlprOr, create a script file called “unix2dos” that includes the following:#!/bin/shperl -pe 's/\n$/\r\n/' "$@"

Chapter 6 Managing Servers, Users, and Sessions 105Make the script file executable using chmod a+rx unix2dos. You can now usethe script file just like the unix2dos utility.Connecting to a Remote Server from an ICA SessionThis section explains how to establish a connection to a remote server fromwithin an ICA session.When you establish a remote session, you must set the $DISPLAY environmentvariable in the remote session to ensure that graphics, keystrokes, and mouseclicks are sent back to your ICA session. To simplify the setting of $DISPLAY,use the $CITRIX_REMOTE_DISPLAY environment variable.ExampleThe following example shows how to establish a connection to the remote server“Emily” from within an ICA connection to the server “Bagpuss” and how tocorrectly set the value of the $DISPLAY variable using$CITRIX_REMOTE_DISPLAY.ICA connectionrloginClientBagpussCitrix Presentation ServerEmilyRemote server$CITRIX_REMOTE_DISPLAYTo connect to the remote server Emily from an ICA session1. Establish an ICA connection to Bagpuss.2. Open a terminal window and display the value of the$CITRIX_REMOTE_DISPLAY environment variable. At a commandprompt, type:setenv | grep CITRIX_REMOTEThe system displays a value; for example, bagpuss:10.0.3. Make a note of the value of $CITRIX_REMOTE_DISPLAY.4. Establish a remote logon session to “Emily” using the rlogin command:rlogin emily5. Enter your logon password.

106 Citrix Presentation Server for UNIX Administrator’s Guide6. Open a terminal window and set the value of the $DISPLAY environmentvariable to the value of $CITRIX_REMOTE_DISPLAY. For example, ifyou are using a C shell, type:setenv DISPLAY bagpuss:10.0

CHAPTER 7Configuring Citrix PresentationServerOverviewThis chapter describes how to configure a server running Citrix PresentationServer for UNIX to provide the required resource access and session behavior forthe client users of your network. Topics in this chapter include:• Configuring the server• Screensaver recommendations• Customizing the appearance of a server• Configuring X Server settingsConfiguring the ServerYou can configure your server in different ways to control access to services forusers connecting to the server. The combination of settings you use depends onhow you intend to use your servers. From the server, you can configure settingsthat include:• The number of ICA sessions you want to allow at this server.• What happens to a session if the connection is broken or times out.• Whether or not to allow local printer mapping. If you enable printermapping from the server, client users can configure and use their localprinter to print from applications that are actually running on the server.• Whether or not to allow local clipboard mapping. If you enable clipboardmapping from the server, client users can copy and paste text between

108 Citrix Presentation Server for UNIX Administrator’s Guideapplications running on the client device and the remote applicationsrunning on the server.• Whether or not to allow shadowing.• The maximum permitted session duration, and how long to leave idle ordisconnected sessions before timing out.• Whether or not to allow users to log on without a home directory.• Mouse-click feedback.Note User access to commands and sessions is controlled by the ctxsecurityfunction. See “Configuring Citrix Presentation Server Security” on page 140 forinformation.Controlling Logon SettingsWhen client users connect to a server, the users need to supply a user name andpassword (unless they are accessing an application published for anonymoususe). Users can either type this information in the dialog box that appears whenthey connect to the server or published application, or configure the client so thattheir user name and password are saved as part of the properties for a particularconnection.You can also use the ctxcfg tool on the server to configure settings that give youand client users flexibility and security when logging on.To display the current logon settings1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -a listThis displays the current logon settings.

Chapter 7 Configuring Citrix Presentation Server 109NoteThe list argument never displays passwords.To change the logon settings1. Log on to the server as an administrator.2. At a command prompt:ToConfigure the server so that if logondetails are set on the client, they are used.Configure the server so that a user loggingon is always prompted for a password,regardless of any password set in theserver or the client.Configure the server so that a user loggingon is not prompted for a password.Set a default user name for all users wholog on to the server. For example, you canuse this to set up a guest user account.Set a password for all users who log on tothe server. Type pass as a keyword;ctxcfg then displays a prompt where youcan type the password. Note that if youdid not set up a user name, this setting isignored.Erase any user name and password detailsthat were set (using the user and passoptions) and configure the server to uselogon details set on the client.Use the commandctxcfg -a INHERITctxcfg -a prompt=TRUEctxcfg -a prompt=FALSEctxcfg -a user=namectxcfg -a passctxcfg -a ERASE

110 Citrix Presentation Server for UNIX Administrator’s GuideConfiguring RSA SecurID SupportCitrix Presentation Server supports RSA SecurID Versions 4.2 and 5.0, allowingyour users to log on to computers running Presentation Server using RSASecurID authentication.Before you configure your servers for RSA SecurID support, ensure that youinstalled SecurID correctly. Citrix recommends that you test whether or not youcan log on to your system using RSA SecurID before you attempt to use SecurIDwith Presentation Server.To configure RSA SecurID support on Citrix Presentation Server1. Log on as root to the server.2. Go to the directory where RSA SecurID is installed, and change to the progdirectory below it.3. Find the program files Xprompt (this file is called XPrompt in Version 4.2)and sdfindshell.4. Copy the files into the /usr/sbin directory. Note that the copy of XPromptmust use this spelling, regardless of whether the original is spelled Xpromptor not.5. Make the copy of XPrompt executable by using chmod +x.Setting the Number of Permitted ICA ConnectionsYou can specify a maximum number of concurrent ICA connections that aparticular server will support.To check the current number of permitted connections1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -l listThis command displays the number of logons permitted or displays UNLIMITEDif no limit is set.

Chapter 7 Configuring Citrix Presentation Server 111To change the number of permitted connections1. Log on to the server as an administrator.2. At a command prompt:To setA maximum, where n is the number ofconcurrent connections you want to allow.No limit to the number of concurrentsessions you want to allow.Use the commandctxcfg -l max=nctxcfg -l max=UNLIMITEDNote The number of ICA connections that a server can support is alsoaffected by Citrix Licensing—see the Getting Started with Citrix LicensingGuide for more information.Controlling Behavior for Disconnected or BrokenConnectionsA broken connection occurs when the communication link between the client andthe server is interrupted; for example, as the result of a network failure.Use the ctxcfg tool with the -c option to control the behavior for broken ortimed-out connections, and to specify reconnection options.To display the current configuration for broken and timed-out connections1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -c list

112 Citrix Presentation Server for UNIX Administrator’s GuideTo configure the settings for disconnected and broken connections1. Log on to the server as an administrator.2. At a command prompt:To configure the server so thatBroken connections are immediatelyreset.Broken connections are disconnected.A user is automatically logged off from abroken connection.A user can connect to a disconnectedsession from any client device.A user can connect to a disconnectedsession only from the original terminal.Use the commandctxcfg -c broken=resetctxcfg -c broken=disconnectctxcfg -c broken=logoffctxcfg -c reconnect=anyctxcfg -c reconnect=originalYou can configure the system so that disconnected sessions are reset or logged offautomatically after a time-out interval, or continue until a user (or anadministrator) resets the session. See “Controlling Time-Out Behavior” onpage 116 for details about how to set a time-out interval for disconnectedsessions.Enabling or Disabling Printing for UsersClient printer mapping allows client users to use printers that are available on theclient device from applications running on a server.Use the ctxcfg tool with the -p switch to enable or disable client printer mapping.To check if client printing is currently enabled or disabled1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -p list

Chapter 7 Configuring Citrix Presentation Server 113To enable or disable client printing1. Log on to the server as an administrator.2. At a command prompt:ToEnable client printing.Disable client printing.Use the commandctxcfg -p enablectxcfg -p disableEnabling or Disabling Clipboard MappingUsers can copy text and graphics between server-based applications andapplications running locally on the client device. Even if an application is runningon the server, the clipboard behaves as if it is on the client device.Use the ctxcfg tool with the -C switch to enable or disable client clipboardmapping.To check if the client clipboard is currently enabled or disabled1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -C listTo enable or disable the client clipboard1. Log on to the server as an administrator.2. At a command prompt:ToEnable client clipboard mapping.Disable client clipboard mapping.Use the commandctxcfg -C enablectxcfg -C disable

114 Citrix Presentation Server for UNIX Administrator’s GuideProviding Additional Graphics Clipboard SupportCitrix Presentation Server for UNIX provides users with the ctxgrab tool that letsthem grab windows or screen areas and copy them from an application in a clientwindow to an application running on the local client device.By default, ctxgrab is available to users connecting to published applicationsthrough the ctxwm window manager as follows:• In a seamless window, right click the button in the top, left hand cornerof the screen to display a menu and choose the Screen Grab option.• In a “full screen” window, right click to display the ctxwm menu andchoose the Screen Grab option.Users connecting to a server desktop can run the tool by typing ctxgrab at acommand prompt.If you have users who require more extensive graphics clipboard support, you candeploy the ctxcapture tool. With ctxcapture users can:• Grab dialog boxes or screen areas and copy them between an application ina client window and an application running on the local client device,including non-ICCCM-compliant applications.• Copy graphics between the client and the X graphics manipulation utilityXV. XV is a shareware utility that is available for download from theInternet.Providing Users with ctxcaptureYou do not have to do anything to make ctxcapture available to users connectingto a server desktop; it is available from a command prompt by typing ctxcapture.To make ctxcapture available to users who are connecting to publishedapplications, you make it available from the ctxwm window manager. To do this,you edit the ctxwmgrab.sh script to make ctxcapture, rather than ctxgrab,available.To make ctxcapture available to users of published applications1. Log on to the server as an administrator.2. Open the ctxwmgrab.sh script. This is located in the:/opt/CTXSmf/lib directory/usr/lpp/CTXSmf/lib directory

Chapter 7 Configuring Citrix Presentation Server 1153. Find the following line:exec /opt/CTXSmf/bin/ctxgrabexec /usr/lpp/CTXSmf/bin/ctxgrab4. Substitute ctxgrab with ctxcapture.Enabling or Disabling ShadowingSession shadowing allows you to monitor the display of another active session.Shadowing lets you see what users are doing and interact with their sessions,using the keyboard and mouse. You can shadow active sessions on the sameserver.Use the ctxcfg tool with the -s switch to configure shadowing.Note By default, any user can shadow any other session. To change this, usePresentation Server security; see “Configuring Citrix Presentation Server Security”on page 140 for further information.To display the current shadowing settings for the server1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -s listThe shadowing configuration for the current server appears, for example:

116 Citrix Presentation Server for UNIX Administrator’s GuideTo change the shadowing settings for the server1. Log on to the server as an administrator.2. At a command prompt:To enable shadowingSo that sessions on the server can be shadowed.By default, input is set to on and notify to on.To change the input and notify optionsSo that the shadower can input keyboard andmouse actions to the shadowed session.So that the shadower cannot input keyboard andmouse actions to the shadowed session.So that the shadowed user gets a notificationmessage requesting confirmation that theshadowing can occur.So that the shadowed user does not get anotification message.To disable shadowingSo that sessions on the server cannot beshadowed.Use the commandctxcfg -s enableUse the commandctxcfg -s input=onctxcfg -s input=offctxcfg -s notify=onctxcfg -s notify=offUse the commandctxcfg -s disableImportant Disabling shadowing notification means that users might be shadowedby another user, but be unaware that they are being shadowed. Some countriesrequire by law that users be notified before shadowing occurs.ExampleYou may want to set up shadowing to help you solve technical support issues. Thesystem administrator can show the user how to complete a task by shadowing theuser’s session. To allow shadowing with notification and to allow the shadower tocontrol the mouse and keyboard, use the command:ctxcfg -s enable,input=on,notify=onSee “Shadowing a User’s Session” on page 97 for information about shadowingsessions.Controlling Time-Out BehaviorYou can use the ctxcfg tool with the -t switch to specify time-out intervals forconnected, disconnected, and idle ICA sessions.

Chapter 7 Configuring Citrix Presentation Server 117These settings specify time-out intervals in minutes or seconds. The time-outsare:ConnectionDisconnectionLog offIdleAuthenticationClient checkClientresponseThe maximum connection duration (in minutes). If a connectionduration is specified, the session is disconnected or terminated whenthe specified duration elapses. If NONE is specified, the connectiontimer is disabled.The maximum duration that a disconnected session is retained (inminutes). If a disconnection duration is specified, sessions in thedisconnected state are either terminated or logged off when thespecified duration elapses. If NONE is specified, the disconnectiontimer is disabled.Disconnected sessions can be logged off when the specified durationelapses. You must also set the disconnection time-out for this to takeeffect. If NONE is specified, the disconnected session is reset unlessthe disconnection time-out is also set to NONE.If log off fails, the session is reset.The maximum idle time (time without user activity) allowed beforethe session is disconnected or reset (in minutes). If an idle duration isspecified, the session is disconnected or reset when the specifiedinterval elapses without any activity on the connection. If NONE isspecified, the idle timer is disabled. To specify whether sessions aredisconnected or reset, see “Controlling Behavior for Disconnected orBroken Connections” on page 111. To specify an idle time-outperiod for anonymous users, see “Configuring Anonymous Users”on page 135.The maximum duration that a session in the connected state exists onthe server, prior to the user logging on or reconnecting (in minutes).When the specified duration elapses, the session is reset. This isuseful, for example, if network problems result in sessions becomingstuck in the “conn” state; using this setting means you do not have toreset these sessions manually.The maximum period of time before the server checks that a client isstill connected and responsive (in seconds). If a client check time-outis set, the server sends a ping to unresponsive clients when thespecified interval elapses. If NONE is specified, the client checktimer is disabled.Note: You must configure both client check and client responseoptions if you want sessions to be disconnected automatically.The maximum period of time before the server disconnects sessionsassociated with unresponsive clients (in seconds). If a client responsetime-out is set, the server disconnects all sessions associated withunresponsive clients when the specified interval elapses. Clientsmust respond to the server’s ping during the specified time period toprevent sessions from being disconnected automatically. If NONE isspecified, the client response timer is disabled.Note: You must configure both client check and client responseoptions if you want sessions to be disconnected automatically.

118 Citrix Presentation Server for UNIX Administrator’s GuideTo display the current time-out intervals1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -t listThe current time-out value for each setting appears. If a time-out interval isconfigured, the value is shown in minutes. If no time-out interval is configured,the keyword NONE shows that sessions will not be timed out.To change the time-out intervals1. Log on to the server as an administrator.2. At a command prompt:To setA connection time-out (inminutes). All connections areterminated after this period.No connection time-out. Allsessions continue until the userdisconnects or logs off.A disconnection time-out (inminutes). Disconnected sessionsare reset after this period unlessyou specified that they be loggedoff (see below).No disconnection time-out.Disconnected sessions remainuntil reset by a user or anadministrator.A disconnection time-out (inminutes). Disconnected sessionsare logged off after this period.Use the commandctxcfg -t connect=numctxcfg -t connect=NONEctxcfg -t disconnect=numctxcfg -t disconnect=NONEctxcfg -t disclogoff=num

Chapter 7 Configuring Citrix Presentation Server 119To setNo logoff time-out. Disconnectedsessions are reset unless thedisconnect time-out was also set toNone.An idle time-out (in minutes). Ifno user activity is detected duringthis time, the connection isterminated.No idle time-out. All sessionscontinue until the user disconnectsor logs off.An authentication time-out (inminutes). If a session remains inthe connected state after thisperiod, the session is reset.No authentication time-out.A client check time-out (inseconds). If the server receives notraffic from the client during thisperiod, it sends a ping to the clientto check if the client is stillresponding.No client check time-out.A client response time-out (inseconds). If the server does notreceive a response to the ping sentto the client during this period, thesession is disconnected.No client response time-out.Use the commandctxcfg -t disclogoff=NONEctxcfg -t idle=numctxcfg -t idle=NONEctxcfg -t authentication=numctxcfg -t authentication=NONEctxcfg -t clientcheck=numctxcfg -t clientcheck=NONEctxcfg -t clientresponse=numctxcfg -t clientresponse=NONENote Only new sessions are affected by changes to the time-out intervals.ctxcfg -t has no effect on anonymous users—to specify an idle time-out period foranonymous users, see “Configuring Anonymous Users” on page 135.ExampleIf you expect users to dial in to the server, you may want to set the disconnecttime-out to a suitable setting in case of a broken connection. Users can reconnectto their sessions during the time-out interval. To set the disconnection time-out to15 minutes, type:ctxcfg -t disconnect=15

120 Citrix Presentation Server for UNIX Administrator’s GuideAllowing Users to Log on without a HomeDirectoryBy default, users whose home directories are unavailable cannot log on to theserver. However, you can configure the server to allow users whose homedirectories are unavailable to log on. For example, you might do this if yourusers’ home directories are mounted on a network that is occasionally unreliable.If you allow users whose home directories are unavailable to log on, all explicitusers (that is, users who have their own user accounts) can log on, regardless ofwhether their home directories are available or not. Anonymous user accounts arenot affected by these changes, because anonymous users are never allowed to logon without a home directory.A temporary home directory is allocated to users in: /tmp/CTXSmf_uid whereuid is a decimal number; for example, /tmp/CTXSmf_12345.If users log on and their home directory is unavailable, the following messageappears: “Your home directory is unavailable. Logging you in with temporaryhome directory: /tmp/CTXSmf_uid.”Important You must make your users aware that /tmp/CTXSmf_uid is temporaryand may be deleted at a later stage. Any changes and additions that users make inthis directory must be applied to their normal home directory when this becomesavailable.In the unlikely event that there is a problem with the /tmp/CTXSmf_uid directory,the temporary home directory defaults to: / (the root directory). Note that someapplications may not operate correctly when the home directory is / because usersdo not have write permissions.To allow users whose home directories are unavailable to log on1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -k lognohome=1To prevent users from logging on without a home directory1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -k lognohome=0

Chapter 7 Configuring Citrix Presentation Server 121Configuring Mouse-Click Feedback for HighLatency ConnectionsWith mouse-click feedback, when a user clicks the mouse, the client softwarechanges the mouse pointer to an hourglass to show that the user’s input is beingprocessed. Mouse-click feedback is enabled by default.Typically, you do not need to configure mouse-click feedback; however, for highlatency connections, you may want to adjust this to improve your users’interaction with the system.You can configure the thresholds in which mouse-click feedback operates, or youcan disable mouse-click feedback. To do this, you use the ctxcfg command withthe -m option:ctxcfg -m [enable|disable] [lowerthreshold=num] [upperthreshold=num][list]About the ThresholdsMouse-click feedback is controlled by upper and lower threshold values, whichare like switches that determine when mouse-click feedback is on or off. Thethresholds are the network delay between client and server (that is, the latency)that triggers the display of the hourglass symbol.• Upper threshold. If the latency exceeds the upper threshold, the hourglasssymbol appears.• Lower threshold. If the latency falls below the lower threshold, thehourglass symbol does not appear.• Between the two thresholds. What happens between the upper and lowerthresholds depends upon whether the latency is increasing or decreasing. Ifthe latency was previously in the upper threshold but falls to between thetwo thresholds, the hourglass symbol appears until the latency drops belowthe lower threshold. If the latency was previously in the lower threshold butincreases to between the two thresholds, the hourglass symbol does notappear until the latency increases above the lower threshold. This controlsthe sensitivity of mouse-click feedback, and prevents the hourglass fromflickering on and off as the latency fluctuates.By default, the upper threshold is 500 milliseconds and the lower threshold is 150milliseconds. The following diagram illustrates what happens between the defaultthreshold values.

122 Citrix Presentation Server for UNIX Administrator’s GuideTo change the mouse-click feedback thresholds1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -m lowerthreshold=num,upperthreshold=numwhere num is the threshold value in milliseconds.To disable mouse-click feedback1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -m disableTo display current mouse-click feedback settings1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -m listInformation similar to the following appears:Mouse click feedback: enabledLower threshold for mouse click feedback: 150Upper threshold for mouse click feedback: 500

Chapter 7 Configuring Citrix Presentation Server 123Generating and Using Server ConfigurationDetailsYou can generate a list of the current ctxcfg settings for a particular server. If yousend the output to a file, you can use the file in a shell script to replicate identicalconfiguration settings on other servers. You can also use a file as a temporarybackup of the current configuration, allowing you to experiment with othersettings, but easily restore your original settings, if desired.Displaying a List of the Current ConfigurationTo display a list of the current ctxcfg settings1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -gThis generates a list of the current settings.Creating a Shell Script of the Current ConfigurationWhen you use the -g option with the ctxcfg command, the generated list containsthe commands and settings for the current configuration using the ctxcfgcommand-line syntax. You can redirect the output of this command to a file anduse the file as a shell script to restore (or set) this configuration.Propagating Server Configuration to Multiple ServersYou can use the output from ctxcfg -g if you want to configure a number ofservers in the same way.

124 Citrix Presentation Server for UNIX Administrator’s GuideTo propagate the same configuration from one server to another1. Complete the configuration of the first server. Generate a list of the serverconfiguration using the ctxcfg command and the -g option, piping theoutput of the command to a file. Note that ctxcfg -g does not generate thelogon password, so you need to enter this manually.2. Log on to the next server as an administrator and run the file as a shellscript.Tip You can use the rsh (remote shell) command to propagate the shell script ona remote server. On HP-UX, the remote shell command is remsh.Screensaver Setting RecommendationsICA connections running graphical screensavers can consume considerableserver resources. Therefore, Citrix recommends that you switch screensavers off.In Citrix Presentation Server for UNIX Version 4.0, screensavers are switched offby default.To switch screensavers offRun the xset command with the s option and off parameter:xset s offTo ensure published applications are run in sessions with the appropriatescreensaver settings, Citrix recommends you publish a script file that runs thexset s off command and then the application.Note Although you can switch screensavers off by default, CDE may overridethis setting. To switch the screensaver off in CDE, choose the Screen option in theStyle Manager and set Screen Blanker to off.To switch screensavers onAlthough it is best to switch screensavers off, if you prefer not to (for example,for security reasons), you can use the X server “prefer blanking” screensaveroption. This causes the screen to go blank, rather than display a pattern, when thescreensaver is activated.To switch screensavers on, run the xset command with the s option and blankparameter:xset s blank

Chapter 7 Configuring Citrix Presentation Server 125For example, to make the screen go blank after one minute, use the commands:xset s 60xset s blankTo display the current screensaver settingTo display the current settings, run the xset command with the q option.xset qCustomizing the Appearance of Citrix PresentationServerThis section explains how to change the appearance of the Presentation ServerLogin screen and the window manager, and remove the X font server from thefont path.Your Presentation Server installation includes script files that you can customize.These scripts are in the:/opt/CTXSmf/lib and /opt/CTXSmf/slib directories/usr/lpp/CTXSmf/lib and /usr/lpp/CTXSmf/slib directoriesThe script ctxXtw.sh runs when the X server starts, and includes X serverconfiguration settings such as the font path and the X security policy. By default,the Presentation Server X server does not use a security policy (for the X securityextension). It is disabled by the option -sp /dev/null in ctxXtw.sh. If you want touse a security policy, write the security policy (see the Xserver man page fordetails about how to do this) and then change this option in ctxXtw.sh to point tothe policy file.Note Information about the switches in ctxXtw.sh is contained in a file calledctxXtw.sh.readme.The script ctxsession.sh runs after a user logs on. You can use this script file tocustomize the local environment for user sessions, such as defining the defaultwindow manager, configuring scripts, or setting environment variables for users.Customizing the Login ScreenYou can change the appearance of the Login screen by substituting the Citrix logoframe for a graphic of your choice. The graphic you choose must be in .xpm (Xpixmap) format.

126 Citrix Presentation Server for UNIX Administrator’s GuideThe graphic used in the Login screen is located in:/opt/CTXSmf/data/C/logo.xpm/usr/lpp/CTXmf/data/C/logo.xpmThe image that appears is limited to 120 x 200 pixels and 256 colors. If you use alarger graphic, only the 120 x 200 pixels in the center of the graphic appear. If youuse a smaller graphic, the image displayed is centered in the frame.To display a different logo on the Login screen1. Log on to the server as an administrator.2. Rename the current Citrix logo.xpm file; for example: old_logo.xpm3. Rename your new graphic to logo.xpm and move this to the appropriate.../CTXSmf/data/C/ directory (see previous).The new graphic appears on the Login screen.Changing the Window ManagerUsing ctxsession.sh you can configure the system to load a window managerother than CDE. You can do this for every user who logs on to the server, or for aparticular user.You can change the window manager that Citrix Presentation Server loads forconnections to server desktops and published applications running in “fullscreen” windows. By default, the ctxwm window manager is loaded for allconnections to published applications.Changing the Window Manager for Every UserUse the following procedure to load a new window manager for every user whologs on to the server.Note The window manager is not loaded for any initial programs that a user seton the client. To do this, use the procedure described in “Changing the WindowManager for a Particular User” on page 127.To use a different window manager for every user1. Log on to the server as an administrator.2. Install the new window manager.3. Open the ctxsession.sh script and locate the following line:

Chapter 7 Configuring Citrix Presentation Server 127: ${CDE_WM:="/usr/dt/bin/dtsession"}4. Change this line to:: ${CDE_WM="/path/window_manager"}where path is the location of the new window manager andwindow_manager is the name of the new window manager.Changing the Window Manager for a Particular UserUse the following procedure to load a new window manager for a particular usereach time the user logs on. The new window manager is also loaded for any initialprograms that the user set on the client.To use a different window manager for a particular user1. Log on to the server as an administrator.2. Install the new window manager.3. Open the ctxsession.sh script and locate the following lines:#if [ -f $HOME/.ctx.session.sh ] ; then# . $HOME/.ctx.session.sh#fi4. Remove the # character from the start of each line, so that these lines are nolonger commented out.5. In the user’s home directory, create a file called .ctx.session.sh.6. In the .ctx.session.sh file, add the new window manager’s bin directory tothe path:PATH=${PATH}:/pathwhere path is the location of the new window manager’s bin directory.7. Add lines to load the new window manager and suppress the message thattells the user that the window manager is being loaded:DESKTOP_WM=”/path”DESKTOP_MESSAGE=””where path is the location of the new window manager’s start file.8. Add lines to load the new window manager when an initial program islaunched, and suppress the message that tells the user that the windowmanager is being loaded:INITIAL_APPS_WM=”/path”INITIAL_APPS_MESSAGE=””where path is the location of the new window manager’s start file.

128 Citrix Presentation Server for UNIX Administrator’s GuideExampleThe following example shows the lines required in the user’s .ctx.session.sh fileto start the kde window manager:PATH=${PATH}:/usr/local/kde/binDESKTOP_WM=”/usr/local/kde/bin/startkde”DESKTOP_MESSAGE=””INITIAL_APPS_WM=”/usr/local/kde/bin/startkde”INITIAL_APPS_MESSAGE=””The result is that every time a user logs on, the system checks for the.ctx.session.sh file in the user’s home directory. If it finds this file, the systemruns it and the new window manager is loaded. If the file is not found, or the userconnects to a published application, CDE is loaded.Changing the Font PathBy default, the font path contains the X font server. However, you can remove theX font server from the font path by editing the ctxsession.sh script.For information about the X font server, and how to set it up, refer to thedocumentation provided with the X font server.About Font Servers and Font PathsAn X Windows session can obtain the fonts that it requires locally or from a fontserver. A font server provides sessions with fonts and performs font conversion.Typically, a font server is used to deploy a set of fonts across a network; it is alsouseful for applications that have particular font requirements, such as TrueTypefonts.The path that a session takes to search for fonts is determined by the font path.The ctxXtw.sh script on the server, that runs when the X server starts, sets thedefault font path. The ctxsession.sh script, that runs after a user logs on, checkswhether or not the font path contains the X font server. If the font path does notcontain the X font server, ctxsession.sh adds it (provided the X font server isrunning).Important Presentation Server does not start the font server. Therefore, Citrixrecommends that you enable the font server to start automatically.Removing the Font Server from the Font PathYou can remove the font server from the font path by editing the ctxsession.shscript.

Chapter 7 Configuring Citrix Presentation Server 129For example, you may want to remove the font server from the font path if thefont server causes performance problems on the server running CitrixPresentation Server. Note, however, that performance problems are unlikely tooccur unless many short-term applications run on the server and make demandson the font server.To remove the font server from the font path1. Log on to the server as an administrator.2. Open the ctxsession.sh script and locate the following line:USE_FONT_SERVER=13. Set the USE_FONT_SERVER flag to zero:USE_FONT_SERVER=0Configuring X Server SettingsThis section explains how to configure X server settings, such as how to switchon the backing store feature, and how to configure settings for particular fixes totake effect.To configure X server settings, you edit ctxXtw.sh, which is a script file that runswhen the X server starts. For more information about ctxXtw.sh, see“Customizing the Appearance of Citrix Presentation Server” on page 125 and thectxXtw.sh.readme file.Configuring Backing StoreYou can switch on the backing store feature in the X server for applications thatrely on this functionality. Backing store caches the contents of the windowdisplayed by an application and, where necessary, automatically repaints thewindow from the cache.By default, backing store is switched off.When Should Backing Store be Switched On?Only some applications require backing store to be switched on. An applicationmay require backing store if the application appears to be running very slowly orusers experience screen corruption problems.Because the use of backing store can increase the bandwidth between the serverand the client, Citrix recommends that you do not switch backing store on unlessyou are deploying applications that require it.

130 Citrix Presentation Server for UNIX Administrator’s GuideSwitching Backing Store On and OffTo switch backing store on1. Log on to the server as an administrator.2. Open the ctxXtw.sh script and locate the following line:XTW_OPTS=”-session $CITRIX_SESSION_ID -terminate -bs”3. Delete the -bs parameter from this line to turn backing store on.To switch backing store offTo switch backing store off, reinstate the -bs parameter in the ctxXtw.sh script.Interactive Performance TuningCitrix Presentation Server lets you control the display of graphics in ICA sessionsby allowing you to specify the length of delay for the buffering of graphics.Youcan do this by setting two parameters. Both set a delay time in milliseconds.Recommended settings are between 5ms and 100ms. Setting the delay time to alower value makes the session more responsive to graphics updates, but mayincrease the bandwidth requirements for the connection.To control the outbuffer delay time1. Log on to the server as an administrator.2. At a command prompt:ToSet the delay time, where n is the time inmillisecondsList the current settingTo reset the current setting to 100msUse the commandctxcfg -o set=nctxcfg -o listctxcfg -o resetTo control the buffer delay for Thinwire 2 graphics operations1. Log on to the server as an administrator.2. Open the ctxXtw.sh script and find the line that begins withXTW_OPTS3. Add the command-line option -qandtdelay n; for example,XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -qandtdelay10 -bs"

Chapter 7 Configuring Citrix Presentation Server 131Configuration Required for Fixes to Take EffectThis section explains how to configure your server for particular fixes to takeeffect. If you do not require these fixes, you can disregard this section.Fixing the Disappearing Text Cursor ProblemTo fix the disappearing text cursor problem, include the -notransfills switch inctxXtw.sh. This switch turns off the transparent fills optimization setting that cancause this problem with some clients and 256-color sessions.In ctxXtw.sh, find the line that begins with XTW_OPTS and add -notransfills. Forexample:XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -notransfills -bs"Enabling the Left-Hand Keypad of SPARC KeyboardsIf you are using the CDE window manager, you need to configure your server toenable the left-hand keypad of SPARC keyboards. To do this, you include thebindings file, edit the xmbind.alias file, and edit users’ logon scripts, as follows:To enable the left-hand keypad of SPARC keyboards1. Copy the bindings file, included on the Citrix Presentation Server CD-ROM or in the download, to the /usr/dt/lib/bindings directory. The bindingsfile contains keyboard mapping information.2. Edit the /usr/dt/lib/bindings/xmbind.alias file. This file contains server andbindings file mapping information. Include the following line in the list ofmappings:"Citrix Systems Inc"citrix3. To activate the Find key on the SPARC keypad, you must edit your users’logon scripts, as follows:If you are using a C shell, add the command:xmodmap -e "keysym F19 = SunFind" >& /dev/nullIf you are using a Bourne shell, add the command:xmodmap -e "keysym F19 = SunFind" 1>/dev/null 2>&1Note For this fix to take effect, you must also ensure that your users are runningVersion 6 (or later) of the Citrix Presentation Server Clients.

132 Citrix Presentation Server for UNIX Administrator’s GuideFixing the Disappearing X Cursor ProblemIn applications, such as Sunguard Forex, that hide the X cursor and use their ownbitmap cursor, problems with the X cursor can occur over high-latencyconnections. To fix the disappearing X cursor problem, include the -notranscursorswitch in ctxXtw.sh. This switch stops the application from causing the X cursorto disappear.In ctxXtw.sh, find the line that begins with XTW_OPTS and add-notranscursor. For example:XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -notranscursor -bs"Fixing Screen Refresh ProblemsIf an application has a complex graphical interface and you encounter screenrefresh problems, include the -frameexpose switch in ctxXtw.sh. This switchforces the server to redraw the application from the server’s frame buffer. Withcomplex screen displays, this method is faster than allowing the application toredraw itself.In ctxXtw.sh, find the line that begins with XTW_OPTS and add-frameexpose. For example:XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -frameexpose -bs"Cadence ApplicationsFor Cadence applications, you must also include the -palette and-noredrawpalette switches because Cadence uses palette animation that sends onepalette change per second. Use the -palette switch to filter out these unnecessarypalette changes. Other palette changes are sent to the client, but only after a delayof 1500 milliseconds (1.5 seconds). The -noredrawpalette switch reduces thecommunication between the server and the client, if the application changescolors that are not currently visible in the session.Note A possible side-effect of including the -palette switch is that the sending ofpalette changes from server to client is delayed. This means that it can take longer forobjects to appear properly and, at first, objects may appear in unexpected colors untilthe new palette is sent. For example, you may see this effect when a splash screenfirst appears or when CDE first appears. This is normal.XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -frameexpose-palette 1500 -noredrawpalette"If this setting does not improve performance sufficiently, use -palette 3500instead:

Chapter 7 Configuring Citrix Presentation Server 133XTW_OPTS="-session $CITRIX_SESSION_ID -terminate -frameexpose-palette 3500 -noredrawpalette"Tip Switching backing store on has also been found to be beneficial; for moreinformation about switching this on, see “Configuring Backing Store” on page 129.Color Depth LimitationsApplications Requiring Writable PalettesSome X applications require writable palettes, known as PseudoColor visuals, forcolor or image manipulation. However, Citrix Presentation Server 4.0 supportsonly writable palettes in ICA sessions using a color depth of 256 colors.Therefore, applications requiring PseudoColor visuals will not work in ICAsessions using High Color and True Color color depths. This is because HighColor and True Color sessions use TrueColor visuals, in which colors arepredefined and cannot be changed.If users connect to applications that require PseudoColor visuals, ensure that theICA connection uses a color depth of 256 colors. If a connection is made at ahigher color depth, the application may display an error message. To check if anapplication requires PseudoColor visuals, refer to the application’sdocumentation, or test the application on the server console or in a publisheddesktop to ensure that it works.In the Web Interface, to configure an application to use a color depth of 256colors, use the ctxappcfg tool with the Color Depth option; see “Publishing anApplication” on page 64 for more information.Applications Requiring 16-bit High ColorCitrix Presentation Server for UNIX Version 4.0 supports 15-bit High Colorconnections, although some clients refer to High Color as 16-bit in the WindowColor property settings.Some applications explicitly require a 16-bit display and will, therefore, not runin a 15-bit High Color connection. Other applications that require a 16-bit displaymay attempt to run in a 15-bit connection and fail, causing screen corruption. Ifyou require a high color resolution to run these applications, use a True Color(24-bit) connection instead.

134 Citrix Presentation Server for UNIX Administrator’s GuideMultimonitor Display LimitationsThe limitations of multimonitor display depend upon whether users connect toapplications running in multimonitor mode using seamless or remote desktopwindows.Limitations Using Seamless WindowsIf you use a seamless window, the primary monitor must be the left-most and topmostmonitor. If you attempt to use a seamless window in multimonitor modewith another configuration, the ICA session reverts to running a full-screenwindow that spans the virtual desktop.The color depth of an ICA session is limited by the lowest color depth in thedisplay. For example, on a dual-monitor system, if one graphics card isconfigured to display 256 colors and the other graphics card is configured todisplay 24-bit color, the ICA session color depth is limited to 256 colors,regardless of the monitor on which the session appears.If you are using graphics card drivers that create a virtual desktop, ICA sessionsare maximized to fill the virtual desktop.Pop-up message boxes, dialog boxes, and windows displayed by applicationsrunning in a seamless window may appear centered relative to the center of theentire desktop. When using graphics card drivers that create a virtual desktop,these elements are centered relative to the center of the virtual desktop.Limitations Using Remote Desktop WindowsIf you use a remote desktop window, pop-up message boxes, dialog boxes, andwindows appear centered in the session window, regardless of how the ICAsession window appears across multiple monitors.

CHAPTER 8Advanced TopicsOverviewThis chapter discusses advanced system administration topics. Topics discussedinclude:• Configuring anonymous user settings• Configuring Citrix Presentation Server security• Understanding and configuring the ICA browser service• Load balancing published applications• Configuring ICA gateways• Using ICA with network firewalls• Configuring the TCP/IP port number• Configuring session status logging• Configuring the operating system for a large number of connections• Configuring non-English language supportConfiguring Anonymous UsersDuring installation, you can create a special user group called ctxanon on theserver, together with 15 local anonymous user accounts. These accounts allow 15users guest access to applications that you publish for anonymous use.Anonymous user accounts do not usually require further maintenance; however,their properties can be displayed and modified using the ctxanoncfg command.NoteYou must be root to display and update anonymous user settings.

136 Citrix Presentation Server for UNIX Administrator’s GuideDisplaying Anonymous User SettingsUse ctxanoncfg to display the current number of anonymous user accounts, thenaming of the accounts, the anonymous user group name, and the idle time-outperiod.To display anonymous user settings1. Log on to the server as the root user.2. At a command prompt, run ctxanoncfg with the -l option to displayanonymous user settings:ctxanoncfg -lConfiguring Anonymous User SettingsYou can use ctxanoncfg to change the number of anonymous user accounts, thenames of the anonymous user accounts, and the idle time-out period foranonymous user sessions. You can also use ctxanoncfg to specify a particularshell or assign user ids to anonymous user accounts.Tip The ctxanoncfg command displays what it is doing at each stage, togetherwith any errors that may occur. To suppress the display of this information, use the-q (quiet) option with the ctxanoncfg command. For example, type:ctxanoncfg -n 20 -q

Chapter 8 Advanced Topics 137Changing the Number of Anonymous UsersUse ctxanoncfg with the -n option to change the number of anonymous useraccounts. You can create any number of anonymous user accounts, but thenumber you can use simultaneously is limited by your licensed user count.Further options are available that allow you to change the naming of anonymoususer accounts and the idle time-out period.Important You must stop Citrix Presentation Server on the server before youcreate anonymous users. If Presentation Server is running, use the ctxshutdowncommand to stop it—see “Stopping Citrix Presentation Server” on page 39 forfurther information.To create anonymous users1. Ensure Citrix Presentation Server is not running on the server and log on asroot.2. At a command prompt, use ctxanoncfg with the -n option to specify thenew number of anonymous user accounts you require:ctxanoncfg -n numberwhere number is the new number of anonymous user accounts.3. Start Citrix Presentation Server—see “Starting and Stopping CitrixPresentation Server” on page 39 for instructions.ExamplesTo specify 20 anonymous user accounts, type:ctxanoncfg -n 20To delete all anonymous user accounts, type:ctxanoncfg -n 0Changing the Naming of Anonymous User AccountsUse ctxanoncfg with the -b option to change how anonymous user accounts arenamed. By default, the ctxanon group contains 15 user accounts with names inthe format anonx, where x is a number from one to 15. User account names canhave a maximum of eight characters.Note You can use the -b option only when creating new anonymous useraccounts; -b cannot be used to change existing anonymous user accounts.

138 Citrix Presentation Server for UNIX Administrator’s GuideTo change how anonymous user accounts are named1. After stopping Citrix Presentation Server, log on as root.2. At a command prompt, type:ctxanoncfg -n number -b namewhere number is the new number of anonymous user accounts, and name isthe new name of the accounts.ExampleTo create 25 anonymous user accounts called “guest1,” “guest2” ... up to “guest25,” type:ctxanoncfg -n 25 -b guestSetting an Idle Time-Out PeriodUse ctxanoncfg with the -t option to specify the idle time-out period, in minutes,for anonymous user sessions.If there is no user activity within this time, a warning message informs users thatthey will be logged off after five minutes, unless they resume use of the session.The default idle time-out period is 10 minutes.To specify an idle time-out period1. After stopping Citrix Presentation Server, log on as root.2. At a command prompt, type:ctxanoncfg -n number -t minuteswhere number is the new number of anonymous user accounts and minutesis the idle time-out period.ExamplesTo create 25 anonymous user accounts with a time-out period of 30 minutes, type:ctxanoncfg -n 25 -t 30To alter only the time-out period to 20 minutes, type:ctxanoncfg -t 20Specifying a Particular Shell for Anonymous UsersWhen anonymous user accounts are created, the default system shell is assignedto these accounts; for example: /bin/sh. However, you can specify a particularshell to use for anonymous user accounts, using ctxanoncfg with the -s option.

Chapter 8 Advanced Topics 139To specify a particular shell1. After stopping Citrix Presentation Server, log on as root.2. At a command prompt, type:ctxanoncfg -n number -s shellwhere number is the new number of anonymous user accounts and shell isthe shell you want to assign to these accounts.ExampleTo create 25 anonymous user accounts that use the C shell, type:ctxanoncfg -n 25 -s /bin/cshSpecifying User Ids for Anonymous UsersWhen anonymous user accounts are created, Citrix Presentation Serverautomatically assigns available user ids to these accounts. However, you canassign specific user ids to anonymous user accounts. To do this, you usectxanoncfg with the -u option and specify the first user id in the range.To assign specific user ids1. After stopping Citrix Presentation Server, log on as root.2. At a command prompt, type:ctxanoncfg -n number -u uid-numberwhere number is the new number of anonymous user accounts and uidnumberis the first user id you want to generate.ExampleTo create 10 anonymous user accounts with user ids 10,027 to 10,036, type:ctxanoncfg -n 10 -u 10027Troubleshooting Anonymous User AccountsIf you experience problems with anonymous user accounts, delete the currentanonymous user configuration, using ctxanoncfg with the -clear option, and thencreate new anonymous user accounts. The -clear option removes all internalanonymous user account configuration, such as the home directories and entriesin the password file.

140 Citrix Presentation Server for UNIX Administrator’s GuideTo delete all anonymous user account configuration1. After stopping Citrix Presentation Server, log on as root.2. At a command prompt, type:ctxanoncfg -clearFor information about creating new anonymous user accounts, see “Changing theNumber of Anonymous Users” on page 137.Anonymous User Accounts and NIS DomainsAll anonymous user accounts are created as local (non-NIS) accounts, with homedirectories in /usr/anon. Citrix recommends that you do not attempt to reconfigurethese accounts to be NIS accounts, or move the home directories for these usersonto non-local (for example, NFS) file systems.To create user home directories on another file system, create a symbolic linkfrom /usr/anon to the desired file system.Configuring Citrix Presentation Server SecurityThis section describes the Citrix Presentation Server security function thatcontrols user access to commands and sessions. It provides an overview ofsecurity, and it tells you how to display and configure security settings.When you install Presentation Server, default security settings automaticallycontrol user access to various commands. By default, users can log on, sendmessages, and shadow other sessions, but they are denied access to all othercommands. See “Default Security Settings” on page 143 for information aboutwhich functions are allowed or denied.Why Use Citrix Presentation Server Security?Citrix Presentation Server security lets you tighten or relax user access tocommands and sessions. With Presentation Server security you can:• Change the default security settings. For example, by default, all users canshadow other users’ sessions, but you may want to prevent this.• Provide groups of users with access to commands and sessions. Forexample, you may want to give the “helpdesk” user group the rights toconnect, disconnect, and reset other users’ sessions.• Deal with exceptions on an individual user basis. For example, you maywant to prevent a particular user from being able to send messages to otherusers’ sessions.

Chapter 8 Advanced Topics 141Security OverviewThis overview explains which users are affected by security, which functions aresecured, how security can be controlled at different levels, and how the securitychecking process works.Which Users Are Affected by Security?Citrix Presentation Server security controls user access to specific commands andsessions.However, security does not control administrator access to commands andsessions. This means the ctxadm group is unaffected by Presentation Serversecurity. Security controls the access rights of the root user and ordinary users(explicit and anonymous users).Who Can Do What in Citrix Presentation ServerThe following table provides a brief summary of which users can do what inPresentation Server. Only the functions indicated by “ctxsecurity” are controlledusing security.Functions/commands root user ctxadm Other usersInstall and remove Citrix PresentationServerYes No NoStart and stop server processes Yes Yes NoConfigure the server No Yes NoLog on to the server ctxsecurity Yes ctxsecurityQuery who is on the server Yes Yes YesPerform actions on others’ sessions,such as shadowing or resetting sessionsctxsecurity Yes ctxsecurityPerform actions on their own sessions Yes Yes YesSend messages ctxsecurity Yes ctxsecurityNote If root is unable to log on at the server, this may be due to the CONSOLEsetting in the /etc/default/login file (the /etc/security/user file on AIX), that can beused to prevent root logging on at a terminal other than the one specified. Thectxsecurity command cannot be used to override the CONSOLE setting.

142 Citrix Presentation Server for UNIX Administrator’s GuideWhich Functions Can ctxsecurity Control?Citrix Presentation Server security controls access to specific functions calledsecured functions. The secured functions are shown in the following table:SecuredfunctionloginsendmsgconnectdisconnectlogoffresetshadowcdmSecurity determines...Which users can log on to the server running Citrix PresentationServer.Which users can use ctxmsg to send messages to other users’sessions.Which users can use ctxconnect to connect to other users’ sessions.Which users can use ctxdisconnect to disconnect other users’sessions.Which users can use ctxlogoff to log off other users’ sessions.Which users can use ctxreset to reset other users’ sessions.Which users can use ctxshadow to shadow other users’ sessions.Which users can use client drive mapping to access their localdrives.Controlling Security at Different LevelsSecurity can be controlled at the:• User level—that is, UNIX user level• Group level—that is, UNIX group level• Global level—that is, UNIX global levelA global security setting exists for every secured function. When you installCitrix Presentation Server, security is automatically controlled at the global levelfor each secured function. For example, by default, all users can send messages toother sessions.However, you can also configure security for individual users or for groups ofusers. For example:• If you want to prevent a user from sending messages to other sessions, youcan set up user-level security to deny access to ctxmsg• You can set up group-level security for the Support group to allow membersof this group to reset other users’ sessions using ctxresetIf no user or group-level security exists, the global security level determines useraccess rights.

Chapter 8 Advanced Topics 143The Security Checking ProcessTo configure Citrix Presentation Server security or troubleshoot security, youneed to understand how the security checking process works.When a user attempts to run a secured function, Presentation Server checkswhether or not the user has the rights to do so. It first checks the user securitylevel, then, depending on the result, the group security level. If neither user norgroup-level security exists, a final check is made at global security level.The following diagram shows each step in the security checking process, usingthe example of a user attempting to run the ctxshadow command:Default Security SettingsA global security setting always exists for each secured function. The globalsetting acts as the default, when neither user level nor group level security exists.Because the primary function of security is to deny access to unauthorized users,the global security setting can be thought of as the last line of defense.

144 Citrix Presentation Server for UNIX Administrator’s GuideAfter installation, the default settings are:Secured functionLoginSendmsg (ctxmsg)Connect (ctxconnect)Disconnect (ctxdisconnect)Logoff (ctxlogoff)Reset (ctxreset)Shadow (ctxshadow)CdmDefault global settingAllowAllowDeny for anonymous usersDenyDenyDenyDenyAllowDeny for anonymous usersAllowNote By default, root cannot log on to the server from a client. However, if yoursuper user has a different account name to “root” or multiple account names, thesuper user can log on from a client.To change the default settings, see “Changing the Global Security Settings” onpage 145.Displaying Security Settings for a FunctionUse the -l (list) option with the ctxsecurity command to display security settingsfor a particular function. You must specify the secured function for which youwant to display settings. All levels of security (user, group, and global) appear forthe function.To display security settings for a function1. Log on to the server as an administrator.2. At a command prompt, type:ctxsecurity secured-function -lwhere secured-function is one of: login, sendmsg, connect, disconnect,logoff, reset, shadow or cdm.

Chapter 8 Advanced Topics 145ExampleTo display security settings for the ctxshadow function, type:ctxsecurity shadow -lSecurity settings such as the following appear:global allowgroup users denyConfiguring Security SettingsYou can use the ctxsecurity command to change the global security settings or toconfigure user and group level security.Changing the Global Security SettingsYou can use the ctxsecurity command with the -a (all) option to change theglobal security setting for a secured function.To change a global security setting1. Log on to the server as an administrator.2. At a command prompt, type:ctxsecurity secured-function -a allow|denywhere secured-function is one of: login, sendmsg, connect, disconnect,logoff, reset, shadow or cdm.ExampleTo change the global security setting for the ctxshadow tool to deny, type:ctxsecurity shadow -a denyConfiguring Security for a UserYou can use the ctxsecurity command with the -u (user) option to configuresecurity at the user level. For example, you might want to allow a particular useraccess to a function that is denied at the global level.To configure security for a user1. Log on to the server as an administrator.2. At a command prompt, type:ctxsecurity secured-function -u user-name allow|denywhere secured-function is one of: login, sendmsg, connect, disconnect,logoff, reset, shadow or cdm.

146 Citrix Presentation Server for UNIX Administrator’s GuideExampleTo allow the user “fred” to use the ctxreset command to reset other users’sessions, type:ctxsecurity reset -u fred allowConfiguring Security for Groups of UsersYou can use the ctxsecurity command with the -g (group) option to configuresecurity at the group level. For example, you might want to allow a group of usersaccess to a function that is denied at the global level.To configure security for a group of users1. Log on to the server as an administrator.2. At a command prompt, type:ctxsecurity secured-function -g group-name allow|denywhere secured-function is one of: login, sendmsg, connect, disconnect,logoff, reset, shadow or cdm.ExampleTo allow the group Support to use the ctxreset command to reset other users’sessions, type:ctxsecurity reset -g support allowUsing Inherit to Remove SettingsYou can use the inherit option with the ctxsecurity command to removepreviously set security settings. This option is useful when you want to removesettings that are exceptional cases.For example, the Management group is allowed to shadow other sessions, but theuser Fred, a member of this group, is an exception and has been denied access toshadowing. When it is later decided to allow Fred to shadow, the administratorcan use inherit to reinstate the group’s security setting. In effect, inherit removesFred’s user-level security setting, and picks up the security setting from grouplevel.Users can inherit settings from the group or global level, while a group can inheritsettings from the global level. Global security settings cannot inherit values.

Chapter 8 Advanced Topics 147To inherit a security setting1. Log on to the server as an administrator.2. At a command prompt, type:ctxsecurity secured-function {-u user-name|-g group-name} inheritwhere secured-function is one of: login, sendmsg, connect, disconnect,logoff, reset, shadow or cdm.ExampleTo remove Fred’s user-level security setting for the ctxshadow command andreinstate the group’s security setting, type:ctxsecurity shadow -u fred inheritThe result is that Fred inherits a security setting. Citrix Presentation Serverchecks which groups Fred belongs to, and whether any of these groups have agroup level security setting. If at least one group level setting exists that allowsshadowing, Fred inherits the right to shadow. Otherwise, if at least one grouplevel setting exists that denies shadowing, Fred is not permitted to shadow. If nogroup level setting exists, Fred inherits rights from the global level.ExamplesIn the following examples, security is tightened and then used to provide a groupof users access to a particular function.Example 1: Locking Down SecurityAfter installation, the default security settings allow users to shadow other users’sessions. However, the administrator decides to tighten security to prevent this.The administrator does this by changing the global security setting for theshadowing function:ctxsecurity shadow -a denyExample 2: Giving Rights to a Group of UsersSecurity is configured so that users are prevented from shadowing other users’sessions. However, the “helpdesk” group needs to be able to shadow so they canhelp users with problems.The administrator uses security to provide the “helpdesk” user group access to theshadowing function:ctxsecurity shadow -g helpdesk allow

148 Citrix Presentation Server for UNIX Administrator’s GuideCitrix Presentation Server for UNIX and the ICA BrowserServiceThe ICA browser maintains data about published applications and serversrunning Citrix Presentation Server. The ICA browser consists of a masterbrowser, member browsers, and client systems. The ICA browser uses directedpackets to communicate with other ICA browser services running on servers.Citrix clients query the browser service to obtain a list of published applicationsand servers running Presentation Server. The client queries the browser servicefor the network address of servers and published applications when a session islaunched.Controlling the Master BrowserEvery server runs the ICA browser service. One server running CitrixPresentation Server is elected the master browser; all other servers runningPresentation Server on the network are member browsers. The master browser isa browser acting as a central information store. The master browser keeps track ofthe following information:• The available servers• The available published applications• Performance and load information for serversThe master browser for each network is chosen by a master browser election. Ifthe current master browser on a network is not responding, a new master browserelection is held automatically. This provides high reliability for the browserservice.In general use, the browser service is invisible to you and does not affect thecontinued operation of Presentation Server. However, you may want tomanipulate the possibility of a particular server becoming the master browser,because:• Servers running different versions of Presentation Server provide differentversions of the browser service when they are master browser. This canaffect the features available to users. In particular, if you have serversrunning Citrix Presentation Server for Windows in your network, you maywant to ensure that a server running Citrix Presentation Server for UNIX inthe network does not become the master browser.• The master browser service consumes more resources and may respondslowly if it is running on a heavily loaded server. Therefore, you may wantto make sure that servers that receive many connections are less likely tobecome the master browser. If necessary, you can configure the settings of

Chapter 8 Advanced Topics 149one or more dedicated servers in the network so that one of them is morelikely to become the master browser.Locating the Current Master BrowserYou can use the ctxqserver command with the -master option to locate theserver acting as the master browser.To locate the master browser1. Log on to the server as an administrator.2. At a command prompt, type:ctxqserver -masterThe address of the master browser on the local subnet appears. If no masterbrowser is running, for example during a browser election, the error message“Error obtaining requested information” appears.Manipulating Master Browser ElectionsThe browsers on a network subnet elect a master browser under any of thefollowing conditions:• The current master browser does not respond to another browser• The current master browser does not respond to a client• A server running Citrix Presentation Server is started• Two master browsers are detected on the same network subnetA combination of factors affect the outcome of the election. The two main factorsare:• The version of the server running Citrix Presentation Server; for example,MetaFrame Server for UNIX 1.1 (note that MetaFrame Server for UNIXRelease 1.0 and Release 1.1 are treated the same)• The master browser preference setting for each serverYou set this preference using the ctxbrcfg tool for servers running CitrixPresentation Server for UNIX. Servers can be set to:neutralalwaysneverThe default value of “no preference” behavior in elections.Always attempt to become master browser.Never attempt to become master browser.

150 Citrix Presentation Server for UNIX Administrator’s GuideOther factors, such as the length of time a server has been running and whetherthe server is also a Windows NT domain controller (not applicable to CitrixPresentation Server for UNIX), can also affect an election result.Tip You can force a master browser election using the ctxqserver -electioncommand. For more information, see “ctxqserver” on page 218.Introducing a New ServerIntroducing any type of server running Citrix Presentation Server into yournetwork forces an election.• The default master browser preference setting for a server running CitrixPresentation Server for UNIX is neutral; that is, unbiased. If you add aserver with this default setting to a network that includes servers runningCitrix Presentation Server for Windows in mixed mode that are alsoconfigured as unbiased in elections, the server running Citrix PresentationServer for UNIX will not become the master browser. Under thesecircumstances, a server running Citrix Presentation Server for Windows inmixed mode automatically has preference to become the master browser.• If you add a server running Citrix Presentation Server for UNIX to anetwork that includes only other such servers, it may become masterbrowser if all the other servers are set to neutral.Important It is the combination of settings for all servers on the network thatdecides the results of an election. A server running Citrix Presentation Server forUNIX could still win a master browser election with a server running CitrixPresentation Server for Windows if the master browser preference on the Windowsserver is set to never.Biasing the Results of ElectionsIf you do not mind which server becomes master browserLeave the master browser preference setting on each server to the default settingof neutral or no preference, as appropriate for the type of server.If you want a particular server to be the master browser1. Configure the master browser preference on the server you want to becomemaster browser to be always. Use the ctxbrcfg command for serversrunning Citrix Presentation Server for UNIX. See “Configuring the ICA

Chapter 8 Advanced Topics 151Browser” on page 151 for more detailed instructions. For servers runningCitrix Presentation Server for Windows, see the Citrix Presentation ServerAdministrator’s Guide.2. Leave the master browser preference on the other servers to be neutral orno preference, as appropriate for the type of server. Do not set the otherservers to be never—reserve this setting for a particular server that shouldnever become master browser.The changes you make using ctxbrcfg will cause a master browser election tooccur. Wait a few moments for the election to take place and then check themaster browser status using the ctxmaster command.If you want to stop a particular server from becoming the master browser1. Configure the master browser preference on the server that you do not wantas the master browser to be never, using the ctxbrcfg command.Important Do not set the master browser preference on all servers in anetwork to be never because unpredictable election results will occur.2. Leave the master browser preference on the other servers that can becomethe master browser to be neutral or no preference as appropriate for thetype of server. Any changes you make using the ctxbrcfg command willcause a master browser election to occur.Note If the server running Citrix Presentation Server for UNIX has more thanone network interface card and is connected on more than one subnet, restrict theserver to one subnet; for details, see “If a Server Uses Multiple Network InterfaceCards” on page 153.Configuring the ICA BrowserThe ICA browser maintains data about published applications and serversrunning Citrix Presentation Server. You can display and change the browsersettings on a server using the ctxbrcfg tool. Any changes you make usingctxbrcfg will cause a master browser election to take place.

152 Citrix Presentation Server for UNIX Administrator’s GuideTo control how the ICA browser behaves during browser elections1. Log on to the server as an administrator.2. At a command prompt:ToConfigure the server so that it always attempts tobecome the master browser in an election, subjectto the presence and actions of other browsers.Configure the server so that it refrains fromparticipating in an election. Note that the server canstill become the master browser under somecircumstances.Configure the default behavior of “no preference.”Use the commandctxbrcfg -m alwaysctxbrcfg -m neverctxbrcfg -m neutralThe refresh period controls how often the browser on this server updates themaster browser. The browser updates the master browser after the specifiedamount of time elapses. A short refresh period makes the master browser datamore accurate, but increases CPU and network load.To view or change the refresh interval for the ICA browser service1. Log on to the server as an administrator.2. At a command prompt:ToDisplay the current refresh interval.Set a period (in minutes) at which the local browserservice will update the master browser.Use the commandctxbrcfg -r listctxbrcfg -r set=numNote The default settings work for most installations. Change them only whenyou understand the implication of each setting.Starting and Stopping the ICA BrowserYou can start and stop the ICA browser process on a server, without having tostop and start all the Citrix Presentation Server processes, using the ctxsrv tool.If you stop the browser on a server, users cannot connect to publishedapplications on this server, although they will still be able to connect to the serverdesktop. If you stop the browser process on the master browser, a master browserelection will occur among the other servers on the network.

Chapter 8 Advanced Topics 153To start or stop the ICA browser using ctxsrv1. Log on to the server as an administrator.2. At a command prompt, type:ctxsrv {start|stop} browserIf a Server Uses Multiple Network Interface CardsIf a server running Citrix Presentation Server has more than one networkinterface card (NIC) and is connected on more than one subnet, problems mayoccur if this server attempts to become master browser on a subnet. If the serverbecomes master browser on one subnet, it may assume it is also master browseron another subnet that already has a master browser.To prevent this from occurring, you must configure the server so that the browsercommunicates only with other browsers on a particular subnet or NIC. Thismeans that you must bind the server to a particular subnet or NIC.To do this, you use the ctxbrcfg command with the -b option.To restrict the ICA browser to a particular subnet or NIC1. Log on to the server as an administrator.2. Stop the browser by typing:ctxsrv stop browser3. At a command prompt, type:ctxbrcfg -b set=addresswhere address is the IP address or subnet address you want to restrict theICA browser to, in aaa.bbb.ccc.ddd format—for example, 10.20.123.123.4. Restart the browser by typing:ctxsrv start browserTo remove a restriction on an ICA browser1. Log on to the server as an administrator.2. Stop the browser by typing:ctxsrv stop browser3. At a command prompt, type:ctxbrcfg -b unset4. Restart the browser by typing:ctxsrv start browser

154 Citrix Presentation Server for UNIX Administrator’s GuideTo display current restrictions on an ICA browser1. Log on to the server as an administrator.2. At a command prompt, type:ctxbrcfg -b listIf there are no restrictions, the message “No address specified, binding toall available adapters” appears.If there are restrictions, the message “Browser bound to adapter addressaaa.bbb.ccc.ddd” appears (where aaa.bbb.ccc.ddd is the IP address orsubnet address to which the ICA browser is restricted).Troubleshooting Multiple Network Interface CardsIf you bind the server to a subnet, make sure that there is only one NIC on thissubnet, or the browser will not start and an error will be written to the system log.Instead, bind to a specific NIC rather than the network.Load Balancing Published ApplicationsThis section introduces load balancing and explains how to tune load balancing inyour Citrix Presentation Server installation.Load balancing determines which servers are least busy and can best run anapplication. The master browser keeps track of the load levels and the number ofusers connected on each server. When a published application or desktop islaunched from a client, the master browser selects which server will run theapplication or desktop session, based on server load. For more information aboutthe master browser, see “Citrix Presentation Server for UNIX and the ICABrowser Service” on page 148.Load balancing also offers increased availability. By configuring a pool of serverscapable of running your users’ applications, you can easily bring servers off-linefor maintenance or add more servers for increased performance without affectingapplication availability.If you are deploying applications using the Web Interface, load balancing worksin the normal way. The Web Interface contacts the XML Service, which in turncontacts the master browser. The master browser then distributes connectionsamong the servers, taking load factors into account.Load Balancing a Group of ServersBy default, Citrix Presentation Server automatically monitors the number of usersconnected to each server and sends new connections to the server that is leastbusy.

Chapter 8 Advanced Topics 155However, if a user already has a disconnected session on a server, thedisconnected session is reconnected, regardless of how busy the server is.To load balance a group of servers1. Publish the application on each server.2. Allow users to connect to the published application. Connections aredistributed among all the servers on which the application is published.Note Load balancing works by identifying the names of publishedapplications. Therefore, make sure that the application you want to loadbalance over a group of servers is given the same name in ctxappcfg on eachserver.Tuning Load BalancingDifferent types of servers—for example, with different processor speeds oravailable memory—can accept a different number of connections beforebecoming busy. If you find that some servers become busier than others withevenly distributed connections, you can tune load balancing so that this is takeninto account.You can bias the distribution of connections to take into account the relativespeed and power of a server. To do this, you use ctxcfg with the -k loadfactoroption to adjust the load factor.By default, each server has a load factor of 100. However, if you have a serverthat is more powerful relative to the other servers in the group, you can increasethe load factor to ensure that this server receives more connections. Likewise, ifyou have a server that is less powerful, you can decrease the load factor to ensurethat it receives fewer connections. The load factor can be any number between 1and 10000.To tune the load on each server1. Stop the browser by typing:ctxsrv stop browser2. At a command prompt, type:ctxcfg -k loadfactor=numwhere num is a load factor value between 1 and 10000.3. Start the browser by typing:ctxsrv start browser

156 Citrix Presentation Server for UNIX Administrator’s GuideAlternatively, you can use ctxcfg with the -l option to control the number ofconnections permitted on each server.To tune the number of connections on each server1. When a user experiences problems running a session, use the ctxqsessioncommand to identify the server to which the user is connected.2. Count the active number of sessions on the server that is causing theproblem, and then limit the maximum number of users who can log on tothe server using ctxcfg and the -l option.3. Limit the maximum number of users who can log on, on the other servers,in a similar way. For best results, set a value on each server.Example 1There are 10 servers in a server farm, each running Citrix Presentation Server 4.0.One server has a higher than average processor than the others, and you estimatethat it can handle 50% more load than the other servers.On the more powerful server, allow 50% more load than on the other servers inthe group. At a command prompt type:ctxsrv stop browserctxcfg -k loadfactor=150ctxsrv start browserExample 2There are five servers in a server farm, each running Citrix Presentation Server4.0. One server has a lower than average processor, and you estimate that it canhandle 25% less load than the others.On the less powerful server, allow 25% less load than on the other servers in thegroup. At a command prompt type:ctxsrv stop browserctxcfg -k loadfactor=75ctxsrv start browserExample 3A word-processing application is published on a number of servers. Occasionally,a server becomes overloaded. This is due to a high number of users concurrentlyusing the application (rather than that the application places a high demand onserver resources, such as in the case of a CAD application). Therefore, you decideto limit the number of connections permitted on each server to 200.

Chapter 8 Advanced Topics 157On each server on which the application is published, restrict the number ofconnections to a maximum of 200. At a command prompt, type:ctxcfg -l max=200Displaying the Load FactorIf you tuned the load using ctxcfg -k loadfactor, you can display the current loadfactor setting for an application using the ctxcfg -g command.To display the load factorAt a command prompt, type:ctxcfg -g | grep loadfactorDisplaying the LoadYou can display the load for a particular server or application using thectxqserver -app command.To display the loadAt a command prompt, type:ctxqserver -app [application-name | server-name]where application-name is the name of a published application, and server-nameis the name of the server for which you want to display the load.Troubleshooting Load BalancingIf users frequently disconnect and reconnect to sessions on load balanced serversrather than logging off, the load may not be distributed evenly among the servers.Also, if users are using clients that support session sharing and they start multipleapplications, the clients will attempt to start subsequent applications within theexisting session, rather than create a new session. This may lead to unevenapplication load distribution among the servers.Configuring ICA GatewaysFor servers or clients to contact servers running Citrix Presentation Server on adifferent network, an ICA gateway must be configured.

158 Citrix Presentation Server for UNIX Administrator’s GuideThe master browser maintains the browse list and periodically receives updatesfrom other browsers (servers running Presentation Server) on the same network.The exchange of information between the master browser and the other browserstakes place over the local subnet. To communicate and exchange informationwith other networks, you must establish an ICA gateway on the participatingnetworks.If you have more than one network subnet—for example, if you use a router or aWAN to connect two networks—you need to set up an ICA gateway to allow themaster browsers on each network to share information about available serversand published applications.An ICA gateway consists of at least two servers running Citrix PresentationServer. The local server is responsible for contacting the other network andsetting up a link between the master browsers on each network. The remote serveris a server on the other network that communicates with the local server toestablish the ICA gateway.To display the ICA gateways configured on a server1. Log on to the server as an administrator.2. At a command prompt, type:ctxbrcfg -g listTo add or remove an ICA gateway1. Log on to the server as an administrator.2. At a command prompt:ToAdd a gateway host name or IP addressto the list.Remove a gateway host name or IPaddress from the list.Use the commandctxbrcfg -g add=gatewayctxbrcfg -g remove=gatewayNote You can also use the ctxqserver -gateway command to display informationabout the ICA gateways known to each server on the network; see the “CommandReference” on page 195 for details.

Using ICA with Network FirewallsChapter 8 Advanced Topics 159Network firewalls can allow or block packets based on the destination addressand port. If you are using ICA through a network firewall, use the informationprovided in this section to configure the firewall.ICA TCP/IP Connection Sequence1. The client sends a packet to port 1494 on the server running CitrixPresentation Server requesting a response to a randomly selected portabove 1023.2. The server responds by sending packets to the client with the destinationport set to the port requested in Step 1.If you have a firewall or other TCP/IP network security, configure it to allowTCP/IP packets on port 1494 to pass to servers on your network.Configure the firewall to allow TCP/IP packet on ports above 1023 to pass toclients.If the firewall is not configured to pass ICA packets, users may receive the errormessage “There is no route to the specified subnet address.”Note You can configure the server running Presentation Server to use a differentport number than 1494. See “Configuring the TCP/IP Port Number” on page 161for details. Clients must be configured to use the different port; see the ClientAdministrator’s Guides for the clients you plan to deploy.The ICA BrowserThe ICA browser service uses UDP port 1604. Browser responses are sent to ahigh port number above 1023.The firewall must be configured to allow inbound UDP port 1604 packets toservers running Citrix Presentation Server for load balancing and ICA serverbrowsing to function correctly.Citrix recommends you use the XML Service to avoid passing UDP through thefirewall; for more information see “Using the Citrix XML Service” on page 173.Caution Allowing untrusted access to the ICA browser service entails somesecurity risk. Configure the firewall to pass browser data only if load balancingand server browsing across the firewall are essential.

160 Citrix Presentation Server for UNIX Administrator’s GuideICA Browsing with Network Address TranslationSome firewalls use IP address translation to convert private (intranet) IPaddresses into public (Internet) IP addresses. Public IP addresses are called“external” addresses because they are external to the firewall, whereas private IPaddresses are said to be “internal” addresses.Hosts on the internal network have one set of addresses that is translated toanother set when passing through the firewall. For example, an internal host has aprivate address 192.168.12.3. The firewall translates this into a different publicaddress such as 206.103.132.20.To browse published applications and servers running Citrix Presentation Server,the client contacts a server and requests the address of the master browser. If theclient is external to the firewall, it must be configured to use the public address ofa server running Presentation Server. The server returns the IP address of thecurrent master browser to the client. By default, the IP address returned to theclient is the internal address.If the client is outside the firewall and the firewall is configured for addresstranslation, the IP address returned to the client for the master browser will beincorrect.Returning External Addresses to ClientsUse the ctxalt command to configure the browser to return the external IPaddress to clients. You must configure every server that can be elected as themaster browser.The ctxalt command sets an alternate address for the browser on that computer.The external address for the server is specified as the alternate address. The clientrequests the alternate address when contacting servers inside the firewall. Thealternate address must be specified for each server.To set an alternate address for a server1. Determine the correct external IP address.2. At a command prompt, type ctxalt -a browser-address alternate-addressSee Appendix A for more information about the ctxalt command.3. Repeat on each server.In addition to specifying the alternate address on the server, the client must beconfigured to request the alternate address when contacting the master browser.For information about configuring clients to request the alternate address, see theClient Administrator’s Guides for the clients you plan to deploy.

Configuring the TCP/IP Port NumberChapter 8 Advanced Topics 161By default, the TCP/IP port number used by the ICA protocol is 1494. You canchange the port number using the ctxcfg command with the -P option.The port number should be in the range 1024–65535 and must not conflict withother port numbers being used. Whenever the port number is changed, the servermust be restarted for the new value to take effect.Important If you change the port number on the server, you must also change iton every client that will connect to that server. For instructions about changing theport number on clients, see the Client Administrator’s Guides for the clients thatyou plan to deploy.To display the current TCP/IP port number1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -P listTo change the TCP/IP port number1. Log on to the server as an administrator.2. At a command prompt:To setThe port number to the value numThe port number back to the default,1494Use the commandctxcfg -P set=numctxcfg -P resetExamplesTo set the TCP/IP port number to 5000:ctxcfg -P set=5000

162 Citrix Presentation Server for UNIX Administrator’s GuideTo reset the port number to 1494:ctxcfg -P resetConfiguring Session Status LoggingThis section explains how to configure the logging of session events in the systemlog file. Using the ctxcfg command with the -k option, you can control thelogging of session logons, logoffs, disconnects, and reconnects. To do this, usethe following keywords: logonlogging, logofflogging, reconnectlogging, anddisconnectlogging. Set each keyword to one of the following values:0. Do not log the event.1. Enable the short form of logging. This provides default sysloginformation, such as the date and time, and the user name.2. Enable detailed logging. This provides default syslog information, theuser name, the session id, client name, and information about what isrunning, such as a published application name or desktop.To configure session event logging1. Log on to the server as an administrator.2. At a command prompt:ToLog session logonsLog session logoffsLog session reconnectsLog session disconnectsUse the commandctxcfg -k logonlogging={0|1|2}ctxcfg -k logofflogging={0|1|2}ctxcfg -k reconnectlogging={0|1|2}ctxcfg -k disconnectlogging={0|1|2}ExampleTo enable detailed logging for reconnects, type:ctxcfg -k reconnectlogging=2

Chapter 8 Advanced Topics 163Configuring the Operating System for a Large Number ofConnectionsThis section explains how to configure your system for a large number ofconnections. A large number of connections consumes resources; therefore, it isimportant that you choose the optimum values for your environment. This sectionalso explains where to get more information about this topic.Configuring a Solaris SystemThis section provides guidelines for configuring your Solaris system for morethan 30 connections. You may need to configure the total number of pseudoterminalsor increase the limits on the number of files. Also, with the defaultconfiguration of Solaris, there is a limit to the number of concurrent CDEsessions that can be run, and you may need to increase this number.For further information about how best to configure your system, see your Solarisdocumentation.Caution Be careful when using the set command in /etc/system—it causesunchecked, arbitrary, and automatic changes to variables in the kernel. If the serverwill not start and you suspect a problem with /etc/system, use the boot -acommand. See the boot man page for more information.Changing the Number of Pseudo-TerminalsIn a large number of ICA connections, the number of ptys (pseudo-terminals) caneasily surpass the default value (usually a session has at least one pty).To change the number of pseudo-terminals1. Add the following lines to the /etc/system file:# set limit on pseudo-terminalsset pt_cnt = 500Note Do not set pt_cnt above 3000.2. Shut down the server—for example, type:init 03. Restart the server:boot -r

164 Citrix Presentation Server for UNIX Administrator’s GuideIncreasing File LimitsThere is a limit to the number of files a process can have open; the default value is64. To increase the file limits for an individual process, use the ulimit commandin a script before launching the process, as in the following example.To change the file descriptor limits for all processes1. Add the following lines to the /etc/system file:# set hard limit on file descriptorsset rlim_fd_max = 4096# set soft limit on file descriptorsset rlim_fd_cur = 2562. Restart the server:boot -rIncreasing the Number of Concurrent CDE SessionsWith the default configuration of Solaris, there is a limit to the number ofconcurrent CDE sessions that can be run (approximately 60, depending uponsession configuration). This is due to the tooltalk database reaching a limit ofavailable file descriptors. However, you can increase the number of possibleconcurrent CDE sessions.To increase the limit on concurrent CDE sessionsCheck to see if the file /usr/dt/bin/rpc.ttdbserverd is a link to/usr/openwin/bin/rpc.ttdbserverd.If the file is a link, do the following (if it is not a link, see later):1. Remove the file /usr/dt/bin/rpc.ttdbserverd:rm /usr/dt/bin/rpc.ttdbserverd2. Replace the link with the following script file. In this example, ulimit isused to increase the limit to 1024:#!/bin/shulimit -n 1024exec /usr/openwin/bin/rpc.ttdbserverd3. Make the file executable:/bin/chmod a+x /usr/dt/bin/rpc.ttdbserverd4. Kill the currently running rpc.ttdbserverd process.5. Restart rpc.ttdbserverd to ensure the new limit is applied.

Chapter 8 Advanced Topics 165If the file is not a link, do the following:1. Edit the file /usr/dt/bin/rpc.ttdbserverd and change the limit.2. Kill the currently running rpc.ttdbserverd process.3. Restart rpc.ttdbserverd to ensure the new limit is applied.If the Database Gets CorruptedFiles in /TT_DB occasionally get corrupted, and messages such as the followingmay appear in your /var/adm/messages file:/usr/dt/bin/ttsession[11627]: Error: rpc.ttdbserverd on 127.0.0.1is not running/usr/dt/bin/ttsession[11627]: _Tt_db_client::connectToDb():fcntl(F_SETFD): Bad file number/usr/dt/bin/ttsession[11627]: _Tt_db_file::_Tt_db_file():_file_cache->insert(:/etc/tt/types.xdr), dbStatus 16If you suspect that the database is corrupted, remove all the files in the /TT_DBdirectory and repeat Steps 4 and 5 (see “Increasing the Number of ConcurrentCDE Sessions” on page 164). Restarting the server automatically creates newdatabase files.Configuring an HP-UX SystemThis section provides guidelines for configuring your HP-UX system for morethan 10 connections.For further information about how best to configure your system, see the relevantwhite papers on Hewlett-Packard’s Web site at: http://docs.hp.com/hpux/.To configure your HP-UX system for more than 10 connections1. Choose System_Admin from the Application Manager.2. Choose Sam.3. Enter the root password at the prompt. The System AdministrationManager dialog box appears.4. Choose Kernel Configuration.5. Choose Configurable Parameters. The Kernel Configuration dialog boxappears.

166 Citrix Presentation Server for UNIX Administrator’s Guide6. Update your system with the following settings. This tunes your system torun multiple processes (each of which may have many threads and openfiles) and increases the number of users that can log on concurrently.Note Change the value of maxusers first—this allows you to update theother settings.Parameter Setting Descriptionmaxusers1000 (or asrequired)Configuring an AIX SystemAllocates system resources for macros onexpected maximum users.dbc_max_pct 20 Maximum dynamic buffer cache.max_thread_proc 2048 Maximum threads per process.maxfiles 2048 Soft limit of files per process.maxfiles_lim 2048 Hard limit of files per process.maxssiz 401604608 Maximum process storage segment size.maxssiz_64bit 1073741824 Maximum process storage segmentsize—64-bit.maxswapchunks 4096 Maximum swap space configurable onthe system.nflocks 3461 Maximum number of file locks on thesystem.npty 2000 Maximum number of ptys (pseudoterminals)on the system.This section provides guidelines for configuring your AIX system for more than30 connections.For further information about how best to configure your system, see the relevantwhite papers on IBM’s Web site at: http://www.ibm.com/.Changing the Number of Pseudo-TerminalsIn a large number of ICA connections, the number of ptys (pseudo-terminals) caneasily surpass the default value (usually an ICA session has at least one pty).

Chapter 8 Advanced Topics 167To change the number of pseudo-terminals1. Log on as root on the server that you want to configure.2. Type smit. The System Management Interface Tool dialog box appears.3. Choose Devices.4. Choose PTY.5. Choose Change/Show Characteristics of the PTY.6. Change the number of Pseudo-Terminals.7. Select OK. pty0 changed appears.Increasing the Number of Processes Per UserOn AIX, by default, there is a limit to the number of processes a user can haverunning simultaneously. The default is 128 processes per user.If a user runs out of processes, the user cannot run any commands or log off fromthe session until more processes are made available. For example, this situationmay occur in a training scenario where several users are logged on to the serverusing only the one training user id.You can increase the number of processes a user can run simultaneously usingSMIT.To increase the number of processes per user1. Log on as root on the server.2. Type smit. The System Management Interface Tool dialog box appears.3. Choose System Environments.4. Choose Change/Show Characteristics of Operating System.5. Increase the value of Maximum number of PROCESSES allowed peruser (Num).Configuring Non-English Language SupportPresentation Server dialog boxes and system messages appear in US English,which is the default language. However, you can run Citrix Presentation Server ina non-English locale by configuring the server so that dialog boxes and systemmessages appear in French, German, or Spanish. The Presentation Server Loginscreen, user dialog boxes, and system messages that appear in ICA sessionsappear in the language appropriate to your users.

168 Citrix Presentation Server for UNIX Administrator’s GuideConfiguring Presentation Server for non-English language support is a simpleprocess that involves editing the ctxenv.sh script to change the locale in which theserver runs. For information about configuring the server for non-Englishlanguage support, see “Changing the Locale” on page 169.Before you edit ctxenv.sh, the server starts in the currently active locale; that is,the server starts in the locale that is active when you log on to the console. If thislocale provides non-English language support (see below for details of localesthat provide non-English language support), ICA connections appear in theappropriate language: French, German, or Spanish. If the currently active localedoes not provide non-English language support, ICA connections appear in USEnglish.To ensure the server uses the appropriate locale, you must edit the ctxenv.sh fileand restart the server. If you do not edit ctxenv.sh, the server uses the locale that isactive when it starts, and this may produce unexpected results. For informationabout editing ctxenv.sh, see “Changing the Locale” on page 169.Which Locales Provide Non-English LanguageSupport?Citrix Presentation Server provides non-English language support for thefollowing locales:French ISO 8859-1, ISO 8859-15German ISO 8859-1, ISO 8859-15Spanish ISO 8859-1, ISO 8859-15For example, if the server is configured to use the French ISO 8859-1 locale,French dialog boxes and system messages appear to client users.Limitations of Non-English Language SupportOnly French, German, or Spanish language support is provided. Although CitrixPresentation Server will run in other locales, no language support is provided. Forexample, the server can run in an Italian locale and support Italian keyboards, butdialog boxes and system messages appear in US English, not Italian.If you configure the server for non-English language support, this localizes onlythe Login screen, dialog boxes, and system messages that appear within ICAsessions. This does not localize the commands you use to administer CitrixPresentation Server, or the man pages and shell scripts.In addition, only the messages within dialog boxes appear in the appropriatelanguage. Other information, such as dates and times, may be incorrect. Forexample, an incorrect date and time may appear in the Reconnect dialog box.

Chapter 8 Advanced Topics 169Getting More Information about Language SupportTo fully localize your installation in a language other than US English, you needto:• Deploy appropriate language versions of the client software. You candownload clients from: http://www.citrix.com/download/.For information about how to install, configure, and deploy clients to endusers,see the appropriate Client Administrator’s Guide.• Deploy appropriate language versions of applications—for informationabout how to publish applications, see “Publishing Applications andDesktops” on page 61.• If your users are using non-English keyboards, ensure they select theappropriate keyboard in the client software. For information aboutsupported keyboards, see “Configuring Non-English Keyboard Support” onpage 42; for information about selecting keyboards, see the ClientAdministrator’s Guide for the appropriate client.Changing the LocaleTo configure the server for non-English language support, you edit the ctxenv.shscript to change the locale in which the server runs. This script is located in the:/opt/CTXSmf/slib directory/usr/lpp/CTXSmf/slib directoryTo make this process as simple as possible, the ctxenv.sh script includes standardentries for commonly used locales. To change the locale in which the server runs,you uncomment the line for the appropriate locale in ctxenv.sh.The following example shows the standard entries in ctxenv.sh on the Solarisplatform:

170 Citrix Presentation Server for UNIX Administrator’s GuideTo change the locale1. Log on to the server as an administrator.2. Stop the server using the ctxshutdown command. For information aboutctxshutdown, see “Stopping Citrix Presentation Server” on page 39.3. Open the ctxenv.sh file and locate the following lines:# Reset all environment variables so inherited values areignored.# UNCOMMENT THE NEXT LINE and the line for your chosen locale.#LANG=;LC_MESSAGES=;LC_TIME=;LC_NUMERIC=;LC_CTYPE=;LC_MONETARY=;LC_COLLATE=;LC_ALL=4. Remove the # character from the start of the line beginning with #LANG=.5. Find the line containing the locale you want to apply and remove the #character from the start of this line. Note that you can apply only one locale.For example, to choose the French ISO 8859-1 locale, remove the #character from the following line:#LANG=fr_FR.ISO8859-1;LC_MESSAGES=fr

Chapter 8 Advanced Topics 1716. Save the changes to the ctxenv.sh file.7. Start the server using the ctxsrv start all command.The server starts in the appropriate locale.If the Locale You Require Is not Listed in ctxenv.shIf the locale you require is not included in the ctxenv.sh script, you can editctxenv.sh to include this locale. Make sure you remove the # character from thestart of the #LANG= line (as described in the above procedure), and that youapply only the one locale.Note Only the locales listed in “Which Locales Provide Non-English LanguageSupport?” on page 168 provide non-English language support. If you include alocale that is not listed, US English appears by default.ExampleTo use the German ISO 8859-15 locale1. Remove the # character from the start of the following line:#LANG=;LC_MESSAGES=;LC_TIME=;LC_NUMERIC=;LC_CTYPE=;LC_MONETARY=;LC_COLLATE=;LC_ALL=2. Include the following line:LANG=de_DE.ISO8859-1;LC_MESSAGES=deTroubleshooting Non-English Language SupportCannot Find ctxenv.shThe ctxenv.sh script is located in:/opt/CTXSmf/slib/usr/lpp/CTXSmf/slibAfter Editing ctxenv.sh, Information Still Appears in English• If you configure the server to display in French, German, or Spanish, onlythe Login screen, user dialog boxes, and system messages that appear inICA sessions appear in the appropriate language. The commands that youuse to administer Citrix Presentation Server, and the man pages and shellscripts remain in US English. For more information about configuring your

172 Citrix Presentation Server for UNIX Administrator’s Guideserver console for non-English language support, see your UNIX softwaredocumentation.• If you select a locale that is not supported by Citrix Presentation Server, USEnglish is used by default.Dialog Boxes and System Messages Appear in the WrongLanguage• Check that the ctxenv.sh script was edited correctly, otherwise the serveruses the locale that is active when the server starts, and this may produceunexpected results.• Ensure that users’ start-up scripts do not contain locale settings. If a user’sstart-up script overrides the server’s locale setting, information may appearin more than one language.Dates and Times Are IncorrectOnly the messages in user dialog boxes are in French, German, or Spanish. Thismeans that the date and time for the locale may be incorrect and should, therefore,be disregarded. For example, an incorrect date and time may appear in theReconnect dialog box.The Locale Selection Menu Does not Appear on the LoginScreenCitrix Presentation Server supports only the use of one locale at a time, and doesnot offer per-session selection.How Do I Find Out My Current Locale?Use the locale command to display information about the current localeenvironment. For more information about the locale command, see the localeman page or consult your UNIX software documentation.

CHAPTER 9Using the Citrix XML ServiceOverviewThis chapter introduces the Citrix XML Service for Presentation Server for UNIXand explains how to configure and use the XML Service. Topics include:• An overview of the Citrix XML Service• Getting started• Configuring the server port• Configuring the XML Service for use with SSL Relay• Configuring DNS address resolutionAbout the Citrix XML ServiceThe Citrix XML Service for Presentation Server for UNIX runs as a daemon onall servers in a server farm. The key features and benefits of using the XMLService include:Web-based application deployment. Using the XML Service, you can deployapplications published on servers running Citrix Presentation Server to your usersthrough the Web. The XML Service communicates information about the UNIXapplications published in a server farm to the Citrix Web Interface. The WebInterface provides users with an HTML-based presentation of the server farm.Users can access their published applications using a standard Web browser. Youcan specify the name and icon used to display the link to each application in theWeb page and the default window settings for the application when run. For moreinformation about the Web Interface, see the Web Interface Administrator’s Guide.

174 Citrix Presentation Server for UNIX Administrator’s GuideTicketing. The XML Service provides support for ticketing, which offersenhanced authentication security by eliminating user credentials from the ICAfiles sent from the Web server to client devices. The use of the Web Interface’sticketing feature eliminates the danger of an attacker intercepting user credentialinformation and using this to access a server running Citrix Presentation Server.For more information about how to use ticketing in your Web Interfacedeployment, see the Web Interface Administrator’s Guide.HTTP browsing. You can provide your users with HTTP (HyperText TransportProtocol) browsing. The client uses HTTP to communicate with the Citrix XMLService to fulfill browser requests. HTTP browsing uses the standard HTTP porton the firewall—port 80—to allow users to browse applications and servers thatexist on the other side of a firewall. This means that, provided port 80 is not beingused by a Web server running on the server, there is no need to open an additionalport on the firewall for browser requests.SSL Relay support. The XML Service provides Citrix SSL Relay support. SSLRelay provides the ability to secure data communications using Version 4.0 of theSecure Sockets Layer (SSL) protocol. SSL provides server authentication,encryption of the data stream, and message integrity checks. You can use SSLRelay to secure communications in a Web Interface deployment between the Webserver and the server running Citrix Presentation Server. For more informationabout configuring and using SSL Relay, see the Citrix SSL Relay for UNIXAdministrator’s Guide.Server Farm ConsiderationsFor servers running Citrix Presentation Server for UNIX to be included in a farm,they need to be on the same subnet or connected by Citrix ICA gateways. Formore information, see “Multiple Farms and Subnet Considerations” on page 50.You can make applications published in Citrix Presentation Server for UNIXserver farms appear in the same location as applications published onPresentation Server for Windows farms. To do this, you use the multiple serverfarm functionality in the Web Interface. Multiple server farm functionality istransparent to users because they are not informed that their application set is anaggregation from multiple server farms. Applications from multiple server farmsappear in the same way as a single farm; folders appear first, followed byapplication icons. For more information, see the Web Interface Administrator’sGuide.Interoperability with MetaFrame Server 1.2You may be unable to launch published applications if running both CitrixPresentation Server 4.0 for UNIX and MetaFrame Server 1.2. To avoid thisproblem, you must enable interoperability mode.

Chapter 9 Using the Citrix XML Service 175Getting StartedTo enable interoperability mode1. Log on to the server as an administrator.2. Stop the Management Service. At a command prompt, type:ctxsrv stop msd3. Edit the file /var/CTXSmf/ctxxmld.cfg and set InteroperabilityMode toOn.4. Restart the Management Service. At a command prompt, type:ctxsrv start msdThe Citrix XML Service is included automatically when you install CitrixPresentation Server 4.0 for UNIX, and the XML process starts automatically. Ifyou create a server farm, the XML Service runs on each server in the farm.Configuration information required by the XML Service is stored in ctxxmld.cfg.Typically, little or no configuration is required to get the XML Service up andrunning quickly in your installation. However, you may need to configure theXML Service to use port numbers other than the defaults or to enable DNSaddress resolution. This section explains what configuration is required andwhere to find more information.Configuring display settings. You can configure your applications for use withthe Web Interface using the ctxappcfg command. Using ctxappcfg, you canconfigure display settings that include the name of the folder containing theapplication and the icon that the Web Interface displays, and the window size andcolor depth. For more information about configuring application display settings,see “Publishing Applications and Desktops” on page 61.Configuring the XML Service port. By default, the Web server communicateswith the XML Service using port 80. If port 80 is already in use on the serverrunning the XML Service, assign the XML Service to an unused port. See“Configuring the Server Port” on page 177 for more information.

176 Citrix Presentation Server for UNIX Administrator’s GuideConfiguring the SSL Relay port. To enable your users to make SSL-secureconnections to applications through the Web Interface, you must configure theXML Service for use with SSL Relay. To do this, you use the ctxappcfgcommand to specify whether SSL is used to secure connections on all publishedapplications or on a particular application only (see “Publishing Applications andDesktops” on page 61 for more information). If you are not using TCP port 443,which is the standard port for SSL-secured communications, you must specify theport number that SSL Relay listens for connections on using the ctxnfusesrvcommand. For information about how to do this, see “Configuring the XMLService for Use with SSL Relay” on page 177.Note If you configured a particular server to be the master browser, Citrixrecommends that you direct the Web Interface to this server. For more informationabout the ICA browser, see “Citrix Presentation Server for UNIX and the ICABrowser Service” on page 148. Also, if clients are using HTTP browsing, it is bestto direct clients to the master browser server. See your client documentation formore information.Starting and Stopping the Citrix XML ServiceWhen you start and stop Citrix Presentation Server, the Citrix XML Serviceautomatically starts and stops. Using the ctxsrv command, you can start and stopthe Citrix XML Service on the local server.To start the Citrix XML Service1. Log on to the server as an administrator.2. At a command prompt, type:ctxsrv start msdStarting a server causes an election, and the master browser may change. Themaster browser takes some time to acquire information about applicationsavailable on the farm. If the Citrix XML Service is started at the same time as aserver running Presentation Server, it can take up to 10 minutes before theseapplications are visible through the Web Interface.To stop the Citrix XML Service1. Log on to the server as an administrator.2. At a command prompt, type:ctxsrv stop msd

Configuring the Server PortChapter 9 Using the Citrix XML Service 177By default, the Web Interface communicates with the Citrix XML Service usingport 80. If port 80 is already in use on the server running the XML Service, assignthe XML Service to an unused port.Note The XML Service port number must be unique. If the port is already in useby another process, results may be unpredictable. You must configure the WebInterface to use the same port number as you specified for the XML Service—seethe Web Interface Administrator’s Guide for information about how to do this.To configure the Citrix XML Service port1. Log on to the server as an administrator.2. At a command prompt, type:ctxnfusesrv -port portnumberwhere portnumber is an unused port; for example, 8080.NoteYou must restart the XML Service for the new port to be used.To display the current port numberAt a command prompt, use ctxnfusesrv with the -l (list) option:ctxnfusesrv -lConfiguring the XML Service for Use with SSL RelayCitrix SSL Relay is included automatically when you install Citrix PresentationServer 4.0 for UNIX.To allow users who connect to the server through the Web Interface to make SSLsecureconnections to applications, you must configure the XML Service for usewith SSL Relay. To do this you use the:• ctxappcfg command to specify whether SSL is used to secure connectionson all published applications or on a particular application only. For moreinformation, see “Publishing an Application, Shell Script, or Desktop” onpage 64.• ctxnfusesrv command to specify the port number on which SSL Relaylistens for connections. You need to run this command only if you are not

178 Citrix Presentation Server for UNIX Administrator’s Guideusing TCP port 443, which is the standard port for SSL-securedcommunications. The SSL Relay port number you specify must be the sameon every server in the farm.For more information about configuring and using SSL Relay, see the Citrix SSLRelay for UNIX Administrator’s Guide.To configure the SSL Relay port number1. Log on to the server as an administrator.2. If SSL Relay listens for connections on a port other than 443, specify thisport number. At a command prompt, type:ctxnfusesrv -ssl-port port-numberwhere port-number is the port number on which SSL Relay listens forconnections. For example, if SSL Relay listens on port 444, type:ctxnfusesrv -ssl-port 444Troubleshooting SSLIf you configured your server to use NIS for name resolution, the server cannotsupport SSL-enabled ICA connections because NIS does not supply the fullyqualified domain name (FQDN). The FQDN is required by the XML Service todirect requests from the Web Interface and clients.To solve this problem, configure the server to use DNS, in preference to NIS, forname resolution, because DNS supplies the FQDN.Configuring DNS Address ResolutionBy default, servers reply to client browsing requests with an IP address. However,a server can respond with the fully qualified domain name. This feature, calledDomain Name System (DNS) address resolution, is available to clients using theXML Service. In most situations, the use of IP addresses works well and with lessoverhead.You can enable DNS address resolution using the ctxnfusesrv -dns command.

Chapter 9 Using the Citrix XML Service 179To enable DNS address resolution1. Log on to the server as an administrator.2. At a command prompt, type:ctxnfusesrv -dns enableNote If DNS addressing is enabled, clients can connect reliably to servers only ifthey can resolve the fully qualified domain name. If the client is not configuredcorrectly, it cannot connect. Ping a server with its DNS host name to verify this.Displaying the Current SettingYou can display the current DNS address resolution setting using ctxnfusesrvand the -l (list) option.To display the current DNS address resolution settingAt a command prompt, type:ctxnfusesrv -l

180 Citrix Presentation Server for UNIX Administrator’s Guide

CHAPTER 10Using Client Drive MappingOverviewThis chapter discusses client drive mapping. Topics discussed include:• An introduction to client drive mapping• Enabling client drive mapping• Configuring client drive mapping• Features and limitations of client drive mapping• Troubleshooting client drive mappingIntroducing Client Drive MappingThe client drive mapping feature enables users to access their local drives fromwithin an ICA session. When a user makes an ICA connection to a server runningCitrix Presentation Server, the user’s local drives are mounted automatically, suchas floppy disk drives, network drives, CD-ROM drives, and hard disk drives.

182 Citrix Presentation Server for UNIX Administrator’s GuideICA sessionmounted local drivesServer runningPresentationServerHard diskdriveUserFloppy driveCD-ROM driveThese drives are available for the duration of the session. When a session isdisconnected, all the mapped drives belonging to the session are releasedimmediately. If you shadow a users’s session using ctxshadow, you can alsoaccess the local, mapped drives belonging to the shadowed session.For users to take advantage of client drive mapping:• Users must be running Version 6.0 or later clients.• You use ctxcfg to enable client drive mapping. By default, the client drivemapping feature is disabled because it consumes server resources, and sothat you can be certain that no one is moving files between the server andclients. For information about enabling and configuring client drivemapping, see “Enabling and Configuring Client Drive Mapping” onpage 182.Enabling and Configuring Client Drive MappingThis section tells you how to enable and disable client drive mapping on theserver, and how to configure user access to drives.

Chapter 10 Using Client Drive Mapping 183Before your users can take advantage of client drive mapping, you must enable iton the server running Citrix Presentation Server using the ctxcfg command. See“Enabling Client Drive Mapping” on page 183 for information.After client drive mapping is enabled, you can configure user access to specificmapped drives using the ctxmount command, which you include in thectxsession.sh script. You can also configure access to client drive mapping on auser or group level basis, using the security function ctxsecurity.You can also enable and disable client drive mapping on a global basis using thectxsrv command. For example, you may want to temporarily stop client drivemapping for all users during a virus scare. For more information about enablingand disabling client drive mapping, see “Enabling Client Drive Mapping” onpage 183 and “Disabling and Enabling Client Drive Mapping” on page 188.Important Client drive mapping can also be configured using options availablewithin the client. Therefore, for client drive mapping to work, you must ensure thatthe settings on the client are consistent with the settings on the server runningCitrix Presentation Server. To enable client drive mapping, you must enable it onthe client, and on the server, and ensure the settings do not conflict. For example, ifthe client is configured to mount only drive C, mounting drive A on the server willhave no effect. For more information about configuring client drive mapping on theclient, see the appropriate Client Administrator’s Guide.To understand how client drive mapping works and for information about thelimitations in this release, see “Features and Limitations of Client DriveMapping” on page 189.Note To use client drive mapping when running Citrix Presentation Server forUNIX Version 4.0 on the AIX operating system, ensure optionnfs_use_reserved_ports is set to 1 using the nfso command.Enabling Client Drive MappingThis section explains how to enable client drive mapping on a server runningCitrix Presentation Server.By default, when you install Presentation Server, client drive mapping is disabled.Therefore, before users can take advantage of this feature, you must enable it onthe server. When you enable client drive mapping, you must choose whether toenable the mapped drives with read-write access or with read-only access.You use the ctxcfg tool with the -D option to enable client drive mapping.

184 Citrix Presentation Server for UNIX Administrator’s GuideTo enable client drive mapping on the server1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -D enable,access={ro|rw}where ro is read-only access, and rw is read-write access.When client drive mapping is enabled, it is enabled for all users and all theiravailable local drives. However, you can restrict access on a user or group levelbasis using the ctxsecurity security command. For example, to preventanonymous users (the ctxanon group) from using client drive mapping, use thectxsecurity command to deny this group access. For more information aboutusing ctxsecurity, see “Configuring Citrix Presentation Server Security” onpage 140.You can also restrict user access to specific drives using the ctxmount command.For example, you can configure client drive mapping so that users can accessonly drive C. You can do this for all users or for particular users. For moreinformation about configuring access to specific drives, see “Configuring Accessto Specific Drives” on page 184.Note The access policy you implement using ctxcfg takes precedence over anysettings configured using ctxmount, including any settings in the ctxsession.sh file.For example, if you enable access as read-only using ctxcfg, this cannot beoverridden using ctxmount.Configuring Access to Specific DrivesThis section explains how to configure user access to specific mapped drives.When you enable client drive mapping using ctxcfg, all the local drives availableto a user are mapped. However, you can configure access to particular mappeddrives using the ctxmount command. You can do this for particular users or forevery user who connects to the server.For example, you can configure the system so that in an ICA session:• The user Fred cannot access drive A• Fred’s drive C is read-only• All users cannot access drive C• All users’ drives A are read-only

Chapter 10 Using Client Drive Mapping 185To use the ctxmount command, you modify it within the ctxsession.sh script. Thectxmount command is contained within ctxsession.sh because ctxmount affectsonly the session in which it runs. ctxsession.sh runs after a user logs on, so youcan use it to customize the local environment for a session.Note Settings configured using ctxcfg take precedence over any settingsconfigured using ctxmount. For example, if you enable read-only access tomapped drives using ctxcfg, read-write access cannot be granted using ctxmount.Configuring Access to Specific Drives for Every UserUse the following procedure to configure access to specific drives for every userwho logs on to the server.To configure access to specific drives for every user1. Log on to the server as an administrator.2. Open the ctxsession.sh script and locate the following line:$CTXMOUNT3. Update the ctxmount command:$CTXMOUNT [ -d | -ro ] [ drivelist ]The following table explains the options:OptionUse this to:-d Disconnect a drive.-rodrivelistConfigure access to a drive as read-only. If you specify acurrently connected drive, this drive is made read-only.Specify the drive letters to which you want to configureaccess: (A B C ... Z) or all to specify all available drives.If you do not specify a drivelist, the default of all is used.Examples• To connect all drives as read-only, use the command:$CTXMOUNT -ro• To connect drive C only, use the command:$CTXMOUNT C• To connect all drives except drive C, use the commands:$CTXMOUNT all

186 Citrix Presentation Server for UNIX Administrator’s Guidectxmount -d C• To disconnect all drives, use the command:$CTXMOUNT -d• To disconnect drives M, N, and T, use the command:$CTXMOUNT -d M N TConfiguring Access to Specific Drives for a ParticularUserThere are two methods of doing this, depending upon whether or not you trustyour users.If you trust your users, use the following procedure to allow users to configureaccess to specific drives.Important With this method users can overwrite these settings using thectxmount command.To configure access to specific drives for a particular user1. Log on to the server as an administrator.2. Open the ctxsession.sh script and locate the following lines:#if [ -f $HOME/.ctx.session.sh ] ; then#. $HOME/.ctx.session.sh#fi3. Remove the # character from the start of each line, so that these lines are nolonger commented out.4. In the user’s home directory, create a file called .ctx.session.sh.5. In the .ctx.session.sh file, include the ctxmount command:ctxmount [ -d | -ro ] [ drivelist ]

Chapter 10 Using Client Drive Mapping 187For information about the command options and for examples about how touse the ctxmount command, see “Configuring Access to Specific Drivesfor Every User” on page 185.Note• This script is run for every session.• Users can modify the .ctx.session.sh file and run any commands thatthey choose.If you do not trust your users, use the following procedure to configure access tospecific drives. With this method, users cannot overwrite these settings using thectxmount command.To configure access to specific drives for a particular user1. Log on to the server as an administrator.2. Open the ctxsession.sh script and locate the following lines:#if [ -f $HOME/.ctx.session.sh ] ; then#. $HOME/.ctx.session.sh#fi3. Under here, insert lines similar to the following (in this example, the user“bill” is given read/write access to drives A, C, and E, “mandy” is givenread-only access to drive C, and for all other users drives are disconnected):case $USER inbill)ctxmount ACE;;mandy)*)esacctxmount -ro C;;ctxmount -d;;

188 Citrix Presentation Server for UNIX Administrator’s GuideFor information about the command options and for examples about how touse the ctxmount command, see “Configuring Access to Specific Drivesfor Every User” on page 185.Note If you do not trust your users, and do not want them to use client drivemapping, except as you define here, do not give them access to a command promptfrom which they can run ctxmount. That is, give your users access only topublished applications.Disabling and Enabling Client Drive MappingThis section discusses the different methods of disabling and enabling client drivemapping.Disabling Client Drive MappingHow you disable client drive mapping depends upon whether you want to disableit for new connections only, or disable it for all connections including anyexisting ones.• To disable client drive mapping for new connections only, use the ctxcfgcommand. Client drive mapping will still be available for existingconnections.• To disable client drive mapping for all connections, including any existingconnections, use the ctxsrv stop command. This command immediatelystops the client drive mapping process on the server. For example, use thismethod to immediately disable client drive mapping for all users during avirus scare.To disable client drive mapping for new connections1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -D disableTo disable client drive mapping for all connections, including existing ones1. Log on to the server as an administrator.2. At a command prompt, type:ctxsrv stop cdm

Chapter 10 Using Client Drive Mapping 189Enabling Client Drive MappingHow you enable client drive mapping depends upon how you disabled it.• If you disabled client drive mapping using ctxcfg, use ctxcfg to enable it.• If you disabled client drive mapping on the server using ctxsrv stop, usectxsrv start to enable it.To enable client drive mapping (if disabled using ctxcfg)1. Log on to the server as an administrator.2. At a command prompt, type:ctxcfg -D enable,access={ ro|rw }where ro is read-only access, and rw is read-write access.To restart client drive mapping (if disabled using ctxsrv)1. Log on to the server as an administrator.2. At a command prompt, type:ctxsrv start cdmTip Use ctxcfg -D list to display whether client drive mapping is currentlyenabled or disabled. Note, however, that this shows only the enabled or disabledstatus configured using the ctxcfg command—it does not display whether clientdrive mapping is enabled or disabled using ctxsrv.Features and Limitations of Client Drive MappingThis section provides further information about how client drive mapping works.It tells you about the /ctxmnt directory and the $CTXCLIENT environmentvariable. It also provides information that you and your users need to know aboutfile names, permissions, and formats, and about the limitations of client drivemapping in this release.How Does Client Drive Mapping Work?When you install Citrix Presentation Server, the /ctxmnt directory is created onthe server. When client drive mapping is enabled, this directory holds informationabout clients’ mapped drives for each session that connects to the server.When a user makes a connection to the server, the user’s drive mappings are heldin this directory as:

190 Citrix Presentation Server for UNIX Administrator’s Guide/ctxmnt/username/default/drivelettersIf a user starts additional sessions that run concurrently with the user’s firstsession, the additional drive mappings are held as:/ctxmnt/username/$CITRIX_SESSION_ID/drivelettersEach session uses the $CTXCLIENT environment variable to point to theappropriate drive mappings on the server.For example, within an ICA session the user Fred accesses a file on his hard diskcalled: C:\accounts\expenses.txt. This file is mapped as /ctxmnt/fred/default/C/accounts/expenses.txt. If Fred starts another session, the session id is used to mapadditional files and directories; for example, /ctxmnt/fred/20/C/accounts/payments.txt.File NamesFile names permitted in one operating system may not be permitted in another.For example, the Windows operating system does not allow file names that matchdevices. Likewise, some operating systems do not permit file names that containcertain characters, such as: \ / : * ? “ < >. File names containing non-Englishcharacters can also appear differently between the client and the server.Client drive mapping does not take the case of file names into consideration; forexample, the files “readme.txt” and “README.TXT” are treated as the same file.Client drive letters, however, are always converted to upper case.If you are using the Clients for Windows, do not use an asterisk (*) withinquotation marks in file names. For example, if you want to change directory to“New Folder,” either type the full name of the file, or type:cd /ctxmnt/username/default/driveletter/Ne*File PermissionsFile permissions are set at the user name level; therefore, only the user who ownsthe file can access and update files on their local, mapped drives. You cannotchange the permissions on files in the /ctxmnt directory using chmod or chown.Execute permissions cannot be set on any files served by client drive mapping.

Chapter 10 Using Client Drive Mapping 191Files that are executable locally cannot be executed within a mapped client drive.For example, on a local UNIX computer, you have a file called a.out. When yourun ls -l on the local computer, the file permissions are listed as rwxr-xr-x.However, if you run ls -l on the mapped drive, the file permissions are listed asrw-------.Caution UNIX permissions prevent users from being able to display and accesseach other’s files. However, if you use ctxcfg -a to allow automatic logon, yourusers can see directory listings of each others’ files (for example, using the lscommand in UNIX) and they can access and display the contents of the filesbecause users are logged on under the same user id. To prevent this, do not usectxcfg -a with client drive mapping.File AttributesFile attributes that apply on one operating system may be ignored on another. Forexample, files that are hidden in Windows may appear when displayed in adifferent operating system, such as UNIX. DOS file attributes (with the exceptionof read-only) are ignored in UNIX.File FormatsAlthough client drive mapping provides users with access to their local drives,file format conversion does not occur automatically. This means that files storedon local client devices may appear differently in an ICA connection that usesclient drive mapping. Similarly, files stored on the server may appear differentlywhen saved to the local client device.For example, files created on a DOS file system may contain both carriage returnsand line feeds as line terminators, while files created on a UNIX system maycontain line feeds only.Troubleshooting Client Drive MappingThis section describes problems that you and your users may experience, ortypical questions that may be asked about client drive mapping, and providespossible solutions and answers to these.Client Drive Mapping Does not WorkThe following diagram shows the steps you need to perform on the server if clientdrive mapping does not work:

192 Citrix Presentation Server for UNIX Administrator’s GuideTip Remember to check also that client drive mapping is enabled on the client,and that these settings are consistent with the settings on the server.

Chapter 10 Using Client Drive Mapping 193“Invalid Directory” or “Stale File” Error MessagesWhen a session is disconnected, all the mapped drives belonging to the sessionare immediately released. However, some applications store the paths of files onwhich a user recently worked. If a session is disconnected and later reconnected,the path to a file may be invalid in the reconnected session.For example, in an application running in an ICA connection, Fred edits a file thatis mapped as /ctxmnt/fred/default/C/accounts/expenses.txt. However, Fred’sconnection breaks and he reconnects the session. This time the system maps thefile as /ctxmnt/fred/10/C/accounts/expenses.txt. Therefore, when Fred attempts toaccess expenses.txt in the application, the path is no longer valid and errormessages such as “invalid directory” or “stale file” appear.Problems Accessing and Updating FilesFile names permitted in one operating system may not be permitted in another.For example, the Windows operating system does not allow file names that matchdevices, so users of Windows clients may experience problems attempting towrite files called com1.txt, lpt1, aux, and so on.Some operating systems do not permit file names that contain certain characters;for example, in Windows these characters are: \ / : * ? “ < >File names containing non-English characters may also appear differently due tomismatches in the character encoding used by the client and the server. Forexample, a user has a file on a hard drive called “¼results.txt;” however, whenviewing this file in an ICA session the user sees “?results.txt.” To access files thatcontain characters that are not available on the keyboard, use wildcards; forexample, vi *results.txt.A File Looks Different when Displayed in an ICA SessionFile format conversion does not occur automatically. This means that files storedon local client devices may appear differently in an ICA connection that usesclient drive mapping. Similarly, files stored on the server may appear differentlywhen saved to the local client device.For example, a user has a text file on a local Windows client device. When theuser displays this file in an ICA connection, ^M appears at the end of each line.This is due to the different text file formats in the operating systems. Therefore,before the user can work with the file, the file format must be converted; forexample, using a utility such as “dos2unix.”

194 Citrix Presentation Server for UNIX Administrator’s GuideNFS Error MessagesNot Responding Error MessageIn the unlikely event that the client drive mapping process on the server is slow inresponding, an error message (such as “NFS server CDM server not respondingstill trying” or “NFS server 127.0.0.1 not responding still trying”) appears.Normally, this request is fulfilled and the message “NFS server CDM server ok”or “NFS server 127.0.0.1 ok” appears. However, if the problem persists, you mustrestart the client drive mapping process on the server.Tip To interrupt the request and get a command prompt, press CTRL+C or send aSIGINT to the process.To restart client drive mapping1. Ensure that there are no users in the /ctxmnt directory (users should not bereading or writing to this directory, nor should it be their current directory).For example, you may want to ask your users to log off from the server; todo this, use the ctxmsg -a command to send a message to all users.2. Stop client drive mapping. At a command prompt, type:ctxsrv stop cdm3. Restart client drive mapping. At a command prompt, type:ctxsrv start cdmStale NFS Handle Error MessageIf you disconnect while your current directory is within a mapped directory treeand then reconnect, all subsequent accesses to the mapped directories will resultin the error message “Stale NFS Handle.” This happens because informationabout the mapped drive is lost when the drive is disconnected.In the reconnected session, change directory so that you are no longer in themapped drive; for example, by typing cd to go back to the home directory.

APPENDIX ACommand ReferenceOverviewThis appendix describes the Citrix Presentation Server for UNIX and XMLService for UNIX command line utilities.Citrix Presentation Server CommandsThe Citrix Presentation Server commands listed in this appendix are:ctx3bmousectxaltctxanoncfgctxappcfgctxbrcfgctxcapturectxcfgctxconnectctxcreatefarmctxdisconnectctxfarmctxgrabctxjoinfarmctxlogoffctxlprctxlsdcfgctxmasterctxmountctxmsgconfigure 3-button mouse emulationalternate address configuration for ICA browsersconfigure anonymous usersconfigure published applicationsconfigure ICA browser settingsgraphics copy and paste (between ICA and local applications)configure server settingsconnect to a sessioncreate a server farm. See ctxfarm.disconnect from a sessioncreate a farm, join a farm, remove a server from afarm, or change the farm’s secret key and passphrase.graphics copy and paste (from ICA to local applications)join a server farm. See ctxfarm.log off from a serverprint to a client printerconfigure communication with a license servershow master ICA browserconfigures user access to mapped drivessend a message

196 Citrix Presentation Server for UNIX Administrator’s Guidectxprintersctxqserverctxqsessionctxqueryctxquserctxresetctxsecurityctxshadowctxshutdownctxsrvlist printers installed on the clientdisplay information about serversdisplay session detailsdisplay session details or details in a different formatdisplay session user detailsreset a sessionconfigure securitystart a shadowing sessionshut down the server processesstart up or stop the server processesXML Service CommandsThe XML Service commands listed in this appendix are:ctxnfusesrvCitrix Presentation Server Commandsctx3bmouseconfigure the Citrix XML Service HTTP port, enable publishingmode, DNS address resolution, and specify the SSL Relay portDescriptionctx3bmouse configures 3-button mouse emulation.You may need to use Citrix Presentation Server to deploy UNIX applications thatare designed for use with a 3-button mouse. However, many clients run ondevices that have only a 2-button mouse, 1-button mouse, or pointing deviceavailable.To do this, you publish another version of the application for use by these clients.This version of the application is published using a script file that includesctx3bmouse settings. The ctx3bmouse command lets users represent a missingmouse button by combining an existing mouse button with a modifier key. Forexample, a missing button might be simulated by clicking the left mouse buttonand pressing the SHIFT key.

Appendix A Command Reference 197By running a script file that includes ctx3bmouse settings, you ensure theapplication is run in a session with the appropriate mouse mappings.Syntaxctx3bmousemissing_button=mouse_button,number_of_modifier_keyctx3bmouse -rctx3bmouse -cOptions-r Display mouse mappings for the current session.-c Clear all mouse mappings for the current session.Parametersmissing_buttonmouse_buttonnumber_of_modifier_keyThe missing button that is to be emulated:left| middle| rightThe existing mouse button which, when pressed with themodifier key, simulates the missing mouse button.Number of modifier to use. Use the xmodmap command toshow which keys correspond to which modifiers.RemarksWith xmodmap it is possible to remap almost any aspect of the keyboard andmouse. Take care when using xmodmap with ctx3bmouse because thecombination may be confusing.Middle mouse button emulation is included in Version 6.20, or later, of theClients for Windows. If users are connecting to a computer running PresentationServer using this client, disable any ctx3bmouse settings configured on the server.ctxaltDescriptionctxalt specifies alternate address configuration for ICA browsers.Syntaxctxalt -lctxalt-d alt_addr

198 Citrix Presentation Server for UNIX Administrator’s Guidectxalt-a browser_addr alt_addrctxalt-r addrctxalt -hOptions-l List current alternate address configuration.-d Set the default alternate address.-a Set an alternate address.-r Remove an alternate address.-h Display usage messageParametersalt_addrbrowser_addrSpecifies the alternate address.With the exception of the -r option, all addresses must be suppliedin standard IP address format. The -r option also accepts the (caseinsensitive)keyword DefaultAddress to erase the default addresssetting.Specifies the default alternate address.RemarksYou must be an administrator to run this command.ctxanoncfgDescriptionctxanoncfg configures anonymous users.Syntaxctxanoncfg-l [-q]ctxanoncfg -n number [-b anonymous_user_name ][-t minutes] [-s shell] [-u user-id][-g group] [-d path] [-q]ctxanoncfgctxanoncfgctxanoncfg -h-t minutes [-q]-clear

Appendix A Command Reference 199Options-l List current anonymous user settings.-q Quiet mode. Use with the other options to suppress the display oferror messages and what the command is doing at each stage.-n Specify the number of anonymous user accounts.-b Change how anonymous user accounts are named. Use this optiononly when creating new anonymous user accounts—do not use it tochange existing accounts.-t Specify the idle time-out period, in minutes, for anonymous usersessions. If there is no activity within this time, a warning messageappears stating that the user will be logged off if the session remainsinactive for a further five minutes.-s Specify a particular shell for anonymous user accounts.-u Assign specific user ids to anonymous user accounts, where user-idis the first id in the range.-g Specify the name of the anonymous user group. By default the groupname is ctxanon.-d Specify the home directory for anonymous user accounts. By defaultall anonymous user accounts are created with home directories in/usr/anon.-clearRemove all anonymous user configuration.-h Display help message.Parametersnumberanonymous_user_nameminutesshelluser-idgrouppathNew number of anonymous user accounts.New name of anonymous user accounts. By default,account names are in the format anonx where x is anumber from 1,2 ... and so on.Idle time-out period, in minutes.Shell you want to assign to anonymous user accounts—for example: /bin/csh.First user id from which you want to start generatinganonymous user accounts.Name of the anonymous user group. This must be eightcharacters or less.Home directory for anonymous user accounts. You donot need to specify the trailing forward slash (/).RemarksYou must be root to run this command.

200 Citrix Presentation Server for UNIX Administrator’s GuideYou must stop the Citrix Presentation Server process on the server before youconfigure anonymous users.See alsoctxshutdown—to stop the Citrix Presentation Server process.ctxappcfgDescriptionctxappcfg is an interactive command that allows you to publish and configureapplications.SyntaxctxappcfgUsageWhen you run ctxappcfg, the App Config> command prompt appears and youcan enter the following commands:listpublishDisplays a list of published application names.Allows you to publish an application. You are prompted for thefollowing details:Name - the name used to refer to the published application.Command Line - the command-line used to launch the application.To publish the desktop, press ENTER without specifying a commandline.Working Directory - the working directory used by the application. Tospecify the user’s home directory, leave this blank.Anonymous - whether the application is for use by anonymous orexplicit users. Enter yes if the application is for use by anonymoususers only, or no if it is for explicit users only.Description - an optional description that can be displayed on theuser’s Web page. If the description includes spaces, enclose it withinquotes.Folder - a folder containing the application.Icon File - the icon file displayed against a published application.Window Size - the window size and type of window. Specify windowsize as widthxheight; for example, 1024x768; or % (percentage) of adesktop; for example, 70%. Specify type of window as seamless (thewindow size is controlled by the client) or fullscreen (full screendisplay).Color Depth - the number of colors used to display the application.Choose from 16, 256, 4bit, 8bit, 16bit, and 24bit.Enable SSL security - type yes to use SSL to secure connections tothis application, or no if you do not want to use SSL.

Appendix A Command Reference 201publishselect[name]User name - the user names of users permitted to access thisapplication. Type one user name per line. Enter a blank line to completethe list. If you do not enter any user or group names, the applicationcannot be published successfully.Group name - the names of user groups or netgroups permitted toaccess this application. Type one group name per line. Leave a blankline to complete the list. To denote a netgroup, use an at symbol (@) asthe first character of the name; for example @netgroup1. If you do notenter any user or group names, the application cannot be publishedsuccessfully.Server name - the names of servers in the farm that will publish thisapplication. Type one server name per line. Leave a blank line tocomplete the list. To specify all current servers in the farm, type anasterisk (*). To specify all current and future servers in the farm, type aplus sign (+).Allows you to configure a published application. If you do not specifythe name of the application you want to configure, you are promptedfor it. Note that the application name is case-sensitive. After you selectan application, the prompt changes to the name of the application andyou can enter the following commands:list - lists the configuration details of the selected application.set - allows you to change the configuration. The full syntax is:set [cmd={cmd_line}, dir={dir_name}, anonymous={yes|no},enabled={yes|no}, description={description}, folder={folder name},window_size={window size}, color_depth={colordepth},ssl_enabled={yes|no}]—OR—set server={server_name}, [cmd={cmd_line}, dir={dir_name}]where the parameters are as follows:cmd - the command line required for the program to run.dir - the initial working directory.anonymous - indicates if the application is for use by anonymous orexplicit users.enabled - indicates if the application is enabled or disabled.description - the description displayed on the user’s Web page. If thedescription includes spaces, enclose it within quotes.folder - the name of a folder containing the program.window_size - the window size (width x height or percentage of adesktop) and type of window (desktop or seamless)color_depth - the number of colors used to display the application.Specify 16, 256, 4bit, 8bit, 16bit, or 24bit.ssl_enabled - specifies whether or not SSL is used to secureconnections to the application. Type yes to use SSL, or no if you donot want to use SSL.server - the name of the server you want to configure. This optionapplies only to the command-line and working directory.

202 Citrix Presentation Server for UNIX Administrator’s Guideselect[name]list users - lists the users who are allowed to access the publishedapplication.list groups - lists groups of users who are allowed to access thepublished application.add users - adds users who are allowed to access the publishedapplication. Type one user name per line. Leave a blank line tocomplete the list.add groups - adds groups of users or netgroups who are allowed toaccess the published application. Type one group per line. Leave ablank line to complete the list. To denote a netgroup, use an at symbol(@) as the first character of the name; for example @netgroup1. Notethat if you specify a netgroup, only the presence of a user in a netgroupis checked; the host and domain fields are ignored.remove users - prevents users from accessing the publishedapplication. Type one user name per line. Leave a blank line tocomplete the list.remove groups - prevents groups of users from accessing thepublished application. Type one group per line. Leave a blank line tocomplete the list.list servers - lists all servers in the farm that publish the application.add servers - publish the application on another server in the farm.Type one server name per line. Leave a blank line to complete the list.To specify all current servers in the farm, type an asterisk (*). Tospecify all current and future servers in the farm, type a plus sign (+).Note that an application must be installed on a server before it can bepublished.remove servers - remove the published application from one or moreservers in the farm. Type one server name per line. Leave a blank lineto complete the list.export icon - export the current icon to a file that you can later view.You are prompted for the file name.import icon - specify a different icon file for the published application.You are prompted for the file name.copy - creates a new published application by copying theconfiguration of the current application. You are prompted to enter aname for the new application. The new configuration is saved andselected automatically.save - saves the changes you make.delete - deletes the currently selected application and returns you to theApp Config> prompt.drop - clears the current application and returns you to theApp Config> prompt.help / ? - displays a brief usage message.exit - exits the command.

Appendix A Command Reference 203defaulthelp / ?exitAllows you to display and configure the default settings for allpublished applications in the server farm. To change the defaultsettings, use the set command, which has the following syntax:set [folder=[folder name], window_size={window size},color_depth={color depth}, ssl_enabled]where the parameters are as follows:folder - the name of a folder containing the published application.window_size - the window size (width x height or percentage of adesktop) and type of window (desktop or seamless).color_depth - the number of colors used to display the application.Specify 16, 256, 4bit, 8bit, 16bit, or 24bit.ssl_enabled - specifies whether or not SSL is used to secureconnections to the application. Type yes to use SSL, or no if you donot want to use SSL.export icon - export the current icon to a file that you can later view.import icon - specify a different default icon file for the publishedapplication.save - saves the changes you make.drop - clears the current application and returns you to theApp Config> prompt.Displays a brief usage message.Exits the command.RemarksYou must be an administrator to run this command.See alsoctxqserver—to list all published applications on the network.ctxbrcfgDescriptionctxbrcfg configures ICA browser settings.Syntaxctxbrcfg -g [add=gateway,] [remove=gateway,] [list]ctxbrcfg -m [always | never | neutral,] [list]ctxbrcfg -r [set=num,] [list]ctxbrcfg -b [set=address | unset | list]ctxbrcfg -h

204 Citrix Presentation Server for UNIX Administrator’s GuideOptions-g Gateways. Allows you to add or remove ICA Gateways.-m Master election. Allows you to influence the criteria used for themaster election. always makes the local browser try to become themaster. never instructs the browser to refrain from standing in anelection. neutral reinstates the default behavior of “no preference.”-r Refresh period. Allows you to specify the interval (in minutes) atwhich the local browser will update the master browser.-b Restrict the ICA browser to one subnet. If a server running CitrixPresentation Server has more than one network interface card (NIC)and is connected on more than one subnet, configure the server so thatthe browser listens on only one subnet and ignores broadcasts on theothers. Use set to restrict the browser to a subnet. Use unset to removea restriction. Use list to display current restrictions.-h Display usage message.ParametersnumgatewayaddressSpecifies the interval (in minutes) at which the local browser willupdate the master browser.Specifies the gateway host name or IP address.The IP address or subnet address to which you want to restrict thebrowser, in aaa.bbb.ccc.ddd format—that is, 10.20.123.123.RemarksYou must be an administrator to run this command.If you bind the server to a subnet, make sure that there is only one NIC on thissubnet. For more information, see “If a Server Uses Multiple Network InterfaceCards” on page 153.See alsoctxqserver—to display information about gateways and the master browser.

Appendix A Command Reference 205ctxcaptureDescriptionctxcapture lets you:• Capture windows or screen areas and copy them between an application ina client window and an application running on the local client device,including non-ICCCM-compliant applications.• Copy graphics between the client and the X graphics manipulation utilityXV. XV is a shareware utility that is available for download from theInternet.ctxcapture is available from the command prompt; it is also available when youconnect to published applications through the ctxwm window manager, if youradministrator made it available, as follows:• In a seamless window, right click the button in the top, left hand cornerof the screen to display a menu and choose the Screen Grab option• In a “full screen” window, right click to display the ctxwm menu andchoose the Screen Grab optionWhen ctxcapture starts, a dialog box appears.SyntaxctxcaptureSee alsoctxgrab—a simple tool to cut and paste graphics from ICA applications toapplications running locally on the client device.ctxcfgDescriptionctxcfg configures server settings.Syntaxctxcfgctxcfg-a [ERASE | [[prompt={TRUE | FALSE},] [INHERIT | [user=name,][pass]] [list]-l [max={UNLIMITED | num }] [list]

206 Citrix Presentation Server for UNIX Administrator’s Guidectxcfgctxcfgctxcfgctxcfgctxcfgctxcfg -gctxcfgctxcfgctxcfgctxcfg-t [connect={NONE | minutes},] [disconnect={NONE | minutes},][disclogoff={NONE | minutes},] [authentication={NONE | minutes},][idle={NONE | minutes},] [clientcheck={NONE | seconds},][clientresponse={NONE | seconds},] [list]-c [broken={DISCONNECT | RESET | LOGOFF},][reconnect={ORIGINAL | ANY},] [list]-p [enable | disable] [list]-C [enable | disable] [list]-P [set=num | reset] [list]-e {none | basic} [list]-i [ INHERIT | PUBONLY | ([prog=name,][wd=dir])] [list]-s enable [,input={on|off}] [,notify={on|off}]-s disable-s list-D enable,access={ro | rw}-D disable-D listctxcfg -k [loadfactor=num] | [lognohome= {0|1}] | [autoreconnect= {0|1}] |[logonlogging= {0|1|2}] | [logofflogging= {0|1|2}] | [reconnectlogging={0|1|2}] | [disconnectlogging= {0|1|2}]ctxcfgctxcfgctxcfg -h-m [enable | disable] [lowerthreshold=num] [upperthreshold=num][list]-o [set=n] [reset] [list]Options-a Allows you to set automatic logon details. Use INHERIT to make theserver use logon details specified on the client, rather than setting a username and password for the server using user and pass.Alternatively you can specify a user name and/or password for all userswho log on to the server. Set prompt to TRUE to prompt users for apassword, regardless of whether one is specified on the server or theclient. Use the pass option to prompt users for a logon password. Notethat using -g with the list option will not display the password.ERASE erases any user name and password details that were set usingthe user and pass options and makes the server use logon detailsspecified on the client.-l Logons. Allows you to limit the number of users who can be logged onconcurrently to the server. Specify an unsigned number or the keywordUNLIMITED to allow an unlimited number of users to log on.

Appendix A Command Reference 207-t Timers. Allows you to specify time-out intervals (in minutes) forconnected, disconnected, and idle sessions. Only new sessions areaffected by changes to the time-out intervals. For example, to specify atime-out interval of 10 minutes for disconnected sessions, use -tdisconnect=10. To specify that a timed-out session be logged off ratherthan reset, use -t disclogoff=num in addition to the -t disconnect setting.Use authentication to specify the maximum duration that a session in theconnected state exists on the server, prior to the user logging on orreconnecting. When the specified duration elapses, the session is reset.Use the keyword NONE to disable all time-out settings. Use client checkto specify the maximum period of time a client can be unresponsivebefore the server checks that the client is still connected. Use clientresponse to specify the maximum period of time the server waits for aresponse from a client before disconnecting sessions automatically.Note: You must configure both client check and client response optionsto disconnect sessions interrupted by network failure automatically.-c Connections. Allows you to define how the server handles timed out orbroken sessions.Set broken to DISCONNECT to disconnect sessions that are broken; setto RESET to terminate broken sessions. Set broken to LOGOFF to logoff broken sessions. Logging off sessions allows some applications toexit more cleanly than with RESET. A RESET is performed on thesession after 30 seconds if logging off does not fully terminate thesession.Note: Use the LOGOFF and RESET options with care because userswill not be prompted to save their data before sessions are logged off orreset in this way.Set reconnect to ORIGINAL to allow reconnection only to a broken ortimed out session from the original terminal; set to ANY to allowreconnection to the session from any terminal.-p Client printing. Use to enable or disable client printing.-C Client clipboard. Use to enable or disable the client clipboard.-P Port number. Use to specify a TCP/IP port number on which the servercan listen for connections. Use set to use a specific number or reset to usethe default number. You must restart the server for the new value to takeeffect.-g Generate. This generates a list of commands that, if executed, restores allsettings to their current values (except the password). You can redirectthese commands to a file that you can later execute as a shell script. -gcannot be used with any other argument.-e Encryption. Use to force clients to use encryption and prevent clients whodo not use encryption from connecting.-i Initial program. Use to specify a program, and path if necessary, to runwhen the client initially connects. INHERIT uses the program and pathspecified on the client. PUBONLY restricts users so that they canconnect only to published applications, and prevents users fromconnecting to the server by name, or to the server desktop.

208 Citrix Presentation Server for UNIX Administrator’s Guide-s Shadowing. Use to enable or disable shadowing. Set input to on to allowthe shadower to interact with the shadowed session using the keyboardand mouse. Set notify to on to give users the option to approve or denythe shadowing of their session.Note that when enabling shadowing, the default for input is on and thedefault for notify is on.-D Client drive mapping. Use to enable or disable client drive mapping,where ro is read-only access, and rw is read-write access. When clientdrive mapping is enabled, it is enabled for all users and all their availablelocal drives. However, you can restrict access using ctxsecurity andctxmount.-k Switch that allows you to turn features on and off (for example, theability to log on without a home directory) and set numeric factors (suchas the load factor).To tune the load factor on a server, use ctxcfg -k loadfactor=num, wherenum is a load factor value between one and 10000. By default, eachserver has a load factor of 100.To allow users whose home directories are unavailable to log on, setlognohome=1. To prevent users from logging on without a homedirectory, set lognohome=0.To allow sessions interrupted by network errors to be automaticallyreconnected, set autoreconnect=1. To prevent sessions interrupted bynetwork errors from being automatically reconnected, setautoreconnect=0.To control the logging of session logons, logoffs, disconnects, andreconnects in the system log file, set logonlogging, logofflogging,reconnectlogging, or disconnectlogging to one of the following values:0 = disable logging.1 = enable the short form of logging. Provides default syslog information,such as the date and time, and the user name.2 = enable detailed logging. As above plus the session id, client name,and information about what is running, such as a published applicationname or desktop.For example, to enable detailed logging of session logons, setlogonlogging=2.-m Mouse-click feedback. Use this option to enable and disable mouse-clickfeedback. Mouse-click feedback is enabled by default.You can also configure the thresholds in which mouse-click feedbackoperates by setting upper and lower threshold values, in milliseconds.The thresholds are like switches that determine when mouse-clickfeedback is on or off. By default, the upper threshold is 500 millisecondsand the lower threshold is 150 milliseconds.To display the current settings, use the list option.-o Allows you to set the length of delay (in milliseconds) for buffering ofgraphics. Use set=n to specify the delay and reset to reset the currentsetting to 100ms. To display the current setting, use the list option.-h Display usage message.RemarksYou must be an administrator to run this command.

Appendix A Command Reference 209ctxcfg -t has no effect on anonymous users.See alsoctxanoncfg—to specify an idle time-out period for anonymous users.ctxsecurity—to restrict access to client drive mapping on a user or group-levelbasis.ctxmount—to restrict user access to specific mapped drives.ctxconnectDescriptionctxconnect lets you connect to a session.Syntaxctxconnectidctxconnect -hOptions-h Display usage message.ParametersidSpecifies the session id to which to connect.RemarksBy default, Citrix administrators can connect to any session; other users canconnect only to their own sessions.See alsoctxsecurity—to control which users can connect to other users’ sessions.ctxcreatefarmctxcreatefarm is an alias of ctxfarm—see the ctxfarm command for moreinformation.

210 Citrix Presentation Server for UNIX Administrator’s GuidectxdisconnectDescriptionctxdisconnect lets you disconnect a session. You can disconnect sessions on thelocal server or on other servers in the farm.Syntaxctxdisconnect [ id | servername:id ]ParametersidservernameSpecifies the session id to disconnect.Specifies the name of a server in the farm to disconnect. Forexample, server1:34 means session 34 running on server1.RemarksIf you do not specify a session id, your own session is disconnected. By default,administrators can disconnect any session; other users can disconnect only theirown sessions.See alsoctxsecurity—to control which users can disconnect other users’ sessions.ctxfarmDescriptionctxfarm lets you create a server farm, join a server farm, remove servers from thefarm, or change the farm’s passphrase and secret key. Citrix Presentation Serverfor UNIX uses this secret key to communicate between the servers in the farm.The ctxcreatefarm and ctxjoinfarm commands are aliases of ctxfarm.Syntaxctxfarmctxcreatefarmctxjoinfarm-c | -j | -k | -l | -r [server-name]

Appendix A Command Reference 211Options-c Create a server farm. Alternatively, use ctxcreatefarm.-j Join a server to a farm. Alternatively, use ctxjoinfarm.-k Change the farm’s secret key and passphrase. .-l Lists servers in a farm and specifies which server is theManagement Service Master.-r Remove a server from the farm.UsageWhen you run ctxfarm, ctxcreatefarm, or ctxjoinfarm, you are prompted for, oryou can enter, the following information:Farm nameFarmpassphraseServer nameIf you are creating a farm, specify the name you want to give thefarm.If you are joining a farm, specify the name of the farm you want theserver to join. If the server is already in a farm, type the name of thefarm you want the server to join and then confirm you want to movethe server to the new farm.If you are creating a farm, specify a passphrase. This is required byadministrators whenever they want to join servers to this farm.If you are joining a farm, this is the passphrase specified when thefarm was first created.If you are changing the secret key and passphrase, specify the newpassphrase. The secret key update happens at the same time as thepassphrase update.If you are joining a farm, specify the name or IP address of a serveralready in this farm.Optionally, if you are removing a server from a farm, you can specifythe server you want to remove. If you do not specify a server name,the local server is removed from the farm.RemarksYou must be an administrator to run this command.You can create farms only on servers running Citrix Presentation Server forUNIX Version 4.0. Only servers running Citrix Presentation Server for UNIXVersion 4.0 can join a server farm.

212 Citrix Presentation Server for UNIX Administrator’s GuideThe server that you create the farm on will become the Management ServiceMaster, so ensure that you create the farm on an appropriate server.Caution You must remember the passphrase, because the passphrase you specifywhen you create the farm is required by administrators whenever they want to joinservers to this farm. If you lose the passphrase, you cannot add servers to the farm.If you update the secret key and passphrase, the command notifies you when thechange has been completed successfully. You are also notified of any serversctxfarm could not reach to update. If ctxfarm cannot contact a reasonableproportion of servers in the farm, the update fails.ctxgrabDescriptionctxgrab lets you capture dialog boxes or screen areas and copy them from anapplication in a client window to an application running on the local client device.ctxgrab is available from a command prompt or, if you are using a publishedapplication, from the ctxwm window manager, as follows:• In a seamless window, right click the button in the top, left hand cornerof the screen to display a menu and choose the Screen Grab option• In a “full screen” window, right click to display the ctxwm menu andchoose the Screen Grab optionWhen ctxgrab starts, a dialog box appears.SyntaxctxgrabSee alsoctxcapture—a more extensive tool that lets you cut and paste graphics betweenICA applications and applications running on the client device.ctxjoinfarmctxjoinfarm is an alias of ctxfarm—see the ctxfarm command for moreinformation.

Appendix A Command Reference 213ctxlogoffDescriptionctxlogoff logs off a user from a server running Citrix Presentation Server. Youcan log off sessions on the local server or on other servers in the farm.Syntaxctxlogoff [servername:id | id]ctxlogoff -hOptions-h Display usage message.Parametersidservername:idSpecifies the session id to log off.Specifies the session id to log off on a particular server, whereservername is the name of a server in the farm. For example,server1:34 means session 34 running on server1.RemarksIf a user is not specified, you are logged off.By default, administrators can log off any user; other users can log off onlythemselves.See alsoctxsecurity—to control which users can log off other users’ sessions.ctxlprDescriptionctxlpr prints to a client printer.Syntaxctxlpr [-P printerName] [-b] [-n] [file1, ...file10]ctxlpr -h

214 Citrix Presentation Server for UNIX Administrator’s GuideOptions-P Print a file to a printer (or printer port) other than the default. This isthe printer name or printer port shown in the first column of theoutput from ctxprinters.-b Print the job in the background.-n Only one print job can be handled at a time in any one session. If acall is made to ctxlpr while a previous job is still printing, the defaultbehavior is for the second command to wait for the first job to endbefore continuing.Use the -n option to cause a second print job to fail rather than wait.Use this to stop applications from waiting while other printer jobs arehandled.-h Display usage message.ParametersfileprinterNameSpecifies the name of a file to print. Up to 10 files can be specified;each file is treated as a separate print job. If no files are specified,ctxlpr takes its input from standard input (stdin).Name of the printer (or printer port) other than the default.See alsoctxprinters—to list printers installed on the client.ctxlsdcfgDescriptionctxlsdcfg configures communication with the license server.You can run this command interactively or non-interactively. Use the ctxlsdcfgcommand to configure communication with the license server interactively, usingthe License Config> command prompt. Use the ctxlsdcfg command with the-s, -p, or -e option to configure communication with the license server noninteractively.Syntaxctxlsdcfgctxlsdcfgctxlsdcfgctxlsdcfg -h-s server_name-p port_number-e edition

Appendix A Command Reference 215Options-s Specify the name of the license server.-p Specify the port number of the license server.-e Specify the current product edition (either Enterprise or Platinum).-h Display usage message.UsageWhen you run the ctxlsdcfg command interactively, the License Config>command prompt appears and you can enter the following commands:listserver server_nameport port_numberedition product_editionexitDisplay the current license server name, port number, andproduct edition.Specify the name of the license server.Specify the port number of the license server.Specify the current product edition (either Enterprise orPlatinum).Exit the program.RemarksYou must be an administrator to run this command.ctxmasterDescriptionctxmaster shows the master ICA browser address.Syntaxctxmaster[-h]Options-h Display usage message.RemarksCitrix recommends you use the ctxqserver -master command instead to displaythe server acting as the master browser.

216 Citrix Presentation Server for UNIX Administrator’s GuideSee alsoctxqserver—to display the master browser address.ctxmountDescriptionctxmount configures user access to specific mapped drives.When you enable client drive mapping using ctxcfg, all the local drives availableto a user are mapped. However, you can configure access to particular mappeddrives using the ctxmount command. You can do this for particular users or forevery user who connects to a server running Citrix Presentation Server.To use the ctxmount command, you modify it within the ctxsession.sh script.Syntaxctxmount [ -d | -ro ] [ drivelist | all ]Options-d Disconnect a drive.-roConfigure access to a drive as read-only. If you specify a currentlyconnected drive, this drive is made read-only.ParametersdrivelistSpecify the drive letters to which you want to configure access(A B C ... Z) or all to specify all available drives. If you do notspecify a drivelist, the default of all is used.RemarksSettings configured using ctxcfg take precedence over any settings configuredusing ctxmount. For example, if you enable read-only access to mapped drivesusing ctxcfg, read-write access cannot be granted using ctxmount.See alsoctxcfg—to enable or disable client drive mapping for all users and all availablelocal drives.ctxsecurity—to restrict access to client drive mapping on a user or group levelbasis.

Appendix A Command Reference 217ctxmsgDescriptionctxmsg sends a message to a particular session or to all sessions, either on thelocal server or in the entire server farm.Syntaxctxmsg [-w] {id | servername:id} message [timeout]ctxmsg -a messagectxmsg -s servername messagectxmsg -S messagectxmsg -hOptions-w Suspends the ctxmsg program until the message either times out or theuser dismisses it. That is, the command prompt returns only when theuser responds or the message times out.-a Send a message to all users on the local server.-s Send a message to all users on a particular server.-S Send a message to all users on all servers in the farm.-h Display usage message.ParametersidservernamemessagetimeoutSession id of the user to whom you want to send the message.Name of a server in the farm. For example, server1:34 means session34 running on server1.The text you want to send. To send a message that contains spaces,enclose it within double quotes.Specify a time-out (in seconds) for the message. If no time-out isspecified, or the time-out is specified to be zero, the message dialogbox remains displayed until dismissed by the user.See alsoctxquser or ctxqsession—to display users’ session IDs.ctxsecurity—to control which users can send messages to other users’ sessions.ctxshutdown—to inform users that the server is about to shut down.

218 Citrix Presentation Server for UNIX Administrator’s GuidectxprintersDescriptionctxprinters lists printers installed on the client and indicates which is the default.For each printer, the list displays:• The printer name or printer port (for example, lpt1). You can use this in thectxlpr -P command to specify a printer other than the default.• The name of the device driver.• The name of the port to which the printer is attached.Syntaxctxprinters[-h]Options-h Display usage message.See alsoctxlpr—to print to a client printer.ctxqserverDescriptionctxqserver displays information about servers running Citrix Presentation Serveron the network.Note Some options, such as -license, display information only for serversrunning versions prior to Citrix Presentation Server for UNIX Version 4.0 that usethe previous licensing method. For information about the new Citrix Licensingmethod, see the Getting Started with Citrix Licensing Guide.Syntaxctxqserverctxqserverctxqserverctxqserver[server_name]-addr server_name-app [application_name | server_name]-disc [application_name | client_name]

Appendix A Command Reference 219ctxqserver-gateway [server_name]ctxqserver-gatewaylicense:IP_addressctxqserver-license [server_name]ctxqserver-load server_namectxqserver-masterctxqserver-netlicensectxqserver-ping [-count:value] [-size: value] server_namectxqserver-reset server_namectxqserver-serial [server_name]ctxqserver-stats server_namectxqserver-tcpserver:xctxqserver -hOptions-addr-app-disc-gateway-gatewaylicense-license-load-master-netlicense-ping-resetDisplay the network address of a specific server.List all published applications and the server load. Specifythe name of an application or server to narrow the list.List all disconnected sessions. Specify the name of anapplication or client to narrow the list.List the ICA gateways known to each server. Specify a servername to narrow the list.Display the number of remote licenses available from agateway. Specify the IP address of the gateway; that is,ctxqserver -gatewaylicense:12.12.123.12.List the licenses on each server. Mach displays the numberof licenses kept local to the server; Pool displays the numberof pooled licenses; Total shows the sum of the local andpooled licenses.Specify a server name to narrow the list.Display the loading for a particular server.Display the IP address of the master browser.Display information about the number of licenses installedand in use on the local network. The number of licenses keptlocal to the server and the number pooled is also shown.Ping the named server.Reset statistics about the activities of the browser (forexample, elections sent/received, packets sent/received) forthe named server.

220 Citrix Presentation Server for UNIX Administrator’s Guide-serial-statsDisplay the licenses on each server. Specify a server name tonarrow the list.Display statistics about the activities of the browser for aparticular server.-tcpserver:x Sets the TCP/IP default server address to x.-h Display usage message.Parametersserver_nameapplication_name-count:value-size: valueIP_addressName of a specific server.Name of a published application.Use with the ping option to specify the number of packets tosend. The default is five packets.Use with the ping option to specify the packet size. Thedefault is 256 bytes.TCP/IP address of a server.ctxqsessionDescriptionctxqsession displays a default listing of session details.ctxqsession displays information about ICA connections to the local server,another server in the farm, or the entire server farm. The information includes,where appropriate, user name, session ID, state, type, and device.Syntaxctxqsession [-s servername]ctxqsession -Sctxqsession -hOptions-s Display information about a particular server.-S Display information about all servers in the farm.-h Display usage message.ParametersservernameName of a specific server.

Appendix A Command Reference 221See alsoctxquser—to display session user details.ctxquery—to display additional session details or details in a different format.ctxqueryDescriptionctxquery allows you to display a comprehensive list of session details and toconfigure the display of these details.ctxquery displays information about connections to one or more computersrunning Citrix Presentation Server in a farm. This includes information aboutusers, sessions, client devices, servers, and published applications. You can alsouse ctxquery to produce machine-readable output.Syntaxctxqueryctxquery{-f short_format_options | -o long_format_options} [-m]{-f short_format_options | -o long_format_options} [-m] [userusername]ctxquery {-f short_format_options | -o long_format_options} [-m] -sservername [user username]ctxqueryctxquery -h{-f short_format_options | -o long_format_options} [-m] -S [userusername]Options-f Configure the display format using characters to indicate theinformation that should be shown.-o Configure the display format using keywords to indicate theinformation that should be shown.-m Produce machine-readable output. Spaces are removed fromcolumn headers so that a constant number of columns isdisplayed on every line.-s Display information about a particular server.-S Display information about all servers in the farm.-h Display usage message.

222 Citrix Presentation Server for UNIX Administrator’s GuideParametersshort_format_optionslong_format_optionsservernameuser usernameCharacters that indicate the information you want to display. Seethe following table for details.Keywords that indicate the information you want to display. Seethe following table for details.Name of a specific server.Name of a particular user you want to queryLong FormatOptionsShort FormatOptionsDescriptionaddr a Client address. The hardware address of theclient device.app p Published application name.dev d Client device name.id i Session ID. This is in the formatservername:id, where servername is the nameof a server in the farm, and id is the sessionidentifier.idle I Idle time. The length of time since there wasuser activity in this session. It may take sometime to display this, depending on the numberof users and how they are distributed acrossservers.logon l Logon time. The time the user logged on to thesystem.sess n Session name; for example: tcp#41.sess# N Session number only. Use to display thesession number without the “servername:”prefix.srvr s Server name. The name of a server in the farm.

Appendix A Command Reference 223state S Session state:listen—indicates the session that is listeningfor new incoming connections.active—indicates an established, activeconnection.connq—indicates a brief session initializationphase that occurs before the logon promptappears and during reconnect.init—a brief session initialization phase.conn—indicates a session that is beingconnected.disc—indicates a disconnected session.down—indicates a broken session.shadow—indicates that the user of this sessionis shadowing another.reset—indicates a session currently beingreset.type t Session type. wdica indicates that the ICAprotocol is being used.user u User name.xdpy x X display number.Xdpy X X display number, without the leading colon(:).See alsoctxqsession—to display a default list of session details.ctxquser—to display a default list of session user details.ctxquserDescriptionctxquser displays a default listing of session user details.ctxquser displays information about users logged on to the local server, anotherserver in the farm, or the entire server farm. The information displayed includesthe user name, the session ID, the state, the time the user has been idle, and thetotal time the user has been logged on.Syntaxctxquser[user username]

224 Citrix Presentation Server for UNIX Administrator’s Guidectxquser -s servername [user username]ctxquser -S [user username]ctxquser -hOptions-s Display information about a particular server.-S Display information about all servers in the farm.-h Display usage message.Parametersservernameuser usernameName of a specific server.Name of a particular user you want to query.See alsoctxqsession—to display session details.ctxquery—to display additional session details or details in a different format.ctxresetDescriptionctxreset resets a session.ctxreset resets an ICA connection on the local server or another server in thefarm. You specify the session to be reset using its session id.Syntaxctxreset {id | servername:id }ctxreset -hParametersidservernameSession id of the session you want to reset.Name of a server in the farm. For example, server1:34 means session34 running on server1.-h Display usage message.

Appendix A Command Reference 225RemarksBy default, administrators can reset any session; other users can reset only theirown sessions.See alsoctxqsession—to display the current sessions.ctxquser—to display session user details.ctxsecurity—to control which users can use ctxreset to reset other users’ sessions.ctxsecurityDescriptionctxsecurity configures Citrix Presentation Server security.Citrix Presentation Server security controls a user’s access to commands andsessions. When you install Citrix Presentation Server, default security settings areapplied that automatically control access at a global level to Presentation Serversecuredfunctions. Security can also be controlled at user and group levels.Syntaxctxsecurity secured_function -lctxsecurityctxsecurityctxsecurityctxsecurityctxsecurity -hsecured_function -a {allow | deny}secured_function -u {user_name} {allow | deny}secured_function -g {group_name} {allow | deny}secured_function {-u user_name | -g group_name} inheritOptions-l Display security settings for a particular secured function.-a Change the global security setting for a secured function.-u Change security at user level for a secured function.-g Change security at group level for a secured function.-h Display usage message.

226 Citrix Presentation Server for UNIX Administrator’s GuideParameterssecured_functionallowdenyuser_namegroup_nameinheritA particular tool; for example, shadow. The secured functionsare shown in the following table.Permit access to the secured function.Prevent access to the secured function.User account name.Group name to which the user belongs.Remove previous user or group security settings and inheritsettings from the level above.Secured FunctionsThe following table lists the secured functions together with their default settingsafter installation.Secured functionloginsendmsg(ctxmsg)connect(ctxconnect)disconnect(ctxdisconnect)logoff(ctxlogoff)reset(ctxreset)shadow(ctxshadow)cdmPresentation Server securitydeterminesWhich users can log on to theserver.Which users can use ctxmsg to sendmessages to other users’ sessions.Which users can use ctxconnect toconnect to other users’ sessions.Which users can use ctxdisconnectto disconnect other users’ sessions.Which users can use ctxlogoff to logoff other users’ sessions.Which users can use ctxreset to resetother users’ sessions.Which users can use ctxshadow toshadow other users’ sessions.Which users can use client drivemapping to access their local drives.Default global settingAllowAllowDeny for anonymoususersDenyDenyDenyDenyAllowDeny for anonymoususersAllowRemarksYou must be an administrator to run this command.

Appendix A Command Reference 227See alsoctxcfg—to enable and disable shadowing and client drive mapping.ctxshadowDescriptionctxshadow starts a shadowing session. Shadowing lets you monitor and interactwith another active session.The session that issues the ctxshadow command is referred to as the shadower,and the session being shadowed is called the shadowed session.Syntaxctxshadow{id | servername:id} [-v] [-h[[a][c][s]+]x]Options-v Verbose output. Displays additional information.-h Use with a session id to configure a hotkey combination to endshadowing; for example, ctxshadow id [-h[[a][c][s]+]x]—Or—Specify ctxshadow -h to display a usage message.Parametersid—Or—servername:id{a|c|s}+xSpecify the session to be shadowed using its session ID.Alternatively, specify the local server name and ID; for example,server1:34 means session 34 running on server1. Note that you cannotshadow a session on another server.Specify the hotkey combination you want to use to end shadowing.Choose this combination from:a|c|s where a = ALT; c = CTRL; s = SHIFTx where x is an alphanumeric character (a to z and 0 to 9)Note: You can use any combination of a, c, and s, including all or none.For example, to begin shadowing and to specify a hotkey combinationof ALT and q to stop shadowing, type:ctxshadow {id | name} -h a+qTo End a Shadowing SessionBy default, you can end shadowing by holding down the CTRL key and pressingthe asterisk (*) key on your keyboard’s numeric keypad. However, if you cannotuse this hotkey combination or you prefer to use an alternative, you can configurea different combination using the -h option.

228 Citrix Presentation Server for UNIX Administrator’s GuideRemarksNote that virtual channel data (instructions to the server that affect only theshadowed session) is not shadowed. For example, if you print a file whileshadowing a session, the file is queued at the shadowed session’s printer.You may also get some unexpected results using the clipboard channel. The userof the shadowed session can use the clipboard to copy and paste between theclient session and applications running locally. As shadower, you cannot accessthe contents of the shadowed session’s clipboard—information in the clipboardbelongs to the shadowed session. However, if you copy information to theclipboard while shadowing, this information is available to the shadowed sessionfor pasting.See alsoctxcfg—for shadowing configuration at the server.ctxquser or ctxqsession—to display session ID.ctxsecurity—to control which users can shadow other users’ sessions.ctxshutdownDescriptionctxshutdown stops the Citrix Presentation Server processes.Syntaxctxshutdown [-q] [-m seconds] [-l seconds] [message]ctxshutdown -hOptions-q Quiet mode. Use to reduce the amount of information displayed tothe administrator by the ctxshutdown command.

Appendix A Command Reference 229-m Specify when the shut down process will begin, and how long themessage will appear, in seconds. The default is 60 seconds. Whenthis period expires and the shut down process begins, applicationsthat have registered “window hints” (theWM_DELETE_WINDOW attribute) will attempt to interactivelylog the user off. Applications that have not registered “windowhints” will terminate immediately.-l Specify how long applications that have registered “windowhints” have to interactively log users off. The default is 30seconds. When this period expires, any remaining sessions areterminated automatically, users are logged off automatically, andthe Citrix Presentation Server process stops.-h Display usage message.ParametersmessageSpecify the message displayed to all users logged on to the server.If you do not specify a message, the default message “Servershutting down. Auto logoff in x seconds” appears, where x = thenumber of seconds specified in the -m option (or the default of 60seconds if this is not specified).RemarksYou must be an administrator to run this command.See alsoctxsrv—to stop the Citrix Presentation Server processes on a server.ctxsrvDescriptionctxsrv starts up or stops the server processes.You can use ctxsrv to start up and stop all the processes on the server, or to startup and stop an individual process, such as the ICA browser or Citrix SSL Relay.Syntaxctxsrvctxsrvctxsrv -hstart [browser|sslrelay|cdm|lsd|msd|server|all]stop [browser|sslrelay|cdm|lsd|msd|server|all]

230 Citrix Presentation Server for UNIX Administrator’s GuideOptionsbrowsersslrelaycdmlsdmsdserverallThe Citrix ICA browser service.Citrix SSL Relay.Client drive mapping. If you stop client drive mapping using ctxsrvstop, this immediately stops the client drive mapping process on theserver, and disables client drive mapping for all connections, includingany existing connections.License Service daemon.Management Service daemon.The connection server.All server processes.-h Display usage message.RemarksCitrix recommends you use the ctxshutdown command to stop the CitrixPresentation Server processes on a server. If you use ctxsrv to stop PresentationServer, and sessions are still active when the server is stopped, the sessions areterminated and unsaved applications or user data can be lost.You must be root or an administrator to run this command.Do not run the commands ctxsrv start all, ctxsrv stop all, ctxsrv start cdm andctxsrv stop cdm from within the /ctxmnt directory, or the client drive mappingprocess fails.See alsoctxshutdown—to shut down the processes on a server.ctxcfg—to disable client drive mapping for new connections only.

Appendix A Command Reference 231XML Service CommandsctxnfusesrvDescriptionctxnfusesrv configures the server listening port, or lists the current listening port.ctxnfusesrv can also be used to enable users to make secure connections usingSSL and to enable and disable DNS address resolution.Syntaxctxnfusesrv {–l | –port portnumber}ctxnfusesrv -ssl-port portnumberctxnfusesrv -dns [ enable | disable ]ctxnfusesrv -bind {all | subnet-address [subnet-mask]}Options–portConfigures the HTTP server listening port. The default portnumber is 80.-l Lists the current HTTP server listening port, the publishing mode,the SSL port number, and the DNS address resolution setting.-ssl-port-dns-bindSpecifies the port number on which SSL Relay listens forconnections (this is the SSL port you configured using the CitrixSSL Relay configuration tools). You need to run this commandonly if you are not using TCP port 443, which is the standard portfor SSL-secured communications.Enables and disables Domain Name System (DNS) addressresolution. By default, DNS is disabled and computers runningCitrix Presentation Server reply to client browsing requests withan IP address.Restricts ICA master browser broadcasts made by the XMLService to one subnet. If the server has more than one networkinterface and is connected to more than one network or subnet, thisoption configures the network to which ICA master browserbroadcasts are sent. If the network is subnetted, the appropriatesubnet network mask must be specified. By default, ICA masterbrowser requests are broadcast locally on all available interfaces.ParametersportnumberenableTCP port number.Enables DNA address resolution.

232 Citrix Presentation Server for UNIX Administrator’s Guidedisablesubnet-addresssubnet-maskDisables DNA address resolution.Specifies the subnet or interface address to which ICA masterbrowser broadcasts are sent. The format of the subnet address isaaa.bbb.ccc.ddd; for example, 10.20.131.123.Specifies the netmask corresponding to the subnet address. Theformat of the subnet mask is aaa.bbb.ccc.ddd; for example,255.255.240.0.RemarksYou must be an administrator to run this command.If you make changes using ctxnfusesrv -port, you must stop and restart the XMLService using ctxsrv {start | stop} msd for the changes to take effect.See alsoctxsrv—to start and stop the XML Service.

GLOSSARYGlossaryadministrator. A member of the user group ctxadm, who has special permissionsregarding the administration of Citrix Presentation Server for UNIX.alternate address. The external address of a server. An external address is a public(Internet) IP address.anonymous application. An application published exclusively for use by anonymoususers.anonymous user. A guest user granted restricted access to a published application on aserver.anonymous user account. A user account defined on a server for accessingapplications published for anonymous use.anonymous session. The session of an anonymous user.Bourne shell. A type of UNIX shell. In Solaris, Bourne is the default shell.broken session. A broken session occurs when the communication link between aclient and the server is interrupted; for example, as the result of a client devicefailure.browser election. See master browser election.C shell. A type of UNIX shell based on the C programming language.CDE. See Common Desktop Environment.Citrix Connection Configuration. The Citrix utility you use to configure ICA and otherconnections to your servers.Citrix SSL Relay. A Citrix product that provides the ability to secure datacommunications using the SSL protocol. SSL provides server authentication,encryption of the data stream, and message integrity checks.Citrix XML Service. A daemon running on the server that communicates informationabout UNIX applications published in a server farm to Web Interface. TheXML Service also provides an HTTP interface to the ICA browser, allowingconnections across most firewalls.client device. Any device capable of running one of the Citrix Presentation ServerClients.client drive mapping. The feature that enables applications running on the server toaccess physical and logical drives configured on the client device.

234 Citrix Presentation Server for UNIX Administrator’s GuideCommon Desktop Environment (CDE). A standard desktop for UNIX that useswindows, icons, and menus to provide services to end-users, systemsadministrators, and application developers across platforms.connection. See ICA connection.csh. See C shell.ctxadm. The Citrix administrator group name.ctxalt. Command-line tool for alternate address configuration.ctxanoncfg. Command-line tool for configuring anonymous users.ctxappcfg. Command-line tool for controlling published applications.ctxbrcfg. Command-line tool for configuring ICA browser settings.ctxcapture. Command-line tool for graphics copy and paste (between ICA and localapplications).ctxcfg. Command-line tool for configuring servers running Citrix Presentation Server.ctxconnect. Command-line tool for connecting to a session.ctxcreatefarm. Command-line tool for creating a server farm. See ctxfarm.ctxdisconnect. Command-line tool for disconnecting a session.ctxfarm. Command-line tool for creating a server farm, joining a server farm,removing a server from a farm, or changing the farm’s passphrase.ctxgrab. Command-line tool for graphics copy and paste (from ICA to localapplications).ctxjoinfarm. Command-line tool for joining a server farm. See ctxfarm.ctxlogoff. Command-line tool for logging off the server.ctxlpr. Command-line tool for printing to a client printer.ctxlsd. The License Service daemon. See License Service.ctxlsdcfg. Command-line tool for configuring communication with a license server.ctxmaster. Command-line tool for showing the master browser address and alternateaddress.ctxmount. Command-line tool for configuring user access to specific mapped drives.ctxmsg. Command-line tool for sending messages to sessions.ctxnfusesrv. Command-line tool for configuring the Citrix XML Service HTTP port.ctxprinters. Command-line tool for listing the printers installed on the client.ctxqserver. Command-line tool for displaying information about servers runningCitrix Presentation Server on the subnet.ctxqsession. Command-line tool for displaying session details.ctxquery. Command-line tool for displaying a comprehensive list of session detailsand for configuring the display of these details.

Glossary 235ctxquser. Command-line tool for displaying session user details.ctxreset. Command-line tool for resetting a session.ctxsecurity. Command-line tool for displaying and configuring user access tocommands and sessions.ctxshadow. Command-line tool for shadowing a user’s session.ctxshutdown. Command-line tool for stopping the Citrix Presentation Server processon a server.ctxsrv. Command-line tool for starting up or stopping the server processes on a server.ctxsrvr. Default member of the administrator group.ctxssl. User account required for Citrix SSL Relay administration. The ctxssl user is amember of the ctxadm group.data store. A database or text file that stores persistent data for a farm. Examples ofpersistent data include configuration information about published applications,users, printers, and servers. Each server farm has a single data store that can bephysically replicated to improve performance or availability.DNS. Domain Name System.directed packet. A packet containing a destination address equal to the station addressof the NIC.disconnected session. An ICA session in which the client is no longer connected tothe server. However, users are not logged off, their applications are stillrunning, and they can reconnect to the disconnected session.dtterm. The standard terminal emulator used by CDE.explicit user. A user who has an account name and password. Explicit users log onusing user accounts created and maintained by system administrators andwhen they log on they supply a user name and password.external address. The public (Internet) IP address of a server.firewall. A network node that provides security by controlling traffic between networksegments.FQDN. Fully Qualified Domain Name.HTTP browsing. HyperText Transport Protocol browsing. A feature available in CitrixPresentation Server Clients that allows users to browse applications andservers that exist on the other side of a firewall. The client communicates withthe Citrix XML Service to fulfill the browser requests.ICA. See Independent Computing Architecture.ICA browser. The background process on a server running Citrix Presentation Serverthat maintains information about other servers and published applications.ICA connection. The logical “port” used by ICA to connect to, and start a session on, aserver running Citrix Presentation Server. An ICA connection is associatedwith a network connection or a serial connection (modems or direct cables).

236 Citrix Presentation Server for UNIX Administrator’s GuideICA gateway. A gateway between two network subnets that enables the serversrunning Citrix Presentation Server on those subnets to exchange information.ICA Pass-Through. Allows non-Windows Clients to take advantage of Citrix ProgramNeighborhood features. This is done by publishing the preinstalled client onthe server and having clients “pass through” the server’s ProgramNeighborhood client while trying to access a server farm.ICA protocol. The protocol used by clients and servers running Citrix PresentationServer to exchange information.ICA session. A lasting connection between a client and a server running CitrixPresentation Server, identified by a specific user ID and ICA connection. Itconsists of the status of the connection, the server resources allocated to theuser for the duration of the session, and any applications executing during thesession.Independent Computing Architecture (ICA). The architecture that Citrix uses toseparate an application’s logic from its user interface. With ICA, only thekeystrokes, mouse clicks, and screen updates pass between the client andserver on the network, while the application’s logic executes on the server.ICCCM. Inter-Client Communication Conventions Manual. ICCCM is a proposed XConsortium standard for inter-client communications.initial program. An application that starts automatically when a session begins.installer script. A script that guides you through each step of the installation procedureand prompts you for the information that it requires.internal address. The private IP address of a server.JRE. Java Runtime Environment.ksh. See Korn shell.Korn shell. A superset of the Bourne shell. It has many of the Bourne shell features,plus additional ones such as aliasing and history.license file. A digitally signed text-only file downloaded from MyCitrix.com thatcontains product licenses and information the license server requires tomanage the licenses.License Management Console. An optional Web-based tool that runs on the CitrixLicense Server for Windows. Some License Management Console featureshelp you download license files from Citrix, copy license files to the licenseserver, and run reports to evaluate license usage.License Server. A computer installed with licensing software. The Citrix LicenseServer for Windows may also have the License Management Consoleinstalled. This server responds to requests for licenses from Citrix products.You can share license servers between farms. License servers can host licensesfor multiple products.License Service. A daemon that runs on a computer running Citrix Presentation Serverfor UNIX that communicates with the Citrix License Server. This daemonhandles the allocation of licenses and grace period licensing. The daemon runsas “ctxlsd.”

Glossary 237load balancing. A feature for adjusting the load on servers running Citrix PresentationServer. When a user launches a published application that is configured forload balancing, that user’s ICA session is established on the most lightlyloaded server, based on criteria you can configure.Management Service. A daemon that runs on a computer running Citrix PresentationServer for UNIX that communicates server farm information, such asinformation about the published applications available in the farm. TheManagement Service on the Management Service Master is responsible forcommunicating information to the Management Services running on otherservers in the farm. Communication between Management Services takesplace over a secure communications channel.Management Service Master. The server running Citrix Presentation Server for UNIXthat holds the master copy of the farm’s data store and that has authoritativeconfiguration for the farm. The Management Service Master is the server onwhich you first create the farm.man page. A man page (literally a “manual page”) exists for most UNIX commands.Each man page includes a description of the command, the syntax, warningsand important notes, and related commands.master ICA browser or master browser. The ICA browser on one server running CitrixPresentation Server in a network that gathers and maintains information aboutpublished applications, performance, and server load from the other memberbrowsers within the network.master browser election . The process ICA browsers go through to choose (elect) amaster browser from among the servers running Citrix Presentation Server ona given network. Browser elections occur when a new server is started, whenthe current master browser does not respond, or when two master browsers aredetected by another server or a client.mouse-click feedback. A feature that enables visual feedback for mouse clicks. Whena user clicks the mouse, the client software immediately changes the mousepointer to an hourglass to show that the user’s input is being processed.NIC. Network Interface Card.NIS+. Network Information Service. A network naming service that allows resourcesto be centrally administered. NIS+ provides automatic information updatingand adds security features such as authorization and authentication. Formerlycalled “Yellow Pages.” NIS+ is available on the Solaris, HP-UX, and AIXplatforms.PAM. Pluggable Authentication Modules. PAM allows you to select theauthentication service you want to use, and plug-in and make available newauthentication service modules without having to modify your applications.Pass-Through client. See ICA Pass-Through.permissions. In UNIX, permissions determine which users have read, write, andexecute access to files and directories. Permissions are associated with eachfile and directory.pkgadd. A tool on the Solaris platform for installing software.

238 Citrix Presentation Server for UNIX Administrator’s GuidePresentation Server Client. The software installed on a client device that enables usersto connect to servers running Citrix Presentation Server.Presentation Server security. The feature that controls user access to CitrixPresentation Server commands and sessions. Default security settings areapplied at installation; these defaults can be changed using the ctxsecuritycommand.published application. An application installed on a server running Citrix PresentationServer that is configured for multiuser access by clients. To a client user, thepublished application appears similar to an application running locally on theclient device.root. The name given to the UNIX administration account that has specialpermissions. Also known as the super user.script. See shell script.seamless window. One of the settings client users can specify for a publishedapplication. If a published application runs in a seamless window, the user cantake advantage of all the client platform’s window management features, suchas resizing, minimizing, and dragging and dropping between remote and localapplications.secured function. A function to which the security tool “ctxsecurity” controls useraccess.security. See Presentation Server security.server-based computing. A model in which applications are deployed, managed,supported, and executed on a server.server farm. A group of computers running Citrix Presentation Server and managed asa single entity, with some form of physical connection between servers and thefarm’s data store.session. See ICA session.session ID. A unique identifier for the session on a specific server.sh. See Bourne shell.shadowing. A feature that enables authorized users to remotely join or take control ofanother user’s session for diagnosis, training, or technical support.shell. The interface between the user and the kernel. The shell acts as a commandprocessor that accepts, interprets, and executes commands.shell script. An executable file that contains a set of UNIX shell commands.smit. The System Management Interface Tool on the AIX platform.SSL. Secure Sockets Layer. A security protocol that provides server authentication,encryption of the data stream, and message integrity checks.subnet. A subset of a network.super user. See root.swinstall. A tool on the HP-UX platform for installing and configuring software.

Glossary 239TCP/IP. Transmission Control Protocol/Internet Protocol. A suite of communicationprotocols that enables resources to be shared among PCs, hosts, andworkstations.ticketing. A feature that provides enhanced authentication security. Ticketingeliminates user credentials from the ICA files sent from the Web server toclient devices.UDP. User Datagram Protocol. A transport protocol in the Internet suite of protocols.UDP, like TCP, uses IP for delivery; however, unlike TCP, UDP provides forexchange of datagrams without acknowledgments or guaranteed delivery.Web Interface. The Web Interface is an application portal technology that providesorganizations with the ability to integrate and publish interactive applicationsinto any standard Web browser. The Web Interface is a three-tier solution thatincludes a server running Citrix Presentation Server, a Web server, and a clientdevice with a Web browser. Formerly referred to as NFuse Classic.window manager. A program that handles general window-management jobs, such ascreating borders around an application’s main windows and controlling howyou move and resize windows.workstation. A computer designed for running UNIX Operating Systems.X . See X Window system.XML Service. See Citrix XML Service.xterm. A terminal emulator for the X Window system.XV. A UNIX graphics application that allows users to select and cut and pasteareas of a screen and save graphics in different formats.X Window system . The X Window system is a UNIX GUI (graphical user interface).Note that X runs on various platforms, not just UNIX.

240 Citrix Presentation Server for UNIX Administrator’s Guide

Index 241IndexAaccented characters 42active sessions, displaying 87address resolution 178administration defaults file 33administratorconfiguring access to commands 38configuring the group 28permissions 141see also ctxsrvr useralternate address configuration 160anonymous usersaccounts 63, 135adding and configuring settings 136and NIS domains 140displaying settings 136, 181installation 31security considerations 64template directory 85troubleshooting 139application publishingabout application publishing 61and load balancing 154copying from existing details 82deleting applications 81displaying details about 73for explicit or anonymous use 63on servers of different architecture 68parameter passing from the client 71pre-configured for anonymous use 85renaming a published application 83restricting access to 83specifying a working directory 70Bbacking store 129broken connectionssetting time-out intervals 116browser. See ICA browserCCDEchanging the window manager 126increasing concurrent sessions 164publishing a desktop 64Citrix Licensing. See licensingCitrix Presentation Serverabout 16getting more information on 15key features 17what’s new 19Citrix SSL Relayconfiguring the Web Interface for 176–177starting and stopping 230system requirements 27Citrix XML Service 51, 173configuring 175overview 173starting 176stopping 176CITRIX_REMOTE_DISPLAY environment variable68, 105clientdocumentation 15keyboards 42software 17Client Administrator’s Guideslocating 15client drive mapping 181–194enabling for AIX 183troubleshooting 191clipboard and shadowing 99clipboard mappingenabling and disabling 113graphics clipboard support 114

242 Citrix Presentation Server for UNIX Administrator’s Guidecolor depthin the Web Interface 66, 78limitations 133command lineconventions 15printing 103publishing 68commands 195–231configuring access to 37ctxalt 160, 197ctxanoncfg 135–140, 198ctxappcfg 61, 200ctxbrcfg 151–158, 203ctxcapture 114, 205ctxcfg 110–124, 161, 205ctxconnect 95, 209ctxcreatefarm 51, 209–210ctxdisconnect 94, 210ctxfarm 53, 210ctxgrab 114, 212ctxjoinfarm 52, 210, 212ctxlogoff 94, 213ctxlpr 102–104, 213ctxlsdcfg 59, 214ctxmaster 149, 215ctxmount 183–184, 216ctxmsg 100, 217ctxnfusesrv 176–177, 231ctxprinters 102, 218ctxqserver 92, 218ctxqsession 87–91, 220ctxquery 87–91, 221ctxquser 87–91, 223ctxreset 96, 224ctxsecurity 141–147, 225ctxshadow 97, 227ctxshutdown 39, 228ctxsrv 39, 153, 229ctx3bmouse 196types of Presentation Server commands 37concurrent sessions, limiting 110configuringan initial program 84anonymous users 135, 181applications to print 104backing store 129ICA browsers 151ICA gateways 157logging off disconnected sessions 116network firewalls 159non-English language support 167, 172troubleshooting 171performance tuning enhancements 130published applications 74RSA SecurID support 110security 145servers 107shadowing 115sharing licenses between subnets 159TCP/IP port number 161time-out intervals 116connecting to a remote server 105CONSOLE setting, and ctxsecurity 141conventionscommand line 15in the documentation 14copyingpublished applications 82server configuration to other servers 123ctxadmn group 28, 141ctxalt 160, 197ctxanon group 137ctxanoncfg 135–140, 198ctxanoninit.sh 86ctxappcfg 61, 65–83, 200ctxbrcfg 151–158, 203ctxcapture 114, 205ctxcfg 84, 205configuring client drive mapping 183configuring session status logging 162configuring shadowing 115configuring TCP/IP port number 161controlling logon settings 108enabling / disabling clipboard 113enabling / disabling printing 112listing server configuration 123setting the number of permitted connections 110setting time-out intervals 116ctxconnect 95, 209ctxcreatefarm 51, 209–210ctxdisconnect 94, 210ctxfarm 53, 210

Index 243ctxgrab 114, 212ctxjoinfarm 52, 210, 212ctxlogoff 94, 213ctxlpr 102–104, 213ctxlsdcfg 59, 214ctxmaster 215ctxmount 183–184, 216ctxmsg 100, 217ctxnfusesrv 176–177, 231ctxprinters 102, 218ctxqserver 92, 149, 218ctxqsession 87–91, 220ctxquery 87–91, 221ctxquser 87–91, 223ctxreset 96, 224ctxsecurity 141–147, 225ctxsession.sh 125–129ctxshadow 97, 227ctxshutdown 39, 228ctxsrv 39, 153, 229ctxsrvr userconfiguring access to commands 38creating 28see also administratorctxwm, window manager 126ctxXtw.sh 125, 130ctx3bmouse 196currency symbol support 27current sessions, displaying 87Ddata store 48dead keys, on non-English keyboards 42defaultprinter 102published application settings 77security settings 144deletinganonymous user accounts 137published applications 81desktop, publishing 67disablingclient clipboard mapping 113client drive mapping 188client printing 112mouse-click feedback 122notification of shadowing 116published applications 62, 75, 82shadowing 115disconnected sessionslogging off 116setting time-out intervals 116disconnecting a session 94DISPLAY environment variable 68, 105displayinganonymous user settings 136client printers or printer ports 102event logs 43information about servers 92load information 157master browser name 149mouse-click feedback settings 122published application information 73security settings 144server configuration 123user/session information 87DNS address resolution 178documentationClient Administrator’s Guides 15conventions 14online 15other sources 15Eelectionsabout elections 149configuring server behavior 152forcing 150manipulating 149enablingclient clipboard mapping 113client drive mapping 184, 188client printing 112notification of shadowing 116published applications 62, 75, 82shadowing 115encryptionforcing clients to use 207environment variables 37–38, 67–68, 86, 105Euro currency symbol support 27event logging 43, 162explicit users 63external addresses 160Ffile limits, increasing 164firewalls 159and network address translation 160font path 128

244 Citrix Presentation Server for UNIX Administrator’s Guideforcing an election 150foreignkeyboards 42language support 171FQDN. See fully qualified domain namefully qualified domain name 178Ggatewaysconfiguring ICA gateways 157generatingserver configuration details 123graphics clipboard support 114Hhome directoryallowing users to log on without 120hotkey, to end shadowing 99HTTP browsing 174IICA browser 148configuring 151locating 149refresh interval 152restarting and stopping 152UDP port 159with firewalls 159with network address translation 160ICA gateways 157ICAPORT (configure TCP/IP port number) 161idle sessionssetting for anonymous sessions 138setting time-out intervals 116inheritinglogon details 109, 130security settings 146initial program configuration 84installer script 29installing Presentation Server 28on AIXunattended installation 35on HP-UXunattended installation 34on Solarisunattended install 32overview 28reinstalling 46using the installer script 29integrating with other servers 50interoperability mode, enabling 174ISO 8859-15 27JJava applications 67Java runtime environment 25Kkernel tuningon AIX 166on HP-UX 165on Solaris 163keyboards, non-English support 42LLicense Management Console 57license server 57configuring communication with 59for UNIX 58licensing Presentation Server 57overview 58limiting the number of connections 110listinganonymous user settings 136information about servers 92load information 157mapped printers 102mouse-click feedback settings 122published applications 73security settings 144server configuration 123the default printer 102user/session information 87load balancinga group of servers 154about 154displaying the load 157displaying the load factor 157reconnecting to load balanced sessions 97troubleshooting 157tuning the load on a server 155tuning the number of connections 156load factordisplaying 157locale, and non-English keyboards 42logging events 43, 162logging off a session 94

Index 245logging off disconnected sessionsconfiguring 116Login screen, customizing 125logon settings 108Mman pagesconfiguring access to 38displaying 38installingon AIX 36on HP-UX 35on Solaris 31Management Service daemon 49Management Service Master 48MANPATH environment variable 38mappingclient clipboard 113client drive 181client printers 112master browser 148–149elections 149locating 149refresh interval 152messagesduring server shut down 40sending to users 100mouse-click feedback 121–122multimonitor displaylimitations 134multiple NICs 153multiple serversand farms 50installing Presentation Server on 32propagating server configuration to 123Nname resolution 49, 53netgroups, support for 79network address translationand ICA browsing 160network firewalls 159network interface cardbinding to 153NIS domainsand anonymous users 140and SSL 178notification, of shadowing 116Oonline documentation 15OpenGL support 20operating systemconfiguring for a large number of users 163, 165–166optimizing 163, 165–166requirementson AIX 27on HP-UX 27on Solaris 26optimizing Presentation Serverconfiguring for a large number of users 163, 165–166publishing applications 61setting a blank screensaver 124PPAM. See Pluggable Authentication Modulesparameter passing from the client 71passphrase 51–53passwordand explicit / anonymous users 63forcing a user to enter 108pastingenabling clipboard mapping 113PATH environment variable 37performance tuning enhancementsconfiguring 130permissions 28, 141Pluggable Authentication Modules (PAM) 18port numberconfiguring 161, 177printer mapping 112printing 102–104configuring applications to print 104enabling / disabling for users 112from applications 104from the command line 103troubleshooting 104propagatingconfiguration between servers 123pseudo-terminals 163, 166ptys. See pseudo-terminalspublishing a UNIX command line 68

246 Citrix Presentation Server for UNIX Administrator’s Guidepublishing applicationsabout 61and load balancing 154configuring user access to 78copying from existing details 82deleting applications 81displaying details about 73enabling and disabling 62, 75, 82for explicit or anonymous use 63Java applications 67managing servers 80on servers of different architecture 68pre-configured for anonymous use 85renaming 83restricting access to 83setting defaults 77updating the settings 74using ctxappcfg 200publishing desktops 64publishing shell scripts 64Qquiet installationon AIX 35on HP-UX 34on Solaris 32quiet mode, during shut down 40Rreconnecting, to load balanced sessions 97refresh intervalfor ICA browser service 152reinstalling Presentation Server 46remote configuration of servers 123remote server, connecting to 105removingPresentation Server 44published applications 81remsh command 70renaminganonymous user accounts 137published applications 83servers 54replicatingserver configuration to other servers 123resettinga session 96response file 33restartingthe ICA browser 152root access 28, 141RSA SecurID support 19configuring 110rsh command 70, 124Sscreensaver settings 124script filesctxanoninit.sh 86for installation 32publishing 64server configuration 123S99ctxsrv 31SecurID support. See RSA SecurID support.security 140–147and anonymous users 64configuring 145displaying settings 144examples 147integration with UNIX 18removing settings 146support for RSA SecurID 19, 110X security policy 125sending messages to users 100server farmscomponents 48creating a farm 51identifying servers in 54introduction to 47joining a farm 52removing a server from 53serversconfiguring 107–123displaying information about 92integrating with other servers 50renaming 54session name/iddisplaying 87session size 65sessionsconfiguring session shadowing 115connecting to disconnected sessions 95disconnecting 94displaying information about 87ending a session 93resetting 96setting the number of 110setting time-out intervals 116shadowing 97

Index 247shadowingand the clipboard 99configuring a hotkey to end 99configuring session shadowing 115shadowing a user’s session 97stopping shadowing 99sharing licenses between subnetsconfiguring 159shellsetting for anonymous users 138shell scriptsctxanoninit.sh 86for installation 32publishing 64server configuration 123S99ctxsrv 31shutting down Presentation Server 39silent installationon AIX 35on HP-UX 34on Solaris 32SSL Relay. See Citrix SSL Relaystartingclient drive mapping 189Presentation Server 39the ICA browser 152the XML Service 176stoppingclient drive mapping 188Presentation Server 39shadowing 99the ICA browser 152the XML Service 176subnetconfiguring ICA gateways 158support for RSA SecurID 19configuring 110syslog.conf 43system requirements 25S99ctxsrv 31TTCP/IP port number, configuring 161template directory 85ticketing 174time-out settings 116, 138troubleshootinganonymous users 139client drive mapping 191disappearing text cursor 131disappearing X cursor 132errors and warnings 43joining servers to a farm 53left-hand SPARC keypads 131load balancing 157non-English keyboards 42non-English language support 171operating system requirements 26printing 104screen refresh 132SSL 178tuning load balancing 155UUDP port and ICA browser 159unattended installationon AIX 35on HP-UX 34on Solaris 32uninstalling Presentation Server 44UNIX command line, publishing 68unix2dos 104useranonymous users 63logon settings 108permissions 28, 37, 141USER environment variable 86user idsetting for anonymous users 139WWeb Interface 173window managercustomizing 126–128window size 65working directory, specifying 70XX font server 128X security policy 125X server settings 129XML Service. See Citrix XML Service

248 Citrix Presentation Server for UNIX Administrator’s Guide