Test that the following works: * Basic function (Graphics, Mouse, Keyboard) * Network transport * Server installation (and setup) * Session startup * Sound redirection - Input (mic) - Output * Drive redirection * Printer redirection * Web integration * OpenGL * Nearest printer - Access control * Restricted shell (thinlinc-login) * Restricting SSH Daemon Port Forwarding ("PermitOpen") * Smart card redirection * Authentication - Interactive - Password - OTP - Public key - Smart card - Kerberos
When testing, we noticed three problems preventing a working session. These are the workarounds we used: 1. The SELinux module in tlsetup caused a traceback and failed to install the necessary package. This was resolved through installing package "selinux-policy-devel" manually. 2. tlsetup failed to start the services due to not finding the PAM-files we use. We look for either /usr/lib/pam.d/sshd or /usr/lib/pam.d/remote. The following command solved it: > sudo cp /usr/lib/pam.d/sshd /etc/pam.d/ 3. No X11-desktop can be installed by default. With a gnome wayland desktop installed on the system, add the desktop-file as described in https://community.thinlinc.com/t/no-executable-profiles-found-on-rhel-10-almalinux-10-and-rocky-10/1553
Tested the following with server build 4097: ✅ Authentication ☑️ Interactive ✅ Password ❓ OTP [1] ✅ Public key ✅ Smart card ✅ Kerberos [1]: OTP is done via the Google Authenticator package, which on SLES seems to be named "google-authenticator-libpam". This package is not currently available for SLES 16, but is under development according to the linked page below. We should revisit OTP once this package is available. https://software.opensuse.org/package/google-authenticator-libpam
Tested Server installation+setup with server build 4097. I encountered bug 8480 when testing the graphical installer and bug 8212 when starting new sessions. I noticed some warnings in /var/log/vsmagent, not sure if this is new for SLE 16, but I’ve reported it in bug 8606.
Tested the following with server build 4097: ✅ Printer redirection ✅ Nearest printer ✅ Access-control ✅ Web integration ✅ OpenGL
(In reply to Linn from comment #1) > 2. tlsetup failed to start the services due to not finding the PAM-files we > use. We look for either /usr/lib/pam.d/sshd or /usr/lib/pam.d/remote. The > following command solved it: > > sudo cp /usr/lib/pam.d/sshd /etc/pam.d/ Note this PR regarding this: https://github.com/cendio/ansible-role-thinlinc-server/pull/48
Tested the following with server build 4097: ✅ Smart card redirection
Tested authentication via OTP by downloading package "google-authenticator-libpam" from SLES 15, and managed to get things working. ✅ Interactive ✅ Password ✅ OTP
Tested the following with server build 4097: ✅ Sound redirection ✅ Drive redirection ✅ Restricted shell ✅ Basic function ✅ Restricting SSH Daemon Port Forwarding ✅ Network transport ✅ Custom session startup
With that, all tests have been performed. With the workarounds mentioned in comment 1 in place, things seem to be working well. Closing.
