DTU Remote Windows desktop and applications for DTU users
When the system has been set up correctly, you simply go to this Citrix Access gateway page:
It is required that you install the Citrix_Receiver client software on your desktop. For Windows and Mac users this will be automatic when you have logged in.
It is required that the department IT staff configures a DTUBasen group for all authorized Citrix users, see https://portalen.dtu.dk/DTU_Generelt/AIT/Basal%20IT/Remote,-d-,dtu,-d-,dk/IT%20FAQ.aspx. In addition, the AIT servicedesk must configure the DTUBasen group in the Citrix server.
On Linux clients such as CentOS you have to install manually the Citrix_Receiver client software from the download page, for example, the RedHat Full Package (Self-Service Support) RPM package for RedHat/CentOS:
yum install ICAClient-rhel-126.96.36.19909380-0.x86_64.rpm
SSL error You have not chosen to trust "AddTrust External CA Root", the issuer of the server's security certificate (SSL error 61).
then you probably have been hit by the missing SSL certificates. The solution is to install the Certificate_authority SSL certificates.
The DTU_Remote uses Comodo SSL certificates, so you must download the file addtrustexternalcaroot.crt from the page AddTrustExternalCARoot. Copy this file to the Citrix_Receiver client directory (root access is required):
cp addtrustexternalcaroot.crt /opt/Citrix/ICAClient/keystore/cacerts/
You will see SELinux syslog error messages in /var/log/messages:
setroubleshoot: SELinux is preventing /opt/Citrix/ICAClient/wfica from create access on the fifo_file .ipc_pipe.19884.
Not recommended: To avoid SELinux errors from the Firefox browser you can turn off security (as the root user):
setsebool -P unconfined_mozilla_plugin_transition 0
This means that Firefox plugins will run without SELinux protections! It is recommended to accept the error messages rather than turning off security.
The SELinux sealert command recommends this solution to be run by root:
ausearch -c 'wfica' --raw | audit2allow -M my-wfica semodule -i my-wfica.pp
but this doesn't seem to eliminate the error messages.
It is convenient to map your home directory to a Windows drive. Edit the configuration $HOME/.ICAClient/All_Regions.ini file to insert a mapping for the G: drive (for example):
[Virtual Channels\Drives\Device] ... DrivePathG=$HOME DriveEnabledG=True DriveReadAccessG=0 DriveWriteAccessG=0
Note: It seems that you can use the Linux environment variable $HOME in DrivePathG, otherwise you have to enter manually a directory name.