DTU Remote Windows desktop and applications for DTU users

DTU offers the DTU_Remote Windows desktop and applications service for authorized DTU users. There is a remote.dtu.dk help page.

When the system has been set up correctly, you simply go to this Citrix Access gateway page:

It is required that you install the Citrix_Receiver client software on your desktop. For Windows and Mac users this will be automatic when you have logged in.

Departmental setup of Citrix users

It is required that the department IT staff configures a DTUBasen group for all authorized Citrix users, see https://portalen.dtu.dk/DTU_Generelt/AIT/Basal%20IT/Remote,-d-,dtu,-d-,dk/IT%20FAQ.aspx. In addition, the AIT servicedesk must configure the DTUBasen group in the Citrix server.

Citrix Receiver on Linux

On Linux clients such as CentOS you have to install manually the Citrix_Receiver client software from the download page, for example, the RedHat Full Package (Self-Service Support) RPM package for RedHat/CentOS:

yum install ICAClient-rhel-13.4.0.10109380-0.x86_64.rpm

Install Comodo SSL certificates

The Citrix_Receiver client software for Linux unfortunately doesn't contain all relevant Certificate_authority SSL certificates. If you get an SSL error message like:

SSL error
You have not chosen to trust "AddTrust External CA Root", the issuer of the server's security certificate (SSL error 61).

then you probably have been hit by the missing SSL certificates. The solution is to install the Certificate_authority SSL certificates.

The DTU_Remote uses Comodo SSL certificates, so you must download the file addtrustexternalcaroot.crt from the page AddTrustExternalCARoot. Copy this file to the Citrix_Receiver client directory (root access is required):

cp addtrustexternalcaroot.crt /opt/Citrix/ICAClient/keystore/cacerts/

SELinux error messages

You will see SELinux syslog error messages in /var/log/messages:

setroubleshoot: SELinux is preventing /opt/Citrix/ICAClient/wfica from create access on the fifo_file .ipc_pipe.19884.

Not recommended: To avoid SELinux errors from the Firefox browser you can turn off security (as the root user):

setsebool -P unconfined_mozilla_plugin_transition 0

This means that Firefox plugins will run without SELinux protections! It is recommended to accept the error messages rather than turning off security.

The SELinux sealert command recommends this solution to be run by root:

ausearch -c 'wfica' --raw | audit2allow -M my-wfica
semodule -i my-wfica.pp

but this doesn't seem to eliminate the error messages.

Mapping your home directory to a Windows drive

In Citrix_Receiver you can Map user devices.

It is convenient to map your home directory to a Windows drive. Edit the configuration $HOME/.ICAClient/All_Regions.ini file to insert a mapping for the G: drive (for example):

[Virtual Channels\Drives\Device]
...
DrivePathG=$HOME
DriveEnabledG=True
DriveReadAccessG=0
DriveWriteAccessG=0

Note: It seems that you can use the Linux environment variable $HOME in DrivePathG, otherwise you have to enter manually a directory name.

IT-wiki: DTU_Remote_Windows (last edited 2017-01-12 13:48:18 by OleHolmNielsen)