Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

Printing

Overview of SGD Printing

Setting Up Printing

Configuring Microsoft Windows Application Servers for Printing

Configuring Printing for Microsoft RDP 5.0 or Later

Configuring the Printers Available in Windows Terminal Services Sessions

Configuring Other Microsoft Windows Application Servers for Printing

Configuring UNIX and Linux Platform Application Servers for Printing

How to Install an SGD Printer Queue on a UNIX or Linux Platform Application Server

The SGD Printer Queue Installation Script

Configuring Printing for CUPS

Printing With the SGD lp and lpr Scripts

Configuring an SGD Server for Printing

Checking the Ghostscript Installation on the SGD Host

Using the gstest Script to Test a Ghostscript Installation

Configuring the SGD Host to Accept Remote Print Requests

Configuring SGD Print Job Conversion

Printer Type Configuration Files

The tta_print_converter Script

Configuring Printing to Microsoft Windows Client Devices

PDF Printing

Printer-Direct Printing

Printer Driver Mapping

The Printer Types Configuration File

Printing From a UNIX or Linux Platform Application Server

Configuring Printing to UNIX, Linux, and Mac OS X Platform Client Devices

PDF Printing

Printer-Direct Printing

Managing Printing

The tarantella print Command

Setting a Time Limit for Print Jobs

User Management of Print Jobs

Users Cannot Print From Applications Displayed Through SGD

Client Devices Checklist

Application Server Checklist

SGD Server Checklist

Tracing a Print Job

Troubleshooting Other Printing Problems

Troubleshooting Printer Preferences and Settings

Current Client Printer Preferences Are Ignored

Changes to Printer Preferences Are Not Remembered

Printer Preferences Are Corrupted

Printer Preferences Are Lost When a User Changes Printers

Local Printer Settings Are Not Set in the Remote Windows Application Session

Printer Settings Are Ignored When Using PDF Printing

Print Jobs Can Be Queued When SGD Printing is Disabled

Fonts Do Not Print Correctly With PDF Printing

TrueType Fonts and Windows Applications

Changing Printer Names in Windows Application Sessions

Changing the Names of the SGD PDF Printers

Users See a Printer Called '_Default' in a Windows Application Session?

Client Drive Mapping

Setting Up Client Drive Mapping

Configuring UNIX and Linux Platform Application Servers for CDM

Configuring an NFS Share for CDM

Configuring a Shared Directory on the Application Server

Configuring How Client Drives Are Displayed on UNIX Platforms

Starting CDM Processes on the Application Server

Configuring Microsoft Windows Application Servers for CDM

Enabling CDM Services in SGD

How to Enable SGD Client Drive Mapping Services

Running UNIX Platform CDM With Another SMB Service

How to Run UNIX Platform CDM and Another SMB Service on the Same Host

Configuring the Client Drives Available to Users

Configuring the Drives Available to UNIX, Linux, and Mac OS X Platform Client Devices

An Example of Configuring Drive Availability for Users

Detecting Removable Drives

Troubleshooting Client Drive Mapping

For UNIX Platform CDM, No Client Drives Are Mapped Within the User's Session or There Are Fewer Drives Than Expected

For Windows CDM, No Client Drives Are Mapped Within the User's Session or There Are Fewer Drives Than Expected

Removable Drives Attached During a User Session are Not Detected Automatically

Invalid Password Errors on Microsoft Windows Application Servers

More Client Drives Are Mapped Than Expected

The Recycle Bin Does Not Work As Expected

Mapped Drives Have Unusual Names

CDM Limitations for Shared Users

Disabling CDM for a Client Device

Logging for CDM

Enabling CDM Logging for the SGD Array

CDM Diagnostics for Microsoft Windows Application Servers

CDM Diagnostics for UNIX or Linux Platform Application Servers

SGD Client Logging for Client Devices

Audio

Setting Up Audio

Configuring Microsoft Windows Application Servers for Audio

Configuring UNIX and Linux Platform Application Servers for Audio

Installing the Audio Module

Starting the Audio Module

About the SGD Audio Daemon

Configuring X Applications for Audio

Enabling SGD Audio Services

How to Enable the SGD Windows Audio Service

How to Enable the SGD UNIX Audio Service

Configuring Client Devices for Audio

Troubleshooting Audio in Applications

No Audio Plays At All

Audio Is Muffled or Distorted

Not All Users Require Audio

Enabling UNIX Audio Debug Logging

Copy and Paste

Using Copy and Paste

Controlling Copy and Paste in Applications

Configuring Global Copy and Paste Settings for the SGD Array

Configuring Copy and Paste for Specific Users

Configuring Copy and Paste for Specific Applications

An Example of Using Clipboard Security Levels

Tips on Configuring Copy and Paste

Copy and Paste Troubleshooting

Smart Cards

Using Smart Cards With Windows Applications

Setting Up Access to Smart Cards

Configuring the Microsoft Windows Application Server for Smart Cards

Application Server Authentication Dialog Settings

Enabling Smart Cards in SGD

How to Enable Smart Cards in SGD

Configuring Smart Card Readers on Client Devices

Microsoft Windows Client Devices

Linux Platform and Solaris OS Client Devices

How to Log In to a Microsoft Windows Application Server With a Smart Card

Troubleshooting Smart Cards

Serial Ports

Setting Up Access to Serial Ports

Configuring the Microsoft Windows Application Server

Enabling Serial Port Access in SGD

How to Enable Access to Serial Ports

Configuring the Client Device

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Smart Cards

This section describes how to configure smart cards for Windows applications displayed through SGD.

This section includes the following topics:

Using Smart Cards With Windows Applications

SGD enables users to access a smart card reader attached to their client device from applications running on a Windows application server. Users can do the following:

SGD works with any Personal Computer/Smart Card (PC/SC)-compliant smart card and reader. Details of the smart cards that have been tested successfully with SGD are listed in the Oracle Secure Global Desktop 4.6 Platform Support and Release Notes available at http://docs.sun.com/app/docs/doc/821-1928.

Setting Up Access to Smart Cards

SGD Administrators can give users access to smart card readers from Windows applications displayed through SGD. Setting up access to smart cards involves the following configuration steps:

  1. Enable smart card services on the application server.

    See Configuring the Microsoft Windows Application Server for Smart Cards.

  2. Enable access to smart cards for SGD users.

    See Enabling Smart Cards in SGD.

  3. Configure a smart card reader on the client device.

    See Configuring Smart Card Readers on Client Devices.

  4. Log in to the application server using the smart card.

    See How to Log In to a Microsoft Windows Application Server With a Smart Card.

Configuring the Microsoft Windows Application Server for Smart Cards

To configure the Microsoft Windows application server for smart cards, do the following:

Application Server Authentication Dialog Settings

In the Administration Console, the Global Settings -> Application Authentication tab has several attributes that control the behavior of the Application Server Authentication dialog when using the SGD smart card service.

The Smart Card Authentication check box controls whether users get the choice of logging in with a smart card or only with a user name and password.

The "Always Use Smart Card" Box attributes enable you to control whether a user’s decision to log in with a smart card is remembered, or cached, for the next time they log in to that application server, and whether they can change this setting.


Note - Users can only choose an authentication method, or to cache the smart card decision, if they have access to the Application Server Authentication dialog. If you disable the ability to use Shift-click, this restricts user access to the Application Server Authentication dialog. See Users Can Start Applications With Different User Names and Passwords.


Enabling Smart Cards in SGD

SGD must be configured in order to support user access to smart cards.

Firewalls between SGD servers can interfere with the connections required for smart cards, seeFirewalls Between SGD Servers.

How to Enable Smart Cards in SGD

  1. Check that the SGD smart card service is enabled.

    In the Administration Console, go to the Global Settings -> Client Device tab, ensure the Smart Card check box is selected.

    The smart card service is enabled by default.

  2. Ensure that smart card authentication is enabled.

    Smart card authentication is enabled by default.

    In the Administration Console, go to the Global Settings -> Application Authentication tab, ensure the Smart Card Authentication check box is selected.

    The Global Settings -> Application Authentication tab has other settings that affect the behavior of the Always Use Smart Card check box on the Application Server Authentication dialog. See Application Server Authentication Dialog Settings.

Configuring Smart Card Readers on Client Devices

SGD works with PC/SC-compliant cards and readers. See the PC/SC Workgroup web site for more information.

The smart cards tested with SGD are listed in the Oracle Secure Global Desktop 4.6 Platform Support and Release Notes available at http://docs.sun.com/app/docs/doc/821-1928.

Microsoft Windows Client Devices

On Microsoft Windows client devices, you must install the smart card reader and any required drivers on the client device to make the smart card available to Terminal Services sessions running through SGD.

Linux Platform and Solaris OS Client Devices

On Linux platform and Solaris OS client devices, a PCSC-Lite library must be installed for SGD to communicate with smart card readers. PCSC-Lite provides an interface to the PC/SC framework on UNIX and Linux platforms.

For Linux platform client devices, PCSC-Lite is available from the following locations:

PCSC-Lite version 1.2.0 or later is required.

For Solaris OS client devices, PCSC-Lite compatible libraries are available in the following packages:

The PC/SC Shim for SCF package enables you to use a PC/SC application with the Solaris Card Framework (SCF) and work with Sun internal readers and Sun Ray readers. Version 1.1.1 or later is required. PC/SC Shim is included with Solaris 10. For other Solaris versions, PC/SC Shim is available from the MUSCLE project.

The Sun Ray PC/SC Bypass package provides a PCSC-Lite interface for the Ray reader. Make sure you have the latest patches for Sun Ray Server Software and the latest SUNWsrcbp package.

SGD clients require the PCSC-Lite libpcsclite.so library file. This is normally installed in /usr/lib, but the location depends on your dynamic linker path. If this file is installed outside of the dynamic linker path, or you want to use a different library file, use the TTA_LIB_PCSCLITE environment variable to specify the location. This can be set either in the user’s environment or in the login script.

How to Log In to a Microsoft Windows Application Server With a Smart Card

  1. Log in to SGD.
  2. On the webtop, click the link to start the Windows application.
  3. When the Application Server Authentication dialog displays, click Use smart card.
  4. To always use a smart card to log in, click the Always use smart card box.
  5. When the Windows security dialog displays, insert your smart card.
  6. When prompted, enter your PIN.

Troubleshooting Smart Cards

For information about configuring SGD to use smart cards with Windows applications see Using Smart Cards With Windows Applications.

If users find they are unable to use their smart cards with Windows applications, use the following checklist to resolve the problem.

Is the smart card device redirection enabled on the Windows Terminal Server?

You can only use smart cards if smart card device redirection is enabled on the Windows Terminal Server. See Configuring Microsoft Windows Terminal Services for Use With SGD for details of the Windows platforms that support smart card device redirection.

Are smart card services enabled for all SGD servers in the array?

In the Administration Console, go to the Global Settings -> Client Device tab, ensure the Smart Card check box is selected.

In the Administration Console, go to the Global Settings -> Application Authentication tab, ensure the Smart Card Authentication check box is selected.

Is there a firewall between the SGD server hosting the user session and the SGD server hosting the application session?

Firewalls between SGD servers can interfere with smart card connections, seeFirewalls Between SGD Servers.

Is the client device configured correctly?

On Microsoft Windows client platforms, do the following:

On Linux platforms, do the following:

On Solaris OS platforms, do the following:

Are there any error messages listed in the log file?

Smart card device access data and error messages are stored in the SGD Client log file. This data is displayed in the Detailed Diagnostics page of the SGD webtop.