ThinLinc is primarily focused on providing remote access to Linux-based desktops and applications, from a wide range of client devices. By focusing on Linux specifically, we are able to dedicate more time and effort towards ensuring that ThinLinc works well on this platform. But what if you want to access Windows desktops and applications using ThinLinc as well?
While ThinLinc uses VNC as its graphical protocol, Windows generally uses RDP. Although there is no built-in support for RDP in ThinLinc, there are a number of third-party RDP clients available for Linux, such as those available from the rdesktop and FreeRDP projects. These clients can be launched from within a ThinLinc session just like any other application, and used to connect to an existing Windows server via RDP.
Note: as they are not part of the ThinLinc product itself, RDP clients are not covered by Cendio support or the ThinLinc EULA. However, professional third-party support services are available for both rdesktop and FreeRDP. Your Linux distribution provider may also offer support for these components.
Once you have a Windows server available and configured for RDP access, you can try connecting to it using your RDP client from within a ThinLinc session. Use the command line here, rather than a graphical launcher. This will allow you to build a command with the options you require; for example, launching a single application vs. entire desktop, fullscreen vs. windowed mode, and so on.
Once you have built a command which gives the behaviour you want, you can then re-use this command in the steps below.
Single Sign-On (SSO)
When launching the RDP client from within a ThinLinc session, you will normally be prompted to authenticate against the Windows server. This can be frustrating for users, since they have already been asked to authenticate once when connecting to the ThinLinc server.
Most RDP clients will offer a way to provide authentication credentials at the command line, avoiding the need to log in twice. If the credentials on the Windows server match the ones on the ThinLinc server, then the ThinLinc command tl-sso-password can be used to provide the password on the command line. For more information on this command, see:
https://www.cendio.com/resources/docs/tag/commands.html?highlight=tl-sso-password
The username can be obtained using standard methods, for example via the $USER environment variable, or the whoami command. Adding these to the command line will prevent users from having to authenticate again when connecting to the Windows server.
If Windows desktops and applications are used regularly in your ThinLinc environment, it is good practice to use a common authentication mechanism for both the Linux and Windows servers. This ensures credentials remain consistant across platforms, and that credentials only need to be kept and updated in a single location.
Since it can be difficult to get Windows to authenticate against non-proprietary sources, the easiest way to do this is usually to make sure that all servers are joined to the same Active Directory domain. On Linux, this can be achieved using software provided by the Samba project.
Launching the RDP Client as an Application
Once you have built a working command line for your RDP client, one option is to provide users with this command as an application in their ThinLinc session. This application can be defined using the ThinLinc Desktop Customizer, and placed in the menu structure (or on the desktop) of users who need to access Windows resources.
The application could be configured to launch a Windows desktop in windowed mode, or in fullscreen mode to cover the entire ThinLinc session. It could also be configured to launch a single Windows application, using seamless mode (“RemoteApp”) to integrate with the Linux desktop. This approach enables hybrid environments, where Windows and Linux applications run together in the same desktop environment.
Launching the RDP Client via the Profile Chooser
Another option is to use ThinLinc’s profile chooser to allow users to select between platforms. For more information on defining and configuring profiles, see:
https://www.cendio.com/resources/docs/tag/tlwebadm_profiles.html
If multiple profiles are configured, users may be presented with a choice when logging into ThinLinc. It is possible to have a separate Windows-only profile by configuring it to launch the RDP client directly. Users who select this profile will not have access to a Linux desktop in their session
Wine
It is also possible to run many Windows applications directly on Linux using a compatibility layer such as Wine. Compatibility and performance varies between applications, but it does have the advantage of not requiring a separate Windows server, and is generally worth looking into.
CodeWeavers provide a commercially supported version of Wine known as CrossOver, which may be more appropriate for production environments.
For more information on the FreeRDP project, visit FreeRDP
For more information on the rdesktop project, visit rdesktop: A Remote Desktop Protocol Client
For more information on the Samba project, visit Samba - opening windows to a wider world
For more information on the ThinLinc Desktop Customizer, see https://www.cendio.com/resources/docs/tag/tldc_tldesktopcustomizer.html.
For more information on configuration parameters for ThinLinc’s profile chooser, see Parameters in /profiles/ — The ThinLinc Administrator's Guide 4.14.0 build 2408 documentation
For more information on Wine, visit https://www.winehq.org.
For more information on CodeWeavers, visit https://www.codeweavers.com/