Administrator Guide
Table Of Contents
- Dell Wyse ThinOS Lite Release 2.6 Administrator’s Guide
- Introduction
- Before working on ThinOS Lite
- Getting started
- Global connection settings
- Configuring the connectivity
- Configuring the network settings
- Configuring the remote connections
- Configuring the Citrix broker setup
- Configuring the visual settings
- Configuring the general options
- Configuring the authentication settings
- Configuring the central configurations
- Configuring the VPN manager
- Configuring the connection broker
- Configuring Citrix
- Configuring the Citrix broker setup
- Citrix HDX RealTime Multimedia Engine—RTME
- Citrix Icon refresh
- Using multiple audio in Citrix session
- Using Citrix NetScaler with CensorNet MFA authentication
- Okta Integration through Citrix NetScaler
- Configuring ICA connections
- ICA Self Service Password Reset—SSPR
- QUMU or ICA Multimedia URL Redirection
- HTML5 Video Redirection
- ICA SuperCodec
- Anonymous logon
- Configuring the Citrix UPD Printer
- Introduction to Flash Redirection
- Configuring Citrix
- Configuring Zero Client Settings
- Performing Diagnostics
- BIOS Management
- Security Changes
- Creating and Using xen.ini Files
- Examples of Common Printing Configurations
- Important Notes
- Troubleshooting
Table 22. Parameters for a xen.ini File (continued)
Parameter Description
[Profile=ssid]
[access={WPA-PSK, WPA2-PSK, WPA-ENT, WPA2-
ENT}]
[eap={yes,no}]
[eaptype={None, EAP-LEAP, EAP-TLS, EAP-PEAP,EAP-
FAST}]
[leapun=<username for EAP-LEAP>]
[leappwd=<password for EAP-LEAP>]
[leappwdEnc=<password encrypted for EAP-LEAP>]
[tlsauthtype=<user or machine>]
[tlsclntcert=<client certificate filename for EAP-TLS>]
[tlsclntprikeypwd=<password for privatekey>]
[tlsclntprikeypwdEnc=<password encrypted for private
key>]
[peapeap=<EAP-MSCHAPV2, EAP-GTC>]
[peapidentity=<identity/username for PEAP>]
[peapmschapun=<username for EAP-PEAP/EAP-
MSCHAPV2>]
[peapmschappwd=<password for EAP-PEAP/EAP-
MSCHAPV2>]
[peapmschappwdEnc=<password encrypted for EAP-
PEAP/ EAP-MSCHAPV2>]
[peapmschapdm=<domain for EAP-PEAP/ EAP-
MSCHAPV2>]
[peapmschaphidedm={yes,no}]
[peapsinglesignon={yes, no}]
[peapgtcun=<username for EAP-PEAP/ EAP-GTC>]
[peapgtcpwd=<password for EAP-PEAP/ EAP-GTC>]
[peapgtcpwdEnc=<password for encrypted for EAP-
PEAP/EAP-GTC>]
[servervalidate={yes, no}]
[servercheck={yes, no}]
[servername={"servername for EAP-TLS, EAP-PEAP,
EAP-FAST"}]
[wpapskpwd=<passphrase for WPA-PSK>]
[wpapskpwdEnc=<passphrase encrypted for WPA-
PSK>]
[wpa2pskpwd=<passphrase for WPA2-PSK>]
[wpa2pskpwdEnc=<passphrase encrypted for WPA2-
PSK>]
[encryption=<TKIP|CCMP>]
[timeoutretry=<number value of retry times when 8021x
authentication timeout>]
[fasteap={EAP-MSCHAPV2, EAP-GTC}]
[fastidentity={Identity for EAP_FAST}]
The key left of equal is case sensitive, and the value right of equal
case is not case sensitive except for credential information; for
example username, password or certificate filename.
If two entries exist in an INI file, one each for wired and wireless,
both will take effect; for example IEEE8021X=yes network=wired
EAP=yes … IEEE8021X=yes network=wireless access=WPA-ENT …
All EAP credential information is stored whatever the eaptype
setting.
All passwords here should be encrypted.
The wildcard server include three entries in INI file. If both the
servervalidate entry and severcheck entry are set to yes, the
servername entry is valid.
Server certificate validation is mandatory in EAP-TLS
authentication. If the eaptype entry is set to EAP-TLS, the
servercheck entry must be set to yes.
Server list must be included in double quotation
marks. For example IEEE8021X=yes Network=wireless
access=WPA2-ENT eap=yes servervalidate=yes servercheck=yes
servername=";test.com;wireless98; test.com" eaptype=eap-
peap peapeap=eap-mschapv2 peapmschapun=administrator
peapmschappwd=password
Additional option timeoutretry specifies the retry times when 8021x
authentication times out, which means that it is only validated when
the optional network type is wired. For example, timeoutretry=3
allows you to retry thrice after 8021x authentication times out.
Additional option Profile specifies the type of ssid authentication to
be configured. When we support multiple ssid wireless settings, the
statement ieee8021x must be after the statement device=wireless,
and one additional profile parameter is needed to identify the type
of ssid authentication which is configured.
For example,#ThinIsInDevice=Wireless Mode=Infrastructure
SSID=ThinIsInIEEE8021X=yes network=wireless profile=ThinIsIn
access=WPA2-ENT eap=yes eaptype=EAP-PEAP peapeap=EAP-
MSCHAPV2 peapmschapdm=wyse#wtos_95Device=Wireless
Mode=Infrastructure SSID=wtos_95IEEE8021X=yes
network=wireless profile=wtos_95 access=WPA2-ENT
eap=yes eaptype=EAP-PEAP peapeap=EAP-MSCHAPV2.
Example:IEEE8021X=yes network=wireless access=wpa-ent
eap=yes eaptype=eap-tls tlsclntcert=user.cer tlsclntprikey=user.pfx
tlsclntprikeypwd=12345678 Or IEEE8021X=yes network=wireless
access=wpa-ent eap=yes eaptype=eap-tls tlsclntcert=user.cer
tlsclntprikey=user.pfx tlsclntprikeypwd=12345678 leapun=user1
password=1234 peapmschapun=user1 peapmschappwd=12345
peapmschapdm=wyse.com
IEEE8021X=yes network=wired eap=yes eaptype=eap-
tls tlsclntcert=user.cer tlsclntprikey=user.pfx
tlsclntprikeypwd=12345678
By default, peapidentity is same as peapmschapun.
If peapmschaphidedm is set to yes, the domain will use saved peap
MSCHAP domain name and the prompts dialog will not include the
domain field when you perform ieee8021x authentication.
The following example describes wildcard server
validation: IEEE8021X=yes network=WIRED access=WPA2-ENT
servervalidate=yes eap=yes eaptype=EAP-PEAP servercheck=yes
Creating and Using xen.ini Files
181