Lesson Learned about Citrix on Linux

Edit: This is mainly here for historical purposes, I would be surprised if anyone would still find this useful.

Originally posted August 26, 2008 on AIXchange 

At a recent training session we had to connect to a Citrix server to access the machines used for the class. I didn’t have any issues, but the student next to me couldn’t get a Citrix client working on his laptop. He tried uninstalling/reinstalling and rebooting, among other things, but couldn’t connnect using his Windows laptop. In the end he had to borrow another machine to work on the labs.

That made me think: If I were in his boat, what would I do?

I like vnc. Maybe I could use a VPN to access a Linux machine in my lab, fire up vncserver, run Firefox inside of the vnc session and run a Citrix client that way?

Then I realized that the Linux partition I have up and ready to go runs Linux on Power, and on top of the Linux on Power installation is a version of Lx86, which I discussed in another AIXchange blog entry.

So I give it a try. I point my Firefox browser in my vnc session to the Web site to log on. The login page displays a link to download a client. It recognizes that a Citrix client isn’t installed, and offers me a choice of clients to download. I choose the Linux client and end up downloading a package called linuxx86.tar.

When I untar the file, I run:

./setupwfc

This command gives me this output:

./setupwfc
Citrix ICA Client 9.0 setup.

Select a setup option:

1. Install Citrix ICA Client 9.0
2. Remove Citrix ICA Client 9.0
3. Quit Citrix ICA Client 9.0 setup

Enter option number 1-3 [1]:

Option 1 is the default. I choose this option, and receive this output:

Please enter the directory in which Citrix ICA Client is to be installed
[default /usr/lib/ICAClient]
or type “quit” to abandon the installation:

I choose the default directory, and press “Enter”.

Then I’m prompted to accept a license agreement, which I do by selecting option 1.

Select an option:

1. I accept
2. I do not accept

Enter option number 1-2 [2]

Option 2 is the default here.

After the installation completes, I quit the client setup. Then I change directories and create a link to the newly installed file so Firefox can find the plug-in:

cd /usr/lib/firefox-1.5.0.10/plugins

ln –s /usr/lib/ICAClient/npica.so npica.so

After I restart Firefox and return to the login page, I receive this error in Firefox:

“You have chosen not to trust Equifax secure certificate Authority the issuer of the server’s security certificate.”

I poke around on Google and find this answer, which points me here and here.

I download the files from each link and rename them with a .crt rather than a .cer extension. Then I copy those files into the /usr/lib/ICAClient/keystore/cacerts directory and run chmod o+r  to give Firefox permission to read them.

After restarting Firefox and logging into the Web site, I’m able to login and do the labs. I end up with Firefox running a Citrix client on top of my Lx86 (x86) installation, which is running on my Linux on Power partition (ppc64).

I was proud of my accomplishments, but others in the room were less impressed. However, this solution paid off when we had a network outage later in the day. While everyone else had to log back into their sessions, I just reconnected to my vnc session and picked right up where I left off. And the performance of the Citrix client running in Lx86 world was pretty good.

I was able to convince myself that if my browser wouldn’t work on my Windows machine, I could still connect to the IBM machines using my Citrix running on Linux solution–and in this case, one running on an LPAR running POWER6 hardware as well.