/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (hide annotations) (download) (as text)
Thu May 13 06:53:08 2004 UTC (10 years, 2 months ago) by swift
Branch: MAIN
Changes since 1.1: +3 -3 lines
File MIME type: application/xml
Fix net-mail > net-print error, thanks to Carston Jons for reporting it

1 swift 1.1 <?xml version = '1.0' encoding = 'UTF-8'?>
2     <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
3     <guide link="quick-samba-howto.xml">
4     <title>Gentoo Samba3/CUPS/clamav HOWTO</title>
5     <author title="Author">
6     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
7     </author>
8     <author title="Author">
9     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
10     </author>
11    
12     <abstract>
13     Setup, install and configure a Samba Server under Gentoo that shares
14     files, printers without the need to install drivers and provides
15     automatic virus scanning.
16     </abstract>
17    
18     <!-- The content of this document is licensed under the CC-BY-SA license -->
19     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
20     <license/>
21    
22 swift 1.2 <version>1.2</version>
23     <date>May 13, 2004</date>
24 swift 1.1
25     <chapter>
26     <title>Introduction to this HOWTO</title>
27     <section>
28     <title>Purpose</title>
29     <body>
30    
31     <p>
32     This HOWTO is designed to help you move a network from many different
33     clients speaking different languages, to many different manchines that
34     speak a common language. The ultimate goal is to help differing
35     architechures and technologies, come together in a productive,
36     happily coexistant environment.
37     </p>
38    
39     <p>
40     Following the directions outlined in this HOWTO should give you an
41     excellent step towards a peaceful cohabitation between Windows, and
42     virtually all known variations of *nix.
43     </p>
44    
45     <p>
46     This HOWTO originally started not as a HOWTO, but as a FAQ. It was
47     intended to explore the functionality and power of the Gentoo system,
48     portage and the flexibility of USE flags. Like so many other projects,
49     it was quickly discovered what was missing in the Gentoo realm: there
50     weren't any Samba HOWTO's catered for Gentoo users. These users are
51     more demanding than most; they require performance, flexibility and
52     customization. This does not however imply that this HOWTO was not
53     intended for other distributions; rather that it was designed to work
54     with a highly customized version of Samba.
55     </p>
56    
57     <p>
58     This HOWTO will describe how to share files and printers between Windows
59     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
60     File System) feature of Samba to incorporate automatic virus protection.
61     As a finale, it will show you how to mount and manipulate shares.
62     </p>
63    
64     <p>
65     There are a few topics that will be mentioned, but are out of the
66     scope of this HOWTO. These will be noted as they are presented.
67     </p>
68    
69     <p>
70     This HOWTO is based on a compilation and merge of an excellent HOWTO
71     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
72     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
73     The link to this discussion is provided below for your reference:
74     </p>
75    
76     <ul>
77     <li>
78     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
79     CUPS+Samba: printing from Windows &amp; Linux</uri>
80     </li>
81     </ul>
82    
83     </body>
84     </section>
85     <section>
86     <title>Before you use this guide</title>
87     <body>
88    
89     <p>
90     There are a several other guides for setting up CUPS and/or Samba,
91     please read them as well, as they may tell you things left out of this
92     HOWTO (intentional or otherwise). One such document is the very useful
93     and well written <uri link="http://www.gentoo.org/doc/en/printing-howto.xml">Gentoo
94     Printing Guide</uri>, as configuration issues and specific printer setup
95     is not discussed here.
96     </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112     <li>Install and configure CLAM-AV</li>
113     <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146     <li>net-mail/clamav</li>
147     <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149     <li>net-print/hpijs (if you have an HP printer)</li>
150     <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151     <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161     net-mail/clamav will be used also, but others should be easily adapted
162     to work with Samba.
163     </p>
164    
165     </body>
166     </section>
167     </chapter>
168     <chapter>
169     <title>Getting acquainted with Samba</title>
170     <section>
171     <title>The USE Flags</title>
172     <body>
173    
174     <p>
175     Before emerging anything, take a look at the various USE flags
176     available to Samba.
177     </p>
178    
179     <pre caption="Samba uses the following USE Variables:">
180     kerberos mysql xml acl cups ldap pam readline python oav
181     </pre>
182    
183     <p>
184     Depending on the network topology and the specific requirements of
185     the server, the USE flags outlined below will define what to include or
186     exclude from the emerging of Samba.
187     </p>
188    
189     <table>
190     <tr>
191     <th><b>USE flag</b></th>
192     <th>Description</th>
193     </tr>
194     <tr>
195     <th><b>kerberos</b></th>
196     <ti>
197     Include support for Kerberos. The server will need this if it is
198     intended to join an existing domain or Active Directory. See the note
199     below for more information.
200     </ti>
201     </tr>
202     <tr>
203     <th><b>mysql</b></th>
204     <ti>
205     This will allow Samba to use MySQL in order to do password authentication.
206     It will store ACLs, usernames, passwords, etc in a database versus a
207     flat file. If Samba is needed to do password authentication, such as
208     acting as a password validation server or a Primary Domain Controller
209     (PDC).
210     </ti>
211     </tr>
212     <tr>
213     <th><b>xml</b></th>
214     <ti>
215     The xml USE option for Samba provides a password database backend allowing
216     Samba to store account details in XML files, for the same reasons listed in
217     the mysql USE flag description.
218     </ti>
219     </tr>
220     <tr>
221     <th><b>acl</b></th>
222     <ti>
223     Enables Access Control Lists. The ACL support in Samba uses a patched
224     ext2/ext3, or SGI's XFS in order to function properly as it extends more
225     detailed access to files or directories; much more so than typical *nix
226     GID/UID schemas.
227     </ti>
228     </tr>
229     <tr>
230     <th><b>cups</b></th>
231     <ti>
232     This enables support for the Common Unix Printing System. This
233     provides an interface allowing local CUPS printers to be shared to
234     other systems in the network.
235     </ti>
236     </tr>
237     <tr>
238     <th><b>ldap</b></th>
239     <ti>
240     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
241     expected to use Active Directory, this option must be used. This would
242     be used in the event Samba needs to login to or provide login to
243     a Domain/Active Directory Server. The kerberos USE flag is needed for
244     proper functioning of this option.
245     </ti>
246     </tr>
247     <tr>
248     <th><b>pam</b></th>
249     <ti>
250     Include support for pluggable authentication modules (PAM). This
251     provides the ability to authenticate users on the Samba Server, which is
252     required if users have to login to your server. The kerberos USE flag
253     is recommended along with this option.
254     </ti>
255     </tr>
256     <tr>
257     <th><b>readline</b></th>
258     <ti>
259     Link Samba again libreadline. This is highly recommended and should
260     probably not be disabled
261     </ti>
262     </tr>
263     <tr>
264     <th><b>python</b></th>
265     <ti>
266     Python bindings API. Provides an API that will allow Python to
267     interface with Samba.
268     </ti>
269     </tr>
270     <tr>
271     <th><b>oav</b></th>
272     <ti>
273     Provides on-access scanning of Samba shares with FRISK F-Prot
274     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
275     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
276     </ti>
277     </tr>
278     </table>
279    
280     <p>
281     A couple of things worth mentioning about the USE flags and different
282     Samba functions include:
283     </p>
284    
285     <ul>
286     <li>
287     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
288     ACL kernel options for ext2 and/or ext3 will need to be enabled
289     (depending on which file system is being used - both can be enabled).
290     </li>
291     <li>
292     While Active Directory, ACL, and PDC functions are out of the intended
293     scope of this HOWTO, you may find these links as helpful to your cause:
294     <ul>
295     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
296     <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
297     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
298     </ul>
299     </li>
300     </ul>
301    
302     </body>
303     </section>
304     </chapter>
305     <chapter>
306     <title>Server Software Installation</title>
307     <section>
308     <title>Emerging Samba</title>
309     <body>
310    
311     <p>
312     First of all: be sure that all your hostnames resolve correctly.
313     Either have a working domain name system running on your network
314     or appropriate entries in your /etc/hosts file. cupsaddsmb often
315     borks if hostnames don't point to the correct machines.
316     </p>
317    
318     <p>
319     Hopefully now you can make an assessment of what you'll actually need in
320     order to use Samba with your particular setup. The setup used for this
321     HOWTO is:
322     </p>
323    
324     <ul>
325     <li>oav</li>
326     <li>cups</li>
327     <li>readline</li>
328     <li>pam</li>
329     </ul>
330    
331     <p>
332     To optimize performance, size and the time of the build, the
333     USE flags are specifically included or excluded.
334     </p>
335    
336     <pre caption="Emerge Samba">
337     <comment>(Note the USE flags!)</comment>
338     # <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i>
339     </pre>
340    
341     <note>
342     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
343     ppc, sparc, hppa, ia64 and alpha
344     </note>
345    
346     <p>
347     This will emerge Samba and CUPS (if CUPS is not already emerged).
348     </p>
349    
350     </body>
351     </section>
352     <section>
353     <title>Emerging clam-av</title>
354     <body>
355    
356     <p>
357     Because the oav USE flag only provides an interface to allow on access
358     virus scanning, the actual virus scanner must be emerged. The scanner
359     used in this HOWTO is <e>net-mail/clamav</e>.
360     </p>
361    
362     <pre caption="Emerge clam-av">
363     # <i>emerge net-mail/clamav</i>
364     </pre>
365    
366     </body>
367     </section>
368     <section>
369     <title>Emerging foomatic</title>
370     <body>
371    
372     <pre caption="Emerge foomatic">
373     # <i>emerge net-print/foomatic</i>
374     </pre>
375    
376     </body>
377     </section>
378     <section>
379     <title>Emerging net-print/hpijs</title>
380     <body>
381    
382     <p>
383     You only need to emerge this if you use an HP printer.
384     </p>
385    
386     <pre caption="Emerge hpijs">
387 swift 1.2 # <i>emerge net-print/hpijs</i>
388 swift 1.1 </pre>
389    
390     </body>
391     </section>
392     </chapter>
393     <chapter>
394     <title>Server Configuration</title>
395     <section>
396     <title>Configuring Samba</title>
397     <body>
398    
399     <p>
400     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
401     It is divided in sections indicated by [sectionname]. Comments are either
402     # or ;. A sample <path>smb.conf</path> is included below with comments and
403     suggestions for modifications. If more details are required, see the
404     man page for <path>smb.conf</path>, the installed smb.conf.example, the Samba
405     Web site or any of the numerous Samba books available.
406     </p>
407    
408     <pre caption="A Sample /etc/samba/smb.conf">
409     [global]
410     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
411     workgroup = <comment>MYWORKGROUPNAME</comment>
412     <comment># Of course this has no REAL purpose other than letting
413     # everyone know its not Windows!
414     # %v prints the version of Samba we are using.</comment>
415     server string = Samba Server %v
416     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
417     printcap name = cups
418     printing = cups
419     load printers = yes
420     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
421     log file = /var/log/samba/log.%m
422     max log size = 50
423     <comment># We are going to set some options for our interfaces...</comment>
424     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
425     <comment># This is a good idea, what we are doing is binding the
426     # samba server to our local network.
427     # For example, if eth0 is our local network device</comment>
428     interfaces = lo <i>eth0</i>
429     bind interfaces only = yes
430     <comment># Now we are going to specify who we allow, we are afterall
431     # very security conscience, since this configuration does
432     # not use passwords!</comment>
433     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
434     hosts deny = 0.0.0.0/0
435     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
436     # The default is user</comment>
437     security = share
438     <comment># No passwords, so we're going to use a guest account!</comment>
439     guest account = samba
440     guest ok = yes
441     <comment># We now will implement the on access virus scanner.
442     # NOTE: By putting this in our [Global] section, we enable
443     # scanning of ALL shares, you could optionally move
444     # these to a specific share and only scan it.</comment>
445     vfs object = /usr/lib/samba/vfs/vscan-clamav.so
446     vfs options = config-file = /etc/samba/vscan-clamav.conf
447    
448     <comment># Now we setup our print drivers information!</comment>
449     [print$]
450     comment = Printer Drivers
451     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
452     guest ok = no
453     browseable = yes
454     read only = yes
455     <comment># Modify this to "username,root" if you don't want root to
456     # be the only printer admin)</comment>
457     write list = <i>root</i>
458    
459     <comment># Now we'll setup a printer to share, while the name is arbitrary
460     # it should be consistent throughout Samba and CUPS!</comment>
461     [HPDeskJet930C]
462     comment = HP DeskJet 930C Network Printer
463     printable = yes
464     path = /var/spool/samba
465     public = yes
466     guest ok = yes
467     <comment># Modify this to "username,root" if you don't want root to
468     # be the only printer admin)</comment>
469     printer admin = <i>root</i>
470    
471     <comment># Now we setup our printers share. This should be
472     # browseable, printable, public.</comment>
473     [printers]
474     comment = All Printers
475     browseable = yes
476     printable = yes
477     public = yes
478     guest ok = yes
479     path = /var/spool/samba
480     <comment># Modify this to "username,root" if you don't want root to
481     # be the only printer admin)</comment>
482     printer admin = <i>root</i>
483    
484     <comment># We create a new share that we can read/write to from anywhere
485     # This is kind of like a public temp share, anyone can do what
486     # they want here.</comment>
487     [public]
488     comment = Public Files
489     browseable = yes
490     public = yes
491     create mode = 0766
492     guest ok = yes
493     path = /home/samba/public
494     </pre>
495    
496     <p>
497     There are several warnings that we should put here:
498     </p>
499    
500     <ul>
501     <li>
502     If you like to use Samba's guest account to do anything concerning
503     printing from Windows clients: don't
504     </li>
505     <li>Don't set guest only = yes in the global section</li>
506     <li>
507     The guest account seems to cause problems when running cupsaddsmb sometimes
508     when trying to connect from Windows machines. See below, too, when we talk
509     about cupsaddsmb and the problems that can arise. Use a dedicated printer
510     user, like "printeruser" or "printer" or "printme" or whatever. It doesn't
511     hurt and it will certainly protect you from a lot of problems.
512     </li>
513     </ul>
514    
515     <p>
516     Now create the directories required for the minimum configuration of
517     Samba to share the installed printer throughout the network.
518     </p>
519    
520     <pre caption="Create the directories">
521     # <i>mkdir /etc/samba/printer</i>
522     # <i>mkdir /var/spool/samba</i>
523     # <i>mkdir /home/samba/public</i>
524     </pre>
525    
526     <p>
527     At least one Samba user is required in order to install the printer
528     drivers and to allow users to connect to the printer. Users must
529     exist in the system's <path>/etc/passwd</path> file.
530     </p>
531    
532     <pre caption="Creating the users">
533     # <i>smbpasswd -a root</i>
534    
535     <comment>(If another user is to be a printer admin)</comment>
536     # <i>smbpasswd -a username</i>
537     </pre>
538    
539     <p>
540     The Samba passwords need not be the same as the system passwords
541     in <path>/etc/passwd</path>.
542     </p>
543    
544     </body>
545     </section>
546     <section>
547     <title>Configuring clam-av</title>
548     <body>
549    
550     <p>
551     The configuration file specified to be used in <path>smb.conf</path> is
552     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
553     to the defaults, the infected file action may need to be changed.
554     </p>
555    
556     <pre caption="/etc/samba/vscan-clamav.conf">
557     [samba-vscan]
558     <comment>; run-time configuration for vscan-samba using
559     ; clamd
560     ; all options are set to default values</comment>
561    
562     <comment>; do not scan files larger than X bytes. If set to 0 (default),
563     ; this feature is disable (i.e. all files are scanned)</comment>
564     max file size = 0
565    
566     <comment>; log all file access (yes/no). If set to yes, every access will
567     ; be logged. If set to no (default), only access to infected files
568     ; will be logged</comment>
569     verbose file logging = no
570    
571     <comment>; if set to yes (default), a file will be scanned while opening</comment>
572     scan on open = yes
573     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
574     scan on close = yes
575    
576     <comment>; if communication to clamd fails, should access to file denied?
577     ; (default: yes)</comment>
578     deny access on error = yes
579    
580     <comment>; if daemon files with a minor error (corruption, etc.),
581     ; should access to file denied?
582     ; (default: yes)</comment>
583     deny access on minor error = yes
584    
585     <comment>; send a warning message via Windows Messenger service
586     ; when virus is found?
587     ; (default: yes)</comment>
588     send warning message = yes
589    
590     <comment>; what to do with an infected file
591     ; quarantine: try to move to quantine directory; delete it if moving fails
592     ; delete: delete infected file
593     ; nothing: do nothing</comment>
594     infected file action = <comment>delete</comment>
595    
596     <comment>; where to put infected files - you really want to change this!
597     ; it has to be on the same physical device as the share!</comment>
598     quarantine directory = /tmp
599     <comment>; prefix for files in quarantine</comment>
600     quarantine prefix = vir-
601    
602     <comment>; as Windows tries to open a file multiple time in a (very) short time
603     ; of period, samba-vscan use a last recently used file mechanism to avoid
604     ; multiple scans of a file. This setting specified the maximum number of
605     ; elements of the last recently used file list. (default: 100)</comment>
606     max lru files entries = 100
607    
608     <comment>; an entry is invalidad after lru file entry lifetime (in seconds).
609     ; (Default: 5)</comment>
610     lru file entry lifetime = 5
611    
612     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
613     clamd socket name = /var/run/clamd
614     </pre>
615    
616     <p>
617     It is generally a good idea to start the virus scanner immediately. Add
618     it to the default runlevel and then start the clamd service immediately.
619     </p>
620    
621     <pre caption="Add clamd to bootup and start it">
622     # <i>rc-update add clamd default</i>
623     # <i>/etc/init.d/clamd start</i>
624     </pre>
625    
626     </body>
627     </section>
628     <section>
629     <title>Configuring CUPS</title>
630     <body>
631    
632     <p>
633     This is a little more complicated). CUPS' main config file is
634     <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
635     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
636     in the example are the directives that need to be changed:
637     </p>
638    
639     <pre caption="/etc/cups/cupsd.conf">
640     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
641     ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
642    
643     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
644     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
645    
646     LogLevel debug <comment># only while isntalling and testing, should later be
647     # changed to 'info'</comment>
648    
649     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
650     # there seemed to be a bug in CUPS' controlling of the web interface,
651     # making CUPS think a denial of service attack was in progress when
652     # I tried to configure a printer with the web interface. weird.</comment>
653    
654     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
655    
656     &lt;Location /&gt;
657     Order Deny,Allow
658     Deny From All
659     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
660     # eg 192.168.1.* will allow connections from any host on
661     # the 192.168.1.0 network. change to whatever suits you</comment>
662     &lt;/Location&gt;
663    
664     &lt;Location /admin&gt;
665     AuthType Basic
666     AuthClass System
667     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
668     # 192.168.1.0 network to connect and do
669     # administrative tasks after authenticating</comment>
670     Order Deny,Allow
671     Deny From All
672     &lt;/Location&gt;
673     </pre>
674    
675     <p>
676     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
677     The changes to mime.convs and mime.types are needed to make CUPSprint Microsoft Office document files.
678     </p>
679    
680     <pre caption="/etc/cups/mime.convs">
681     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
682     application/octet-stream application/vnd.cups-raw 0
683     </pre>
684    
685     <p>
686     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
687     </p>
688    
689     <pre caption="/etc/cups/mime.types">
690     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
691     application/octet-stream
692     </pre>
693    
694     <p>
695     CUPS needs to be started on boot, and started immediately.
696     </p>
697    
698     <pre caption="Setting up the CUPS service" >
699     <comment>(To start CUPS on boot)</comment>
700     # <i>rc-update add cupsd default</i>
701     <comment>(To start CUPS if it isn't started)</comment>
702     # <i>/etc/init.d/cupsd start</i>
703     <comment>(If CUPS is already started we'll need to restart it!)</comment>
704     # <i>/etc/init.d/cupsd restart</i>
705     </pre>
706    
707     </body>
708     </section>
709     <section>
710     <title>Installing a printer for and with CUPS</title>
711     <body>
712    
713     <p>
714     First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri>
715     to find and download the correct PPD file for your printer and CUPS. To
716     do so, click the link Printer Listings to the left. Select your
717     printers manufacturer and the model in the pulldown menu, eg HP and
718     DeskJet 930C. Click "Show". On the page coming up click the "recommended
719     driver" link after reading the various notes and information. Then fetch
720     the PPD file from the next page, again after reading the notes and
721     introductions there. You may have to select your printers manufacturer
722     and model again. Reading the <uri link="http://www.linuxprinting.org/cups-doc.html">CUPS
723     quickstart guide</uri> is also very helpful when working with CUPS.
724     </p>
725    
726     <p>
727     Now you have a PPD file for your printer to work with CUPS. Place it in
728     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
729     named HP-DeskJet_930C-hpijs.ppd. You should now install the printer.
730     This can be done via the CUPS web interface or via command line. The web
731     interface is found at http://PrintServer:631 once CUPS is running.
732     </p>
733    
734     <pre caption="Install the printer via command line">
735     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
736     </pre>
737    
738     <p>
739     Remember to adjust to what you have. Be sure to have the name (-p) right (the
740     name you set above during the Samba configuration!) and to put in the
741     correct usb:/dev/usb/blah, parallel:/dev/blah or whatever device you
742     are using for your printer.
743     </p>
744    
745     <p>
746     You should now be able to access the printer from the web interface. You
747     should now be able to print a test page.
748     </p>
749    
750     </body>
751     </section>
752     <section>
753     <title>Installing the Windows printer drivers</title>
754     <body>
755    
756     <p>
757     Now that the printer should be working it is time to install the drivers
758     for the Windows clients to work. Samba 2.2 introduced this functionality.
759     Browsing to the print server in the Network Neighbourhood, right-clicking
760     on the printershare and selecting "connect" downloads the appropriate
761     drivers automagically to the connecting client, avoiding the hassle of
762     manually installing printer drivers locally.
763     </p>
764    
765     <p>
766     There are two sets of printer drivers for this. First, the Adobe PS
767     drivers which can be obtained from <uri
768     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
769     (PostScript printer drivers). Second, there are the CUPS PS drivers,
770     to be obtained from <uri link="http://www.cups.org/software.php">the
771     CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
772     pull down menu. There doesn't seem to be a difference between the
773     functionality of the two, but the Adobe PS drivers need to be extracted
774     on a Windows System since it's a Windows binary. Also the whole procedure
775     of finding and copying the correct files is a bit more hassle. The CUPS
776     drivers seem to support some options the Adobe drivers don't.
777     </p>
778    
779     <p>
780     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
781     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
782     contained into a directory.
783     </p>
784    
785     <pre caption="Extract the drivers and run the install">
786     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
787     # <i>cd cups-samba-5.0rc2</i>
788     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
789     # <i>./cups-samba.install</i>
790     </pre>
791    
792     <p>
793     cups-samba.ss is a TAR archive containing three files:
794     cups5.hlp, cupsdrvr5.dll and cupsui5.dll. These are the actual driver
795     files.
796     </p>
797    
798     <warn>
799     The script cups-samba.install may not work for all *nixes (ie FreeBSD)
800     because almost everything which is not part of the base system is
801     installed somewhere under the prefix <path>/usr/local/</path>. This
802     seems not to be the case for most things you install under GNU/Linux.
803     However, if your CUPS installation is somewhere other than
804     <path>/usr/share/cups/</path> See the example below.
805     </warn>
806    
807     <p>
808     Suppose your CUPS installation resides under
809     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
810     Do the following:
811     </p>
812    
813     <pre caption="Manually installing the drivers">
814     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
815     # <i>tar -xf cups-samba.ss</i>
816     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
817     # <i>cd usr/share/cups/drivers</i>
818     <comment>(no leading / !)</comment>
819     # <i>cp cups* /usr/local/share/cups/drivers</i>
820     </pre>
821    
822     <p>
823     Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
824     distribution. It's man page is an interesting read.
825     </p>
826    
827     <pre caption="Run cupsaddsmb">
828     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
829     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
830     "export all known printers".)</comment>
831     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
832     </pre>
833    
834     <warn>
835     The execution of this command often causes the most trouble.
836     Reading through the <uri
837     link="http://forums.gentoo.com/viewtopic.php?t=110931">posts in this
838     thread</uri>.
839     </warn>
840    
841     <p>
842     Here are common errors that may happen:
843     </p>
844    
845     <ul>
846     <li>
847     The hostname given as a parameter for -h and -H (PrintServer) often does
848     not resolve correctly and doesn't identify the print server for CUPS/Samba
849     interaction.
850     If an error like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
851     skipping!</b> occurs, the first thing you should do is substitute
852     PrintServer with localhost and try it again.
853     </li>
854     <li>
855     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
856     is quite common, but can be triggered by many problems. It's unfortunately
857     not very helpful. One thing to try is to temporarily set <b>security =
858     user</b> in your <path>smb.conf</path>. After/if the installation completes
859     successfully, you should set it back to share, or whatever it was set to
860     before.
861     </li>
862     </ul>
863    
864     <p>
865     This should install the correct driver directory structure under
866     <path>/etc/samba/printer</path>. That would be
867     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
868     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
869     (the name which you gave the printer when installing it (see above).
870     </p>
871    
872     <p>
873     Pending no errors or other complications, your drivers are now
874     installed.
875     </p>
876    
877     </body>
878     </section>
879     <section>
880     <title>Finalizing our setup</title>
881     <body>
882    
883     <p>
884     Lastly, setup our directories.
885     </p>
886    
887     <pre caption="Final changes needed">
888     # <i>mkdir /home/samba</i>
889     # <i>mkdir /home/samba/public</i>
890     # <i>chmod 755 /home/samba</i>
891     # <i>chmod 755 /home/samba/public</i>
892     </pre>
893    
894     </body>
895     </section>
896     <section>
897     <title>Testing our Samba configuration</title>
898     <body>
899    
900     <p>
901     We will want to test our configuration file to ensure that it is formatted
902     properly and all of our options have at least the correct syntax. To do
903     this we run <c>testparm</c>.
904     </p>
905    
906     <pre caption="Running the testparm">
907     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
908     # <i>/usr/bin/testparm</i>
909     Load smb config files from /etc/samba/smb.conf
910     Processing section &quot;[printers]&quot;
911     Global parameter guest account found in service section!
912     Processing section &quot;[public]&quot;
913     Global parameter guest account found in service section!
914     Loaded services file OK.
915     Server role: ROLE_STANDALONE
916     Press enter to see a dump of your service definitions
917     ...
918     ...
919     </pre>
920    
921     </body>
922     </section>
923     <section>
924     <title>Starting the Samba service</title>
925     <body>
926    
927     <p>
928     Now configure Samba to start at bootup; then go ahead and start it.
929     </p>
930    
931     <pre caption="Setting up the Samba service">
932     # <i>rc-update add samba default</i>
933     # <i>/etc/init.d/samba start</i>
934     </pre>
935    
936     </body>
937     </section>
938     <section>
939     <title>Checking our services</title>
940     <body>
941    
942     <p>
943     It would probably be prudent to check our logs at this time also.
944     We will also want to take a peak at our Samba shares using
945     <c>smbclient</c>.
946     </p>
947    
948     <pre caption="Checking the shares with smbclient">
949     # <i>smbclient -L localhost</i>
950     Password:
951     <comment>(You should see a BIG list of services here.)</comment>
952     </pre>
953    
954     </body>
955     </section>
956     </chapter>
957     <chapter>
958     <title>Configuration of the Clients</title>
959     <section>
960     <title>Printer configuration of *nix based clients</title>
961     <body>
962    
963     <p>
964     Despite the variation or distribution, the only thing needed is CUPS.
965     Do the equivalent on any other UNIX/Linux/BSD client.
966     </p>
967    
968     <pre caption="Configuring a Gentoo system.">
969     # <i>emerge cups</i>
970     # <i>/etc/init.d/cupsd start</i>
971     # <i>rc-update add cupsd default</i>
972     </pre>
973    
974     <p>
975     That should be it. Nothing else will be needed. Just point your web
976     browser to http://localhost:631 (on the CLIENT) and you'll see that
977     PrintServer broadcasts all available printers to all CUPS clients.
978     </p>
979    
980     <p>
981     To print, use for example
982     </p>
983    
984     <pre caption="Printing in *nix">
985     # <i>lpr -pHPDeskJet930C anything.txt</i>
986     # <i>lpr -PHPDeskJet930C foobar.whatever.ps</i>
987     </pre>
988    
989     <p>
990     In order to setup a default printer, you have to edit
991     <path>/etc/cups/client.conf</path> and set the directive ServerName to
992     your printserver. In the case of this guide that would be the
993     following example.
994     </p>
995    
996     <pre caption="/etc/cups/client.conf">
997     ServerName PrintServer
998     </pre>
999    
1000     <p>
1001     The following will print foorbar.whatever.ps directly to the print
1002     server.
1003     </p>
1004    
1005     <pre caption="Printing to the default printer">
1006     $ <i>lpr foobar.whatever.ps</i>
1007     </pre>
1008    
1009     <p>
1010     Some common observations when setting a default printer in this manner
1011     include the following:
1012     </p>
1013    
1014     <ul>
1015     <li>
1016     Setting the ServerName in client.conf seems to work well for only one
1017     printer, there may be yet another way to set a client's default remote
1018     printer.
1019     </li>
1020     <li>
1021     Also, when accessing http://localhost:631 on the client now, no printers
1022     seem to be "found" by the client-CUPS. This is to be expected when setting
1023     ServerName in <path>client.conf</path>.
1024     </li>
1025     </ul>
1026    
1027     </body>
1028     </section>
1029     <section>
1030     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1031     <body>
1032    
1033     <p>
1034     Now is time to configure our kernel to support it the smbfs. Since I'm
1035     assumming we've all compiled at least one kernel, we'll need to make
1036     sure we have all the right options selected in our kernel.
1037     For simplicity sake, make it as a module for ease of use. It is the
1038     authors opinion that kernel modules are a good thing and should be used
1039     whenever possible.
1040     </p>
1041    
1042     <pre caption="Relevant kernel options" >
1043     CONFIG_SMB_FS=m
1044     CONFIG_SMB_UNIX=y
1045     </pre>
1046    
1047     <p>
1048     Then make the module/install it; insert them with:
1049     </p>
1050    
1051     <pre caption="Loading the kernel module">
1052     # <i>modprobe smbfs</i>
1053     </pre>
1054    
1055     <p>
1056     Once the modules is loaded, mounting a Windows or Samba share is
1057     possible. Use <c>mount</c> to accomplish this, as detailed below:
1058     </p>
1059    
1060     <pre caption="Mounting a Windows/Samba share">
1061     <comment>(The syntax for mounting a Windows/Samba share is:
1062     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1063     If we are not using passwords or a password is not needed)</comment>
1064    
1065     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1066    
1067     <comment>(If a password is needed)</comment>
1068     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1069     </pre>
1070    
1071     <p>
1072     After you mount the share, you would access it as if it were a local
1073     drive.
1074     </p>
1075    
1076     </body>
1077     </section>
1078     <section>
1079     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1080     <body>
1081    
1082     <p>
1083     That's just a bit of point-and-click. Browse to \\PrintServer and right
1084     click on the printer (HPDeskJet930C) and click connect. This will
1085     download the drivers to the Windows client and now every application
1086     (such as Word or Acrobat) will offer HPDeskJet930C as an available
1087     printer to print to. :-)
1088     </p>
1089    
1090     </body>
1091     </section>
1092     </chapter>
1093     <chapter>
1094     <title>Final Notes</title>
1095     <section>
1096     <title>A Fond Farewell</title>
1097     <body>
1098    
1099     <p>
1100     Well that should be it. You should now have a successful printing enviroment
1101     that is friendly to both Windows and *nix as well as a fully virus-free working
1102     share!
1103     </p>
1104    
1105     </body>
1106     </section>
1107     </chapter>
1108     <chapter>
1109     <title>Links and Resources</title>
1110     <section>
1111     <title>Links</title>
1112     <body>
1113    
1114     <p>
1115     These are some links that may help you in setting up, configuration and
1116     troubleshooting your installation:
1117     </p>
1118    
1119     <ul>
1120     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1121     <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1122     <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1123     <li>
1124     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1125     Pfeifle's Samba Print HOWTO</uri> (
1126     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1127     I've written here, plus a LOT more concerning CUPS and Samba, and
1128     generally printing support on networks. A really interesting read,
1129     with lots and lots of details)
1130     </li>
1131     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1132     </ul>
1133    
1134     </body>
1135     </section>
1136     <section>
1137     <title>Troubleshooting</title>
1138     <body>
1139    
1140     <p>
1141     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1142     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1143     manual. Lots of useful tips there! Be sure to look this one up
1144     first, before posting questions and problems! Maybe the solution
1145     you're looking for is right there.
1146     </p>
1147    
1148     </body>
1149     </section>
1150     </chapter>
1151     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20