/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.23 - (hide annotations) (download) (as text)
Mon Mar 6 15:39:43 2006 UTC (8 years, 6 months ago) by nightmorph
Branch: MAIN
Changes since 1.22: +3 -3 lines
File MIME type: application/xml
Typo fix for quick-samba-howto. **no content changes**

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 nightmorph 1.23 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.22 2006/03/06 14:18:33 nightmorph Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 neysx 1.21 <guide link="/doc/en/quick-samba-howto.xml">
5 swift 1.16 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 swift 1.3 Setup, install and configure a Samba Server under Gentoo that shares
15     files, printers without the need to install drivers and provides
16 swift 1.1 automatic virus scanning.
17     </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 nightmorph 1.22 <version>1.13</version>
24     <date>2006-03-06</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33     This HOWTO is designed to help you move a network from many different
34 neysx 1.5 clients speaking different languages, to many different machines that
35 swift 1.1 speak a common language. The ultimate goal is to help differing
36 swift 1.3 architectures and technologies, come together in a productive,
37     happily coexisting environment.
38 swift 1.1 </p>
39    
40     <p>
41     Following the directions outlined in this HOWTO should give you an
42     excellent step towards a peaceful cohabitation between Windows, and
43     virtually all known variations of *nix.
44     </p>
45    
46     <p>
47 rane 1.19 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 swift 1.1 intended to explore the functionality and power of the Gentoo system,
49     portage and the flexibility of USE flags. Like so many other projects,
50     it was quickly discovered what was missing in the Gentoo realm: there
51     weren't any Samba HOWTO's catered for Gentoo users. These users are
52     more demanding than most; they require performance, flexibility and
53     customization. This does not however imply that this HOWTO was not
54     intended for other distributions; rather that it was designed to work
55     with a highly customized version of Samba.
56     </p>
57    
58     <p>
59     This HOWTO will describe how to share files and printers between Windows
60     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61     File System) feature of Samba to incorporate automatic virus protection.
62     As a finale, it will show you how to mount and manipulate shares.
63     </p>
64    
65     <p>
66     There are a few topics that will be mentioned, but are out of the
67     scope of this HOWTO. These will be noted as they are presented.
68     </p>
69    
70     <p>
71     This HOWTO is based on a compilation and merge of an excellent HOWTO
72     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74     The link to this discussion is provided below for your reference:
75     </p>
76    
77     <ul>
78     <li>
79     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80     CUPS+Samba: printing from Windows &amp; Linux</uri>
81     </li>
82     </ul>
83    
84     </body>
85     </section>
86     <section>
87     <title>Before you use this guide</title>
88     <body>
89    
90     <p>
91 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
92     them as well, as they may tell you things left out of this HOWTO (intentional
93     or otherwise). One such document is the very useful and well written <uri
94     link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95     issues and specific printer setup is not discussed here.
96 swift 1.1 </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112 swift 1.16 <li>Install and configure ClamAV</li>
113 swift 1.1 <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146 swift 1.6 <li>app-antivirus/clamav</li>
147 swift 1.1 <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149     <li>net-print/hpijs (if you have an HP printer)</li>
150     <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151     <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161 swift 1.6 app-antivirus/clamav will be used also, but others should be easily adapted
162 swift 1.17 to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163     technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
164 swift 1.1 </p>
165    
166     </body>
167     </section>
168     </chapter>
169 neysx 1.5
170 swift 1.1 <chapter>
171     <title>Getting acquainted with Samba</title>
172     <section>
173     <title>The USE Flags</title>
174     <body>
175    
176     <p>
177     Before emerging anything, take a look at the various USE flags
178     available to Samba.
179     </p>
180    
181     <pre caption="Samba uses the following USE Variables:">
182 swift 1.16 kerberos mysql xml acl cups ldap pam readline python oav libclamav
183 swift 1.1 </pre>
184    
185     <p>
186     Depending on the network topology and the specific requirements of
187     the server, the USE flags outlined below will define what to include or
188     exclude from the emerging of Samba.
189     </p>
190    
191     <table>
192     <tr>
193     <th><b>USE flag</b></th>
194     <th>Description</th>
195     </tr>
196     <tr>
197     <th><b>kerberos</b></th>
198     <ti>
199     Include support for Kerberos. The server will need this if it is
200     intended to join an existing domain or Active Directory. See the note
201     below for more information.
202     </ti>
203     </tr>
204     <tr>
205     <th><b>mysql</b></th>
206     <ti>
207     This will allow Samba to use MySQL in order to do password authentication.
208     It will store ACLs, usernames, passwords, etc in a database versus a
209     flat file. If Samba is needed to do password authentication, such as
210     acting as a password validation server or a Primary Domain Controller
211     (PDC).
212     </ti>
213     </tr>
214     <tr>
215     <th><b>xml</b></th>
216     <ti>
217     The xml USE option for Samba provides a password database backend allowing
218     Samba to store account details in XML files, for the same reasons listed in
219     the mysql USE flag description.
220     </ti>
221     </tr>
222     <tr>
223     <th><b>acl</b></th>
224     <ti>
225     Enables Access Control Lists. The ACL support in Samba uses a patched
226     ext2/ext3, or SGI's XFS in order to function properly as it extends more
227     detailed access to files or directories; much more so than typical *nix
228     GID/UID schemas.
229     </ti>
230     </tr>
231     <tr>
232     <th><b>cups</b></th>
233     <ti>
234     This enables support for the Common Unix Printing System. This
235     provides an interface allowing local CUPS printers to be shared to
236     other systems in the network.
237     </ti>
238     </tr>
239     <tr>
240     <th><b>ldap</b></th>
241     <ti>
242     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
243     expected to use Active Directory, this option must be used. This would
244     be used in the event Samba needs to login to or provide login to
245     a Domain/Active Directory Server. The kerberos USE flag is needed for
246     proper functioning of this option.
247     </ti>
248     </tr>
249     <tr>
250     <th><b>pam</b></th>
251     <ti>
252     Include support for pluggable authentication modules (PAM). This
253     provides the ability to authenticate users on the Samba Server, which is
254     required if users have to login to your server. The kerberos USE flag
255     is recommended along with this option.
256     </ti>
257     </tr>
258     <tr>
259     <th><b>readline</b></th>
260     <ti>
261 neysx 1.13 Link Samba against libreadline. This is highly recommended and should
262 swift 1.1 probably not be disabled
263     </ti>
264     </tr>
265     <tr>
266     <th><b>python</b></th>
267     <ti>
268     Python bindings API. Provides an API that will allow Python to
269     interface with Samba.
270     </ti>
271     </tr>
272     <tr>
273     <th><b>oav</b></th>
274     <ti>
275     Provides on-access scanning of Samba shares with FRISK F-Prot
276     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
277     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
278     </ti>
279     </tr>
280 swift 1.16 <tr>
281     <th><b>libclamav</b></th>
282     <ti>
283 swift 1.17 Use the ClamAV library instead of the clamd daemon
284 swift 1.16 </ti>
285     </tr>
286 swift 1.1 </table>
287    
288     <p>
289     A couple of things worth mentioning about the USE flags and different
290     Samba functions include:
291     </p>
292    
293     <ul>
294     <li>
295     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
296     ACL kernel options for ext2 and/or ext3 will need to be enabled
297     (depending on which file system is being used - both can be enabled).
298     </li>
299     <li>
300     While Active Directory, ACL, and PDC functions are out of the intended
301     scope of this HOWTO, you may find these links as helpful to your cause:
302     <ul>
303     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
304     <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
305     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
306     </ul>
307     </li>
308     </ul>
309    
310     </body>
311     </section>
312     </chapter>
313 neysx 1.5
314 swift 1.1 <chapter>
315     <title>Server Software Installation</title>
316     <section>
317     <title>Emerging Samba</title>
318     <body>
319    
320     <p>
321     First of all: be sure that all your hostnames resolve correctly.
322     Either have a working domain name system running on your network
323 swift 1.3 or appropriate entries in your <path>/etc/hosts</path> file.
324     <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
325     machines.
326 swift 1.1 </p>
327    
328     <p>
329     Hopefully now you can make an assessment of what you'll actually need in
330     order to use Samba with your particular setup. The setup used for this
331     HOWTO is:
332     </p>
333    
334     <ul>
335     <li>oav</li>
336     <li>cups</li>
337     <li>readline</li>
338     <li>pam</li>
339     </ul>
340    
341     <p>
342     To optimize performance, size and the time of the build, the
343     USE flags are specifically included or excluded.
344     </p>
345    
346     <pre caption="Emerge Samba">
347 swift 1.17 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
348     # <i>emerge net-fs/samba</i>
349 swift 1.1 </pre>
350    
351     <note>
352     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
353     ppc, sparc, hppa, ia64 and alpha
354     </note>
355    
356     <p>
357     This will emerge Samba and CUPS (if CUPS is not already emerged).
358     </p>
359    
360     </body>
361     </section>
362     <section>
363 swift 1.16 <title>Emerging ClamAV</title>
364 swift 1.1 <body>
365    
366     <p>
367 swift 1.3 Because the <e>oav</e> USE flag only provides an interface to allow on access
368 swift 1.1 virus scanning, the actual virus scanner must be emerged. The scanner
369 swift 1.16 used in this HOWTO is ClamAV.
370 swift 1.1 </p>
371    
372 swift 1.16 <pre caption="Emerge Clamav">
373 swift 1.6 # <i>emerge app-antivirus/clamav</i>
374 swift 1.1 </pre>
375    
376     </body>
377     </section>
378     <section>
379     <title>Emerging foomatic</title>
380     <body>
381    
382     <pre caption="Emerge foomatic">
383     # <i>emerge net-print/foomatic</i>
384     </pre>
385    
386     </body>
387     </section>
388     <section>
389     <title>Emerging net-print/hpijs</title>
390     <body>
391    
392     <p>
393     You only need to emerge this if you use an HP printer.
394     </p>
395    
396     <pre caption="Emerge hpijs">
397 swift 1.2 # <i>emerge net-print/hpijs</i>
398 swift 1.1 </pre>
399    
400     </body>
401     </section>
402     </chapter>
403 neysx 1.5
404 swift 1.1 <chapter>
405     <title>Server Configuration</title>
406     <section>
407     <title>Configuring Samba</title>
408     <body>
409    
410     <p>
411     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
412     It is divided in sections indicated by [sectionname]. Comments are either
413     # or ;. A sample <path>smb.conf</path> is included below with comments and
414     suggestions for modifications. If more details are required, see the
415 swift 1.3 man page for <path>smb.conf</path>, the installed
416     <path>smb.conf.example</path>, the Samba Web site or any of the
417     numerous Samba books available.
418 swift 1.1 </p>
419    
420     <pre caption="A Sample /etc/samba/smb.conf">
421     [global]
422     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
423     workgroup = <comment>MYWORKGROUPNAME</comment>
424     <comment># Of course this has no REAL purpose other than letting
425 neysx 1.15 # everyone knows it's not Windows!
426 swift 1.1 # %v prints the version of Samba we are using.</comment>
427     server string = Samba Server %v
428     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
429     printcap name = cups
430     printing = cups
431     load printers = yes
432     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
433     log file = /var/log/samba/log.%m
434     max log size = 50
435     <comment># We are going to set some options for our interfaces...</comment>
436     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
437     <comment># This is a good idea, what we are doing is binding the
438     # samba server to our local network.
439     # For example, if eth0 is our local network device</comment>
440     interfaces = lo <i>eth0</i>
441     bind interfaces only = yes
442     <comment># Now we are going to specify who we allow, we are afterall
443     # very security conscience, since this configuration does
444     # not use passwords!</comment>
445     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
446     hosts deny = 0.0.0.0/0
447     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
448     # The default is user</comment>
449     security = share
450     <comment># No passwords, so we're going to use a guest account!</comment>
451     guest account = samba
452     guest ok = yes
453     <comment># We now will implement the on access virus scanner.
454     # NOTE: By putting this in our [Global] section, we enable
455     # scanning of ALL shares, you could optionally move
456     # these to a specific share and only scan it.</comment>
457 swift 1.8
458 swift 1.16 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
459 swift 1.8 vfs object = vscan-clamav
460     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
461    
462 swift 1.1 <comment># Now we setup our print drivers information!</comment>
463     [print$]
464     comment = Printer Drivers
465     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
466 swift 1.10 guest ok = yes
467 swift 1.1 browseable = yes
468     read only = yes
469     <comment># Modify this to "username,root" if you don't want root to
470     # be the only printer admin)</comment>
471     write list = <i>root</i>
472    
473     <comment># Now we'll setup a printer to share, while the name is arbitrary
474     # it should be consistent throughout Samba and CUPS!</comment>
475     [HPDeskJet930C]
476     comment = HP DeskJet 930C Network Printer
477     printable = yes
478     path = /var/spool/samba
479     public = yes
480     guest ok = yes
481     <comment># Modify this to "username,root" if you don't want root to
482     # be the only printer admin)</comment>
483     printer admin = <i>root</i>
484    
485     <comment># Now we setup our printers share. This should be
486     # browseable, printable, public.</comment>
487     [printers]
488     comment = All Printers
489 swift 1.10 browseable = no
490 swift 1.1 printable = yes
491 swift 1.10 writable = no
492 swift 1.1 public = yes
493     guest ok = yes
494     path = /var/spool/samba
495     <comment># Modify this to "username,root" if you don't want root to
496     # be the only printer admin)</comment>
497     printer admin = <i>root</i>
498    
499     <comment># We create a new share that we can read/write to from anywhere
500     # This is kind of like a public temp share, anyone can do what
501     # they want here.</comment>
502     [public]
503     comment = Public Files
504     browseable = yes
505     public = yes
506     create mode = 0766
507     guest ok = yes
508     path = /home/samba/public
509     </pre>
510    
511 swift 1.3 <warn>
512     If you like to use Samba's guest account to do anything concerning
513     printing from Windows clients: don't set <c>guest only = yes</c> in
514     the <c>[global]</c> section. The guest account seems to cause
515     problems when running <c>cupsaddsmb</c> sometimes when trying to
516     connect from Windows machines. See below, too, when we talk about
517     <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
518     printer user, like <c>printeruser</c> or <c>printer</c> or
519     <c>printme</c> or whatever. It doesn't hurt and it will certainly
520     protect you from a lot of problems.
521     </warn>
522 swift 1.1
523 swift 1.16 <warn>
524     Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
525     down the performance of your Samba server dramatically.
526     </warn>
527    
528 swift 1.1 <p>
529     Now create the directories required for the minimum configuration of
530     Samba to share the installed printer throughout the network.
531     </p>
532    
533     <pre caption="Create the directories">
534     # <i>mkdir /etc/samba/printer</i>
535     # <i>mkdir /var/spool/samba</i>
536     # <i>mkdir /home/samba/public</i>
537     </pre>
538    
539     <p>
540     At least one Samba user is required in order to install the printer
541     drivers and to allow users to connect to the printer. Users must
542     exist in the system's <path>/etc/passwd</path> file.
543     </p>
544    
545     <pre caption="Creating the users">
546     # <i>smbpasswd -a root</i>
547    
548     <comment>(If another user is to be a printer admin)</comment>
549     # <i>smbpasswd -a username</i>
550     </pre>
551    
552     <p>
553     The Samba passwords need not be the same as the system passwords
554     in <path>/etc/passwd</path>.
555     </p>
556    
557 swift 1.9 <p>
558     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
559     systems can be found easily using NetBIOS:
560     </p>
561    
562     <pre caption="Editing /etc/nsswitch.conf">
563     # <i>nano -w /etc/nsswitch.conf</i>
564     <comment>(Edit the hosts: line)</comment>
565     hosts: files dns <i>wins</i>
566     </pre>
567    
568 swift 1.1 </body>
569     </section>
570     <section>
571 swift 1.16 <title>Configuring ClamAV</title>
572 swift 1.1 <body>
573    
574     <p>
575     The configuration file specified to be used in <path>smb.conf</path> is
576     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
577     to the defaults, the infected file action may need to be changed.
578     </p>
579    
580     <pre caption="/etc/samba/vscan-clamav.conf">
581     [samba-vscan]
582     <comment>; run-time configuration for vscan-samba using
583     ; clamd
584     ; all options are set to default values</comment>
585    
586     <comment>; do not scan files larger than X bytes. If set to 0 (default),
587     ; this feature is disable (i.e. all files are scanned)</comment>
588     max file size = 0
589    
590     <comment>; log all file access (yes/no). If set to yes, every access will
591     ; be logged. If set to no (default), only access to infected files
592     ; will be logged</comment>
593     verbose file logging = no
594    
595     <comment>; if set to yes (default), a file will be scanned while opening</comment>
596     scan on open = yes
597     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
598     scan on close = yes
599    
600     <comment>; if communication to clamd fails, should access to file denied?
601     ; (default: yes)</comment>
602     deny access on error = yes
603    
604 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
605 swift 1.1 ; should access to file denied?
606     ; (default: yes)</comment>
607     deny access on minor error = yes
608    
609     <comment>; send a warning message via Windows Messenger service
610     ; when virus is found?
611     ; (default: yes)</comment>
612     send warning message = yes
613    
614     <comment>; what to do with an infected file
615     ; quarantine: try to move to quantine directory; delete it if moving fails
616     ; delete: delete infected file
617     ; nothing: do nothing</comment>
618     infected file action = <comment>delete</comment>
619    
620     <comment>; where to put infected files - you really want to change this!
621     ; it has to be on the same physical device as the share!</comment>
622     quarantine directory = /tmp
623     <comment>; prefix for files in quarantine</comment>
624     quarantine prefix = vir-
625    
626     <comment>; as Windows tries to open a file multiple time in a (very) short time
627     ; of period, samba-vscan use a last recently used file mechanism to avoid
628     ; multiple scans of a file. This setting specified the maximum number of
629     ; elements of the last recently used file list. (default: 100)</comment>
630     max lru files entries = 100
631    
632 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
633 swift 1.1 ; (Default: 5)</comment>
634     lru file entry lifetime = 5
635    
636     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
637 swift 1.16 clamd socket name = /tmp/clamd
638    
639     <comment>; port number the ScannerDaemon listens on</comment>
640     oav port = 8127
641 swift 1.1 </pre>
642    
643     <p>
644     It is generally a good idea to start the virus scanner immediately. Add
645 swift 1.16 it to the <e>default</e> runlevel and then start the <c>clamd</c> service
646     immediately. The service has two processes: freshclam keeps the virus definition
647     database up to date while clamd is the actual anti-virus daemon. First you may
648     want to set the paths of the logfiles so that it fits your needs.
649     </p>
650    
651     <pre caption="Checking the location of the logfiles">
652     # <i>vim /etc/clamd.conf</i>
653     <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
654     # <i>vim /etc/freshclam.conf</i>
655     <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
656     # <i>vim /etc/conf.d/clamd</i>
657     <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
658     </pre>
659    
660     <p>
661     Now fire up the virus scanner.
662 swift 1.1 </p>
663    
664     <pre caption="Add clamd to bootup and start it">
665     # <i>rc-update add clamd default</i>
666     # <i>/etc/init.d/clamd start</i>
667     </pre>
668    
669     </body>
670     </section>
671     <section>
672     <title>Configuring CUPS</title>
673     <body>
674    
675     <p>
676 swift 1.3 This is a little more complicated. CUPS' main config file is
677 swift 1.1 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
678     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
679     in the example are the directives that need to be changed:
680     </p>
681    
682     <pre caption="/etc/cups/cupsd.conf">
683     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
684     ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
685    
686     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
687     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
688    
689     LogLevel debug <comment># only while isntalling and testing, should later be
690 neysx 1.20 # changed to 'info'</comment>
691 swift 1.1
692     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
693     # there seemed to be a bug in CUPS' controlling of the web interface,
694     # making CUPS think a denial of service attack was in progress when
695     # I tried to configure a printer with the web interface. weird.</comment>
696    
697     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
698    
699     &lt;Location /&gt;
700     Order Deny,Allow
701     Deny From All
702     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
703     # eg 192.168.1.* will allow connections from any host on
704     # the 192.168.1.0 network. change to whatever suits you</comment>
705     &lt;/Location&gt;
706    
707     &lt;Location /admin&gt;
708     AuthType Basic
709     AuthClass System
710     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
711     # 192.168.1.0 network to connect and do
712     # administrative tasks after authenticating</comment>
713     Order Deny,Allow
714     Deny From All
715     &lt;/Location&gt;
716     </pre>
717    
718     <p>
719     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
720 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
721     needed to make CUPS print Microsoft Office document files.
722 swift 1.1 </p>
723    
724     <pre caption="/etc/cups/mime.convs">
725     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
726     application/octet-stream application/vnd.cups-raw 0
727     </pre>
728    
729     <p>
730 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
731 swift 1.1 </p>
732    
733     <pre caption="/etc/cups/mime.types">
734     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
735     application/octet-stream
736     </pre>
737    
738     <p>
739     CUPS needs to be started on boot, and started immediately.
740     </p>
741    
742     <pre caption="Setting up the CUPS service" >
743     <comment>(To start CUPS on boot)</comment>
744     # <i>rc-update add cupsd default</i>
745 neysx 1.14 <comment>(To start or restart CUPS now)</comment>
746 swift 1.1 # <i>/etc/init.d/cupsd restart</i>
747     </pre>
748    
749     </body>
750     </section>
751     <section>
752     <title>Installing a printer for and with CUPS</title>
753     <body>
754    
755     <p>
756 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
757     find and download the correct PPD file for your printer and CUPS. To do so,
758     click the link Printer Listings to the left. Select your printers manufacturer
759     and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
760     the page coming up click the "recommended driver" link after reading the
761     various notes and information. Then fetch the PPD file from the next page,
762     again after reading the notes and introductions there. You may have to select
763     your printers manufacturer and model again. Reading the <uri
764     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
765     is also very helpful when working with CUPS.
766 swift 1.1 </p>
767    
768     <p>
769     Now you have a PPD file for your printer to work with CUPS. Place it in
770     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
771 swift 1.3 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
772 swift 1.1 This can be done via the CUPS web interface or via command line. The web
773 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
774 swift 1.1 </p>
775    
776     <pre caption="Install the printer via command line">
777     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
778 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
779 swift 1.1 </pre>
780    
781     <p>
782 swift 1.3 Remember to adjust to what you have. Be sure to have the name
783     (<c>-p</c> argument) right (the name you set above during the Samba
784     configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
785     <c>parallel:/dev/blah</c> or whatever device you are using for your
786     printer.
787 swift 1.1 </p>
788    
789     <p>
790 swift 1.3 You should now be able to access the printer from the web interface
791     and be able to print a test page.
792 swift 1.1 </p>
793    
794     </body>
795     </section>
796     <section>
797     <title>Installing the Windows printer drivers</title>
798     <body>
799    
800     <p>
801     Now that the printer should be working it is time to install the drivers
802     for the Windows clients to work. Samba 2.2 introduced this functionality.
803     Browsing to the print server in the Network Neighbourhood, right-clicking
804     on the printershare and selecting "connect" downloads the appropriate
805     drivers automagically to the connecting client, avoiding the hassle of
806     manually installing printer drivers locally.
807     </p>
808    
809     <p>
810     There are two sets of printer drivers for this. First, the Adobe PS
811     drivers which can be obtained from <uri
812     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
813     (PostScript printer drivers). Second, there are the CUPS PS drivers,
814     to be obtained from <uri link="http://www.cups.org/software.php">the
815     CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
816     pull down menu. There doesn't seem to be a difference between the
817     functionality of the two, but the Adobe PS drivers need to be extracted
818     on a Windows System since it's a Windows binary. Also the whole procedure
819     of finding and copying the correct files is a bit more hassle. The CUPS
820     drivers seem to support some options the Adobe drivers don't.
821     </p>
822    
823     <p>
824     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
825     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
826     contained into a directory.
827     </p>
828    
829     <pre caption="Extract the drivers and run the install">
830     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
831     # <i>cd cups-samba-5.0rc2</i>
832     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
833     # <i>./cups-samba.install</i>
834     </pre>
835    
836     <p>
837 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
838     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
839     <path>cupsui5.dll</path>. These are the actual driver files.
840 swift 1.1 </p>
841    
842     <warn>
843 swift 1.3 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
844 swift 1.1 because almost everything which is not part of the base system is
845     installed somewhere under the prefix <path>/usr/local/</path>. This
846     seems not to be the case for most things you install under GNU/Linux.
847     However, if your CUPS installation is somewhere other than
848 swift 1.3 <path>/usr/share/cups/</path> see the example below.
849 swift 1.1 </warn>
850    
851     <p>
852     Suppose your CUPS installation resides under
853     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
854     Do the following:
855     </p>
856    
857     <pre caption="Manually installing the drivers">
858     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
859     # <i>tar -xf cups-samba.ss</i>
860     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
861     # <i>cd usr/share/cups/drivers</i>
862     <comment>(no leading / !)</comment>
863     # <i>cp cups* /usr/local/share/cups/drivers</i>
864 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
865 swift 1.1 </pre>
866    
867     <p>
868 nightmorph 1.23 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
869     Its man page is an interesting read.
870 swift 1.1 </p>
871    
872     <pre caption="Run cupsaddsmb">
873     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
874     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
875     "export all known printers".)</comment>
876     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
877     </pre>
878    
879     <warn>
880     The execution of this command often causes the most trouble.
881     Reading through the <uri
882 cam 1.4 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
883 swift 1.1 thread</uri>.
884     </warn>
885    
886     <p>
887     Here are common errors that may happen:
888     </p>
889    
890     <ul>
891     <li>
892 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
893     (<c>PrintServer</c>) often does not resolve correctly and doesn't
894     identify the print server for CUPS/Samba interaction. If an error
895     like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
896     skipping!</b> occurs, the first thing you should do is substitute
897     <c>PrintServer</c> with <c>localhost</c> and try it again.
898 swift 1.1 </li>
899     <li>
900     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
901     is quite common, but can be triggered by many problems. It's unfortunately
902 swift 1.3 not very helpful. One thing to try is to temporarily set <c>security =
903     user</c> in your <path>smb.conf</path>. After/if the installation completes
904 swift 1.1 successfully, you should set it back to share, or whatever it was set to
905     before.
906     </li>
907     </ul>
908    
909     <p>
910     This should install the correct driver directory structure under
911     <path>/etc/samba/printer</path>. That would be
912     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
913     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
914     (the name which you gave the printer when installing it (see above).
915     </p>
916    
917     <p>
918     Pending no errors or other complications, your drivers are now
919     installed.
920     </p>
921    
922     </body>
923     </section>
924     <section>
925     <title>Finalizing our setup</title>
926     <body>
927    
928     <p>
929     Lastly, setup our directories.
930     </p>
931    
932     <pre caption="Final changes needed">
933     # <i>mkdir /home/samba</i>
934     # <i>mkdir /home/samba/public</i>
935     # <i>chmod 755 /home/samba</i>
936     # <i>chmod 755 /home/samba/public</i>
937     </pre>
938    
939     </body>
940     </section>
941     <section>
942     <title>Testing our Samba configuration</title>
943     <body>
944    
945     <p>
946     We will want to test our configuration file to ensure that it is formatted
947     properly and all of our options have at least the correct syntax. To do
948     this we run <c>testparm</c>.
949     </p>
950    
951     <pre caption="Running the testparm">
952     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
953     # <i>/usr/bin/testparm</i>
954     Load smb config files from /etc/samba/smb.conf
955     Processing section &quot;[printers]&quot;
956     Global parameter guest account found in service section!
957     Processing section &quot;[public]&quot;
958     Global parameter guest account found in service section!
959     Loaded services file OK.
960     Server role: ROLE_STANDALONE
961     Press enter to see a dump of your service definitions
962     ...
963     ...
964     </pre>
965    
966     </body>
967     </section>
968     <section>
969     <title>Starting the Samba service</title>
970     <body>
971    
972     <p>
973     Now configure Samba to start at bootup; then go ahead and start it.
974     </p>
975    
976     <pre caption="Setting up the Samba service">
977     # <i>rc-update add samba default</i>
978     # <i>/etc/init.d/samba start</i>
979     </pre>
980    
981     </body>
982     </section>
983     <section>
984     <title>Checking our services</title>
985     <body>
986    
987     <p>
988     It would probably be prudent to check our logs at this time also.
989     We will also want to take a peak at our Samba shares using
990     <c>smbclient</c>.
991     </p>
992    
993     <pre caption="Checking the shares with smbclient">
994     # <i>smbclient -L localhost</i>
995     Password:
996     <comment>(You should see a BIG list of services here.)</comment>
997     </pre>
998    
999     </body>
1000     </section>
1001     </chapter>
1002 neysx 1.5
1003 swift 1.1 <chapter>
1004     <title>Configuration of the Clients</title>
1005     <section>
1006     <title>Printer configuration of *nix based clients</title>
1007     <body>
1008    
1009     <p>
1010 neysx 1.11 Despite the variation or distribution, the only thing needed is CUPS. Do the
1011     equivalent on any other UNIX/Linux/BSD client.
1012 swift 1.1 </p>
1013    
1014 neysx 1.5 <pre caption="Configuring a Gentoo system">
1015 swift 1.1 # <i>emerge cups</i>
1016 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
1017     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
1018 swift 1.1 </pre>
1019    
1020     <p>
1021 neysx 1.11 That should be it. Nothing else will be needed.
1022 swift 1.1 </p>
1023    
1024     <p>
1025 neysx 1.11 If you use only one printer, it will be your default printer. If your print
1026     server manages several printers, your administrator will have defined a default
1027     printer on the server. If you want to define a different default printer for
1028     yourself, use the <c>lpoptions</c> command.
1029 swift 1.1 </p>
1030    
1031 neysx 1.11 <pre caption="Setting your default printer">
1032     <comment>(List available printers)</comment>
1033     # <i>lpstat -a</i>
1034     <comment>(Sample output, yours will differ)</comment>
1035     HPDeskJet930C accepting requests since Jan 01 00:00
1036     laser accepting requests since Jan 01 00:00
1037     <comment>(Define HPDeskJet930C as your default printer)</comment>
1038     # <i>lpoptions -d HPDeskJet930C</i>
1039 swift 1.1 </pre>
1040    
1041 neysx 1.11 <pre caption="Printing in *nix">
1042     <comment>(Specify the printer to be used)</comment>
1043     # <i>lp -d HPDeskJet930C anything.txt</i>
1044     <comment>(Use your default printer)</comment>
1045     # <i>lp foobar.whatever.ps</i>
1046 swift 1.1 </pre>
1047    
1048     <p>
1049 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
1050     you want to manage your printers and their jobs with a nice web interface.
1051     Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1052     your print server, not the name you gave to the cups print server if you used
1053     different names.
1054 swift 1.1 </p>
1055    
1056     </body>
1057     </section>
1058     <section>
1059     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1060     <body>
1061    
1062     <p>
1063 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1064     all compiled at least one kernel, we'll need to make sure we have all the right
1065     options selected in our kernel. For simplicity sake, make it a module for ease
1066     of use. It is the author's opinion that kernel modules are a good thing and
1067     should be used whenever possible.
1068 swift 1.1 </p>
1069    
1070     <pre caption="Relevant kernel options" >
1071     CONFIG_SMB_FS=m
1072     CONFIG_SMB_UNIX=y
1073     </pre>
1074    
1075     <p>
1076     Then make the module/install it; insert them with:
1077     </p>
1078    
1079     <pre caption="Loading the kernel module">
1080     # <i>modprobe smbfs</i>
1081     </pre>
1082    
1083     <p>
1084     Once the modules is loaded, mounting a Windows or Samba share is
1085     possible. Use <c>mount</c> to accomplish this, as detailed below:
1086     </p>
1087    
1088     <pre caption="Mounting a Windows/Samba share">
1089     <comment>(The syntax for mounting a Windows/Samba share is:
1090     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1091     If we are not using passwords or a password is not needed)</comment>
1092    
1093     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1094    
1095     <comment>(If a password is needed)</comment>
1096     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1097     </pre>
1098    
1099     <p>
1100     After you mount the share, you would access it as if it were a local
1101     drive.
1102     </p>
1103    
1104     </body>
1105     </section>
1106     <section>
1107     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1108     <body>
1109    
1110     <p>
1111 swift 1.3 That's just a bit of point-and-click. Browse to
1112     <path>\\PrintServer</path> and right click on the printer
1113     (HPDeskJet930C) and click connect. This will download the drivers to
1114     the Windows client and now every application (such as Word or Acrobat)
1115     will offer HPDeskJet930C as an available printer to print to. :-)
1116 swift 1.1 </p>
1117    
1118     </body>
1119     </section>
1120     </chapter>
1121 neysx 1.5
1122 swift 1.1 <chapter>
1123     <title>Final Notes</title>
1124     <section>
1125     <title>A Fond Farewell</title>
1126     <body>
1127    
1128     <p>
1129     Well that should be it. You should now have a successful printing enviroment
1130     that is friendly to both Windows and *nix as well as a fully virus-free working
1131     share!
1132     </p>
1133    
1134     </body>
1135     </section>
1136     </chapter>
1137 neysx 1.5
1138 swift 1.1 <chapter>
1139     <title>Links and Resources</title>
1140     <section>
1141     <title>Links</title>
1142     <body>
1143    
1144     <p>
1145     These are some links that may help you in setting up, configuration and
1146     troubleshooting your installation:
1147     </p>
1148    
1149     <ul>
1150     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1151     <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1152     <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1153     <li>
1154     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1155     Pfeifle's Samba Print HOWTO</uri> (
1156     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1157     I've written here, plus a LOT more concerning CUPS and Samba, and
1158     generally printing support on networks. A really interesting read,
1159     with lots and lots of details)
1160     </li>
1161     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1162     </ul>
1163    
1164     </body>
1165     </section>
1166     <section>
1167     <title>Troubleshooting</title>
1168     <body>
1169    
1170     <p>
1171     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1172     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1173     manual. Lots of useful tips there! Be sure to look this one up
1174     first, before posting questions and problems! Maybe the solution
1175     you're looking for is right there.
1176     </p>
1177    
1178     </body>
1179     </section>
1180     </chapter>
1181     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20