/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.27 - (hide annotations) (download) (as text)
Tue Jun 5 21:33:31 2007 UTC (7 years, 1 month ago) by nightmorph
Branch: MAIN
Changes since 1.26: +8 -4 lines
File MIME type: application/xml
updated printing guides per vapier's suggestions in bug 180929 and on irc

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 nightmorph 1.27 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.26 2006/12/25 17:30:26 nightmorph Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 neysx 1.21 <guide link="/doc/en/quick-samba-howto.xml">
5 swift 1.16 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 swift 1.3 Setup, install and configure a Samba Server under Gentoo that shares
15     files, printers without the need to install drivers and provides
16 swift 1.1 automatic virus scanning.
17     </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 nightmorph 1.27 <version>1.16</version>
24     <date>2007-06-05</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33     This HOWTO is designed to help you move a network from many different
34 neysx 1.5 clients speaking different languages, to many different machines that
35 swift 1.1 speak a common language. The ultimate goal is to help differing
36 swift 1.3 architectures and technologies, come together in a productive,
37     happily coexisting environment.
38 swift 1.1 </p>
39    
40     <p>
41     Following the directions outlined in this HOWTO should give you an
42     excellent step towards a peaceful cohabitation between Windows, and
43     virtually all known variations of *nix.
44     </p>
45    
46     <p>
47 rane 1.19 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 swift 1.1 intended to explore the functionality and power of the Gentoo system,
49     portage and the flexibility of USE flags. Like so many other projects,
50     it was quickly discovered what was missing in the Gentoo realm: there
51     weren't any Samba HOWTO's catered for Gentoo users. These users are
52     more demanding than most; they require performance, flexibility and
53     customization. This does not however imply that this HOWTO was not
54     intended for other distributions; rather that it was designed to work
55     with a highly customized version of Samba.
56     </p>
57    
58     <p>
59     This HOWTO will describe how to share files and printers between Windows
60     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61     File System) feature of Samba to incorporate automatic virus protection.
62     As a finale, it will show you how to mount and manipulate shares.
63     </p>
64    
65     <p>
66     There are a few topics that will be mentioned, but are out of the
67     scope of this HOWTO. These will be noted as they are presented.
68     </p>
69    
70     <p>
71     This HOWTO is based on a compilation and merge of an excellent HOWTO
72     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74     The link to this discussion is provided below for your reference:
75     </p>
76    
77     <ul>
78     <li>
79     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80     CUPS+Samba: printing from Windows &amp; Linux</uri>
81     </li>
82     </ul>
83    
84     </body>
85     </section>
86     <section>
87     <title>Before you use this guide</title>
88     <body>
89    
90     <p>
91 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
92     them as well, as they may tell you things left out of this HOWTO (intentional
93     or otherwise). One such document is the very useful and well written <uri
94     link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95     issues and specific printer setup is not discussed here.
96 swift 1.1 </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112 swift 1.16 <li>Install and configure ClamAV</li>
113 swift 1.1 <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146 swift 1.6 <li>app-antivirus/clamav</li>
147 swift 1.1 <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149     <li>net-print/hpijs (if you have an HP printer)</li>
150     <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151     <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161 swift 1.6 app-antivirus/clamav will be used also, but others should be easily adapted
162 swift 1.17 to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163     technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
164 swift 1.1 </p>
165    
166     </body>
167     </section>
168     </chapter>
169 neysx 1.5
170 swift 1.1 <chapter>
171     <title>Getting acquainted with Samba</title>
172     <section>
173     <title>The USE Flags</title>
174     <body>
175    
176     <p>
177     Before emerging anything, take a look at the various USE flags
178     available to Samba.
179     </p>
180    
181     <pre caption="Samba uses the following USE Variables:">
182 swift 1.16 kerberos mysql xml acl cups ldap pam readline python oav libclamav
183 swift 1.1 </pre>
184    
185     <p>
186     Depending on the network topology and the specific requirements of
187     the server, the USE flags outlined below will define what to include or
188     exclude from the emerging of Samba.
189     </p>
190    
191     <table>
192     <tr>
193     <th><b>USE flag</b></th>
194     <th>Description</th>
195     </tr>
196     <tr>
197     <th><b>kerberos</b></th>
198     <ti>
199     Include support for Kerberos. The server will need this if it is
200     intended to join an existing domain or Active Directory. See the note
201     below for more information.
202     </ti>
203     </tr>
204     <tr>
205     <th><b>mysql</b></th>
206     <ti>
207     This will allow Samba to use MySQL in order to do password authentication.
208     It will store ACLs, usernames, passwords, etc in a database versus a
209     flat file. If Samba is needed to do password authentication, such as
210     acting as a password validation server or a Primary Domain Controller
211     (PDC).
212     </ti>
213     </tr>
214     <tr>
215     <th><b>xml</b></th>
216     <ti>
217     The xml USE option for Samba provides a password database backend allowing
218     Samba to store account details in XML files, for the same reasons listed in
219     the mysql USE flag description.
220     </ti>
221     </tr>
222     <tr>
223     <th><b>acl</b></th>
224     <ti>
225     Enables Access Control Lists. The ACL support in Samba uses a patched
226     ext2/ext3, or SGI's XFS in order to function properly as it extends more
227     detailed access to files or directories; much more so than typical *nix
228     GID/UID schemas.
229     </ti>
230     </tr>
231     <tr>
232     <th><b>cups</b></th>
233     <ti>
234     This enables support for the Common Unix Printing System. This
235     provides an interface allowing local CUPS printers to be shared to
236     other systems in the network.
237     </ti>
238     </tr>
239     <tr>
240     <th><b>ldap</b></th>
241     <ti>
242     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
243     expected to use Active Directory, this option must be used. This would
244     be used in the event Samba needs to login to or provide login to
245     a Domain/Active Directory Server. The kerberos USE flag is needed for
246     proper functioning of this option.
247     </ti>
248     </tr>
249     <tr>
250     <th><b>pam</b></th>
251     <ti>
252     Include support for pluggable authentication modules (PAM). This
253     provides the ability to authenticate users on the Samba Server, which is
254     required if users have to login to your server. The kerberos USE flag
255     is recommended along with this option.
256     </ti>
257     </tr>
258     <tr>
259     <th><b>readline</b></th>
260     <ti>
261 neysx 1.13 Link Samba against libreadline. This is highly recommended and should
262 swift 1.1 probably not be disabled
263     </ti>
264     </tr>
265     <tr>
266     <th><b>python</b></th>
267     <ti>
268     Python bindings API. Provides an API that will allow Python to
269     interface with Samba.
270     </ti>
271     </tr>
272     <tr>
273     <th><b>oav</b></th>
274     <ti>
275     Provides on-access scanning of Samba shares with FRISK F-Prot
276     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
277     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
278     </ti>
279     </tr>
280 swift 1.16 <tr>
281     <th><b>libclamav</b></th>
282     <ti>
283 swift 1.17 Use the ClamAV library instead of the clamd daemon
284 swift 1.16 </ti>
285     </tr>
286 swift 1.1 </table>
287    
288     <p>
289     A couple of things worth mentioning about the USE flags and different
290     Samba functions include:
291     </p>
292    
293     <ul>
294     <li>
295     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
296     ACL kernel options for ext2 and/or ext3 will need to be enabled
297     (depending on which file system is being used - both can be enabled).
298     </li>
299     <li>
300     While Active Directory, ACL, and PDC functions are out of the intended
301     scope of this HOWTO, you may find these links as helpful to your cause:
302     <ul>
303     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
304     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
305     </ul>
306     </li>
307     </ul>
308    
309     </body>
310     </section>
311     </chapter>
312 neysx 1.5
313 swift 1.1 <chapter>
314     <title>Server Software Installation</title>
315     <section>
316     <title>Emerging Samba</title>
317     <body>
318    
319     <p>
320     First of all: be sure that all your hostnames resolve correctly.
321     Either have a working domain name system running on your network
322 swift 1.3 or appropriate entries in your <path>/etc/hosts</path> file.
323     <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
324     machines.
325 swift 1.1 </p>
326    
327     <p>
328     Hopefully now you can make an assessment of what you'll actually need in
329     order to use Samba with your particular setup. The setup used for this
330     HOWTO is:
331     </p>
332    
333     <ul>
334     <li>oav</li>
335     <li>cups</li>
336     <li>readline</li>
337     <li>pam</li>
338     </ul>
339    
340     <p>
341     To optimize performance, size and the time of the build, the
342     USE flags are specifically included or excluded.
343     </p>
344    
345     <pre caption="Emerge Samba">
346 swift 1.17 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
347     # <i>emerge net-fs/samba</i>
348 swift 1.1 </pre>
349    
350     <note>
351     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
352     ppc, sparc, hppa, ia64 and alpha
353     </note>
354    
355     <p>
356     This will emerge Samba and CUPS (if CUPS is not already emerged).
357     </p>
358    
359     </body>
360     </section>
361     <section>
362 swift 1.16 <title>Emerging ClamAV</title>
363 swift 1.1 <body>
364    
365     <p>
366 swift 1.3 Because the <e>oav</e> USE flag only provides an interface to allow on access
367 swift 1.1 virus scanning, the actual virus scanner must be emerged. The scanner
368 swift 1.16 used in this HOWTO is ClamAV.
369 swift 1.1 </p>
370    
371 swift 1.16 <pre caption="Emerge Clamav">
372 swift 1.6 # <i>emerge app-antivirus/clamav</i>
373 swift 1.1 </pre>
374    
375     </body>
376     </section>
377     <section>
378     <title>Emerging foomatic</title>
379     <body>
380    
381     <pre caption="Emerge foomatic">
382     # <i>emerge net-print/foomatic</i>
383     </pre>
384    
385     </body>
386     </section>
387     <section>
388     <title>Emerging net-print/hpijs</title>
389     <body>
390    
391     <p>
392     You only need to emerge this if you use an HP printer.
393     </p>
394    
395     <pre caption="Emerge hpijs">
396 swift 1.2 # <i>emerge net-print/hpijs</i>
397 swift 1.1 </pre>
398    
399     </body>
400     </section>
401     </chapter>
402 neysx 1.5
403 swift 1.1 <chapter>
404     <title>Server Configuration</title>
405     <section>
406     <title>Configuring Samba</title>
407     <body>
408    
409     <p>
410     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
411     It is divided in sections indicated by [sectionname]. Comments are either
412     # or ;. A sample <path>smb.conf</path> is included below with comments and
413     suggestions for modifications. If more details are required, see the
414 swift 1.3 man page for <path>smb.conf</path>, the installed
415     <path>smb.conf.example</path>, the Samba Web site or any of the
416     numerous Samba books available.
417 swift 1.1 </p>
418    
419     <pre caption="A Sample /etc/samba/smb.conf">
420     [global]
421     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
422     workgroup = <comment>MYWORKGROUPNAME</comment>
423     <comment># Of course this has no REAL purpose other than letting
424 neysx 1.15 # everyone knows it's not Windows!
425 swift 1.1 # %v prints the version of Samba we are using.</comment>
426     server string = Samba Server %v
427     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
428     printcap name = cups
429     printing = cups
430     load printers = yes
431     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
432     log file = /var/log/samba/log.%m
433     max log size = 50
434     <comment># We are going to set some options for our interfaces...</comment>
435     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
436     <comment># This is a good idea, what we are doing is binding the
437     # samba server to our local network.
438     # For example, if eth0 is our local network device</comment>
439     interfaces = lo <i>eth0</i>
440     bind interfaces only = yes
441     <comment># Now we are going to specify who we allow, we are afterall
442     # very security conscience, since this configuration does
443     # not use passwords!</comment>
444     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
445     hosts deny = 0.0.0.0/0
446     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
447     # The default is user</comment>
448     security = share
449     <comment># No passwords, so we're going to use a guest account!</comment>
450     guest account = samba
451     guest ok = yes
452     <comment># We now will implement the on access virus scanner.
453     # NOTE: By putting this in our [Global] section, we enable
454     # scanning of ALL shares, you could optionally move
455     # these to a specific share and only scan it.</comment>
456 swift 1.8
457 swift 1.16 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
458 swift 1.8 vfs object = vscan-clamav
459     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
460    
461 swift 1.1 <comment># Now we setup our print drivers information!</comment>
462     [print$]
463     comment = Printer Drivers
464     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
465 swift 1.10 guest ok = yes
466 swift 1.1 browseable = yes
467     read only = yes
468     <comment># Modify this to "username,root" if you don't want root to
469     # be the only printer admin)</comment>
470     write list = <i>root</i>
471    
472     <comment># Now we'll setup a printer to share, while the name is arbitrary
473     # it should be consistent throughout Samba and CUPS!</comment>
474     [HPDeskJet930C]
475     comment = HP DeskJet 930C Network Printer
476     printable = yes
477     path = /var/spool/samba
478     public = yes
479     guest ok = yes
480     <comment># Modify this to "username,root" if you don't want root to
481     # be the only printer admin)</comment>
482     printer admin = <i>root</i>
483    
484     <comment># Now we setup our printers share. This should be
485     # browseable, printable, public.</comment>
486     [printers]
487     comment = All Printers
488 swift 1.10 browseable = no
489 swift 1.1 printable = yes
490 swift 1.10 writable = no
491 swift 1.1 public = yes
492     guest ok = yes
493     path = /var/spool/samba
494     <comment># Modify this to "username,root" if you don't want root to
495     # be the only printer admin)</comment>
496     printer admin = <i>root</i>
497    
498     <comment># We create a new share that we can read/write to from anywhere
499     # This is kind of like a public temp share, anyone can do what
500     # they want here.</comment>
501     [public]
502     comment = Public Files
503     browseable = yes
504     public = yes
505     create mode = 0766
506     guest ok = yes
507     path = /home/samba/public
508     </pre>
509    
510 swift 1.3 <warn>
511     If you like to use Samba's guest account to do anything concerning
512     printing from Windows clients: don't set <c>guest only = yes</c> in
513     the <c>[global]</c> section. The guest account seems to cause
514     problems when running <c>cupsaddsmb</c> sometimes when trying to
515     connect from Windows machines. See below, too, when we talk about
516     <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
517     printer user, like <c>printeruser</c> or <c>printer</c> or
518     <c>printme</c> or whatever. It doesn't hurt and it will certainly
519     protect you from a lot of problems.
520     </warn>
521 swift 1.1
522 swift 1.16 <warn>
523     Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
524     down the performance of your Samba server dramatically.
525     </warn>
526    
527 swift 1.1 <p>
528     Now create the directories required for the minimum configuration of
529     Samba to share the installed printer throughout the network.
530     </p>
531    
532     <pre caption="Create the directories">
533     # <i>mkdir /etc/samba/printer</i>
534     # <i>mkdir /var/spool/samba</i>
535     # <i>mkdir /home/samba/public</i>
536     </pre>
537    
538     <p>
539     At least one Samba user is required in order to install the printer
540     drivers and to allow users to connect to the printer. Users must
541     exist in the system's <path>/etc/passwd</path> file.
542     </p>
543    
544     <pre caption="Creating the users">
545     # <i>smbpasswd -a root</i>
546    
547     <comment>(If another user is to be a printer admin)</comment>
548     # <i>smbpasswd -a username</i>
549     </pre>
550    
551     <p>
552     The Samba passwords need not be the same as the system passwords
553     in <path>/etc/passwd</path>.
554     </p>
555    
556 swift 1.9 <p>
557     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
558     systems can be found easily using NetBIOS:
559     </p>
560    
561     <pre caption="Editing /etc/nsswitch.conf">
562     # <i>nano -w /etc/nsswitch.conf</i>
563     <comment>(Edit the hosts: line)</comment>
564     hosts: files dns <i>wins</i>
565     </pre>
566    
567 swift 1.1 </body>
568     </section>
569     <section>
570 swift 1.16 <title>Configuring ClamAV</title>
571 swift 1.1 <body>
572    
573     <p>
574     The configuration file specified to be used in <path>smb.conf</path> is
575     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
576     to the defaults, the infected file action may need to be changed.
577     </p>
578    
579     <pre caption="/etc/samba/vscan-clamav.conf">
580     [samba-vscan]
581     <comment>; run-time configuration for vscan-samba using
582     ; clamd
583     ; all options are set to default values</comment>
584    
585     <comment>; do not scan files larger than X bytes. If set to 0 (default),
586     ; this feature is disable (i.e. all files are scanned)</comment>
587     max file size = 0
588    
589     <comment>; log all file access (yes/no). If set to yes, every access will
590     ; be logged. If set to no (default), only access to infected files
591     ; will be logged</comment>
592     verbose file logging = no
593    
594     <comment>; if set to yes (default), a file will be scanned while opening</comment>
595     scan on open = yes
596     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
597     scan on close = yes
598    
599     <comment>; if communication to clamd fails, should access to file denied?
600     ; (default: yes)</comment>
601     deny access on error = yes
602    
603 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
604 swift 1.1 ; should access to file denied?
605     ; (default: yes)</comment>
606     deny access on minor error = yes
607    
608     <comment>; send a warning message via Windows Messenger service
609     ; when virus is found?
610     ; (default: yes)</comment>
611     send warning message = yes
612    
613     <comment>; what to do with an infected file
614     ; quarantine: try to move to quantine directory; delete it if moving fails
615     ; delete: delete infected file
616     ; nothing: do nothing</comment>
617     infected file action = <comment>delete</comment>
618    
619     <comment>; where to put infected files - you really want to change this!
620     ; it has to be on the same physical device as the share!</comment>
621     quarantine directory = /tmp
622     <comment>; prefix for files in quarantine</comment>
623     quarantine prefix = vir-
624    
625     <comment>; as Windows tries to open a file multiple time in a (very) short time
626     ; of period, samba-vscan use a last recently used file mechanism to avoid
627     ; multiple scans of a file. This setting specified the maximum number of
628     ; elements of the last recently used file list. (default: 100)</comment>
629     max lru files entries = 100
630    
631 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
632 swift 1.1 ; (Default: 5)</comment>
633     lru file entry lifetime = 5
634    
635     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
636 swift 1.16 clamd socket name = /tmp/clamd
637    
638     <comment>; port number the ScannerDaemon listens on</comment>
639     oav port = 8127
640 swift 1.1 </pre>
641    
642     <p>
643     It is generally a good idea to start the virus scanner immediately. Add
644 swift 1.16 it to the <e>default</e> runlevel and then start the <c>clamd</c> service
645     immediately. The service has two processes: freshclam keeps the virus definition
646     database up to date while clamd is the actual anti-virus daemon. First you may
647     want to set the paths of the logfiles so that it fits your needs.
648     </p>
649    
650     <pre caption="Checking the location of the logfiles">
651     # <i>vim /etc/clamd.conf</i>
652     <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
653     # <i>vim /etc/freshclam.conf</i>
654     <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
655     # <i>vim /etc/conf.d/clamd</i>
656     <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
657     </pre>
658    
659     <p>
660     Now fire up the virus scanner.
661 swift 1.1 </p>
662    
663     <pre caption="Add clamd to bootup and start it">
664     # <i>rc-update add clamd default</i>
665     # <i>/etc/init.d/clamd start</i>
666     </pre>
667    
668     </body>
669     </section>
670     <section>
671     <title>Configuring CUPS</title>
672     <body>
673    
674     <p>
675 swift 1.3 This is a little more complicated. CUPS' main config file is
676 swift 1.1 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
677     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
678     in the example are the directives that need to be changed:
679     </p>
680    
681     <pre caption="/etc/cups/cupsd.conf">
682     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
683 flammie 1.25 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
684 swift 1.1
685     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
686     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
687    
688     LogLevel debug <comment># only while isntalling and testing, should later be
689 neysx 1.20 # changed to 'info'</comment>
690 swift 1.1
691     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
692     # there seemed to be a bug in CUPS' controlling of the web interface,
693     # making CUPS think a denial of service attack was in progress when
694     # I tried to configure a printer with the web interface. weird.</comment>
695    
696     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
697    
698     &lt;Location /&gt;
699     Order Deny,Allow
700     Deny From All
701     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
702 flammie 1.25 # e.g. 192.168.1.* will allow connections from any host on
703 swift 1.1 # the 192.168.1.0 network. change to whatever suits you</comment>
704     &lt;/Location&gt;
705    
706     &lt;Location /admin&gt;
707     AuthType Basic
708     AuthClass System
709     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
710     # 192.168.1.0 network to connect and do
711     # administrative tasks after authenticating</comment>
712     Order Deny,Allow
713     Deny From All
714     &lt;/Location&gt;
715     </pre>
716    
717     <p>
718     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
719 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
720     needed to make CUPS print Microsoft Office document files.
721 swift 1.1 </p>
722    
723     <pre caption="/etc/cups/mime.convs">
724     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
725     application/octet-stream application/vnd.cups-raw 0
726     </pre>
727    
728     <p>
729 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
730 swift 1.1 </p>
731    
732     <pre caption="/etc/cups/mime.types">
733     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
734     application/octet-stream
735     </pre>
736    
737     <p>
738     CUPS needs to be started on boot, and started immediately.
739     </p>
740    
741     <pre caption="Setting up the CUPS service" >
742     <comment>(To start CUPS on boot)</comment>
743     # <i>rc-update add cupsd default</i>
744 neysx 1.14 <comment>(To start or restart CUPS now)</comment>
745 swift 1.1 # <i>/etc/init.d/cupsd restart</i>
746     </pre>
747    
748     </body>
749     </section>
750     <section>
751     <title>Installing a printer for and with CUPS</title>
752     <body>
753    
754     <p>
755 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
756     find and download the correct PPD file for your printer and CUPS. To do so,
757     click the link Printer Listings to the left. Select your printers manufacturer
758 flammie 1.25 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
759 neysx 1.5 the page coming up click the "recommended driver" link after reading the
760     various notes and information. Then fetch the PPD file from the next page,
761     again after reading the notes and introductions there. You may have to select
762     your printers manufacturer and model again. Reading the <uri
763     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
764     is also very helpful when working with CUPS.
765 swift 1.1 </p>
766    
767     <p>
768     Now you have a PPD file for your printer to work with CUPS. Place it in
769     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
770 swift 1.3 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
771 swift 1.1 This can be done via the CUPS web interface or via command line. The web
772 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
773 swift 1.1 </p>
774    
775     <pre caption="Install the printer via command line">
776     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
777 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
778 swift 1.1 </pre>
779    
780     <p>
781 swift 1.3 Remember to adjust to what you have. Be sure to have the name
782     (<c>-p</c> argument) right (the name you set above during the Samba
783     configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
784     <c>parallel:/dev/blah</c> or whatever device you are using for your
785     printer.
786 swift 1.1 </p>
787    
788     <p>
789 swift 1.3 You should now be able to access the printer from the web interface
790     and be able to print a test page.
791 swift 1.1 </p>
792    
793     </body>
794     </section>
795     <section>
796     <title>Installing the Windows printer drivers</title>
797     <body>
798    
799     <p>
800     Now that the printer should be working it is time to install the drivers
801     for the Windows clients to work. Samba 2.2 introduced this functionality.
802     Browsing to the print server in the Network Neighbourhood, right-clicking
803     on the printershare and selecting "connect" downloads the appropriate
804     drivers automagically to the connecting client, avoiding the hassle of
805     manually installing printer drivers locally.
806     </p>
807    
808     <p>
809 nightmorph 1.26 There are two sets of printer drivers for this. First, the Adobe PS drivers
810     which can be obtained from <uri
811     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
812     printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
813     link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
814     There doesn't seem to be a difference between the functionality of the two, but
815     the Adobe PS drivers need to be extracted on a Windows System since it's a
816     Windows binary. Also the whole procedure of finding and copying the correct
817     files is a bit more hassle. The CUPS drivers seem to support some options the
818     Adobe drivers don't.
819     </p>
820     <!--
821     used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
822     available. at some point, we should update this for 6.0.
823     -->
824 swift 1.1
825     <p>
826     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
827     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
828     contained into a directory.
829     </p>
830    
831     <pre caption="Extract the drivers and run the install">
832     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
833     # <i>cd cups-samba-5.0rc2</i>
834     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
835     # <i>./cups-samba.install</i>
836     </pre>
837    
838     <p>
839 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
840     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
841     <path>cupsui5.dll</path>. These are the actual driver files.
842 swift 1.1 </p>
843    
844     <warn>
845 flammie 1.25 The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
846 swift 1.1 because almost everything which is not part of the base system is
847     installed somewhere under the prefix <path>/usr/local/</path>. This
848     seems not to be the case for most things you install under GNU/Linux.
849     However, if your CUPS installation is somewhere other than
850 swift 1.3 <path>/usr/share/cups/</path> see the example below.
851 swift 1.1 </warn>
852    
853     <p>
854     Suppose your CUPS installation resides under
855     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
856     Do the following:
857     </p>
858    
859     <pre caption="Manually installing the drivers">
860     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
861     # <i>tar -xf cups-samba.ss</i>
862     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
863     # <i>cd usr/share/cups/drivers</i>
864     <comment>(no leading / !)</comment>
865     # <i>cp cups* /usr/local/share/cups/drivers</i>
866 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
867 swift 1.1 </pre>
868    
869     <p>
870 nightmorph 1.23 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
871     Its man page is an interesting read.
872 swift 1.1 </p>
873    
874     <pre caption="Run cupsaddsmb">
875     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
876     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
877     "export all known printers".)</comment>
878     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
879     </pre>
880    
881     <warn>
882 nightmorph 1.26 The execution of this command often causes the most trouble. Read through the
883     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
884     thread</uri> for some troubleshooting tips.
885 swift 1.1 </warn>
886    
887     <p>
888     Here are common errors that may happen:
889     </p>
890    
891     <ul>
892     <li>
893 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
894     (<c>PrintServer</c>) often does not resolve correctly and doesn't
895     identify the print server for CUPS/Samba interaction. If an error
896     like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
897     skipping!</b> occurs, the first thing you should do is substitute
898     <c>PrintServer</c> with <c>localhost</c> and try it again.
899 swift 1.1 </li>
900     <li>
901     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
902     is quite common, but can be triggered by many problems. It's unfortunately
903 swift 1.3 not very helpful. One thing to try is to temporarily set <c>security =
904     user</c> in your <path>smb.conf</path>. After/if the installation completes
905 swift 1.1 successfully, you should set it back to share, or whatever it was set to
906     before.
907     </li>
908     </ul>
909    
910     <p>
911     This should install the correct driver directory structure under
912     <path>/etc/samba/printer</path>. That would be
913     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
914     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
915     (the name which you gave the printer when installing it (see above).
916     </p>
917    
918     <p>
919     Pending no errors or other complications, your drivers are now
920     installed.
921     </p>
922    
923     </body>
924     </section>
925     <section>
926     <title>Finalizing our setup</title>
927     <body>
928    
929     <p>
930     Lastly, setup our directories.
931     </p>
932    
933     <pre caption="Final changes needed">
934     # <i>mkdir /home/samba</i>
935     # <i>mkdir /home/samba/public</i>
936     # <i>chmod 755 /home/samba</i>
937     # <i>chmod 755 /home/samba/public</i>
938     </pre>
939    
940     </body>
941     </section>
942     <section>
943     <title>Testing our Samba configuration</title>
944     <body>
945    
946     <p>
947     We will want to test our configuration file to ensure that it is formatted
948     properly and all of our options have at least the correct syntax. To do
949     this we run <c>testparm</c>.
950     </p>
951    
952     <pre caption="Running the testparm">
953     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
954     # <i>/usr/bin/testparm</i>
955     Load smb config files from /etc/samba/smb.conf
956     Processing section &quot;[printers]&quot;
957     Global parameter guest account found in service section!
958     Processing section &quot;[public]&quot;
959     Global parameter guest account found in service section!
960     Loaded services file OK.
961     Server role: ROLE_STANDALONE
962     Press enter to see a dump of your service definitions
963     ...
964     ...
965     </pre>
966    
967     </body>
968     </section>
969     <section>
970     <title>Starting the Samba service</title>
971     <body>
972    
973     <p>
974     Now configure Samba to start at bootup; then go ahead and start it.
975     </p>
976    
977     <pre caption="Setting up the Samba service">
978     # <i>rc-update add samba default</i>
979     # <i>/etc/init.d/samba start</i>
980     </pre>
981    
982     </body>
983     </section>
984     <section>
985     <title>Checking our services</title>
986     <body>
987    
988     <p>
989     It would probably be prudent to check our logs at this time also.
990     We will also want to take a peak at our Samba shares using
991     <c>smbclient</c>.
992     </p>
993    
994     <pre caption="Checking the shares with smbclient">
995     # <i>smbclient -L localhost</i>
996     Password:
997     <comment>(You should see a BIG list of services here.)</comment>
998     </pre>
999    
1000     </body>
1001     </section>
1002     </chapter>
1003 neysx 1.5
1004 swift 1.1 <chapter>
1005     <title>Configuration of the Clients</title>
1006     <section>
1007     <title>Printer configuration of *nix based clients</title>
1008     <body>
1009    
1010     <p>
1011 neysx 1.11 Despite the variation or distribution, the only thing needed is CUPS. Do the
1012     equivalent on any other UNIX/Linux/BSD client.
1013 swift 1.1 </p>
1014    
1015 neysx 1.5 <pre caption="Configuring a Gentoo system">
1016 swift 1.1 # <i>emerge cups</i>
1017 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
1018     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
1019 swift 1.1 </pre>
1020    
1021     <p>
1022 neysx 1.11 That should be it. Nothing else will be needed.
1023 swift 1.1 </p>
1024    
1025     <p>
1026 neysx 1.11 If you use only one printer, it will be your default printer. If your print
1027     server manages several printers, your administrator will have defined a default
1028     printer on the server. If you want to define a different default printer for
1029     yourself, use the <c>lpoptions</c> command.
1030 swift 1.1 </p>
1031    
1032 neysx 1.11 <pre caption="Setting your default printer">
1033     <comment>(List available printers)</comment>
1034     # <i>lpstat -a</i>
1035     <comment>(Sample output, yours will differ)</comment>
1036     HPDeskJet930C accepting requests since Jan 01 00:00
1037     laser accepting requests since Jan 01 00:00
1038     <comment>(Define HPDeskJet930C as your default printer)</comment>
1039     # <i>lpoptions -d HPDeskJet930C</i>
1040 swift 1.1 </pre>
1041    
1042 neysx 1.11 <pre caption="Printing in *nix">
1043     <comment>(Specify the printer to be used)</comment>
1044     # <i>lp -d HPDeskJet930C anything.txt</i>
1045     <comment>(Use your default printer)</comment>
1046     # <i>lp foobar.whatever.ps</i>
1047 swift 1.1 </pre>
1048    
1049     <p>
1050 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
1051     you want to manage your printers and their jobs with a nice web interface.
1052     Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1053     your print server, not the name you gave to the cups print server if you used
1054     different names.
1055 swift 1.1 </p>
1056    
1057     </body>
1058     </section>
1059     <section>
1060     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1061     <body>
1062    
1063     <p>
1064 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1065     all compiled at least one kernel, we'll need to make sure we have all the right
1066     options selected in our kernel. For simplicity sake, make it a module for ease
1067     of use. It is the author's opinion that kernel modules are a good thing and
1068     should be used whenever possible.
1069 swift 1.1 </p>
1070    
1071     <pre caption="Relevant kernel options" >
1072     CONFIG_SMB_FS=m
1073     CONFIG_SMB_UNIX=y
1074     </pre>
1075    
1076     <p>
1077     Then make the module/install it; insert them with:
1078     </p>
1079    
1080     <pre caption="Loading the kernel module">
1081     # <i>modprobe smbfs</i>
1082     </pre>
1083    
1084     <p>
1085     Once the modules is loaded, mounting a Windows or Samba share is
1086     possible. Use <c>mount</c> to accomplish this, as detailed below:
1087     </p>
1088    
1089     <pre caption="Mounting a Windows/Samba share">
1090     <comment>(The syntax for mounting a Windows/Samba share is:
1091     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1092     If we are not using passwords or a password is not needed)</comment>
1093    
1094     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1095    
1096     <comment>(If a password is needed)</comment>
1097     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1098     </pre>
1099    
1100     <p>
1101     After you mount the share, you would access it as if it were a local
1102     drive.
1103     </p>
1104    
1105     </body>
1106     </section>
1107     <section>
1108     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1109     <body>
1110    
1111     <p>
1112 swift 1.3 That's just a bit of point-and-click. Browse to
1113     <path>\\PrintServer</path> and right click on the printer
1114     (HPDeskJet930C) and click connect. This will download the drivers to
1115     the Windows client and now every application (such as Word or Acrobat)
1116     will offer HPDeskJet930C as an available printer to print to. :-)
1117 swift 1.1 </p>
1118    
1119     </body>
1120     </section>
1121     </chapter>
1122 neysx 1.5
1123 swift 1.1 <chapter>
1124     <title>Final Notes</title>
1125     <section>
1126     <title>A Fond Farewell</title>
1127     <body>
1128    
1129     <p>
1130     Well that should be it. You should now have a successful printing enviroment
1131     that is friendly to both Windows and *nix as well as a fully virus-free working
1132     share!
1133     </p>
1134    
1135     </body>
1136     </section>
1137     </chapter>
1138 neysx 1.5
1139 swift 1.1 <chapter>
1140     <title>Links and Resources</title>
1141     <section>
1142     <title>Links</title>
1143     <body>
1144    
1145     <p>
1146     These are some links that may help you in setting up, configuration and
1147     troubleshooting your installation:
1148     </p>
1149    
1150     <ul>
1151     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1152 nightmorph 1.27 <li>
1153     <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1154     link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1155     on Samba/CUPS configuration</uri>
1156     </li>
1157 swift 1.1 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1158     <li>
1159     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1160     Pfeifle's Samba Print HOWTO</uri> (
1161     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1162     I've written here, plus a LOT more concerning CUPS and Samba, and
1163     generally printing support on networks. A really interesting read,
1164     with lots and lots of details)
1165     </li>
1166     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1167     </ul>
1168    
1169     </body>
1170     </section>
1171     <section>
1172     <title>Troubleshooting</title>
1173     <body>
1174    
1175     <p>
1176     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1177     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1178     manual. Lots of useful tips there! Be sure to look this one up
1179     first, before posting questions and problems! Maybe the solution
1180     you're looking for is right there.
1181     </p>
1182    
1183     </body>
1184     </section>
1185     </chapter>
1186     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20