/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.28 - (hide annotations) (download) (as text)
Wed Jun 6 22:42:25 2007 UTC (7 years, 6 months ago) by nightmorph
Branch: MAIN
Changes since 1.27: +11 -35 lines
File MIME type: application/xml
some updates for bug 181130

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 nightmorph 1.28 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.27 2007/06/05 21:33:31 nightmorph Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 neysx 1.21 <guide link="/doc/en/quick-samba-howto.xml">
5 swift 1.16 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 swift 1.3 Setup, install and configure a Samba Server under Gentoo that shares
15     files, printers without the need to install drivers and provides
16 swift 1.1 automatic virus scanning.
17     </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 nightmorph 1.28 <version>1.17</version>
24     <date>2007-06-06</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33     This HOWTO is designed to help you move a network from many different
34 neysx 1.5 clients speaking different languages, to many different machines that
35 swift 1.1 speak a common language. The ultimate goal is to help differing
36 swift 1.3 architectures and technologies, come together in a productive,
37     happily coexisting environment.
38 swift 1.1 </p>
39    
40     <p>
41     Following the directions outlined in this HOWTO should give you an
42     excellent step towards a peaceful cohabitation between Windows, and
43     virtually all known variations of *nix.
44     </p>
45    
46     <p>
47 rane 1.19 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 swift 1.1 intended to explore the functionality and power of the Gentoo system,
49     portage and the flexibility of USE flags. Like so many other projects,
50     it was quickly discovered what was missing in the Gentoo realm: there
51     weren't any Samba HOWTO's catered for Gentoo users. These users are
52     more demanding than most; they require performance, flexibility and
53     customization. This does not however imply that this HOWTO was not
54     intended for other distributions; rather that it was designed to work
55     with a highly customized version of Samba.
56     </p>
57    
58     <p>
59     This HOWTO will describe how to share files and printers between Windows
60     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61     File System) feature of Samba to incorporate automatic virus protection.
62     As a finale, it will show you how to mount and manipulate shares.
63     </p>
64    
65     <p>
66     There are a few topics that will be mentioned, but are out of the
67     scope of this HOWTO. These will be noted as they are presented.
68     </p>
69    
70     <p>
71     This HOWTO is based on a compilation and merge of an excellent HOWTO
72     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74     The link to this discussion is provided below for your reference:
75     </p>
76    
77     <ul>
78     <li>
79     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80     CUPS+Samba: printing from Windows &amp; Linux</uri>
81     </li>
82     </ul>
83    
84     </body>
85     </section>
86     <section>
87     <title>Before you use this guide</title>
88     <body>
89    
90     <p>
91 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
92     them as well, as they may tell you things left out of this HOWTO (intentional
93     or otherwise). One such document is the very useful and well written <uri
94     link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95     issues and specific printer setup is not discussed here.
96 swift 1.1 </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112 swift 1.16 <li>Install and configure ClamAV</li>
113 swift 1.1 <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146 swift 1.6 <li>app-antivirus/clamav</li>
147 swift 1.1 <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149 nightmorph 1.28 <li>net-print/hplip (if you have an HP printer)</li>
150     <li>A kernel of sorts (2.6)</li>
151 swift 1.1 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161 swift 1.6 app-antivirus/clamav will be used also, but others should be easily adapted
162 swift 1.17 to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163     technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
164 swift 1.1 </p>
165    
166     </body>
167     </section>
168     </chapter>
169 neysx 1.5
170 swift 1.1 <chapter>
171     <title>Getting acquainted with Samba</title>
172     <section>
173     <title>The USE Flags</title>
174     <body>
175    
176     <p>
177 nightmorph 1.28 Before emerging anything, take a look at some of the various USE flags available
178     to Samba.
179 swift 1.1 </p>
180    
181     <pre caption="Samba uses the following USE Variables:">
182 nightmorph 1.28 kerberos acl cups ldap pam readline python oav
183 swift 1.1 </pre>
184    
185     <p>
186     Depending on the network topology and the specific requirements of
187     the server, the USE flags outlined below will define what to include or
188     exclude from the emerging of Samba.
189     </p>
190    
191     <table>
192     <tr>
193     <th><b>USE flag</b></th>
194     <th>Description</th>
195     </tr>
196     <tr>
197     <th><b>kerberos</b></th>
198     <ti>
199     Include support for Kerberos. The server will need this if it is
200     intended to join an existing domain or Active Directory. See the note
201     below for more information.
202     </ti>
203     </tr>
204     <tr>
205     <th><b>acl</b></th>
206     <ti>
207     Enables Access Control Lists. The ACL support in Samba uses a patched
208     ext2/ext3, or SGI's XFS in order to function properly as it extends more
209     detailed access to files or directories; much more so than typical *nix
210     GID/UID schemas.
211     </ti>
212     </tr>
213     <tr>
214     <th><b>cups</b></th>
215     <ti>
216     This enables support for the Common Unix Printing System. This
217     provides an interface allowing local CUPS printers to be shared to
218     other systems in the network.
219     </ti>
220     </tr>
221     <tr>
222     <th><b>ldap</b></th>
223     <ti>
224     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
225     expected to use Active Directory, this option must be used. This would
226     be used in the event Samba needs to login to or provide login to
227     a Domain/Active Directory Server. The kerberos USE flag is needed for
228     proper functioning of this option.
229     </ti>
230     </tr>
231     <tr>
232     <th><b>pam</b></th>
233     <ti>
234     Include support for pluggable authentication modules (PAM). This
235     provides the ability to authenticate users on the Samba Server, which is
236     required if users have to login to your server. The kerberos USE flag
237     is recommended along with this option.
238     </ti>
239     </tr>
240     <tr>
241     <th><b>readline</b></th>
242     <ti>
243 neysx 1.13 Link Samba against libreadline. This is highly recommended and should
244 swift 1.1 probably not be disabled
245     </ti>
246     </tr>
247     <tr>
248     <th><b>python</b></th>
249     <ti>
250     Python bindings API. Provides an API that will allow Python to
251     interface with Samba.
252     </ti>
253     </tr>
254     <tr>
255     <th><b>oav</b></th>
256     <ti>
257     Provides on-access scanning of Samba shares with FRISK F-Prot
258     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
259     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
260     </ti>
261     </tr>
262     </table>
263    
264     <p>
265     A couple of things worth mentioning about the USE flags and different
266     Samba functions include:
267     </p>
268    
269     <ul>
270     <li>
271     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
272     ACL kernel options for ext2 and/or ext3 will need to be enabled
273     (depending on which file system is being used - both can be enabled).
274     </li>
275     <li>
276     While Active Directory, ACL, and PDC functions are out of the intended
277     scope of this HOWTO, you may find these links as helpful to your cause:
278     <ul>
279     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
280     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
281     </ul>
282     </li>
283     </ul>
284    
285     </body>
286     </section>
287     </chapter>
288 neysx 1.5
289 swift 1.1 <chapter>
290     <title>Server Software Installation</title>
291     <section>
292     <title>Emerging Samba</title>
293     <body>
294    
295     <p>
296     First of all: be sure that all your hostnames resolve correctly.
297     Either have a working domain name system running on your network
298 swift 1.3 or appropriate entries in your <path>/etc/hosts</path> file.
299     <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
300     machines.
301 swift 1.1 </p>
302    
303     <p>
304     Hopefully now you can make an assessment of what you'll actually need in
305     order to use Samba with your particular setup. The setup used for this
306     HOWTO is:
307     </p>
308    
309     <ul>
310     <li>oav</li>
311     <li>cups</li>
312     <li>readline</li>
313     <li>pam</li>
314     </ul>
315    
316     <p>
317     To optimize performance, size and the time of the build, the
318     USE flags are specifically included or excluded.
319     </p>
320    
321     <pre caption="Emerge Samba">
322 swift 1.17 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
323     # <i>emerge net-fs/samba</i>
324 swift 1.1 </pre>
325    
326     <note>
327     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
328     ppc, sparc, hppa, ia64 and alpha
329     </note>
330    
331     <p>
332     This will emerge Samba and CUPS (if CUPS is not already emerged).
333     </p>
334    
335     </body>
336     </section>
337     <section>
338 swift 1.16 <title>Emerging ClamAV</title>
339 swift 1.1 <body>
340    
341     <p>
342 swift 1.3 Because the <e>oav</e> USE flag only provides an interface to allow on access
343 swift 1.1 virus scanning, the actual virus scanner must be emerged. The scanner
344 swift 1.16 used in this HOWTO is ClamAV.
345 swift 1.1 </p>
346    
347 swift 1.16 <pre caption="Emerge Clamav">
348 swift 1.6 # <i>emerge app-antivirus/clamav</i>
349 swift 1.1 </pre>
350    
351     </body>
352     </section>
353     <section>
354     <title>Emerging foomatic</title>
355     <body>
356    
357     <pre caption="Emerge foomatic">
358     # <i>emerge net-print/foomatic</i>
359     </pre>
360    
361     </body>
362     </section>
363     <section>
364 nightmorph 1.28 <title>Emerging net-print/hplip</title>
365 swift 1.1 <body>
366    
367     <p>
368     You only need to emerge this if you use an HP printer.
369     </p>
370    
371 nightmorph 1.28 <pre caption="Emerge hplip">
372     # <i>emerge net-print/hplip</i>
373 swift 1.1 </pre>
374    
375     </body>
376     </section>
377     </chapter>
378 neysx 1.5
379 swift 1.1 <chapter>
380     <title>Server Configuration</title>
381     <section>
382     <title>Configuring Samba</title>
383     <body>
384    
385     <p>
386     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
387     It is divided in sections indicated by [sectionname]. Comments are either
388     # or ;. A sample <path>smb.conf</path> is included below with comments and
389     suggestions for modifications. If more details are required, see the
390 swift 1.3 man page for <path>smb.conf</path>, the installed
391     <path>smb.conf.example</path>, the Samba Web site or any of the
392     numerous Samba books available.
393 swift 1.1 </p>
394    
395     <pre caption="A Sample /etc/samba/smb.conf">
396     [global]
397     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
398     workgroup = <comment>MYWORKGROUPNAME</comment>
399     <comment># Of course this has no REAL purpose other than letting
400 neysx 1.15 # everyone knows it's not Windows!
401 swift 1.1 # %v prints the version of Samba we are using.</comment>
402     server string = Samba Server %v
403     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
404     printcap name = cups
405     printing = cups
406     load printers = yes
407     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
408     log file = /var/log/samba/log.%m
409     max log size = 50
410     <comment># We are going to set some options for our interfaces...</comment>
411     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
412     <comment># This is a good idea, what we are doing is binding the
413     # samba server to our local network.
414     # For example, if eth0 is our local network device</comment>
415     interfaces = lo <i>eth0</i>
416     bind interfaces only = yes
417     <comment># Now we are going to specify who we allow, we are afterall
418     # very security conscience, since this configuration does
419     # not use passwords!</comment>
420     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
421     hosts deny = 0.0.0.0/0
422     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
423     # The default is user</comment>
424     security = share
425     <comment># No passwords, so we're going to use a guest account!</comment>
426     guest account = samba
427     guest ok = yes
428     <comment># We now will implement the on access virus scanner.
429     # NOTE: By putting this in our [Global] section, we enable
430     # scanning of ALL shares, you could optionally move
431     # these to a specific share and only scan it.</comment>
432 swift 1.8
433 swift 1.16 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
434 swift 1.8 vfs object = vscan-clamav
435     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
436    
437 swift 1.1 <comment># Now we setup our print drivers information!</comment>
438     [print$]
439     comment = Printer Drivers
440     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
441 swift 1.10 guest ok = yes
442 swift 1.1 browseable = yes
443     read only = yes
444     <comment># Modify this to "username,root" if you don't want root to
445     # be the only printer admin)</comment>
446     write list = <i>root</i>
447    
448     <comment># Now we'll setup a printer to share, while the name is arbitrary
449     # it should be consistent throughout Samba and CUPS!</comment>
450     [HPDeskJet930C]
451     comment = HP DeskJet 930C Network Printer
452     printable = yes
453     path = /var/spool/samba
454     public = yes
455     guest ok = yes
456     <comment># Modify this to "username,root" if you don't want root to
457     # be the only printer admin)</comment>
458     printer admin = <i>root</i>
459    
460     <comment># Now we setup our printers share. This should be
461     # browseable, printable, public.</comment>
462     [printers]
463     comment = All Printers
464 swift 1.10 browseable = no
465 swift 1.1 printable = yes
466 swift 1.10 writable = no
467 swift 1.1 public = yes
468     guest ok = yes
469     path = /var/spool/samba
470     <comment># Modify this to "username,root" if you don't want root to
471     # be the only printer admin)</comment>
472     printer admin = <i>root</i>
473    
474     <comment># We create a new share that we can read/write to from anywhere
475     # This is kind of like a public temp share, anyone can do what
476     # they want here.</comment>
477     [public]
478     comment = Public Files
479     browseable = yes
480     public = yes
481     create mode = 0766
482     guest ok = yes
483     path = /home/samba/public
484     </pre>
485    
486 swift 1.3 <warn>
487     If you like to use Samba's guest account to do anything concerning
488     printing from Windows clients: don't set <c>guest only = yes</c> in
489     the <c>[global]</c> section. The guest account seems to cause
490     problems when running <c>cupsaddsmb</c> sometimes when trying to
491     connect from Windows machines. See below, too, when we talk about
492     <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
493     printer user, like <c>printeruser</c> or <c>printer</c> or
494     <c>printme</c> or whatever. It doesn't hurt and it will certainly
495     protect you from a lot of problems.
496     </warn>
497 swift 1.1
498 swift 1.16 <warn>
499     Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
500     down the performance of your Samba server dramatically.
501     </warn>
502    
503 swift 1.1 <p>
504     Now create the directories required for the minimum configuration of
505     Samba to share the installed printer throughout the network.
506     </p>
507    
508     <pre caption="Create the directories">
509     # <i>mkdir /etc/samba/printer</i>
510     # <i>mkdir /var/spool/samba</i>
511     # <i>mkdir /home/samba/public</i>
512     </pre>
513    
514     <p>
515     At least one Samba user is required in order to install the printer
516     drivers and to allow users to connect to the printer. Users must
517     exist in the system's <path>/etc/passwd</path> file.
518     </p>
519    
520     <pre caption="Creating the users">
521     # <i>smbpasswd -a root</i>
522    
523     <comment>(If another user is to be a printer admin)</comment>
524     # <i>smbpasswd -a username</i>
525     </pre>
526    
527     <p>
528     The Samba passwords need not be the same as the system passwords
529     in <path>/etc/passwd</path>.
530     </p>
531    
532 swift 1.9 <p>
533     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
534     systems can be found easily using NetBIOS:
535     </p>
536    
537     <pre caption="Editing /etc/nsswitch.conf">
538     # <i>nano -w /etc/nsswitch.conf</i>
539     <comment>(Edit the hosts: line)</comment>
540     hosts: files dns <i>wins</i>
541     </pre>
542    
543 swift 1.1 </body>
544     </section>
545     <section>
546 swift 1.16 <title>Configuring ClamAV</title>
547 swift 1.1 <body>
548    
549     <p>
550     The configuration file specified to be used in <path>smb.conf</path> is
551     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
552     to the defaults, the infected file action may need to be changed.
553     </p>
554    
555     <pre caption="/etc/samba/vscan-clamav.conf">
556     [samba-vscan]
557     <comment>; run-time configuration for vscan-samba using
558     ; clamd
559     ; all options are set to default values</comment>
560    
561     <comment>; do not scan files larger than X bytes. If set to 0 (default),
562     ; this feature is disable (i.e. all files are scanned)</comment>
563     max file size = 0
564    
565     <comment>; log all file access (yes/no). If set to yes, every access will
566     ; be logged. If set to no (default), only access to infected files
567     ; will be logged</comment>
568     verbose file logging = no
569    
570     <comment>; if set to yes (default), a file will be scanned while opening</comment>
571     scan on open = yes
572     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
573     scan on close = yes
574    
575     <comment>; if communication to clamd fails, should access to file denied?
576     ; (default: yes)</comment>
577     deny access on error = yes
578    
579 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
580 swift 1.1 ; should access to file denied?
581     ; (default: yes)</comment>
582     deny access on minor error = yes
583    
584     <comment>; send a warning message via Windows Messenger service
585     ; when virus is found?
586     ; (default: yes)</comment>
587     send warning message = yes
588    
589     <comment>; what to do with an infected file
590     ; quarantine: try to move to quantine directory; delete it if moving fails
591     ; delete: delete infected file
592     ; nothing: do nothing</comment>
593     infected file action = <comment>delete</comment>
594    
595     <comment>; where to put infected files - you really want to change this!
596     ; it has to be on the same physical device as the share!</comment>
597     quarantine directory = /tmp
598     <comment>; prefix for files in quarantine</comment>
599     quarantine prefix = vir-
600    
601     <comment>; as Windows tries to open a file multiple time in a (very) short time
602     ; of period, samba-vscan use a last recently used file mechanism to avoid
603     ; multiple scans of a file. This setting specified the maximum number of
604     ; elements of the last recently used file list. (default: 100)</comment>
605     max lru files entries = 100
606    
607 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
608 swift 1.1 ; (Default: 5)</comment>
609     lru file entry lifetime = 5
610    
611     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
612 swift 1.16 clamd socket name = /tmp/clamd
613    
614     <comment>; port number the ScannerDaemon listens on</comment>
615     oav port = 8127
616 swift 1.1 </pre>
617    
618     <p>
619     It is generally a good idea to start the virus scanner immediately. Add
620 swift 1.16 it to the <e>default</e> runlevel and then start the <c>clamd</c> service
621     immediately. The service has two processes: freshclam keeps the virus definition
622     database up to date while clamd is the actual anti-virus daemon. First you may
623     want to set the paths of the logfiles so that it fits your needs.
624     </p>
625    
626     <pre caption="Checking the location of the logfiles">
627     # <i>vim /etc/clamd.conf</i>
628     <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
629     # <i>vim /etc/freshclam.conf</i>
630     <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
631     # <i>vim /etc/conf.d/clamd</i>
632     <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
633     </pre>
634    
635     <p>
636     Now fire up the virus scanner.
637 swift 1.1 </p>
638    
639     <pre caption="Add clamd to bootup and start it">
640     # <i>rc-update add clamd default</i>
641     # <i>/etc/init.d/clamd start</i>
642     </pre>
643    
644     </body>
645     </section>
646     <section>
647     <title>Configuring CUPS</title>
648     <body>
649    
650     <p>
651 swift 1.3 This is a little more complicated. CUPS' main config file is
652 swift 1.1 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
653     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
654     in the example are the directives that need to be changed:
655     </p>
656    
657     <pre caption="/etc/cups/cupsd.conf">
658     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
659 flammie 1.25 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
660 swift 1.1
661     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
662     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
663    
664     LogLevel debug <comment># only while isntalling and testing, should later be
665 neysx 1.20 # changed to 'info'</comment>
666 swift 1.1
667     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
668     # there seemed to be a bug in CUPS' controlling of the web interface,
669     # making CUPS think a denial of service attack was in progress when
670     # I tried to configure a printer with the web interface. weird.</comment>
671    
672     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
673    
674     &lt;Location /&gt;
675     Order Deny,Allow
676     Deny From All
677     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
678 flammie 1.25 # e.g. 192.168.1.* will allow connections from any host on
679 swift 1.1 # the 192.168.1.0 network. change to whatever suits you</comment>
680     &lt;/Location&gt;
681    
682     &lt;Location /admin&gt;
683     AuthType Basic
684     AuthClass System
685     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
686     # 192.168.1.0 network to connect and do
687     # administrative tasks after authenticating</comment>
688     Order Deny,Allow
689     Deny From All
690     &lt;/Location&gt;
691     </pre>
692    
693     <p>
694     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
695 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
696     needed to make CUPS print Microsoft Office document files.
697 swift 1.1 </p>
698    
699     <pre caption="/etc/cups/mime.convs">
700     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
701     application/octet-stream application/vnd.cups-raw 0
702     </pre>
703    
704     <p>
705 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
706 swift 1.1 </p>
707    
708     <pre caption="/etc/cups/mime.types">
709     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
710     application/octet-stream
711     </pre>
712    
713     <p>
714     CUPS needs to be started on boot, and started immediately.
715     </p>
716    
717     <pre caption="Setting up the CUPS service" >
718     <comment>(To start CUPS on boot)</comment>
719     # <i>rc-update add cupsd default</i>
720 neysx 1.14 <comment>(To start or restart CUPS now)</comment>
721 swift 1.1 # <i>/etc/init.d/cupsd restart</i>
722     </pre>
723    
724     </body>
725     </section>
726     <section>
727     <title>Installing a printer for and with CUPS</title>
728     <body>
729    
730     <p>
731 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
732     find and download the correct PPD file for your printer and CUPS. To do so,
733     click the link Printer Listings to the left. Select your printers manufacturer
734 flammie 1.25 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
735 neysx 1.5 the page coming up click the "recommended driver" link after reading the
736     various notes and information. Then fetch the PPD file from the next page,
737     again after reading the notes and introductions there. You may have to select
738     your printers manufacturer and model again. Reading the <uri
739     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
740     is also very helpful when working with CUPS.
741 swift 1.1 </p>
742    
743     <p>
744     Now you have a PPD file for your printer to work with CUPS. Place it in
745     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
746 swift 1.3 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
747 swift 1.1 This can be done via the CUPS web interface or via command line. The web
748 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
749 swift 1.1 </p>
750    
751     <pre caption="Install the printer via command line">
752     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
753 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
754 swift 1.1 </pre>
755    
756     <p>
757 swift 1.3 Remember to adjust to what you have. Be sure to have the name
758     (<c>-p</c> argument) right (the name you set above during the Samba
759     configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
760     <c>parallel:/dev/blah</c> or whatever device you are using for your
761     printer.
762 swift 1.1 </p>
763    
764     <p>
765 swift 1.3 You should now be able to access the printer from the web interface
766     and be able to print a test page.
767 swift 1.1 </p>
768    
769     </body>
770     </section>
771     <section>
772     <title>Installing the Windows printer drivers</title>
773     <body>
774    
775     <p>
776     Now that the printer should be working it is time to install the drivers
777     for the Windows clients to work. Samba 2.2 introduced this functionality.
778     Browsing to the print server in the Network Neighbourhood, right-clicking
779     on the printershare and selecting "connect" downloads the appropriate
780     drivers automagically to the connecting client, avoiding the hassle of
781     manually installing printer drivers locally.
782     </p>
783    
784     <p>
785 nightmorph 1.26 There are two sets of printer drivers for this. First, the Adobe PS drivers
786     which can be obtained from <uri
787     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
788     printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
789     link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
790     There doesn't seem to be a difference between the functionality of the two, but
791     the Adobe PS drivers need to be extracted on a Windows System since it's a
792     Windows binary. Also the whole procedure of finding and copying the correct
793     files is a bit more hassle. The CUPS drivers seem to support some options the
794     Adobe drivers don't.
795     </p>
796     <!--
797     used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
798     available. at some point, we should update this for 6.0.
799     -->
800 swift 1.1
801     <p>
802     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
803     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
804     contained into a directory.
805     </p>
806    
807     <pre caption="Extract the drivers and run the install">
808     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
809     # <i>cd cups-samba-5.0rc2</i>
810     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
811     # <i>./cups-samba.install</i>
812     </pre>
813    
814     <p>
815 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
816     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
817     <path>cupsui5.dll</path>. These are the actual driver files.
818 swift 1.1 </p>
819    
820     <warn>
821 flammie 1.25 The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
822 swift 1.1 because almost everything which is not part of the base system is
823     installed somewhere under the prefix <path>/usr/local/</path>. This
824     seems not to be the case for most things you install under GNU/Linux.
825     However, if your CUPS installation is somewhere other than
826 swift 1.3 <path>/usr/share/cups/</path> see the example below.
827 swift 1.1 </warn>
828    
829     <p>
830     Suppose your CUPS installation resides under
831     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
832     Do the following:
833     </p>
834    
835     <pre caption="Manually installing the drivers">
836     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
837     # <i>tar -xf cups-samba.ss</i>
838     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
839     # <i>cd usr/share/cups/drivers</i>
840     <comment>(no leading / !)</comment>
841     # <i>cp cups* /usr/local/share/cups/drivers</i>
842 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
843 swift 1.1 </pre>
844    
845     <p>
846 nightmorph 1.23 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
847     Its man page is an interesting read.
848 swift 1.1 </p>
849    
850     <pre caption="Run cupsaddsmb">
851     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
852     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
853     "export all known printers".)</comment>
854     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
855     </pre>
856    
857     <warn>
858 nightmorph 1.26 The execution of this command often causes the most trouble. Read through the
859     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
860     thread</uri> for some troubleshooting tips.
861 swift 1.1 </warn>
862    
863     <p>
864     Here are common errors that may happen:
865     </p>
866    
867     <ul>
868     <li>
869 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
870     (<c>PrintServer</c>) often does not resolve correctly and doesn't
871     identify the print server for CUPS/Samba interaction. If an error
872     like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
873     skipping!</b> occurs, the first thing you should do is substitute
874     <c>PrintServer</c> with <c>localhost</c> and try it again.
875 swift 1.1 </li>
876     <li>
877     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
878     is quite common, but can be triggered by many problems. It's unfortunately
879 swift 1.3 not very helpful. One thing to try is to temporarily set <c>security =
880     user</c> in your <path>smb.conf</path>. After/if the installation completes
881 swift 1.1 successfully, you should set it back to share, or whatever it was set to
882     before.
883     </li>
884     </ul>
885    
886     <p>
887     This should install the correct driver directory structure under
888     <path>/etc/samba/printer</path>. That would be
889     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
890     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
891     (the name which you gave the printer when installing it (see above).
892     </p>
893    
894     <p>
895     Pending no errors or other complications, your drivers are now
896     installed.
897     </p>
898    
899     </body>
900     </section>
901     <section>
902     <title>Finalizing our setup</title>
903     <body>
904    
905     <p>
906     Lastly, setup our directories.
907     </p>
908    
909     <pre caption="Final changes needed">
910     # <i>mkdir /home/samba</i>
911     # <i>mkdir /home/samba/public</i>
912     # <i>chmod 755 /home/samba</i>
913     # <i>chmod 755 /home/samba/public</i>
914     </pre>
915    
916     </body>
917     </section>
918     <section>
919     <title>Testing our Samba configuration</title>
920     <body>
921    
922     <p>
923     We will want to test our configuration file to ensure that it is formatted
924     properly and all of our options have at least the correct syntax. To do
925     this we run <c>testparm</c>.
926     </p>
927    
928     <pre caption="Running the testparm">
929     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
930     # <i>/usr/bin/testparm</i>
931     Load smb config files from /etc/samba/smb.conf
932     Processing section &quot;[printers]&quot;
933     Global parameter guest account found in service section!
934     Processing section &quot;[public]&quot;
935     Global parameter guest account found in service section!
936     Loaded services file OK.
937     Server role: ROLE_STANDALONE
938     Press enter to see a dump of your service definitions
939     ...
940     ...
941     </pre>
942    
943     </body>
944     </section>
945     <section>
946     <title>Starting the Samba service</title>
947     <body>
948    
949     <p>
950     Now configure Samba to start at bootup; then go ahead and start it.
951     </p>
952    
953     <pre caption="Setting up the Samba service">
954     # <i>rc-update add samba default</i>
955     # <i>/etc/init.d/samba start</i>
956     </pre>
957    
958     </body>
959     </section>
960     <section>
961     <title>Checking our services</title>
962     <body>
963    
964     <p>
965     It would probably be prudent to check our logs at this time also.
966     We will also want to take a peak at our Samba shares using
967     <c>smbclient</c>.
968     </p>
969    
970     <pre caption="Checking the shares with smbclient">
971     # <i>smbclient -L localhost</i>
972     Password:
973     <comment>(You should see a BIG list of services here.)</comment>
974     </pre>
975    
976     </body>
977     </section>
978     </chapter>
979 neysx 1.5
980 swift 1.1 <chapter>
981     <title>Configuration of the Clients</title>
982     <section>
983     <title>Printer configuration of *nix based clients</title>
984     <body>
985    
986     <p>
987 neysx 1.11 Despite the variation or distribution, the only thing needed is CUPS. Do the
988     equivalent on any other UNIX/Linux/BSD client.
989 swift 1.1 </p>
990    
991 neysx 1.5 <pre caption="Configuring a Gentoo system">
992 swift 1.1 # <i>emerge cups</i>
993 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
994     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
995 swift 1.1 </pre>
996    
997     <p>
998 neysx 1.11 That should be it. Nothing else will be needed.
999 swift 1.1 </p>
1000    
1001     <p>
1002 neysx 1.11 If you use only one printer, it will be your default printer. If your print
1003     server manages several printers, your administrator will have defined a default
1004     printer on the server. If you want to define a different default printer for
1005     yourself, use the <c>lpoptions</c> command.
1006 swift 1.1 </p>
1007    
1008 neysx 1.11 <pre caption="Setting your default printer">
1009     <comment>(List available printers)</comment>
1010     # <i>lpstat -a</i>
1011     <comment>(Sample output, yours will differ)</comment>
1012     HPDeskJet930C accepting requests since Jan 01 00:00
1013     laser accepting requests since Jan 01 00:00
1014     <comment>(Define HPDeskJet930C as your default printer)</comment>
1015     # <i>lpoptions -d HPDeskJet930C</i>
1016 swift 1.1 </pre>
1017    
1018 neysx 1.11 <pre caption="Printing in *nix">
1019     <comment>(Specify the printer to be used)</comment>
1020     # <i>lp -d HPDeskJet930C anything.txt</i>
1021     <comment>(Use your default printer)</comment>
1022     # <i>lp foobar.whatever.ps</i>
1023 swift 1.1 </pre>
1024    
1025     <p>
1026 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
1027     you want to manage your printers and their jobs with a nice web interface.
1028     Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1029     your print server, not the name you gave to the cups print server if you used
1030     different names.
1031 swift 1.1 </p>
1032    
1033     </body>
1034     </section>
1035     <section>
1036     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1037     <body>
1038    
1039     <p>
1040 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1041     all compiled at least one kernel, we'll need to make sure we have all the right
1042     options selected in our kernel. For simplicity sake, make it a module for ease
1043     of use. It is the author's opinion that kernel modules are a good thing and
1044     should be used whenever possible.
1045 swift 1.1 </p>
1046    
1047     <pre caption="Relevant kernel options" >
1048     CONFIG_SMB_FS=m
1049     CONFIG_SMB_UNIX=y
1050     </pre>
1051    
1052     <p>
1053     Then make the module/install it; insert them with:
1054     </p>
1055    
1056     <pre caption="Loading the kernel module">
1057     # <i>modprobe smbfs</i>
1058     </pre>
1059    
1060     <p>
1061     Once the modules is loaded, mounting a Windows or Samba share is
1062     possible. Use <c>mount</c> to accomplish this, as detailed below:
1063     </p>
1064    
1065     <pre caption="Mounting a Windows/Samba share">
1066     <comment>(The syntax for mounting a Windows/Samba share is:
1067     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1068     If we are not using passwords or a password is not needed)</comment>
1069    
1070     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1071    
1072     <comment>(If a password is needed)</comment>
1073     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1074     </pre>
1075    
1076     <p>
1077     After you mount the share, you would access it as if it were a local
1078     drive.
1079     </p>
1080    
1081     </body>
1082     </section>
1083     <section>
1084     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1085     <body>
1086    
1087     <p>
1088 swift 1.3 That's just a bit of point-and-click. Browse to
1089     <path>\\PrintServer</path> and right click on the printer
1090     (HPDeskJet930C) and click connect. This will download the drivers to
1091     the Windows client and now every application (such as Word or Acrobat)
1092     will offer HPDeskJet930C as an available printer to print to. :-)
1093 swift 1.1 </p>
1094    
1095     </body>
1096     </section>
1097     </chapter>
1098 neysx 1.5
1099 swift 1.1 <chapter>
1100     <title>Final Notes</title>
1101     <section>
1102     <title>A Fond Farewell</title>
1103     <body>
1104    
1105     <p>
1106     Well that should be it. You should now have a successful printing enviroment
1107     that is friendly to both Windows and *nix as well as a fully virus-free working
1108     share!
1109     </p>
1110    
1111     </body>
1112     </section>
1113     </chapter>
1114 neysx 1.5
1115 swift 1.1 <chapter>
1116     <title>Links and Resources</title>
1117     <section>
1118     <title>Links</title>
1119     <body>
1120    
1121     <p>
1122     These are some links that may help you in setting up, configuration and
1123     troubleshooting your installation:
1124     </p>
1125    
1126     <ul>
1127     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1128 nightmorph 1.27 <li>
1129     <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1130     link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1131     on Samba/CUPS configuration</uri>
1132     </li>
1133 swift 1.1 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1134     <li>
1135     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1136     Pfeifle's Samba Print HOWTO</uri> (
1137     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1138     I've written here, plus a LOT more concerning CUPS and Samba, and
1139     generally printing support on networks. A really interesting read,
1140     with lots and lots of details)
1141     </li>
1142     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1143     </ul>
1144    
1145     </body>
1146     </section>
1147     <section>
1148     <title>Troubleshooting</title>
1149     <body>
1150    
1151     <p>
1152     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1153     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1154     manual. Lots of useful tips there! Be sure to look this one up
1155     first, before posting questions and problems! Maybe the solution
1156     you're looking for is right there.
1157     </p>
1158    
1159     </body>
1160     </section>
1161     </chapter>
1162     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20