/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.29 - (hide annotations) (download) (as text)
Wed Jun 6 23:23:35 2007 UTC (6 years, 10 months ago) by nightmorph
Branch: MAIN
Changes since 1.28: +175 -188 lines
File MIME type: application/xml
proper guidexml coding style, linewrapping, typo fixes for correct english, and spacing fixes. no content change. just lots of little stuff all throughout the doc.

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 nightmorph 1.29 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.28 2007/06/06 22:42:25 nightmorph Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 neysx 1.21 <guide link="/doc/en/quick-samba-howto.xml">
5 swift 1.16 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 nightmorph 1.29 Setup, install and configure a Samba Server under Gentoo that shares files,
15     printers without the need to install drivers and provides automatic virus
16     scanning.
17 swift 1.1 </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 nightmorph 1.28 <version>1.17</version>
24     <date>2007-06-06</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33 nightmorph 1.29 This HOWTO is designed to help you move a network from many different clients
34     speaking different languages, to many different machines that speak a common
35     language. The ultimate goal is to help differing architectures and technologies,
36     come together in a productive, happily coexisting environment.
37 swift 1.1 </p>
38    
39     <p>
40 nightmorph 1.29 Following the directions outlined in this HOWTO should give you an excellent
41     step towards a peaceful cohabitation between Windows, and virtually all known
42     variations of *nix.
43 swift 1.1 </p>
44    
45     <p>
46 nightmorph 1.29 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
47     explore the functionality and power of the Gentoo system, portage and the
48     flexibility of USE flags. Like so many other projects, it was quickly discovered
49     what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
50     for Gentoo users. These users are more demanding than most; they require
51     performance, flexibility and customization. This does not however imply that
52     this HOWTO was not intended for other distributions; rather that it was designed
53     to work with a highly customized version of Samba.
54 swift 1.1 </p>
55    
56     <p>
57 nightmorph 1.29 This HOWTO will describe how to share files and printers between Windows PCs and
58     *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
59     feature of Samba to incorporate automatic virus protection. As a finale, it will
60     show you how to mount and manipulate shares.
61 swift 1.1 </p>
62    
63     <p>
64 nightmorph 1.29 There are a few topics that will be mentioned, but are out of the scope of this
65     HOWTO. These will be noted as they are presented.
66 swift 1.1 </p>
67    
68     <p>
69 nightmorph 1.29 This HOWTO is based on a compilation and merge of an excellent HOWTO provided in
70     the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff"
71     Ntaflos and the collected knowledge of Joshua Preston. The link to this
72     discussion is provided below for your reference:
73 swift 1.1 </p>
74    
75     <ul>
76     <li>
77     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
78     CUPS+Samba: printing from Windows &amp; Linux</uri>
79     </li>
80     </ul>
81    
82     </body>
83     </section>
84     <section>
85     <title>Before you use this guide</title>
86     <body>
87    
88     <p>
89 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
90 nightmorph 1.29 them as well, as they may tell you things left out of this HOWTO (intentional or
91     otherwise). One such document is the very useful and well written <uri
92 neysx 1.5 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
93     issues and specific printer setup is not discussed here.
94 swift 1.1 </p>
95    
96     </body>
97     </section>
98     <section>
99     <title>Brief Overview</title>
100     <body>
101    
102     <p>
103 nightmorph 1.29 After presenting the various USE flags, the following list will outline all of
104     the topics covered as they are presented:
105 swift 1.1 </p>
106    
107     <ul>
108     <li>On the Samba server:
109     <ul>
110 swift 1.16 <li>Install and configure ClamAV</li>
111 swift 1.1 <li>Install and configure Samba</li>
112     <li>Install and configure CUPS</li>
113     <li>Adding the printer to CUPS</li>
114     <li>Adding the PS drivers for the Windows clients</li>
115     </ul>
116     </li>
117     <li>On the Unix clients:
118     <ul>
119     <li>Install and configure CUPS</li>
120     <li>Configuring a default printer</li>
121     <li>Mounting a Windows or Samba share</li>
122     </ul>
123     </li>
124     <li>On the Windows Clients:
125     <ul>
126     <li>Configuring the printer</li>
127     <li>Accessing Samba shares</li>
128     </ul>
129     </li>
130     </ul>
131    
132     </body>
133     </section>
134     <section>
135     <title>Requirements</title>
136     <body>
137    
138     <p>
139     We will need the following:
140     </p>
141    
142     <ul>
143     <li>net-fs/samba</li>
144 swift 1.6 <li>app-antivirus/clamav</li>
145 swift 1.1 <li>net-print/cups</li>
146     <li>net-print/foomatic</li>
147 nightmorph 1.28 <li>net-print/hplip (if you have an HP printer)</li>
148     <li>A kernel of sorts (2.6)</li>
149 swift 1.1 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
150     <li>
151     A working network (home/office/etc) consisting of more than one machine)
152     </li>
153     </ul>
154    
155     <p>
156 nightmorph 1.29 The main package we use here is net-fs/samba, however, you will need a kernel
157     with smbfs support enabled in order to mount a samba or windows share from
158     another computer. CUPS will be emerged if it is not already.
159     app-antivirus/clamav will be used also, but others should be easily adapted to
160     work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
161 swift 1.17 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
162 swift 1.1 </p>
163    
164     </body>
165     </section>
166     </chapter>
167 neysx 1.5
168 swift 1.1 <chapter>
169     <title>Getting acquainted with Samba</title>
170     <section>
171     <title>The USE Flags</title>
172     <body>
173    
174     <p>
175 nightmorph 1.28 Before emerging anything, take a look at some of the various USE flags available
176     to Samba.
177 swift 1.1 </p>
178    
179     <pre caption="Samba uses the following USE Variables:">
180 nightmorph 1.28 kerberos acl cups ldap pam readline python oav
181 swift 1.1 </pre>
182    
183     <p>
184 nightmorph 1.29 Depending on the network topology and the specific requirements of the server,
185     the USE flags outlined below will define what to include or exclude from the
186     emerging of Samba.
187 swift 1.1 </p>
188    
189     <table>
190     <tr>
191     <th><b>USE flag</b></th>
192     <th>Description</th>
193     </tr>
194     <tr>
195     <th><b>kerberos</b></th>
196     <ti>
197     Include support for Kerberos. The server will need this if it is
198     intended to join an existing domain or Active Directory. See the note
199     below for more information.
200     </ti>
201     </tr>
202     <tr>
203     <th><b>acl</b></th>
204     <ti>
205     Enables Access Control Lists. The ACL support in Samba uses a patched
206     ext2/ext3, or SGI's XFS in order to function properly as it extends more
207     detailed access to files or directories; much more so than typical *nix
208     GID/UID schemas.
209     </ti>
210     </tr>
211     <tr>
212     <th><b>cups</b></th>
213     <ti>
214 nightmorph 1.29 This enables support for the Common Unix Printing System. This provides an
215     interface allowing local CUPS printers to be shared to other systems in the
216     network.
217 swift 1.1 </ti>
218     </tr>
219     <tr>
220     <th><b>ldap</b></th>
221     <ti>
222 nightmorph 1.29 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
223     expected to use Active Directory, this option must be used. This would be
224     used in the event Samba needs to login to or provide login to a
225     Domain/Active Directory Server. The kerberos USE flag is needed for proper
226     functioning of this option.
227 swift 1.1 </ti>
228     </tr>
229     <tr>
230     <th><b>pam</b></th>
231     <ti>
232 nightmorph 1.29 Include support for pluggable authentication modules (PAM). This provides
233     the ability to authenticate users on the Samba Server, which is required if
234     users have to login to your server. The kerberos USE flag is recommended
235     along with this option.
236 swift 1.1 </ti>
237     </tr>
238     <tr>
239     <th><b>readline</b></th>
240     <ti>
241 nightmorph 1.29 Link Samba against libreadline. This is highly recommended and should
242     probably not be disabled.
243 swift 1.1 </ti>
244     </tr>
245     <tr>
246     <th><b>python</b></th>
247     <ti>
248 nightmorph 1.29 Python bindings API. Provides an API that will allow Python to interface
249     with Samba.
250 swift 1.1 </ti>
251     </tr>
252     <tr>
253     <th><b>oav</b></th>
254     <ti>
255 nightmorph 1.29 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
256     Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
257     Symantec CarrierScan, and Trend Micro (VSAPI).
258 swift 1.1 </ti>
259     </tr>
260     </table>
261    
262     <p>
263     A couple of things worth mentioning about the USE flags and different
264     Samba functions include:
265     </p>
266    
267     <ul>
268     <li>
269     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
270     ACL kernel options for ext2 and/or ext3 will need to be enabled
271     (depending on which file system is being used - both can be enabled).
272     </li>
273     <li>
274     While Active Directory, ACL, and PDC functions are out of the intended
275     scope of this HOWTO, you may find these links as helpful to your cause:
276     <ul>
277     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
278     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
279     </ul>
280     </li>
281     </ul>
282    
283     </body>
284     </section>
285     </chapter>
286 neysx 1.5
287 swift 1.1 <chapter>
288     <title>Server Software Installation</title>
289     <section>
290     <title>Emerging Samba</title>
291     <body>
292    
293     <p>
294 nightmorph 1.29 First of all: be sure that all your hostnames resolve correctly. Either have a
295     working domain name system running on your network or appropriate entries in
296     your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
297     don't point to the correct machines.
298 swift 1.1 </p>
299    
300     <p>
301 nightmorph 1.29 Hopefully now you can make an assessment of what you'll actually need in order
302     to use Samba with your particular setup. The setup used for this HOWTO is:
303 swift 1.1 </p>
304    
305     <ul>
306     <li>oav</li>
307     <li>cups</li>
308     <li>readline</li>
309     <li>pam</li>
310     </ul>
311    
312     <p>
313 nightmorph 1.29 To optimize performance, size and the time of the build, the USE flags are
314     specifically included or excluded.
315 swift 1.1 </p>
316    
317     <pre caption="Emerge Samba">
318 swift 1.17 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
319     # <i>emerge net-fs/samba</i>
320 swift 1.1 </pre>
321    
322     <note>
323 nightmorph 1.29 The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
324 swift 1.1 ppc, sparc, hppa, ia64 and alpha
325     </note>
326    
327     <p>
328     This will emerge Samba and CUPS (if CUPS is not already emerged).
329     </p>
330    
331     </body>
332     </section>
333     <section>
334 swift 1.16 <title>Emerging ClamAV</title>
335 swift 1.1 <body>
336    
337     <p>
338 nightmorph 1.29 Because the <e>oav</e> USE flag only provides an interface to allow on access
339     virus scanning, the actual virus scanner must be emerged. The scanner used in
340     this HOWTO is ClamAV.
341 swift 1.1 </p>
342    
343 swift 1.16 <pre caption="Emerge Clamav">
344 swift 1.6 # <i>emerge app-antivirus/clamav</i>
345 swift 1.1 </pre>
346    
347     </body>
348     </section>
349     <section>
350     <title>Emerging foomatic</title>
351     <body>
352    
353     <pre caption="Emerge foomatic">
354     # <i>emerge net-print/foomatic</i>
355     </pre>
356    
357     </body>
358     </section>
359     <section>
360 nightmorph 1.28 <title>Emerging net-print/hplip</title>
361 swift 1.1 <body>
362    
363     <p>
364     You only need to emerge this if you use an HP printer.
365     </p>
366    
367 nightmorph 1.28 <pre caption="Emerge hplip">
368     # <i>emerge net-print/hplip</i>
369 swift 1.1 </pre>
370    
371     </body>
372     </section>
373     </chapter>
374 neysx 1.5
375 swift 1.1 <chapter>
376     <title>Server Configuration</title>
377     <section>
378     <title>Configuring Samba</title>
379     <body>
380    
381     <p>
382 nightmorph 1.29 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
383     divided in sections indicated by [sectionname]. Comments are either
384     # or ;. A sample <path>smb.conf</path> is included below with comments and
385     suggestions for modifications. If more details are required, see the man page
386     for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
387     Samba Web site or any of the numerous Samba books available.
388 swift 1.1 </p>
389    
390     <pre caption="A Sample /etc/samba/smb.conf">
391     [global]
392     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
393     workgroup = <comment>MYWORKGROUPNAME</comment>
394     <comment># Of course this has no REAL purpose other than letting
395 neysx 1.15 # everyone knows it's not Windows!
396 swift 1.1 # %v prints the version of Samba we are using.</comment>
397     server string = Samba Server %v
398     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
399     printcap name = cups
400     printing = cups
401     load printers = yes
402     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
403     log file = /var/log/samba/log.%m
404     max log size = 50
405     <comment># We are going to set some options for our interfaces...</comment>
406     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
407     <comment># This is a good idea, what we are doing is binding the
408     # samba server to our local network.
409     # For example, if eth0 is our local network device</comment>
410     interfaces = lo <i>eth0</i>
411     bind interfaces only = yes
412     <comment># Now we are going to specify who we allow, we are afterall
413     # very security conscience, since this configuration does
414     # not use passwords!</comment>
415     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
416     hosts deny = 0.0.0.0/0
417     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
418     # The default is user</comment>
419     security = share
420     <comment># No passwords, so we're going to use a guest account!</comment>
421     guest account = samba
422     guest ok = yes
423     <comment># We now will implement the on access virus scanner.
424     # NOTE: By putting this in our [Global] section, we enable
425     # scanning of ALL shares, you could optionally move
426     # these to a specific share and only scan it.</comment>
427 swift 1.8
428 swift 1.16 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
429 swift 1.8 vfs object = vscan-clamav
430     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
431    
432 swift 1.1 <comment># Now we setup our print drivers information!</comment>
433     [print$]
434     comment = Printer Drivers
435     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
436 swift 1.10 guest ok = yes
437 swift 1.1 browseable = yes
438     read only = yes
439     <comment># Modify this to "username,root" if you don't want root to
440     # be the only printer admin)</comment>
441     write list = <i>root</i>
442    
443     <comment># Now we'll setup a printer to share, while the name is arbitrary
444     # it should be consistent throughout Samba and CUPS!</comment>
445     [HPDeskJet930C]
446     comment = HP DeskJet 930C Network Printer
447     printable = yes
448     path = /var/spool/samba
449     public = yes
450     guest ok = yes
451     <comment># Modify this to "username,root" if you don't want root to
452     # be the only printer admin)</comment>
453     printer admin = <i>root</i>
454    
455     <comment># Now we setup our printers share. This should be
456     # browseable, printable, public.</comment>
457     [printers]
458     comment = All Printers
459 swift 1.10 browseable = no
460 swift 1.1 printable = yes
461 swift 1.10 writable = no
462 swift 1.1 public = yes
463     guest ok = yes
464     path = /var/spool/samba
465     <comment># Modify this to "username,root" if you don't want root to
466     # be the only printer admin)</comment>
467     printer admin = <i>root</i>
468    
469     <comment># We create a new share that we can read/write to from anywhere
470     # This is kind of like a public temp share, anyone can do what
471     # they want here.</comment>
472     [public]
473     comment = Public Files
474     browseable = yes
475     public = yes
476     create mode = 0766
477     guest ok = yes
478     path = /home/samba/public
479     </pre>
480    
481 swift 1.3 <warn>
482 nightmorph 1.29 If you like to use Samba's guest account to do anything concerning printing from
483     Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
484     section. The guest account seems to cause problems when running
485     <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
486     below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
487     arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
488     or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
489     from a lot of problems.
490 swift 1.3 </warn>
491 swift 1.1
492 swift 1.16 <warn>
493     Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
494     down the performance of your Samba server dramatically.
495     </warn>
496    
497 swift 1.1 <p>
498 nightmorph 1.29 Now create the directories required for the minimum configuration of Samba to
499     share the installed printer throughout the network.
500 swift 1.1 </p>
501    
502     <pre caption="Create the directories">
503     # <i>mkdir /etc/samba/printer</i>
504     # <i>mkdir /var/spool/samba</i>
505     # <i>mkdir /home/samba/public</i>
506     </pre>
507    
508     <p>
509 nightmorph 1.29 At least one Samba user is required in order to install the printer drivers and
510     to allow users to connect to the printer. Users must exist in the system's
511     <path>/etc/passwd</path> file.
512 swift 1.1 </p>
513    
514     <pre caption="Creating the users">
515     # <i>smbpasswd -a root</i>
516    
517     <comment>(If another user is to be a printer admin)</comment>
518     # <i>smbpasswd -a username</i>
519     </pre>
520    
521     <p>
522     The Samba passwords need not be the same as the system passwords
523     in <path>/etc/passwd</path>.
524     </p>
525    
526 swift 1.9 <p>
527     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
528     systems can be found easily using NetBIOS:
529     </p>
530    
531     <pre caption="Editing /etc/nsswitch.conf">
532     # <i>nano -w /etc/nsswitch.conf</i>
533     <comment>(Edit the hosts: line)</comment>
534     hosts: files dns <i>wins</i>
535     </pre>
536    
537 swift 1.1 </body>
538     </section>
539     <section>
540 swift 1.16 <title>Configuring ClamAV</title>
541 swift 1.1 <body>
542    
543     <p>
544 nightmorph 1.29 The configuration file specified to be used in <path>smb.conf</path> is
545     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
546     defaults, the infected file action may need to be changed.
547 swift 1.1 </p>
548    
549     <pre caption="/etc/samba/vscan-clamav.conf">
550     [samba-vscan]
551     <comment>; run-time configuration for vscan-samba using
552     ; clamd
553     ; all options are set to default values</comment>
554    
555     <comment>; do not scan files larger than X bytes. If set to 0 (default),
556     ; this feature is disable (i.e. all files are scanned)</comment>
557     max file size = 0
558    
559     <comment>; log all file access (yes/no). If set to yes, every access will
560     ; be logged. If set to no (default), only access to infected files
561     ; will be logged</comment>
562     verbose file logging = no
563    
564     <comment>; if set to yes (default), a file will be scanned while opening</comment>
565     scan on open = yes
566     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
567     scan on close = yes
568    
569     <comment>; if communication to clamd fails, should access to file denied?
570     ; (default: yes)</comment>
571     deny access on error = yes
572    
573 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
574 swift 1.1 ; should access to file denied?
575     ; (default: yes)</comment>
576     deny access on minor error = yes
577    
578     <comment>; send a warning message via Windows Messenger service
579     ; when virus is found?
580     ; (default: yes)</comment>
581     send warning message = yes
582    
583     <comment>; what to do with an infected file
584     ; quarantine: try to move to quantine directory; delete it if moving fails
585     ; delete: delete infected file
586     ; nothing: do nothing</comment>
587     infected file action = <comment>delete</comment>
588    
589     <comment>; where to put infected files - you really want to change this!
590     ; it has to be on the same physical device as the share!</comment>
591     quarantine directory = /tmp
592     <comment>; prefix for files in quarantine</comment>
593     quarantine prefix = vir-
594    
595     <comment>; as Windows tries to open a file multiple time in a (very) short time
596     ; of period, samba-vscan use a last recently used file mechanism to avoid
597     ; multiple scans of a file. This setting specified the maximum number of
598     ; elements of the last recently used file list. (default: 100)</comment>
599     max lru files entries = 100
600    
601 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
602 swift 1.1 ; (Default: 5)</comment>
603     lru file entry lifetime = 5
604    
605     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
606 swift 1.16 clamd socket name = /tmp/clamd
607    
608     <comment>; port number the ScannerDaemon listens on</comment>
609     oav port = 8127
610 swift 1.1 </pre>
611    
612     <p>
613 nightmorph 1.29 It is generally a good idea to start the virus scanner immediately. Add it to
614     the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
615     The service has two processes: freshclam keeps the virus definition database up
616     to date while clamd is the actual anti-virus daemon. First you may want to set
617     the paths of the logfiles so that it fits your needs.
618 swift 1.16 </p>
619    
620     <pre caption="Checking the location of the logfiles">
621     # <i>vim /etc/clamd.conf</i>
622     <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
623     # <i>vim /etc/freshclam.conf</i>
624     <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
625     # <i>vim /etc/conf.d/clamd</i>
626     <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
627     </pre>
628    
629     <p>
630     Now fire up the virus scanner.
631 swift 1.1 </p>
632    
633     <pre caption="Add clamd to bootup and start it">
634     # <i>rc-update add clamd default</i>
635     # <i>/etc/init.d/clamd start</i>
636     </pre>
637    
638     </body>
639     </section>
640     <section>
641     <title>Configuring CUPS</title>
642     <body>
643    
644     <p>
645 nightmorph 1.29 This is a little more complicated. CUPS' main config file is
646     <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
647     <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
648     example are the directives that need to be changed:
649 swift 1.1 </p>
650    
651     <pre caption="/etc/cups/cupsd.conf">
652     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
653 flammie 1.25 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
654 swift 1.1
655     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
656     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
657    
658     LogLevel debug <comment># only while isntalling and testing, should later be
659 neysx 1.20 # changed to 'info'</comment>
660 swift 1.1
661     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
662     # there seemed to be a bug in CUPS' controlling of the web interface,
663     # making CUPS think a denial of service attack was in progress when
664     # I tried to configure a printer with the web interface. weird.</comment>
665    
666     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
667    
668     &lt;Location /&gt;
669     Order Deny,Allow
670     Deny From All
671     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
672 flammie 1.25 # e.g. 192.168.1.* will allow connections from any host on
673 swift 1.1 # the 192.168.1.0 network. change to whatever suits you</comment>
674     &lt;/Location&gt;
675    
676     &lt;Location /admin&gt;
677     AuthType Basic
678     AuthClass System
679     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
680     # 192.168.1.0 network to connect and do
681     # administrative tasks after authenticating</comment>
682     Order Deny,Allow
683     Deny From All
684     &lt;/Location&gt;
685     </pre>
686    
687     <p>
688     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
689 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
690     needed to make CUPS print Microsoft Office document files.
691 swift 1.1 </p>
692    
693     <pre caption="/etc/cups/mime.convs">
694     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
695     application/octet-stream application/vnd.cups-raw 0
696     </pre>
697    
698     <p>
699 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
700 swift 1.1 </p>
701    
702     <pre caption="/etc/cups/mime.types">
703     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
704     application/octet-stream
705     </pre>
706    
707     <p>
708     CUPS needs to be started on boot, and started immediately.
709     </p>
710    
711     <pre caption="Setting up the CUPS service" >
712     <comment>(To start CUPS on boot)</comment>
713     # <i>rc-update add cupsd default</i>
714 neysx 1.14 <comment>(To start or restart CUPS now)</comment>
715 swift 1.1 # <i>/etc/init.d/cupsd restart</i>
716     </pre>
717    
718     </body>
719     </section>
720     <section>
721     <title>Installing a printer for and with CUPS</title>
722     <body>
723    
724     <p>
725 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
726     find and download the correct PPD file for your printer and CUPS. To do so,
727     click the link Printer Listings to the left. Select your printers manufacturer
728 flammie 1.25 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
729 nightmorph 1.29 the page coming up click the "recommended driver" link after reading the various
730     notes and information. Then fetch the PPD file from the next page, again after
731     reading the notes and introductions there. You may have to select your printers
732     manufacturer and model again. Reading the <uri
733     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
734     also very helpful when working with CUPS.
735 swift 1.1 </p>
736    
737     <p>
738 nightmorph 1.29 Now you have a PPD file for your printer to work with CUPS. Place it in
739     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
740     <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
741     This can be done via the CUPS web interface or via command line. The web
742 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
743 swift 1.1 </p>
744    
745     <pre caption="Install the printer via command line">
746     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
747 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
748 swift 1.1 </pre>
749    
750     <p>
751 nightmorph 1.29 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
752     argument) right (the name you set above during the Samba configuration!) and to
753     put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
754     whatever device you are using for your printer.
755 swift 1.1 </p>
756    
757     <p>
758 nightmorph 1.29 You should now be able to access the printer from the web interface and be able
759     to print a test page.
760 swift 1.1 </p>
761    
762     </body>
763     </section>
764     <section>
765     <title>Installing the Windows printer drivers</title>
766     <body>
767    
768     <p>
769 nightmorph 1.29 Now that the printer should be working it is time to install the drivers for the
770     Windows clients to work. Samba 2.2 introduced this functionality. Browsing to
771     the print server in the Network Neighbourhood, right-clicking on the
772     printershare and selecting "connect" downloads the appropriate drivers
773     automagically to the connecting client, avoiding the hassle of manually
774     installing printer drivers locally.
775 swift 1.1 </p>
776    
777     <p>
778 nightmorph 1.26 There are two sets of printer drivers for this. First, the Adobe PS drivers
779     which can be obtained from <uri
780     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
781     printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
782     link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
783     There doesn't seem to be a difference between the functionality of the two, but
784     the Adobe PS drivers need to be extracted on a Windows System since it's a
785     Windows binary. Also the whole procedure of finding and copying the correct
786     files is a bit more hassle. The CUPS drivers seem to support some options the
787     Adobe drivers don't.
788     </p>
789     <!--
790     used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
791     available. at some point, we should update this for 6.0.
792     -->
793 swift 1.1
794     <p>
795     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
796     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
797     contained into a directory.
798     </p>
799    
800     <pre caption="Extract the drivers and run the install">
801     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
802     # <i>cd cups-samba-5.0rc2</i>
803     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
804     # <i>./cups-samba.install</i>
805     </pre>
806    
807     <p>
808 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
809     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
810     <path>cupsui5.dll</path>. These are the actual driver files.
811 swift 1.1 </p>
812    
813     <warn>
814 flammie 1.25 The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
815 nightmorph 1.29 because almost everything which is not part of the base system is installed
816     somewhere under the prefix <path>/usr/local/</path>. This seems not to be the
817     case for most things you install under GNU/Linux. However, if your CUPS
818     installation is somewhere other than <path>/usr/share/cups/</path> see the
819     example below.
820 swift 1.1 </warn>
821    
822     <p>
823 nightmorph 1.29 Suppose your CUPS installation resides under
824     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
825 swift 1.1 Do the following:
826     </p>
827    
828     <pre caption="Manually installing the drivers">
829     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
830     # <i>tar -xf cups-samba.ss</i>
831     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
832     # <i>cd usr/share/cups/drivers</i>
833     <comment>(no leading / !)</comment>
834     # <i>cp cups* /usr/local/share/cups/drivers</i>
835 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
836 swift 1.1 </pre>
837    
838     <p>
839 nightmorph 1.23 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840     Its man page is an interesting read.
841 swift 1.1 </p>
842    
843     <pre caption="Run cupsaddsmb">
844     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
846     "export all known printers".)</comment>
847     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
848     </pre>
849    
850     <warn>
851 nightmorph 1.26 The execution of this command often causes the most trouble. Read through the
852     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
853     thread</uri> for some troubleshooting tips.
854 swift 1.1 </warn>
855    
856     <p>
857     Here are common errors that may happen:
858     </p>
859    
860     <ul>
861     <li>
862 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
863 nightmorph 1.29 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
864     the print server for CUPS/Samba interaction. If an error like: <b>Warning:
865     No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
866     first thing you should do is substitute <c>PrintServer</c> with
867     <c>localhost</c> and try it again.
868 swift 1.1 </li>
869     <li>
870 nightmorph 1.29 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
871     is quite common, but can be triggered by many problems. It's unfortunately
872     not very helpful. One thing to try is to temporarily set <c>security =
873     user</c> in your <path>smb.conf</path>. After/if the installation completes
874     successfully, you should set it back to share, or whatever it was set to
875 swift 1.1 before.
876     </li>
877     </ul>
878    
879     <p>
880 nightmorph 1.29 This should install the correct driver directory structure under
881     <path>/etc/samba/printer</path>. That would be
882     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
883     driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
884     name which you gave the printer when installing it (see above).
885 swift 1.1 </p>
886    
887     <p>
888 nightmorph 1.29 Pending no errors or other complications, your drivers are now installed.
889 swift 1.1 </p>
890    
891     </body>
892     </section>
893     <section>
894     <title>Finalizing our setup</title>
895     <body>
896    
897     <p>
898     Lastly, setup our directories.
899     </p>
900    
901     <pre caption="Final changes needed">
902     # <i>mkdir /home/samba</i>
903     # <i>mkdir /home/samba/public</i>
904     # <i>chmod 755 /home/samba</i>
905     # <i>chmod 755 /home/samba/public</i>
906     </pre>
907    
908     </body>
909     </section>
910     <section>
911     <title>Testing our Samba configuration</title>
912     <body>
913    
914     <p>
915     We will want to test our configuration file to ensure that it is formatted
916 nightmorph 1.29 properly and all of our options have at least the correct syntax. To do this we
917     run <c>testparm</c>.
918 swift 1.1 </p>
919    
920     <pre caption="Running the testparm">
921     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
922     # <i>/usr/bin/testparm</i>
923     Load smb config files from /etc/samba/smb.conf
924     Processing section &quot;[printers]&quot;
925     Global parameter guest account found in service section!
926     Processing section &quot;[public]&quot;
927     Global parameter guest account found in service section!
928     Loaded services file OK.
929     Server role: ROLE_STANDALONE
930     Press enter to see a dump of your service definitions
931     ...
932     ...
933     </pre>
934    
935     </body>
936     </section>
937     <section>
938     <title>Starting the Samba service</title>
939     <body>
940    
941     <p>
942     Now configure Samba to start at bootup; then go ahead and start it.
943     </p>
944    
945     <pre caption="Setting up the Samba service">
946     # <i>rc-update add samba default</i>
947     # <i>/etc/init.d/samba start</i>
948     </pre>
949    
950     </body>
951     </section>
952     <section>
953     <title>Checking our services</title>
954     <body>
955    
956     <p>
957 nightmorph 1.29 It would probably be prudent to check our logs at this time also. We will also
958     want to take a peak at our Samba shares using <c>smbclient</c>.
959 swift 1.1 </p>
960    
961     <pre caption="Checking the shares with smbclient">
962     # <i>smbclient -L localhost</i>
963     Password:
964     <comment>(You should see a BIG list of services here.)</comment>
965     </pre>
966    
967     </body>
968     </section>
969     </chapter>
970 neysx 1.5
971 swift 1.1 <chapter>
972     <title>Configuration of the Clients</title>
973     <section>
974     <title>Printer configuration of *nix based clients</title>
975     <body>
976    
977     <p>
978 nightmorph 1.29 Despite the variation or distribution, the only thing needed is CUPS. Do the
979 neysx 1.11 equivalent on any other UNIX/Linux/BSD client.
980 swift 1.1 </p>
981    
982 neysx 1.5 <pre caption="Configuring a Gentoo system">
983 swift 1.1 # <i>emerge cups</i>
984 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
985     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
986 swift 1.1 </pre>
987    
988     <p>
989 neysx 1.11 That should be it. Nothing else will be needed.
990 swift 1.1 </p>
991    
992     <p>
993 neysx 1.11 If you use only one printer, it will be your default printer. If your print
994     server manages several printers, your administrator will have defined a default
995     printer on the server. If you want to define a different default printer for
996     yourself, use the <c>lpoptions</c> command.
997 swift 1.1 </p>
998    
999 neysx 1.11 <pre caption="Setting your default printer">
1000     <comment>(List available printers)</comment>
1001     # <i>lpstat -a</i>
1002     <comment>(Sample output, yours will differ)</comment>
1003     HPDeskJet930C accepting requests since Jan 01 00:00
1004     laser accepting requests since Jan 01 00:00
1005     <comment>(Define HPDeskJet930C as your default printer)</comment>
1006     # <i>lpoptions -d HPDeskJet930C</i>
1007 swift 1.1 </pre>
1008    
1009 neysx 1.11 <pre caption="Printing in *nix">
1010     <comment>(Specify the printer to be used)</comment>
1011     # <i>lp -d HPDeskJet930C anything.txt</i>
1012     <comment>(Use your default printer)</comment>
1013     # <i>lp foobar.whatever.ps</i>
1014 swift 1.1 </pre>
1015    
1016     <p>
1017 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
1018     you want to manage your printers and their jobs with a nice web interface.
1019 nightmorph 1.29 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
1020     print server, not the name you gave to the cups print server if you used
1021 neysx 1.11 different names.
1022 swift 1.1 </p>
1023    
1024     </body>
1025     </section>
1026     <section>
1027     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1028     <body>
1029    
1030     <p>
1031 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1032     all compiled at least one kernel, we'll need to make sure we have all the right
1033 nightmorph 1.29 options selected in our kernel. For simplicity's sake, make it a module for ease
1034     of use. It is the author's opinion that kernel modules are a good thing and
1035 neysx 1.5 should be used whenever possible.
1036 swift 1.1 </p>
1037    
1038     <pre caption="Relevant kernel options" >
1039     CONFIG_SMB_FS=m
1040     CONFIG_SMB_UNIX=y
1041     </pre>
1042    
1043     <p>
1044     Then make the module/install it; insert them with:
1045     </p>
1046    
1047     <pre caption="Loading the kernel module">
1048     # <i>modprobe smbfs</i>
1049     </pre>
1050    
1051     <p>
1052 nightmorph 1.29 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1053     <c>mount</c> to accomplish this, as detailed below:
1054 swift 1.1 </p>
1055    
1056     <pre caption="Mounting a Windows/Samba share">
1057     <comment>(The syntax for mounting a Windows/Samba share is:
1058     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1059     If we are not using passwords or a password is not needed)</comment>
1060    
1061     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1062    
1063     <comment>(If a password is needed)</comment>
1064     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1065     </pre>
1066    
1067     <p>
1068 nightmorph 1.29 After you mount the share, you would access it as if it were a local drive.
1069 swift 1.1 </p>
1070    
1071     </body>
1072     </section>
1073     <section>
1074     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1075     <body>
1076    
1077     <p>
1078 nightmorph 1.29 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1079     right click on the printer (HPDeskJet930C) and click connect. This will download
1080     the drivers to the Windows client and now every application (such as Word or
1081     Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1082 swift 1.1 </p>
1083    
1084     </body>
1085     </section>
1086     </chapter>
1087 neysx 1.5
1088 swift 1.1 <chapter>
1089     <title>Final Notes</title>
1090     <section>
1091     <title>A Fond Farewell</title>
1092     <body>
1093    
1094     <p>
1095 nightmorph 1.29 That should be it. You should now have a successful printing enviroment that is
1096     friendly to both Windows and *nix as well as a fully virus-free working share!
1097 swift 1.1 </p>
1098    
1099     </body>
1100     </section>
1101     </chapter>
1102 neysx 1.5
1103 swift 1.1 <chapter>
1104     <title>Links and Resources</title>
1105     <section>
1106     <title>Links</title>
1107     <body>
1108    
1109     <p>
1110     These are some links that may help you in setting up, configuration and
1111     troubleshooting your installation:
1112     </p>
1113    
1114     <ul>
1115     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1116 nightmorph 1.27 <li>
1117     <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1118     link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1119     on Samba/CUPS configuration</uri>
1120     </li>
1121 swift 1.1 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1122     <li>
1123     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1124 nightmorph 1.29 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1125     and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1126     Samba, and generally printing support on networks. A really interesting
1127     read, with lots and lots of details.)
1128 swift 1.1 </li>
1129     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1130     </ul>
1131    
1132     </body>
1133     </section>
1134     <section>
1135     <title>Troubleshooting</title>
1136     <body>
1137    
1138     <p>
1139 nightmorph 1.29 See <uri
1140     link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1141     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1142     useful tips there! Be sure to look this one up first, before posting questions
1143     and problems! Maybe the solution you're looking for is right there.
1144 swift 1.1 </p>
1145    
1146     </body>
1147     </section>
1148     </chapter>
1149     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20