/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.35 - (hide annotations) (download) (as text)
Sun Oct 14 19:10:05 2007 UTC (6 years, 8 months ago) by nightmorph
Branch: MAIN
Changes since 1.34: +9 -7 lines
File MIME type: application/xml
additional clarification and reworked instructions for bug 195844

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 nightmorph 1.35 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.34 2007/09/15 16:47:56 swift Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 neysx 1.21 <guide link="/doc/en/quick-samba-howto.xml">
5 swift 1.16 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12 nightmorph 1.30 <author title="Editor">
13     <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
14     </author>
15 swift 1.1
16     <abstract>
17 nightmorph 1.29 Setup, install and configure a Samba Server under Gentoo that shares files,
18     printers without the need to install drivers and provides automatic virus
19     scanning.
20 swift 1.1 </abstract>
21    
22     <!-- The content of this document is licensed under the CC-BY-SA license -->
23     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
24     <license/>
25    
26 nightmorph 1.35 <version>1.22</version>
27     <date>2007-10-14</date>
28 swift 1.1
29     <chapter>
30     <title>Introduction to this HOWTO</title>
31     <section>
32     <title>Purpose</title>
33     <body>
34    
35     <p>
36 nightmorph 1.29 This HOWTO is designed to help you move a network from many different clients
37     speaking different languages, to many different machines that speak a common
38     language. The ultimate goal is to help differing architectures and technologies,
39     come together in a productive, happily coexisting environment.
40 swift 1.1 </p>
41    
42     <p>
43 nightmorph 1.29 Following the directions outlined in this HOWTO should give you an excellent
44     step towards a peaceful cohabitation between Windows, and virtually all known
45     variations of *nix.
46 swift 1.1 </p>
47    
48     <p>
49 nightmorph 1.29 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
50     explore the functionality and power of the Gentoo system, portage and the
51     flexibility of USE flags. Like so many other projects, it was quickly discovered
52     what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
53     for Gentoo users. These users are more demanding than most; they require
54     performance, flexibility and customization. This does not however imply that
55     this HOWTO was not intended for other distributions; rather that it was designed
56     to work with a highly customized version of Samba.
57 swift 1.1 </p>
58    
59     <p>
60 nightmorph 1.29 This HOWTO will describe how to share files and printers between Windows PCs and
61     *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
62     feature of Samba to incorporate automatic virus protection. As a finale, it will
63     show you how to mount and manipulate shares.
64 swift 1.1 </p>
65    
66     <p>
67 nightmorph 1.29 There are a few topics that will be mentioned, but are out of the scope of this
68     HOWTO. These will be noted as they are presented.
69 swift 1.1 </p>
70    
71     <p>
72 nightmorph 1.29 This HOWTO is based on a compilation and merge of an excellent HOWTO provided in
73     the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff"
74     Ntaflos and the collected knowledge of Joshua Preston. The link to this
75     discussion is provided below for your reference:
76 swift 1.1 </p>
77    
78     <ul>
79     <li>
80     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
81     CUPS+Samba: printing from Windows &amp; Linux</uri>
82     </li>
83     </ul>
84    
85     </body>
86     </section>
87     <section>
88     <title>Before you use this guide</title>
89     <body>
90    
91     <p>
92 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
93 nightmorph 1.29 them as well, as they may tell you things left out of this HOWTO (intentional or
94     otherwise). One such document is the very useful and well written <uri
95 neysx 1.5 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
96     issues and specific printer setup is not discussed here.
97 swift 1.1 </p>
98    
99     </body>
100     </section>
101     <section>
102     <title>Brief Overview</title>
103     <body>
104    
105     <p>
106 nightmorph 1.29 After presenting the various USE flags, the following list will outline all of
107     the topics covered as they are presented:
108 swift 1.1 </p>
109    
110     <ul>
111     <li>On the Samba server:
112     <ul>
113 swift 1.16 <li>Install and configure ClamAV</li>
114 swift 1.1 <li>Install and configure Samba</li>
115     <li>Install and configure CUPS</li>
116     <li>Adding the printer to CUPS</li>
117     <li>Adding the PS drivers for the Windows clients</li>
118     </ul>
119     </li>
120     <li>On the Unix clients:
121     <ul>
122     <li>Install and configure CUPS</li>
123     <li>Configuring a default printer</li>
124     <li>Mounting a Windows or Samba share</li>
125     </ul>
126     </li>
127     <li>On the Windows Clients:
128     <ul>
129     <li>Configuring the printer</li>
130     <li>Accessing Samba shares</li>
131     </ul>
132     </li>
133     </ul>
134    
135     </body>
136     </section>
137     <section>
138     <title>Requirements</title>
139     <body>
140    
141     <p>
142     We will need the following:
143     </p>
144    
145     <ul>
146     <li>net-fs/samba</li>
147 swift 1.6 <li>app-antivirus/clamav</li>
148 swift 1.1 <li>net-print/cups</li>
149     <li>net-print/foomatic</li>
150 nightmorph 1.28 <li>net-print/hplip (if you have an HP printer)</li>
151     <li>A kernel of sorts (2.6)</li>
152 swift 1.1 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
153     <li>
154     A working network (home/office/etc) consisting of more than one machine)
155     </li>
156     </ul>
157    
158     <p>
159 nightmorph 1.29 The main package we use here is net-fs/samba, however, you will need a kernel
160 nightmorph 1.31 with cifs support enabled in order to mount a samba or windows share from
161 nightmorph 1.29 another computer. CUPS will be emerged if it is not already.
162     app-antivirus/clamav will be used also, but others should be easily adapted to
163     work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
164 swift 1.17 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
165 swift 1.1 </p>
166    
167     </body>
168     </section>
169     </chapter>
170 neysx 1.5
171 swift 1.1 <chapter>
172     <title>Getting acquainted with Samba</title>
173     <section>
174     <title>The USE Flags</title>
175     <body>
176    
177     <p>
178 nightmorph 1.28 Before emerging anything, take a look at some of the various USE flags available
179     to Samba.
180 swift 1.1 </p>
181    
182     <pre caption="Samba uses the following USE Variables:">
183 nightmorph 1.28 kerberos acl cups ldap pam readline python oav
184 swift 1.1 </pre>
185    
186     <p>
187 nightmorph 1.29 Depending on the network topology and the specific requirements of the server,
188     the USE flags outlined below will define what to include or exclude from the
189     emerging of Samba.
190 swift 1.1 </p>
191    
192     <table>
193     <tr>
194     <th><b>USE flag</b></th>
195     <th>Description</th>
196     </tr>
197     <tr>
198     <th><b>kerberos</b></th>
199     <ti>
200     Include support for Kerberos. The server will need this if it is
201     intended to join an existing domain or Active Directory. See the note
202     below for more information.
203     </ti>
204     </tr>
205     <tr>
206     <th><b>acl</b></th>
207     <ti>
208     Enables Access Control Lists. The ACL support in Samba uses a patched
209     ext2/ext3, or SGI's XFS in order to function properly as it extends more
210     detailed access to files or directories; much more so than typical *nix
211     GID/UID schemas.
212     </ti>
213     </tr>
214     <tr>
215     <th><b>cups</b></th>
216     <ti>
217 nightmorph 1.29 This enables support for the Common Unix Printing System. This provides an
218     interface allowing local CUPS printers to be shared to other systems in the
219     network.
220 swift 1.1 </ti>
221     </tr>
222     <tr>
223     <th><b>ldap</b></th>
224     <ti>
225 nightmorph 1.29 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
226     expected to use Active Directory, this option must be used. This would be
227     used in the event Samba needs to login to or provide login to a
228     Domain/Active Directory Server. The kerberos USE flag is needed for proper
229     functioning of this option.
230 swift 1.1 </ti>
231     </tr>
232     <tr>
233     <th><b>pam</b></th>
234     <ti>
235 nightmorph 1.29 Include support for pluggable authentication modules (PAM). This provides
236     the ability to authenticate users on the Samba Server, which is required if
237     users have to login to your server. The kerberos USE flag is recommended
238     along with this option.
239 swift 1.1 </ti>
240     </tr>
241     <tr>
242     <th><b>readline</b></th>
243     <ti>
244 nightmorph 1.29 Link Samba against libreadline. This is highly recommended and should
245     probably not be disabled.
246 swift 1.1 </ti>
247     </tr>
248     <tr>
249     <th><b>python</b></th>
250     <ti>
251 nightmorph 1.29 Python bindings API. Provides an API that will allow Python to interface
252     with Samba.
253 swift 1.1 </ti>
254     </tr>
255     <tr>
256     <th><b>oav</b></th>
257     <ti>
258 nightmorph 1.29 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
259     Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
260     Symantec CarrierScan, and Trend Micro (VSAPI).
261 swift 1.1 </ti>
262     </tr>
263     </table>
264    
265     <p>
266     A couple of things worth mentioning about the USE flags and different
267     Samba functions include:
268     </p>
269    
270     <ul>
271     <li>
272     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
273     ACL kernel options for ext2 and/or ext3 will need to be enabled
274     (depending on which file system is being used - both can be enabled).
275     </li>
276     <li>
277     While Active Directory, ACL, and PDC functions are out of the intended
278     scope of this HOWTO, you may find these links as helpful to your cause:
279     <ul>
280     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
281     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
282     </ul>
283     </li>
284     </ul>
285    
286     </body>
287     </section>
288     </chapter>
289 neysx 1.5
290 swift 1.1 <chapter>
291     <title>Server Software Installation</title>
292     <section>
293     <title>Emerging Samba</title>
294     <body>
295    
296     <p>
297 nightmorph 1.29 First of all: be sure that all your hostnames resolve correctly. Either have a
298     working domain name system running on your network or appropriate entries in
299     your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
300     don't point to the correct machines.
301 swift 1.1 </p>
302    
303     <p>
304 nightmorph 1.29 Hopefully now you can make an assessment of what you'll actually need in order
305     to use Samba with your particular setup. The setup used for this HOWTO is:
306 swift 1.1 </p>
307    
308     <ul>
309     <li>oav</li>
310     <li>cups</li>
311     <li>readline</li>
312     <li>pam</li>
313     </ul>
314    
315     <p>
316 nightmorph 1.29 To optimize performance, size and the time of the build, the USE flags are
317     specifically included or excluded.
318 swift 1.1 </p>
319    
320     <pre caption="Emerge Samba">
321 swift 1.17 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
322     # <i>emerge net-fs/samba</i>
323 swift 1.1 </pre>
324    
325     <note>
326 nightmorph 1.29 The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
327 swift 1.1 ppc, sparc, hppa, ia64 and alpha
328     </note>
329    
330     <p>
331     This will emerge Samba and CUPS (if CUPS is not already emerged).
332     </p>
333    
334     </body>
335     </section>
336     <section>
337 swift 1.16 <title>Emerging ClamAV</title>
338 swift 1.1 <body>
339    
340     <p>
341 nightmorph 1.29 Because the <e>oav</e> USE flag only provides an interface to allow on access
342     virus scanning, the actual virus scanner must be emerged. The scanner used in
343     this HOWTO is ClamAV.
344 swift 1.1 </p>
345    
346 swift 1.16 <pre caption="Emerge Clamav">
347 swift 1.6 # <i>emerge app-antivirus/clamav</i>
348 swift 1.1 </pre>
349    
350     </body>
351     </section>
352     <section>
353     <title>Emerging foomatic</title>
354     <body>
355    
356     <pre caption="Emerge foomatic">
357     # <i>emerge net-print/foomatic</i>
358     </pre>
359    
360     </body>
361     </section>
362     <section>
363 nightmorph 1.28 <title>Emerging net-print/hplip</title>
364 swift 1.1 <body>
365    
366     <p>
367     You only need to emerge this if you use an HP printer.
368     </p>
369    
370 nightmorph 1.28 <pre caption="Emerge hplip">
371     # <i>emerge net-print/hplip</i>
372 swift 1.1 </pre>
373    
374     </body>
375     </section>
376     </chapter>
377 neysx 1.5
378 swift 1.1 <chapter>
379     <title>Server Configuration</title>
380     <section>
381     <title>Configuring Samba</title>
382     <body>
383    
384     <p>
385 nightmorph 1.29 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
386     divided in sections indicated by [sectionname]. Comments are either
387     # or ;. A sample <path>smb.conf</path> is included below with comments and
388     suggestions for modifications. If more details are required, see the man page
389     for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
390     Samba Web site or any of the numerous Samba books available.
391 swift 1.1 </p>
392    
393     <pre caption="A Sample /etc/samba/smb.conf">
394     [global]
395     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
396     workgroup = <comment>MYWORKGROUPNAME</comment>
397     <comment># Of course this has no REAL purpose other than letting
398 neysx 1.15 # everyone knows it's not Windows!
399 swift 1.1 # %v prints the version of Samba we are using.</comment>
400     server string = Samba Server %v
401     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
402     printcap name = cups
403     printing = cups
404     load printers = yes
405     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
406     log file = /var/log/samba/log.%m
407     max log size = 50
408     <comment># We are going to set some options for our interfaces...</comment>
409     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
410     <comment># This is a good idea, what we are doing is binding the
411     # samba server to our local network.
412     # For example, if eth0 is our local network device</comment>
413     interfaces = lo <i>eth0</i>
414     bind interfaces only = yes
415     <comment># Now we are going to specify who we allow, we are afterall
416     # very security conscience, since this configuration does
417     # not use passwords!</comment>
418     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
419     hosts deny = 0.0.0.0/0
420     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
421     # The default is user</comment>
422     security = share
423     <comment># No passwords, so we're going to use a guest account!</comment>
424     guest ok = yes
425     <comment># We now will implement the on access virus scanner.
426     # NOTE: By putting this in our [Global] section, we enable
427     # scanning of ALL shares, you could optionally move
428     # these to a specific share and only scan it.</comment>
429 swift 1.8
430 swift 1.16 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
431 swift 1.8 vfs object = vscan-clamav
432     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
433    
434 swift 1.1 <comment># Now we setup our print drivers information!</comment>
435     [print$]
436     comment = Printer Drivers
437     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
438 swift 1.10 guest ok = yes
439 swift 1.1 browseable = yes
440     read only = yes
441     <comment># Modify this to "username,root" if you don't want root to
442     # be the only printer admin)</comment>
443     write list = <i>root</i>
444    
445     <comment># Now we'll setup a printer to share, while the name is arbitrary
446     # it should be consistent throughout Samba and CUPS!</comment>
447     [HPDeskJet930C]
448     comment = HP DeskJet 930C Network Printer
449     printable = yes
450     path = /var/spool/samba
451     public = yes
452     guest ok = yes
453     <comment># Modify this to "username,root" if you don't want root to
454     # be the only printer admin)</comment>
455     printer admin = <i>root</i>
456    
457     <comment># Now we setup our printers share. This should be
458     # browseable, printable, public.</comment>
459     [printers]
460     comment = All Printers
461 swift 1.10 browseable = no
462 swift 1.1 printable = yes
463 swift 1.10 writable = no
464 swift 1.1 public = yes
465     guest ok = yes
466     path = /var/spool/samba
467     <comment># Modify this to "username,root" if you don't want root to
468     # be the only printer admin)</comment>
469     printer admin = <i>root</i>
470    
471     <comment># We create a new share that we can read/write to from anywhere
472     # This is kind of like a public temp share, anyone can do what
473     # they want here.</comment>
474     [public]
475     comment = Public Files
476     browseable = yes
477     public = yes
478     create mode = 0766
479     guest ok = yes
480     path = /home/samba/public
481     </pre>
482    
483 swift 1.3 <warn>
484 nightmorph 1.29 If you like to use Samba's guest account to do anything concerning printing from
485     Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
486     section. The guest account seems to cause problems when running
487     <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
488     below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
489     arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
490     or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
491     from a lot of problems.
492 swift 1.3 </warn>
493 swift 1.1
494 swift 1.16 <warn>
495     Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
496     down the performance of your Samba server dramatically.
497     </warn>
498    
499 swift 1.1 <p>
500 nightmorph 1.29 Now create the directories required for the minimum configuration of Samba to
501     share the installed printer throughout the network.
502 swift 1.1 </p>
503    
504     <pre caption="Create the directories">
505     # <i>mkdir /etc/samba/printer</i>
506     # <i>mkdir /var/spool/samba</i>
507     # <i>mkdir /home/samba/public</i>
508     </pre>
509    
510     <p>
511 nightmorph 1.29 At least one Samba user is required in order to install the printer drivers and
512     to allow users to connect to the printer. Users must exist in the system's
513     <path>/etc/passwd</path> file.
514 swift 1.1 </p>
515    
516     <pre caption="Creating the users">
517     # <i>smbpasswd -a root</i>
518    
519     <comment>(If another user is to be a printer admin)</comment>
520     # <i>smbpasswd -a username</i>
521     </pre>
522    
523     <p>
524     The Samba passwords need not be the same as the system passwords
525     in <path>/etc/passwd</path>.
526     </p>
527    
528 swift 1.9 <p>
529     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
530     systems can be found easily using NetBIOS:
531     </p>
532    
533     <pre caption="Editing /etc/nsswitch.conf">
534     # <i>nano -w /etc/nsswitch.conf</i>
535     <comment>(Edit the hosts: line)</comment>
536     hosts: files dns <i>wins</i>
537     </pre>
538    
539 swift 1.1 </body>
540     </section>
541     <section>
542 swift 1.16 <title>Configuring ClamAV</title>
543 swift 1.1 <body>
544    
545     <p>
546 nightmorph 1.29 The configuration file specified to be used in <path>smb.conf</path> is
547     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
548     defaults, the infected file action may need to be changed.
549 swift 1.1 </p>
550    
551     <pre caption="/etc/samba/vscan-clamav.conf">
552     [samba-vscan]
553     <comment>; run-time configuration for vscan-samba using
554     ; clamd
555     ; all options are set to default values</comment>
556    
557     <comment>; do not scan files larger than X bytes. If set to 0 (default),
558     ; this feature is disable (i.e. all files are scanned)</comment>
559     max file size = 0
560    
561     <comment>; log all file access (yes/no). If set to yes, every access will
562     ; be logged. If set to no (default), only access to infected files
563     ; will be logged</comment>
564     verbose file logging = no
565    
566     <comment>; if set to yes (default), a file will be scanned while opening</comment>
567     scan on open = yes
568     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
569     scan on close = yes
570    
571     <comment>; if communication to clamd fails, should access to file denied?
572     ; (default: yes)</comment>
573     deny access on error = yes
574    
575 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
576 swift 1.1 ; should access to file denied?
577     ; (default: yes)</comment>
578     deny access on minor error = yes
579    
580     <comment>; send a warning message via Windows Messenger service
581     ; when virus is found?
582     ; (default: yes)</comment>
583     send warning message = yes
584    
585     <comment>; what to do with an infected file
586     ; quarantine: try to move to quantine directory; delete it if moving fails
587     ; delete: delete infected file
588     ; nothing: do nothing</comment>
589     infected file action = <comment>delete</comment>
590    
591     <comment>; where to put infected files - you really want to change this!
592     ; it has to be on the same physical device as the share!</comment>
593     quarantine directory = /tmp
594     <comment>; prefix for files in quarantine</comment>
595     quarantine prefix = vir-
596    
597     <comment>; as Windows tries to open a file multiple time in a (very) short time
598     ; of period, samba-vscan use a last recently used file mechanism to avoid
599     ; multiple scans of a file. This setting specified the maximum number of
600     ; elements of the last recently used file list. (default: 100)</comment>
601     max lru files entries = 100
602    
603 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
604 swift 1.1 ; (Default: 5)</comment>
605     lru file entry lifetime = 5
606    
607     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
608 swift 1.16 clamd socket name = /tmp/clamd
609    
610     <comment>; port number the ScannerDaemon listens on</comment>
611     oav port = 8127
612 swift 1.1 </pre>
613    
614     <p>
615 nightmorph 1.29 It is generally a good idea to start the virus scanner immediately. Add it to
616     the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
617     The service has two processes: freshclam keeps the virus definition database up
618     to date while clamd is the actual anti-virus daemon. First you may want to set
619     the paths of the logfiles so that it fits your needs.
620 swift 1.16 </p>
621    
622     <pre caption="Checking the location of the logfiles">
623     # <i>vim /etc/clamd.conf</i>
624     <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
625     # <i>vim /etc/freshclam.conf</i>
626     <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
627     # <i>vim /etc/conf.d/clamd</i>
628     <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
629     </pre>
630    
631     <p>
632     Now fire up the virus scanner.
633 swift 1.1 </p>
634    
635     <pre caption="Add clamd to bootup and start it">
636     # <i>rc-update add clamd default</i>
637     # <i>/etc/init.d/clamd start</i>
638     </pre>
639    
640     </body>
641     </section>
642     <section>
643     <title>Configuring CUPS</title>
644     <body>
645    
646     <p>
647 nightmorph 1.29 This is a little more complicated. CUPS' main config file is
648     <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
649     <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
650     example are the directives that need to be changed:
651 swift 1.1 </p>
652    
653     <pre caption="/etc/cups/cupsd.conf">
654     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
655 flammie 1.25 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
656 swift 1.1
657     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
658     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
659    
660     LogLevel debug <comment># only while isntalling and testing, should later be
661 neysx 1.20 # changed to 'info'</comment>
662 swift 1.1
663     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
664     # there seemed to be a bug in CUPS' controlling of the web interface,
665     # making CUPS think a denial of service attack was in progress when
666     # I tried to configure a printer with the web interface. weird.</comment>
667    
668     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
669    
670     &lt;Location /&gt;
671     Order Deny,Allow
672     Deny From All
673     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
674 flammie 1.25 # e.g. 192.168.1.* will allow connections from any host on
675 swift 1.1 # the 192.168.1.0 network. change to whatever suits you</comment>
676     &lt;/Location&gt;
677    
678     &lt;Location /admin&gt;
679     AuthType Basic
680     AuthClass System
681     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
682     # 192.168.1.0 network to connect and do
683     # administrative tasks after authenticating</comment>
684     Order Deny,Allow
685     Deny From All
686     &lt;/Location&gt;
687     </pre>
688    
689     <p>
690     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
691 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
692     needed to make CUPS print Microsoft Office document files.
693 swift 1.1 </p>
694    
695     <pre caption="/etc/cups/mime.convs">
696     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
697     application/octet-stream application/vnd.cups-raw 0
698     </pre>
699    
700     <p>
701 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
702 swift 1.1 </p>
703    
704     <pre caption="/etc/cups/mime.types">
705     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
706     application/octet-stream
707     </pre>
708    
709     <p>
710     CUPS needs to be started on boot, and started immediately.
711     </p>
712    
713     <pre caption="Setting up the CUPS service" >
714     <comment>(To start CUPS on boot)</comment>
715     # <i>rc-update add cupsd default</i>
716 neysx 1.14 <comment>(To start or restart CUPS now)</comment>
717 swift 1.1 # <i>/etc/init.d/cupsd restart</i>
718     </pre>
719    
720     </body>
721     </section>
722     <section>
723     <title>Installing a printer for and with CUPS</title>
724     <body>
725    
726     <p>
727 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
728     find and download the correct PPD file for your printer and CUPS. To do so,
729     click the link Printer Listings to the left. Select your printers manufacturer
730 flammie 1.25 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
731 nightmorph 1.29 the page coming up click the "recommended driver" link after reading the various
732     notes and information. Then fetch the PPD file from the next page, again after
733     reading the notes and introductions there. You may have to select your printers
734     manufacturer and model again. Reading the <uri
735     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
736     also very helpful when working with CUPS.
737 swift 1.1 </p>
738    
739     <p>
740 nightmorph 1.29 Now you have a PPD file for your printer to work with CUPS. Place it in
741     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
742     <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
743     This can be done via the CUPS web interface or via command line. The web
744 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
745 swift 1.1 </p>
746    
747     <pre caption="Install the printer via command line">
748     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
749 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
750 swift 1.1 </pre>
751    
752     <p>
753 nightmorph 1.29 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
754     argument) right (the name you set above during the Samba configuration!) and to
755     put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
756     whatever device you are using for your printer.
757 swift 1.1 </p>
758    
759     <p>
760 nightmorph 1.29 You should now be able to access the printer from the web interface and be able
761     to print a test page.
762 swift 1.1 </p>
763    
764     </body>
765     </section>
766     <section>
767     <title>Installing the Windows printer drivers</title>
768     <body>
769    
770     <p>
771 nightmorph 1.29 Now that the printer should be working it is time to install the drivers for the
772     Windows clients to work. Samba 2.2 introduced this functionality. Browsing to
773     the print server in the Network Neighbourhood, right-clicking on the
774     printershare and selecting "connect" downloads the appropriate drivers
775     automagically to the connecting client, avoiding the hassle of manually
776     installing printer drivers locally.
777 swift 1.1 </p>
778    
779     <p>
780 nightmorph 1.26 There are two sets of printer drivers for this. First, the Adobe PS drivers
781     which can be obtained from <uri
782     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
783 nightmorph 1.30 printer drivers). Second, there are the CUPS PS drivers, to be obtained by
784     emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
785     so you may need to add it to <path>/etc/portage/package.keywords</path>. There
786     doesn't seem to be a difference between the functionality of the two, but the
787     Adobe PS drivers need to be extracted on a Windows System since it's a Windows
788     binary. Also the whole procedure of finding and copying the correct files is a
789 nightmorph 1.35 bit more hassle. The CUPS drivers support some options the Adobe drivers
790 nightmorph 1.30 don't.
791 nightmorph 1.26 </p>
792 swift 1.1
793     <p>
794 nightmorph 1.30 This HOWTO uses the CUPS drivers for Windows. Install them as shown:
795 swift 1.1 </p>
796    
797 nightmorph 1.35 <pre caption="Install the drivers">
798 nightmorph 1.30 # <i>emerge -av cups-windows</i>
799 swift 1.1 </pre>
800    
801     <p>
802 nightmorph 1.23 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
803 nightmorph 1.35 Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
804     Windows drivers you'll need to copy to the proper CUPS directory. Once you've
805     copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
806     Next, run <c>cupsaddsmb</c> as shown:
807 swift 1.1 </p>
808    
809     <pre caption="Run cupsaddsmb">
810     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
811     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
812     "export all known printers".)</comment>
813     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
814     </pre>
815    
816     <warn>
817 nightmorph 1.26 The execution of this command often causes the most trouble. Read through the
818     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
819     thread</uri> for some troubleshooting tips.
820 swift 1.1 </warn>
821    
822     <p>
823     Here are common errors that may happen:
824     </p>
825    
826     <ul>
827     <li>
828 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
829 nightmorph 1.29 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
830     the print server for CUPS/Samba interaction. If an error like: <b>Warning:
831     No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
832     first thing you should do is substitute <c>PrintServer</c> with
833     <c>localhost</c> and try it again.
834 swift 1.1 </li>
835     <li>
836 nightmorph 1.29 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
837     is quite common, but can be triggered by many problems. It's unfortunately
838     not very helpful. One thing to try is to temporarily set <c>security =
839     user</c> in your <path>smb.conf</path>. After/if the installation completes
840     successfully, you should set it back to share, or whatever it was set to
841 swift 1.1 before.
842     </li>
843     </ul>
844    
845     <p>
846 nightmorph 1.29 This should install the correct driver directory structure under
847     <path>/etc/samba/printer</path>. That would be
848     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
849     driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
850     name which you gave the printer when installing it (see above).
851 swift 1.1 </p>
852    
853     <p>
854 nightmorph 1.29 Pending no errors or other complications, your drivers are now installed.
855 swift 1.1 </p>
856    
857     </body>
858     </section>
859     <section>
860     <title>Finalizing our setup</title>
861     <body>
862    
863     <p>
864     Lastly, setup our directories.
865     </p>
866    
867     <pre caption="Final changes needed">
868     # <i>mkdir /home/samba</i>
869     # <i>mkdir /home/samba/public</i>
870     # <i>chmod 755 /home/samba</i>
871     # <i>chmod 755 /home/samba/public</i>
872     </pre>
873    
874     </body>
875     </section>
876     <section>
877     <title>Testing our Samba configuration</title>
878     <body>
879    
880     <p>
881     We will want to test our configuration file to ensure that it is formatted
882 nightmorph 1.29 properly and all of our options have at least the correct syntax. To do this we
883     run <c>testparm</c>.
884 swift 1.1 </p>
885    
886     <pre caption="Running the testparm">
887     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
888     # <i>/usr/bin/testparm</i>
889     Load smb config files from /etc/samba/smb.conf
890     Processing section &quot;[printers]&quot;
891     Global parameter guest account found in service section!
892     Processing section &quot;[public]&quot;
893     Global parameter guest account found in service section!
894     Loaded services file OK.
895     Server role: ROLE_STANDALONE
896     Press enter to see a dump of your service definitions
897     ...
898     ...
899     </pre>
900    
901     </body>
902     </section>
903     <section>
904     <title>Starting the Samba service</title>
905     <body>
906    
907     <p>
908     Now configure Samba to start at bootup; then go ahead and start it.
909     </p>
910    
911     <pre caption="Setting up the Samba service">
912     # <i>rc-update add samba default</i>
913     # <i>/etc/init.d/samba start</i>
914     </pre>
915    
916     </body>
917     </section>
918     <section>
919     <title>Checking our services</title>
920     <body>
921    
922     <p>
923 nightmorph 1.29 It would probably be prudent to check our logs at this time also. We will also
924     want to take a peak at our Samba shares using <c>smbclient</c>.
925 swift 1.1 </p>
926    
927     <pre caption="Checking the shares with smbclient">
928     # <i>smbclient -L localhost</i>
929     Password:
930     <comment>(You should see a BIG list of services here.)</comment>
931     </pre>
932    
933     </body>
934     </section>
935     </chapter>
936 neysx 1.5
937 swift 1.1 <chapter>
938     <title>Configuration of the Clients</title>
939     <section>
940     <title>Printer configuration of *nix based clients</title>
941     <body>
942    
943     <p>
944 nightmorph 1.29 Despite the variation or distribution, the only thing needed is CUPS. Do the
945 neysx 1.11 equivalent on any other UNIX/Linux/BSD client.
946 swift 1.1 </p>
947    
948 neysx 1.5 <pre caption="Configuring a Gentoo system">
949 swift 1.1 # <i>emerge cups</i>
950 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
951     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
952 swift 1.1 </pre>
953    
954     <p>
955 neysx 1.11 That should be it. Nothing else will be needed.
956 swift 1.1 </p>
957    
958     <p>
959 neysx 1.11 If you use only one printer, it will be your default printer. If your print
960     server manages several printers, your administrator will have defined a default
961     printer on the server. If you want to define a different default printer for
962     yourself, use the <c>lpoptions</c> command.
963 swift 1.1 </p>
964    
965 neysx 1.11 <pre caption="Setting your default printer">
966     <comment>(List available printers)</comment>
967     # <i>lpstat -a</i>
968     <comment>(Sample output, yours will differ)</comment>
969     HPDeskJet930C accepting requests since Jan 01 00:00
970     laser accepting requests since Jan 01 00:00
971     <comment>(Define HPDeskJet930C as your default printer)</comment>
972     # <i>lpoptions -d HPDeskJet930C</i>
973 swift 1.1 </pre>
974    
975 neysx 1.11 <pre caption="Printing in *nix">
976     <comment>(Specify the printer to be used)</comment>
977     # <i>lp -d HPDeskJet930C anything.txt</i>
978     <comment>(Use your default printer)</comment>
979     # <i>lp foobar.whatever.ps</i>
980 swift 1.1 </pre>
981    
982     <p>
983 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
984     you want to manage your printers and their jobs with a nice web interface.
985 nightmorph 1.29 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
986     print server, not the name you gave to the cups print server if you used
987 neysx 1.11 different names.
988 swift 1.1 </p>
989    
990     </body>
991     </section>
992     <section>
993     <title>Mounting a Windows or Samba share in GNU/Linux</title>
994     <body>
995    
996 nightmorph 1.32 <note>
997 yoswink 1.33 Don't forget to first <c>emerge samba</c> on the client(s) that will be
998 nightmorph 1.32 accessing the shares.
999     </note>
1000    
1001 swift 1.1 <p>
1002 nightmorph 1.31 Now is time to configure our kernel to support cifs. Since I'm assuming
1003     we've all compiled at least one kernel, we'll need to make sure we have all the
1004     right options selected in our kernel. For simplicity's sake, make it a module
1005     for ease of use. It is the author's opinion that kernel modules are a good thing
1006     and should be used whenever possible.
1007 swift 1.1 </p>
1008    
1009 nightmorph 1.31 <pre caption="Kernel support" >
1010     CONFIG_CIFS=m
1011 swift 1.1 </pre>
1012    
1013     <p>
1014 nightmorph 1.31 Then make the module/install it; insert it with:
1015 swift 1.1 </p>
1016    
1017     <pre caption="Loading the kernel module">
1018 nightmorph 1.31 # <i>modprobe cifs</i>
1019 swift 1.1 </pre>
1020    
1021     <p>
1022 nightmorph 1.29 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1023     <c>mount</c> to accomplish this, as detailed below:
1024 swift 1.1 </p>
1025    
1026     <pre caption="Mounting a Windows/Samba share">
1027     <comment>(The syntax for mounting a Windows/Samba share is:
1028 nightmorph 1.31 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1029 swift 1.1 If we are not using passwords or a password is not needed)</comment>
1030    
1031 nightmorph 1.31 # <i>mount -t cifs //PrintServer/public /mnt/public</i>
1032 swift 1.1
1033     <comment>(If a password is needed)</comment>
1034 nightmorph 1.31 # <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1035 swift 1.1 </pre>
1036    
1037     <p>
1038 nightmorph 1.29 After you mount the share, you would access it as if it were a local drive.
1039 swift 1.1 </p>
1040    
1041     </body>
1042     </section>
1043     <section>
1044     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1045     <body>
1046    
1047     <p>
1048 nightmorph 1.29 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1049     right click on the printer (HPDeskJet930C) and click connect. This will download
1050     the drivers to the Windows client and now every application (such as Word or
1051     Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1052 swift 1.1 </p>
1053    
1054     </body>
1055     </section>
1056     </chapter>
1057 neysx 1.5
1058 swift 1.1 <chapter>
1059     <title>Final Notes</title>
1060     <section>
1061     <title>A Fond Farewell</title>
1062     <body>
1063    
1064     <p>
1065 nightmorph 1.29 That should be it. You should now have a successful printing enviroment that is
1066     friendly to both Windows and *nix as well as a fully virus-free working share!
1067 swift 1.1 </p>
1068    
1069     </body>
1070     </section>
1071     </chapter>
1072 neysx 1.5
1073 swift 1.1 <chapter>
1074     <title>Links and Resources</title>
1075     <section>
1076     <title>Links</title>
1077     <body>
1078    
1079     <p>
1080     These are some links that may help you in setting up, configuration and
1081     troubleshooting your installation:
1082     </p>
1083    
1084     <ul>
1085     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1086 nightmorph 1.27 <li>
1087     <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1088     link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1089     on Samba/CUPS configuration</uri>
1090     </li>
1091 swift 1.1 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1092     <li>
1093     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1094 nightmorph 1.29 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1095     and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1096     Samba, and generally printing support on networks. A really interesting
1097     read, with lots and lots of details.)
1098 swift 1.1 </li>
1099     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1100     </ul>
1101    
1102     </body>
1103     </section>
1104     <section>
1105     <title>Troubleshooting</title>
1106     <body>
1107    
1108     <p>
1109 nightmorph 1.29 See <uri
1110     link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1111     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1112     useful tips there! Be sure to look this one up first, before posting questions
1113     and problems! Maybe the solution you're looking for is right there.
1114 swift 1.1 </p>
1115    
1116     </body>
1117     </section>
1118     </chapter>
1119     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20