/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.39 - (hide annotations) (download) (as text)
Thu Dec 20 19:13:21 2007 UTC (7 years ago) by swift
Branch: MAIN
Changes since 1.38: +13 -4 lines
File MIME type: application/xml
#196950 - Adding winbind as Samba USE flag, not listing them all though

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 swift 1.39 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.38 2007/12/01 11:34:22 neysx Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 neysx 1.36
5 neysx 1.21 <guide link="/doc/en/quick-samba-howto.xml">
6 neysx 1.36
7 swift 1.16 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
8 neysx 1.36
9 swift 1.1 <author title="Author">
10 neysx 1.38 Andreas "daff" Ntaflos <!--daff at dword dot org-->
11 swift 1.1 </author>
12     <author title="Author">
13     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
14     </author>
15 nightmorph 1.30 <author title="Editor">
16     <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
17     </author>
18 swift 1.1
19     <abstract>
20 nightmorph 1.29 Setup, install and configure a Samba Server under Gentoo that shares files,
21     printers without the need to install drivers and provides automatic virus
22     scanning.
23 swift 1.1 </abstract>
24    
25     <!-- The content of this document is licensed under the CC-BY-SA license -->
26 neysx 1.36 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
27 swift 1.1 <license/>
28    
29 swift 1.39 <version>1.24</version>
30     <date>2007-12-20</date>
31 swift 1.1
32     <chapter>
33     <title>Introduction to this HOWTO</title>
34     <section>
35     <title>Purpose</title>
36     <body>
37    
38     <p>
39 nightmorph 1.29 This HOWTO is designed to help you move a network from many different clients
40     speaking different languages, to many different machines that speak a common
41     language. The ultimate goal is to help differing architectures and technologies,
42     come together in a productive, happily coexisting environment.
43 swift 1.1 </p>
44    
45     <p>
46 nightmorph 1.29 Following the directions outlined in this HOWTO should give you an excellent
47     step towards a peaceful cohabitation between Windows, and virtually all known
48     variations of *nix.
49 swift 1.1 </p>
50    
51     <p>
52 nightmorph 1.29 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
53     explore the functionality and power of the Gentoo system, portage and the
54     flexibility of USE flags. Like so many other projects, it was quickly discovered
55     what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
56     for Gentoo users. These users are more demanding than most; they require
57     performance, flexibility and customization. This does not however imply that
58     this HOWTO was not intended for other distributions; rather that it was designed
59     to work with a highly customized version of Samba.
60 swift 1.1 </p>
61    
62     <p>
63 nightmorph 1.29 This HOWTO will describe how to share files and printers between Windows PCs and
64     *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
65     feature of Samba to incorporate automatic virus protection. As a finale, it will
66     show you how to mount and manipulate shares.
67 swift 1.1 </p>
68    
69     <p>
70 nightmorph 1.29 There are a few topics that will be mentioned, but are out of the scope of this
71     HOWTO. These will be noted as they are presented.
72 swift 1.1 </p>
73    
74     <p>
75 neysx 1.37 This HOWTO is based on a compilation and merge of an excellent HOWTO provided
76     in the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas
77     "daff" Ntaflos and the collected knowledge of Joshua Preston. The link to this
78 nightmorph 1.29 discussion is provided below for your reference:
79 swift 1.1 </p>
80    
81     <ul>
82     <li>
83 neysx 1.37 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
84 swift 1.1 CUPS+Samba: printing from Windows &amp; Linux</uri>
85     </li>
86     </ul>
87    
88     </body>
89     </section>
90     <section>
91     <title>Before you use this guide</title>
92     <body>
93    
94     <p>
95 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
96 nightmorph 1.29 them as well, as they may tell you things left out of this HOWTO (intentional or
97     otherwise). One such document is the very useful and well written <uri
98 neysx 1.5 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
99     issues and specific printer setup is not discussed here.
100 swift 1.1 </p>
101    
102     </body>
103     </section>
104     <section>
105     <title>Brief Overview</title>
106     <body>
107    
108     <p>
109 nightmorph 1.29 After presenting the various USE flags, the following list will outline all of
110     the topics covered as they are presented:
111 swift 1.1 </p>
112    
113     <ul>
114     <li>On the Samba server:
115     <ul>
116 swift 1.16 <li>Install and configure ClamAV</li>
117 swift 1.1 <li>Install and configure Samba</li>
118     <li>Install and configure CUPS</li>
119     <li>Adding the printer to CUPS</li>
120     <li>Adding the PS drivers for the Windows clients</li>
121     </ul>
122     </li>
123     <li>On the Unix clients:
124     <ul>
125     <li>Install and configure CUPS</li>
126     <li>Configuring a default printer</li>
127     <li>Mounting a Windows or Samba share</li>
128     </ul>
129     </li>
130     <li>On the Windows Clients:
131     <ul>
132     <li>Configuring the printer</li>
133     <li>Accessing Samba shares</li>
134     </ul>
135     </li>
136     </ul>
137    
138     </body>
139     </section>
140     <section>
141     <title>Requirements</title>
142     <body>
143    
144     <p>
145     We will need the following:
146     </p>
147    
148     <ul>
149     <li>net-fs/samba</li>
150 swift 1.6 <li>app-antivirus/clamav</li>
151 swift 1.1 <li>net-print/cups</li>
152     <li>net-print/foomatic</li>
153 nightmorph 1.28 <li>net-print/hplip (if you have an HP printer)</li>
154     <li>A kernel of sorts (2.6)</li>
155 swift 1.1 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
156     <li>
157     A working network (home/office/etc) consisting of more than one machine)
158     </li>
159     </ul>
160    
161     <p>
162 nightmorph 1.29 The main package we use here is net-fs/samba, however, you will need a kernel
163 nightmorph 1.31 with cifs support enabled in order to mount a samba or windows share from
164 nightmorph 1.29 another computer. CUPS will be emerged if it is not already.
165     app-antivirus/clamav will be used also, but others should be easily adapted to
166     work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
167 swift 1.17 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
168 swift 1.1 </p>
169    
170     </body>
171     </section>
172     </chapter>
173 neysx 1.5
174 swift 1.1 <chapter>
175     <title>Getting acquainted with Samba</title>
176     <section>
177     <title>The USE Flags</title>
178     <body>
179    
180     <p>
181 nightmorph 1.28 Before emerging anything, take a look at some of the various USE flags available
182     to Samba.
183 swift 1.1 </p>
184    
185     <pre caption="Samba uses the following USE Variables:">
186 swift 1.39 kerberos acl cups ldap pam readline python oav winbind
187 swift 1.1 </pre>
188    
189     <p>
190 nightmorph 1.29 Depending on the network topology and the specific requirements of the server,
191     the USE flags outlined below will define what to include or exclude from the
192     emerging of Samba.
193 swift 1.1 </p>
194    
195     <table>
196     <tr>
197     <th><b>USE flag</b></th>
198     <th>Description</th>
199     </tr>
200     <tr>
201     <th><b>kerberos</b></th>
202     <ti>
203 neysx 1.37 Include support for Kerberos. The server will need this if it is intended
204     to join an existing domain or Active Directory. See the note below for more
205     information.
206 swift 1.1 </ti>
207     </tr>
208     <tr>
209     <th><b>acl</b></th>
210     <ti>
211     Enables Access Control Lists. The ACL support in Samba uses a patched
212 neysx 1.37 ext2/ext3, or SGI's XFS in order to function properly as it extends more
213     detailed access to files or directories; much more so than typical *nix
214 swift 1.1 GID/UID schemas.
215     </ti>
216     </tr>
217     <tr>
218     <th><b>cups</b></th>
219     <ti>
220 nightmorph 1.29 This enables support for the Common Unix Printing System. This provides an
221     interface allowing local CUPS printers to be shared to other systems in the
222     network.
223 swift 1.1 </ti>
224     </tr>
225     <tr>
226     <th><b>ldap</b></th>
227     <ti>
228 nightmorph 1.29 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
229     expected to use Active Directory, this option must be used. This would be
230     used in the event Samba needs to login to or provide login to a
231     Domain/Active Directory Server. The kerberos USE flag is needed for proper
232     functioning of this option.
233 swift 1.1 </ti>
234     </tr>
235     <tr>
236     <th><b>pam</b></th>
237     <ti>
238 neysx 1.37 Include support for pluggable authentication modules (PAM). This provides
239 nightmorph 1.29 the ability to authenticate users on the Samba Server, which is required if
240     users have to login to your server. The kerberos USE flag is recommended
241     along with this option.
242 swift 1.1 </ti>
243     </tr>
244     <tr>
245     <th><b>readline</b></th>
246     <ti>
247 nightmorph 1.29 Link Samba against libreadline. This is highly recommended and should
248     probably not be disabled.
249 swift 1.1 </ti>
250     </tr>
251     <tr>
252     <th><b>python</b></th>
253     <ti>
254 nightmorph 1.29 Python bindings API. Provides an API that will allow Python to interface
255     with Samba.
256 swift 1.1 </ti>
257     </tr>
258     <tr>
259     <th><b>oav</b></th>
260     <ti>
261 nightmorph 1.29 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
262     Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
263     Symantec CarrierScan, and Trend Micro (VSAPI).
264 swift 1.1 </ti>
265     </tr>
266 swift 1.39 <tr>
267     <th><b>winbind</b></th>
268     <ti>
269     Winbind allows for a unified logon within a Samba environment. It uses a
270     Unix implementation of Windows RPC calls, PAM and the name service switch
271     (supported by the c library) to enable Windows NT domain users to appear and
272     work as Unix users on a Unix system.
273     </ti>
274     </tr>
275 swift 1.1 </table>
276    
277     <p>
278     A couple of things worth mentioning about the USE flags and different
279     Samba functions include:
280     </p>
281    
282     <ul>
283     <li>
284 neysx 1.37 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
285     ACL kernel options for ext2 and/or ext3 will need to be enabled (depending
286     on which file system is being used - both can be enabled).
287 swift 1.1 </li>
288     <li>
289     While Active Directory, ACL, and PDC functions are out of the intended
290     scope of this HOWTO, you may find these links as helpful to your cause:
291     <ul>
292     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
293     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
294     </ul>
295     </li>
296     </ul>
297    
298     </body>
299     </section>
300     </chapter>
301 neysx 1.5
302 swift 1.1 <chapter>
303     <title>Server Software Installation</title>
304     <section>
305     <title>Emerging Samba</title>
306     <body>
307    
308     <p>
309 nightmorph 1.29 First of all: be sure that all your hostnames resolve correctly. Either have a
310     working domain name system running on your network or appropriate entries in
311     your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
312 neysx 1.37 don't point to the correct machines.
313 swift 1.1 </p>
314    
315     <p>
316 nightmorph 1.29 Hopefully now you can make an assessment of what you'll actually need in order
317     to use Samba with your particular setup. The setup used for this HOWTO is:
318 swift 1.1 </p>
319    
320     <ul>
321     <li>oav</li>
322     <li>cups</li>
323     <li>readline</li>
324     <li>pam</li>
325     </ul>
326    
327     <p>
328 nightmorph 1.29 To optimize performance, size and the time of the build, the USE flags are
329     specifically included or excluded.
330 swift 1.1 </p>
331    
332     <pre caption="Emerge Samba">
333 swift 1.17 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
334     # <i>emerge net-fs/samba</i>
335 swift 1.1 </pre>
336    
337     <p>
338     This will emerge Samba and CUPS (if CUPS is not already emerged).
339     </p>
340    
341     </body>
342     </section>
343     <section>
344 swift 1.16 <title>Emerging ClamAV</title>
345 swift 1.1 <body>
346    
347     <p>
348 nightmorph 1.29 Because the <e>oav</e> USE flag only provides an interface to allow on access
349     virus scanning, the actual virus scanner must be emerged. The scanner used in
350     this HOWTO is ClamAV.
351 swift 1.1 </p>
352    
353 swift 1.16 <pre caption="Emerge Clamav">
354 swift 1.6 # <i>emerge app-antivirus/clamav</i>
355 swift 1.1 </pre>
356    
357     </body>
358     </section>
359     <section>
360     <title>Emerging foomatic</title>
361     <body>
362    
363     <pre caption="Emerge foomatic">
364     # <i>emerge net-print/foomatic</i>
365     </pre>
366    
367     </body>
368     </section>
369     <section>
370 nightmorph 1.28 <title>Emerging net-print/hplip</title>
371 swift 1.1 <body>
372    
373     <p>
374     You only need to emerge this if you use an HP printer.
375     </p>
376    
377 nightmorph 1.28 <pre caption="Emerge hplip">
378     # <i>emerge net-print/hplip</i>
379 swift 1.1 </pre>
380    
381     </body>
382     </section>
383     </chapter>
384 neysx 1.5
385 swift 1.1 <chapter>
386     <title>Server Configuration</title>
387     <section>
388     <title>Configuring Samba</title>
389     <body>
390    
391     <p>
392 neysx 1.37 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
393     divided in sections indicated by [sectionname]. Comments are either
394     # or ;. A sample <path>smb.conf</path> is included below with comments and
395 nightmorph 1.29 suggestions for modifications. If more details are required, see the man page
396     for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
397 neysx 1.37 Samba Web site or any of the numerous Samba books available.
398 swift 1.1 </p>
399    
400     <pre caption="A Sample /etc/samba/smb.conf">
401     [global]
402     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
403     workgroup = <comment>MYWORKGROUPNAME</comment>
404     <comment># Of course this has no REAL purpose other than letting
405 neysx 1.15 # everyone knows it's not Windows!
406 swift 1.1 # %v prints the version of Samba we are using.</comment>
407     server string = Samba Server %v
408     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
409     printcap name = cups
410     printing = cups
411     load printers = yes
412     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
413     log file = /var/log/samba/log.%m
414     max log size = 50
415     <comment># We are going to set some options for our interfaces...</comment>
416     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
417     <comment># This is a good idea, what we are doing is binding the
418     # samba server to our local network.
419     # For example, if eth0 is our local network device</comment>
420     interfaces = lo <i>eth0</i>
421     bind interfaces only = yes
422     <comment># Now we are going to specify who we allow, we are afterall
423     # very security conscience, since this configuration does
424     # not use passwords!</comment>
425     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
426     hosts deny = 0.0.0.0/0
427     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
428     # The default is user</comment>
429     security = share
430     <comment># No passwords, so we're going to use a guest account!</comment>
431     guest ok = yes
432     <comment># We now will implement the on access virus scanner.
433     # NOTE: By putting this in our [Global] section, we enable
434     # scanning of ALL shares, you could optionally move
435     # these to a specific share and only scan it.</comment>
436 swift 1.8
437 swift 1.16 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
438 swift 1.8 vfs object = vscan-clamav
439     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
440    
441 swift 1.1 <comment># Now we setup our print drivers information!</comment>
442     [print$]
443     comment = Printer Drivers
444     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
445 swift 1.10 guest ok = yes
446 swift 1.1 browseable = yes
447     read only = yes
448     <comment># Modify this to "username,root" if you don't want root to
449     # be the only printer admin)</comment>
450     write list = <i>root</i>
451    
452     <comment># Now we'll setup a printer to share, while the name is arbitrary
453     # it should be consistent throughout Samba and CUPS!</comment>
454     [HPDeskJet930C]
455     comment = HP DeskJet 930C Network Printer
456     printable = yes
457     path = /var/spool/samba
458     public = yes
459     guest ok = yes
460     <comment># Modify this to "username,root" if you don't want root to
461     # be the only printer admin)</comment>
462     printer admin = <i>root</i>
463    
464 neysx 1.37 <comment># Now we setup our printers share. This should be
465 swift 1.1 # browseable, printable, public.</comment>
466 neysx 1.37 [printers]
467 swift 1.1 comment = All Printers
468 neysx 1.37 browseable = no
469     printable = yes
470 swift 1.10 writable = no
471 neysx 1.37 public = yes
472 swift 1.1 guest ok = yes
473     path = /var/spool/samba
474     <comment># Modify this to "username,root" if you don't want root to
475     # be the only printer admin)</comment>
476     printer admin = <i>root</i>
477    
478     <comment># We create a new share that we can read/write to from anywhere
479     # This is kind of like a public temp share, anyone can do what
480     # they want here.</comment>
481     [public]
482     comment = Public Files
483     browseable = yes
484     public = yes
485     create mode = 0766
486     guest ok = yes
487     path = /home/samba/public
488     </pre>
489    
490 swift 1.3 <warn>
491 nightmorph 1.29 If you like to use Samba's guest account to do anything concerning printing from
492     Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
493     section. The guest account seems to cause problems when running
494     <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
495     below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
496     arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
497     or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
498     from a lot of problems.
499 swift 1.3 </warn>
500 swift 1.1
501 swift 1.16 <warn>
502     Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
503     down the performance of your Samba server dramatically.
504     </warn>
505    
506 swift 1.1 <p>
507 nightmorph 1.29 Now create the directories required for the minimum configuration of Samba to
508     share the installed printer throughout the network.
509 swift 1.1 </p>
510    
511     <pre caption="Create the directories">
512     # <i>mkdir /etc/samba/printer</i>
513     # <i>mkdir /var/spool/samba</i>
514     # <i>mkdir /home/samba/public</i>
515     </pre>
516    
517     <p>
518 nightmorph 1.29 At least one Samba user is required in order to install the printer drivers and
519     to allow users to connect to the printer. Users must exist in the system's
520     <path>/etc/passwd</path> file.
521 swift 1.1 </p>
522    
523     <pre caption="Creating the users">
524 neysx 1.37 # <i>smbpasswd -a root</i>
525 swift 1.1
526     <comment>(If another user is to be a printer admin)</comment>
527     # <i>smbpasswd -a username</i>
528     </pre>
529    
530     <p>
531 neysx 1.37 The Samba passwords need not be the same as the system passwords
532 swift 1.1 in <path>/etc/passwd</path>.
533     </p>
534    
535 swift 1.9 <p>
536     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
537     systems can be found easily using NetBIOS:
538     </p>
539    
540     <pre caption="Editing /etc/nsswitch.conf">
541     # <i>nano -w /etc/nsswitch.conf</i>
542     <comment>(Edit the hosts: line)</comment>
543     hosts: files dns <i>wins</i>
544     </pre>
545    
546 swift 1.1 </body>
547     </section>
548     <section>
549 swift 1.16 <title>Configuring ClamAV</title>
550 swift 1.1 <body>
551    
552     <p>
553 nightmorph 1.29 The configuration file specified to be used in <path>smb.conf</path> is
554     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
555     defaults, the infected file action may need to be changed.
556 swift 1.1 </p>
557    
558     <pre caption="/etc/samba/vscan-clamav.conf">
559     [samba-vscan]
560     <comment>; run-time configuration for vscan-samba using
561     ; clamd
562     ; all options are set to default values</comment>
563    
564     <comment>; do not scan files larger than X bytes. If set to 0 (default),
565     ; this feature is disable (i.e. all files are scanned)</comment>
566     max file size = 0
567    
568     <comment>; log all file access (yes/no). If set to yes, every access will
569     ; be logged. If set to no (default), only access to infected files
570     ; will be logged</comment>
571     verbose file logging = no
572    
573     <comment>; if set to yes (default), a file will be scanned while opening</comment>
574     scan on open = yes
575     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
576     scan on close = yes
577    
578     <comment>; if communication to clamd fails, should access to file denied?
579     ; (default: yes)</comment>
580     deny access on error = yes
581    
582 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
583 swift 1.1 ; should access to file denied?
584     ; (default: yes)</comment>
585     deny access on minor error = yes
586    
587     <comment>; send a warning message via Windows Messenger service
588     ; when virus is found?
589     ; (default: yes)</comment>
590     send warning message = yes
591    
592     <comment>; what to do with an infected file
593     ; quarantine: try to move to quantine directory; delete it if moving fails
594     ; delete: delete infected file
595     ; nothing: do nothing</comment>
596     infected file action = <comment>delete</comment>
597    
598     <comment>; where to put infected files - you really want to change this!
599     ; it has to be on the same physical device as the share!</comment>
600     quarantine directory = /tmp
601     <comment>; prefix for files in quarantine</comment>
602     quarantine prefix = vir-
603    
604     <comment>; as Windows tries to open a file multiple time in a (very) short time
605     ; of period, samba-vscan use a last recently used file mechanism to avoid
606     ; multiple scans of a file. This setting specified the maximum number of
607     ; elements of the last recently used file list. (default: 100)</comment>
608     max lru files entries = 100
609    
610 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
611 swift 1.1 ; (Default: 5)</comment>
612     lru file entry lifetime = 5
613    
614     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
615 swift 1.16 clamd socket name = /tmp/clamd
616    
617     <comment>; port number the ScannerDaemon listens on</comment>
618     oav port = 8127
619 swift 1.1 </pre>
620    
621     <p>
622 nightmorph 1.29 It is generally a good idea to start the virus scanner immediately. Add it to
623     the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
624     The service has two processes: freshclam keeps the virus definition database up
625     to date while clamd is the actual anti-virus daemon. First you may want to set
626     the paths of the logfiles so that it fits your needs.
627 swift 1.16 </p>
628    
629     <pre caption="Checking the location of the logfiles">
630     # <i>vim /etc/clamd.conf</i>
631     <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
632     # <i>vim /etc/freshclam.conf</i>
633     <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
634     # <i>vim /etc/conf.d/clamd</i>
635     <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
636     </pre>
637    
638     <p>
639     Now fire up the virus scanner.
640 swift 1.1 </p>
641    
642     <pre caption="Add clamd to bootup and start it">
643     # <i>rc-update add clamd default</i>
644     # <i>/etc/init.d/clamd start</i>
645     </pre>
646    
647     </body>
648     </section>
649     <section>
650     <title>Configuring CUPS</title>
651     <body>
652    
653     <p>
654 nightmorph 1.29 This is a little more complicated. CUPS' main config file is
655     <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
656     <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
657     example are the directives that need to be changed:
658 swift 1.1 </p>
659    
660     <pre caption="/etc/cups/cupsd.conf">
661     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
662 flammie 1.25 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
663 swift 1.1
664     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
665     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
666    
667 neysx 1.37 LogLevel debug <comment># only while installing and testing, should later be
668 neysx 1.20 # changed to 'info'</comment>
669 swift 1.1
670     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
671     # there seemed to be a bug in CUPS' controlling of the web interface,
672     # making CUPS think a denial of service attack was in progress when
673     # I tried to configure a printer with the web interface. weird.</comment>
674    
675 neysx 1.37 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
676 swift 1.1
677     &lt;Location /&gt;
678     Order Deny,Allow
679     Deny From All
680     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
681 flammie 1.25 # e.g. 192.168.1.* will allow connections from any host on
682 swift 1.1 # the 192.168.1.0 network. change to whatever suits you</comment>
683     &lt;/Location&gt;
684    
685     &lt;Location /admin&gt;
686     AuthType Basic
687     AuthClass System
688     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
689 neysx 1.37 # 192.168.1.0 network to connect and do
690 swift 1.1 # administrative tasks after authenticating</comment>
691     Order Deny,Allow
692     Deny From All
693     &lt;/Location&gt;
694     </pre>
695    
696     <p>
697 neysx 1.37 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. The changes to
698     <path>mime.convs</path> and <path>mime.types</path> are needed to make CUPS
699     print Microsoft Office document files.
700 swift 1.1 </p>
701    
702     <pre caption="/etc/cups/mime.convs">
703     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
704 neysx 1.37 application/octet-stream application/vnd.cups-raw 0
705 swift 1.1 </pre>
706    
707     <p>
708 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
709 swift 1.1 </p>
710    
711     <pre caption="/etc/cups/mime.types">
712     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
713 neysx 1.37 application/octet-stream
714 swift 1.1 </pre>
715    
716     <p>
717 neysx 1.37 CUPS needs to be started on boot, and started immediately.
718 swift 1.1 </p>
719    
720     <pre caption="Setting up the CUPS service" >
721     <comment>(To start CUPS on boot)</comment>
722     # <i>rc-update add cupsd default</i>
723 neysx 1.14 <comment>(To start or restart CUPS now)</comment>
724 swift 1.1 # <i>/etc/init.d/cupsd restart</i>
725     </pre>
726    
727     </body>
728     </section>
729     <section>
730     <title>Installing a printer for and with CUPS</title>
731     <body>
732    
733     <p>
734 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
735     find and download the correct PPD file for your printer and CUPS. To do so,
736     click the link Printer Listings to the left. Select your printers manufacturer
737 flammie 1.25 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
738 nightmorph 1.29 the page coming up click the "recommended driver" link after reading the various
739     notes and information. Then fetch the PPD file from the next page, again after
740     reading the notes and introductions there. You may have to select your printers
741     manufacturer and model again. Reading the <uri
742     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
743     also very helpful when working with CUPS.
744 swift 1.1 </p>
745    
746     <p>
747 nightmorph 1.29 Now you have a PPD file for your printer to work with CUPS. Place it in
748     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
749     <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
750     This can be done via the CUPS web interface or via command line. The web
751 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
752 swift 1.1 </p>
753    
754     <pre caption="Install the printer via command line">
755     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
756 nightmorph 1.22 # <i>/etc/init.d/cupsd restart</i>
757 swift 1.1 </pre>
758    
759     <p>
760 nightmorph 1.29 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
761     argument) right (the name you set above during the Samba configuration!) and to
762     put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
763     whatever device you are using for your printer.
764 swift 1.1 </p>
765    
766     <p>
767 nightmorph 1.29 You should now be able to access the printer from the web interface and be able
768     to print a test page.
769 swift 1.1 </p>
770    
771     </body>
772     </section>
773     <section>
774     <title>Installing the Windows printer drivers</title>
775     <body>
776    
777     <p>
778 neysx 1.37 Now that the printer should be working it is time to install the drivers for
779     the Windows clients to work. Samba 2.2 introduced this functionality. Browsing
780     to the print server in the Network Neighbourhood, right-clicking on the
781 nightmorph 1.29 printershare and selecting "connect" downloads the appropriate drivers
782     automagically to the connecting client, avoiding the hassle of manually
783     installing printer drivers locally.
784 swift 1.1 </p>
785    
786     <p>
787 nightmorph 1.26 There are two sets of printer drivers for this. First, the Adobe PS drivers
788     which can be obtained from <uri
789     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
790 nightmorph 1.30 printer drivers). Second, there are the CUPS PS drivers, to be obtained by
791     emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
792     so you may need to add it to <path>/etc/portage/package.keywords</path>. There
793     doesn't seem to be a difference between the functionality of the two, but the
794     Adobe PS drivers need to be extracted on a Windows System since it's a Windows
795     binary. Also the whole procedure of finding and copying the correct files is a
796 nightmorph 1.35 bit more hassle. The CUPS drivers support some options the Adobe drivers
797 nightmorph 1.30 don't.
798 nightmorph 1.26 </p>
799 swift 1.1
800     <p>
801 nightmorph 1.30 This HOWTO uses the CUPS drivers for Windows. Install them as shown:
802 swift 1.1 </p>
803    
804 nightmorph 1.35 <pre caption="Install the drivers">
805 nightmorph 1.30 # <i>emerge -av cups-windows</i>
806 swift 1.1 </pre>
807    
808     <p>
809 nightmorph 1.23 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
810 nightmorph 1.35 Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
811     Windows drivers you'll need to copy to the proper CUPS directory. Once you've
812     copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
813     Next, run <c>cupsaddsmb</c> as shown:
814 swift 1.1 </p>
815    
816     <pre caption="Run cupsaddsmb">
817     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
818     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
819     "export all known printers".)</comment>
820     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
821     </pre>
822    
823     <warn>
824 nightmorph 1.26 The execution of this command often causes the most trouble. Read through the
825     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
826     thread</uri> for some troubleshooting tips.
827 swift 1.1 </warn>
828    
829     <p>
830     Here are common errors that may happen:
831     </p>
832    
833     <ul>
834     <li>
835 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
836 nightmorph 1.29 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
837     the print server for CUPS/Samba interaction. If an error like: <b>Warning:
838     No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
839     first thing you should do is substitute <c>PrintServer</c> with
840     <c>localhost</c> and try it again.
841 swift 1.1 </li>
842     <li>
843 nightmorph 1.29 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
844     is quite common, but can be triggered by many problems. It's unfortunately
845     not very helpful. One thing to try is to temporarily set <c>security =
846     user</c> in your <path>smb.conf</path>. After/if the installation completes
847     successfully, you should set it back to share, or whatever it was set to
848 swift 1.1 before.
849     </li>
850     </ul>
851    
852     <p>
853 nightmorph 1.29 This should install the correct driver directory structure under
854     <path>/etc/samba/printer</path>. That would be
855     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
856     driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
857     name which you gave the printer when installing it (see above).
858 swift 1.1 </p>
859    
860     <p>
861 nightmorph 1.29 Pending no errors or other complications, your drivers are now installed.
862 swift 1.1 </p>
863    
864     </body>
865     </section>
866     <section>
867     <title>Finalizing our setup</title>
868     <body>
869    
870     <p>
871     Lastly, setup our directories.
872     </p>
873    
874     <pre caption="Final changes needed">
875     # <i>mkdir /home/samba</i>
876     # <i>mkdir /home/samba/public</i>
877     # <i>chmod 755 /home/samba</i>
878     # <i>chmod 755 /home/samba/public</i>
879     </pre>
880    
881     </body>
882     </section>
883     <section>
884     <title>Testing our Samba configuration</title>
885     <body>
886    
887     <p>
888     We will want to test our configuration file to ensure that it is formatted
889 nightmorph 1.29 properly and all of our options have at least the correct syntax. To do this we
890     run <c>testparm</c>.
891 swift 1.1 </p>
892    
893     <pre caption="Running the testparm">
894     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
895     # <i>/usr/bin/testparm</i>
896     Load smb config files from /etc/samba/smb.conf
897     Processing section &quot;[printers]&quot;
898     Global parameter guest account found in service section!
899     Processing section &quot;[public]&quot;
900     Global parameter guest account found in service section!
901     Loaded services file OK.
902     Server role: ROLE_STANDALONE
903     Press enter to see a dump of your service definitions
904     ...
905     ...
906     </pre>
907    
908     </body>
909     </section>
910     <section>
911     <title>Starting the Samba service</title>
912     <body>
913    
914     <p>
915     Now configure Samba to start at bootup; then go ahead and start it.
916     </p>
917    
918     <pre caption="Setting up the Samba service">
919     # <i>rc-update add samba default</i>
920     # <i>/etc/init.d/samba start</i>
921     </pre>
922    
923     </body>
924     </section>
925     <section>
926     <title>Checking our services</title>
927     <body>
928    
929     <p>
930 nightmorph 1.29 It would probably be prudent to check our logs at this time also. We will also
931     want to take a peak at our Samba shares using <c>smbclient</c>.
932 swift 1.1 </p>
933    
934     <pre caption="Checking the shares with smbclient">
935     # <i>smbclient -L localhost</i>
936     Password:
937     <comment>(You should see a BIG list of services here.)</comment>
938     </pre>
939    
940     </body>
941     </section>
942     </chapter>
943 neysx 1.5
944 swift 1.1 <chapter>
945     <title>Configuration of the Clients</title>
946     <section>
947     <title>Printer configuration of *nix based clients</title>
948     <body>
949    
950     <p>
951 nightmorph 1.29 Despite the variation or distribution, the only thing needed is CUPS. Do the
952 neysx 1.11 equivalent on any other UNIX/Linux/BSD client.
953 swift 1.1 </p>
954    
955 neysx 1.5 <pre caption="Configuring a Gentoo system">
956 swift 1.1 # <i>emerge cups</i>
957 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
958     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
959 swift 1.1 </pre>
960    
961     <p>
962 neysx 1.11 That should be it. Nothing else will be needed.
963 swift 1.1 </p>
964    
965     <p>
966 neysx 1.11 If you use only one printer, it will be your default printer. If your print
967     server manages several printers, your administrator will have defined a default
968     printer on the server. If you want to define a different default printer for
969     yourself, use the <c>lpoptions</c> command.
970 swift 1.1 </p>
971    
972 neysx 1.11 <pre caption="Setting your default printer">
973     <comment>(List available printers)</comment>
974     # <i>lpstat -a</i>
975     <comment>(Sample output, yours will differ)</comment>
976     HPDeskJet930C accepting requests since Jan 01 00:00
977     laser accepting requests since Jan 01 00:00
978     <comment>(Define HPDeskJet930C as your default printer)</comment>
979     # <i>lpoptions -d HPDeskJet930C</i>
980 swift 1.1 </pre>
981    
982 neysx 1.11 <pre caption="Printing in *nix">
983     <comment>(Specify the printer to be used)</comment>
984     # <i>lp -d HPDeskJet930C anything.txt</i>
985     <comment>(Use your default printer)</comment>
986     # <i>lp foobar.whatever.ps</i>
987 swift 1.1 </pre>
988    
989     <p>
990 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
991     you want to manage your printers and their jobs with a nice web interface.
992 nightmorph 1.29 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
993     print server, not the name you gave to the cups print server if you used
994 neysx 1.11 different names.
995 swift 1.1 </p>
996    
997     </body>
998     </section>
999     <section>
1000     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1001     <body>
1002    
1003 nightmorph 1.32 <note>
1004 neysx 1.36 Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the
1005     client(s) that will be accessing the shares.
1006 nightmorph 1.32 </note>
1007    
1008 swift 1.1 <p>
1009 nightmorph 1.31 Now is time to configure our kernel to support cifs. Since I'm assuming
1010     we've all compiled at least one kernel, we'll need to make sure we have all the
1011     right options selected in our kernel. For simplicity's sake, make it a module
1012     for ease of use. It is the author's opinion that kernel modules are a good thing
1013     and should be used whenever possible.
1014 swift 1.1 </p>
1015    
1016 nightmorph 1.31 <pre caption="Kernel support" >
1017     CONFIG_CIFS=m
1018 swift 1.1 </pre>
1019    
1020     <p>
1021 nightmorph 1.31 Then make the module/install it; insert it with:
1022 swift 1.1 </p>
1023    
1024     <pre caption="Loading the kernel module">
1025 nightmorph 1.31 # <i>modprobe cifs</i>
1026 swift 1.1 </pre>
1027    
1028     <p>
1029 nightmorph 1.29 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1030     <c>mount</c> to accomplish this, as detailed below:
1031 swift 1.1 </p>
1032    
1033     <pre caption="Mounting a Windows/Samba share">
1034     <comment>(The syntax for mounting a Windows/Samba share is:
1035 nightmorph 1.31 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1036 swift 1.1 If we are not using passwords or a password is not needed)</comment>
1037    
1038 nightmorph 1.31 # <i>mount -t cifs //PrintServer/public /mnt/public</i>
1039 swift 1.1
1040     <comment>(If a password is needed)</comment>
1041 nightmorph 1.31 # <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1042 swift 1.1 </pre>
1043    
1044     <p>
1045 nightmorph 1.29 After you mount the share, you would access it as if it were a local drive.
1046 swift 1.1 </p>
1047    
1048     </body>
1049     </section>
1050     <section>
1051     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1052     <body>
1053    
1054     <p>
1055 nightmorph 1.29 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1056     right click on the printer (HPDeskJet930C) and click connect. This will download
1057     the drivers to the Windows client and now every application (such as Word or
1058     Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1059 swift 1.1 </p>
1060    
1061     </body>
1062     </section>
1063     </chapter>
1064 neysx 1.5
1065 swift 1.1 <chapter>
1066     <title>Final Notes</title>
1067     <section>
1068     <title>A Fond Farewell</title>
1069     <body>
1070    
1071     <p>
1072 nightmorph 1.29 That should be it. You should now have a successful printing enviroment that is
1073     friendly to both Windows and *nix as well as a fully virus-free working share!
1074 swift 1.1 </p>
1075    
1076     </body>
1077     </section>
1078     </chapter>
1079 neysx 1.5
1080 swift 1.1 <chapter>
1081     <title>Links and Resources</title>
1082     <section>
1083     <title>Links</title>
1084     <body>
1085    
1086     <p>
1087     These are some links that may help you in setting up, configuration and
1088     troubleshooting your installation:
1089     </p>
1090    
1091     <ul>
1092     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1093 nightmorph 1.27 <li>
1094     <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1095     link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1096     on Samba/CUPS configuration</uri>
1097     </li>
1098 swift 1.1 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1099     <li>
1100     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1101 nightmorph 1.29 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1102     and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1103     Samba, and generally printing support on networks. A really interesting
1104     read, with lots and lots of details.)
1105 swift 1.1 </li>
1106     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1107     </ul>
1108    
1109     </body>
1110     </section>
1111     <section>
1112     <title>Troubleshooting</title>
1113     <body>
1114    
1115     <p>
1116 nightmorph 1.29 See <uri
1117     link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1118     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1119     useful tips there! Be sure to look this one up first, before posting questions
1120     and problems! Maybe the solution you're looking for is right there.
1121 swift 1.1 </p>
1122    
1123     </body>
1124     </section>
1125     </chapter>
1126     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20