/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.8 - (hide annotations) (download) (as text)
Fri Jul 2 07:36:09 2004 UTC (10 years, 5 months ago) by swift
Branch: MAIN
Changes since 1.7: +9 -3 lines
File MIME type: application/xml
#48754 - Fix minor complication with the use of ClamAV

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 swift 1.8 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.7 2004/06/25 22:28:55 vapier Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4     <guide link="quick-samba-howto.xml">
5 swift 1.3 <title>Gentoo Samba3/CUPS/Clam AV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 swift 1.3 Setup, install and configure a Samba Server under Gentoo that shares
15     files, printers without the need to install drivers and provides
16 swift 1.1 automatic virus scanning.
17     </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 swift 1.8 <version>1.5</version>
24     <date>June 30, 2004</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33     This HOWTO is designed to help you move a network from many different
34 neysx 1.5 clients speaking different languages, to many different machines that
35 swift 1.1 speak a common language. The ultimate goal is to help differing
36 swift 1.3 architectures and technologies, come together in a productive,
37     happily coexisting environment.
38 swift 1.1 </p>
39    
40     <p>
41     Following the directions outlined in this HOWTO should give you an
42     excellent step towards a peaceful cohabitation between Windows, and
43     virtually all known variations of *nix.
44     </p>
45    
46     <p>
47     This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48     intended to explore the functionality and power of the Gentoo system,
49     portage and the flexibility of USE flags. Like so many other projects,
50     it was quickly discovered what was missing in the Gentoo realm: there
51     weren't any Samba HOWTO's catered for Gentoo users. These users are
52     more demanding than most; they require performance, flexibility and
53     customization. This does not however imply that this HOWTO was not
54     intended for other distributions; rather that it was designed to work
55     with a highly customized version of Samba.
56     </p>
57    
58     <p>
59     This HOWTO will describe how to share files and printers between Windows
60     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61     File System) feature of Samba to incorporate automatic virus protection.
62     As a finale, it will show you how to mount and manipulate shares.
63     </p>
64    
65     <p>
66     There are a few topics that will be mentioned, but are out of the
67     scope of this HOWTO. These will be noted as they are presented.
68     </p>
69    
70     <p>
71     This HOWTO is based on a compilation and merge of an excellent HOWTO
72     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74     The link to this discussion is provided below for your reference:
75     </p>
76    
77     <ul>
78     <li>
79     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80     CUPS+Samba: printing from Windows &amp; Linux</uri>
81     </li>
82     </ul>
83    
84     </body>
85     </section>
86     <section>
87     <title>Before you use this guide</title>
88     <body>
89    
90     <p>
91 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
92     them as well, as they may tell you things left out of this HOWTO (intentional
93     or otherwise). One such document is the very useful and well written <uri
94     link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95     issues and specific printer setup is not discussed here.
96 swift 1.1 </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112     <li>Install and configure CLAM-AV</li>
113     <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146 swift 1.6 <li>app-antivirus/clamav</li>
147 swift 1.1 <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149     <li>net-print/hpijs (if you have an HP printer)</li>
150     <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151     <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161 swift 1.6 app-antivirus/clamav will be used also, but others should be easily adapted
162 swift 1.1 to work with Samba.
163     </p>
164    
165     </body>
166     </section>
167     </chapter>
168 neysx 1.5
169 swift 1.1 <chapter>
170     <title>Getting acquainted with Samba</title>
171     <section>
172     <title>The USE Flags</title>
173     <body>
174    
175     <p>
176     Before emerging anything, take a look at the various USE flags
177     available to Samba.
178     </p>
179    
180     <pre caption="Samba uses the following USE Variables:">
181     kerberos mysql xml acl cups ldap pam readline python oav
182     </pre>
183    
184     <p>
185     Depending on the network topology and the specific requirements of
186     the server, the USE flags outlined below will define what to include or
187     exclude from the emerging of Samba.
188     </p>
189    
190     <table>
191     <tr>
192     <th><b>USE flag</b></th>
193     <th>Description</th>
194     </tr>
195     <tr>
196     <th><b>kerberos</b></th>
197     <ti>
198     Include support for Kerberos. The server will need this if it is
199     intended to join an existing domain or Active Directory. See the note
200     below for more information.
201     </ti>
202     </tr>
203     <tr>
204     <th><b>mysql</b></th>
205     <ti>
206     This will allow Samba to use MySQL in order to do password authentication.
207     It will store ACLs, usernames, passwords, etc in a database versus a
208     flat file. If Samba is needed to do password authentication, such as
209     acting as a password validation server or a Primary Domain Controller
210     (PDC).
211     </ti>
212     </tr>
213     <tr>
214     <th><b>xml</b></th>
215     <ti>
216     The xml USE option for Samba provides a password database backend allowing
217     Samba to store account details in XML files, for the same reasons listed in
218     the mysql USE flag description.
219     </ti>
220     </tr>
221     <tr>
222     <th><b>acl</b></th>
223     <ti>
224     Enables Access Control Lists. The ACL support in Samba uses a patched
225     ext2/ext3, or SGI's XFS in order to function properly as it extends more
226     detailed access to files or directories; much more so than typical *nix
227     GID/UID schemas.
228     </ti>
229     </tr>
230     <tr>
231     <th><b>cups</b></th>
232     <ti>
233     This enables support for the Common Unix Printing System. This
234     provides an interface allowing local CUPS printers to be shared to
235     other systems in the network.
236     </ti>
237     </tr>
238     <tr>
239     <th><b>ldap</b></th>
240     <ti>
241     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
242     expected to use Active Directory, this option must be used. This would
243     be used in the event Samba needs to login to or provide login to
244     a Domain/Active Directory Server. The kerberos USE flag is needed for
245     proper functioning of this option.
246     </ti>
247     </tr>
248     <tr>
249     <th><b>pam</b></th>
250     <ti>
251     Include support for pluggable authentication modules (PAM). This
252     provides the ability to authenticate users on the Samba Server, which is
253     required if users have to login to your server. The kerberos USE flag
254     is recommended along with this option.
255     </ti>
256     </tr>
257     <tr>
258     <th><b>readline</b></th>
259     <ti>
260     Link Samba again libreadline. This is highly recommended and should
261     probably not be disabled
262     </ti>
263     </tr>
264     <tr>
265     <th><b>python</b></th>
266     <ti>
267     Python bindings API. Provides an API that will allow Python to
268     interface with Samba.
269     </ti>
270     </tr>
271     <tr>
272     <th><b>oav</b></th>
273     <ti>
274     Provides on-access scanning of Samba shares with FRISK F-Prot
275     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277     </ti>
278     </tr>
279     </table>
280    
281     <p>
282     A couple of things worth mentioning about the USE flags and different
283     Samba functions include:
284     </p>
285    
286     <ul>
287     <li>
288     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
289     ACL kernel options for ext2 and/or ext3 will need to be enabled
290     (depending on which file system is being used - both can be enabled).
291     </li>
292     <li>
293     While Active Directory, ACL, and PDC functions are out of the intended
294     scope of this HOWTO, you may find these links as helpful to your cause:
295     <ul>
296     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
297     <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
298     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
299     </ul>
300     </li>
301     </ul>
302    
303     </body>
304     </section>
305     </chapter>
306 neysx 1.5
307 swift 1.1 <chapter>
308     <title>Server Software Installation</title>
309     <section>
310     <title>Emerging Samba</title>
311     <body>
312    
313     <p>
314     First of all: be sure that all your hostnames resolve correctly.
315     Either have a working domain name system running on your network
316 swift 1.3 or appropriate entries in your <path>/etc/hosts</path> file.
317     <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
318     machines.
319 swift 1.1 </p>
320    
321     <p>
322     Hopefully now you can make an assessment of what you'll actually need in
323     order to use Samba with your particular setup. The setup used for this
324     HOWTO is:
325     </p>
326    
327     <ul>
328     <li>oav</li>
329     <li>cups</li>
330     <li>readline</li>
331     <li>pam</li>
332     </ul>
333    
334     <p>
335     To optimize performance, size and the time of the build, the
336     USE flags are specifically included or excluded.
337     </p>
338    
339     <pre caption="Emerge Samba">
340     <comment>(Note the USE flags!)</comment>
341     # <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i>
342     </pre>
343    
344     <note>
345     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346     ppc, sparc, hppa, ia64 and alpha
347     </note>
348    
349     <p>
350     This will emerge Samba and CUPS (if CUPS is not already emerged).
351     </p>
352    
353     </body>
354     </section>
355     <section>
356 swift 1.3 <title>Emerging Clam AV</title>
357 swift 1.1 <body>
358    
359     <p>
360 swift 1.3 Because the <e>oav</e> USE flag only provides an interface to allow on access
361 swift 1.1 virus scanning, the actual virus scanner must be emerged. The scanner
362 swift 1.3 used in this HOWTO is Clam AV.
363 swift 1.1 </p>
364    
365     <pre caption="Emerge clam-av">
366 swift 1.6 # <i>emerge app-antivirus/clamav</i>
367 swift 1.1 </pre>
368    
369     </body>
370     </section>
371     <section>
372     <title>Emerging foomatic</title>
373     <body>
374    
375     <pre caption="Emerge foomatic">
376     # <i>emerge net-print/foomatic</i>
377     </pre>
378    
379     </body>
380     </section>
381     <section>
382     <title>Emerging net-print/hpijs</title>
383     <body>
384    
385     <p>
386     You only need to emerge this if you use an HP printer.
387     </p>
388    
389     <pre caption="Emerge hpijs">
390 swift 1.2 # <i>emerge net-print/hpijs</i>
391 swift 1.1 </pre>
392    
393     </body>
394     </section>
395     </chapter>
396 neysx 1.5
397 swift 1.1 <chapter>
398     <title>Server Configuration</title>
399     <section>
400     <title>Configuring Samba</title>
401     <body>
402    
403     <p>
404     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
405     It is divided in sections indicated by [sectionname]. Comments are either
406     # or ;. A sample <path>smb.conf</path> is included below with comments and
407     suggestions for modifications. If more details are required, see the
408 swift 1.3 man page for <path>smb.conf</path>, the installed
409     <path>smb.conf.example</path>, the Samba Web site or any of the
410     numerous Samba books available.
411 swift 1.1 </p>
412    
413     <pre caption="A Sample /etc/samba/smb.conf">
414     [global]
415     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416     workgroup = <comment>MYWORKGROUPNAME</comment>
417     <comment># Of course this has no REAL purpose other than letting
418     # everyone know its not Windows!
419     # %v prints the version of Samba we are using.</comment>
420     server string = Samba Server %v
421     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
422     printcap name = cups
423     printing = cups
424     load printers = yes
425     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
426     log file = /var/log/samba/log.%m
427     max log size = 50
428     <comment># We are going to set some options for our interfaces...</comment>
429     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
430     <comment># This is a good idea, what we are doing is binding the
431     # samba server to our local network.
432     # For example, if eth0 is our local network device</comment>
433     interfaces = lo <i>eth0</i>
434     bind interfaces only = yes
435     <comment># Now we are going to specify who we allow, we are afterall
436     # very security conscience, since this configuration does
437     # not use passwords!</comment>
438     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
439     hosts deny = 0.0.0.0/0
440     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
441     # The default is user</comment>
442     security = share
443     <comment># No passwords, so we're going to use a guest account!</comment>
444     guest account = samba
445     guest ok = yes
446     <comment># We now will implement the on access virus scanner.
447     # NOTE: By putting this in our [Global] section, we enable
448     # scanning of ALL shares, you could optionally move
449     # these to a specific share and only scan it.</comment>
450 swift 1.8
451     <comment># For Samba 3.x</comment>
452     vfs object = vscan-clamav
453     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454    
455     <comment># For Samba 2.2.x</comment>
456 swift 1.1 vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457     vfs options = config-file = /etc/samba/vscan-clamav.conf
458    
459     <comment># Now we setup our print drivers information!</comment>
460     [print$]
461     comment = Printer Drivers
462     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
463     guest ok = no
464     browseable = yes
465     read only = yes
466     <comment># Modify this to "username,root" if you don't want root to
467     # be the only printer admin)</comment>
468     write list = <i>root</i>
469    
470     <comment># Now we'll setup a printer to share, while the name is arbitrary
471     # it should be consistent throughout Samba and CUPS!</comment>
472     [HPDeskJet930C]
473     comment = HP DeskJet 930C Network Printer
474     printable = yes
475     path = /var/spool/samba
476     public = yes
477     guest ok = yes
478     <comment># Modify this to "username,root" if you don't want root to
479     # be the only printer admin)</comment>
480     printer admin = <i>root</i>
481    
482     <comment># Now we setup our printers share. This should be
483     # browseable, printable, public.</comment>
484     [printers]
485     comment = All Printers
486     browseable = yes
487     printable = yes
488     public = yes
489     guest ok = yes
490     path = /var/spool/samba
491     <comment># Modify this to "username,root" if you don't want root to
492     # be the only printer admin)</comment>
493     printer admin = <i>root</i>
494    
495     <comment># We create a new share that we can read/write to from anywhere
496     # This is kind of like a public temp share, anyone can do what
497     # they want here.</comment>
498     [public]
499     comment = Public Files
500     browseable = yes
501     public = yes
502     create mode = 0766
503     guest ok = yes
504     path = /home/samba/public
505     </pre>
506    
507 swift 1.3 <warn>
508     If you like to use Samba's guest account to do anything concerning
509     printing from Windows clients: don't set <c>guest only = yes</c> in
510     the <c>[global]</c> section. The guest account seems to cause
511     problems when running <c>cupsaddsmb</c> sometimes when trying to
512     connect from Windows machines. See below, too, when we talk about
513     <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
514     printer user, like <c>printeruser</c> or <c>printer</c> or
515     <c>printme</c> or whatever. It doesn't hurt and it will certainly
516     protect you from a lot of problems.
517     </warn>
518 swift 1.1
519     <p>
520     Now create the directories required for the minimum configuration of
521     Samba to share the installed printer throughout the network.
522     </p>
523    
524     <pre caption="Create the directories">
525     # <i>mkdir /etc/samba/printer</i>
526     # <i>mkdir /var/spool/samba</i>
527     # <i>mkdir /home/samba/public</i>
528     </pre>
529    
530     <p>
531     At least one Samba user is required in order to install the printer
532     drivers and to allow users to connect to the printer. Users must
533     exist in the system's <path>/etc/passwd</path> file.
534     </p>
535    
536     <pre caption="Creating the users">
537     # <i>smbpasswd -a root</i>
538    
539     <comment>(If another user is to be a printer admin)</comment>
540     # <i>smbpasswd -a username</i>
541     </pre>
542    
543     <p>
544     The Samba passwords need not be the same as the system passwords
545     in <path>/etc/passwd</path>.
546     </p>
547    
548     </body>
549     </section>
550     <section>
551 swift 1.3 <title>Configuring Clam AV</title>
552 swift 1.1 <body>
553    
554     <p>
555     The configuration file specified to be used in <path>smb.conf</path> is
556     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
557     to the defaults, the infected file action may need to be changed.
558     </p>
559    
560     <pre caption="/etc/samba/vscan-clamav.conf">
561     [samba-vscan]
562     <comment>; run-time configuration for vscan-samba using
563     ; clamd
564     ; all options are set to default values</comment>
565    
566     <comment>; do not scan files larger than X bytes. If set to 0 (default),
567     ; this feature is disable (i.e. all files are scanned)</comment>
568     max file size = 0
569    
570     <comment>; log all file access (yes/no). If set to yes, every access will
571     ; be logged. If set to no (default), only access to infected files
572     ; will be logged</comment>
573     verbose file logging = no
574    
575     <comment>; if set to yes (default), a file will be scanned while opening</comment>
576     scan on open = yes
577     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
578     scan on close = yes
579    
580     <comment>; if communication to clamd fails, should access to file denied?
581     ; (default: yes)</comment>
582     deny access on error = yes
583    
584 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
585 swift 1.1 ; should access to file denied?
586     ; (default: yes)</comment>
587     deny access on minor error = yes
588    
589     <comment>; send a warning message via Windows Messenger service
590     ; when virus is found?
591     ; (default: yes)</comment>
592     send warning message = yes
593    
594     <comment>; what to do with an infected file
595     ; quarantine: try to move to quantine directory; delete it if moving fails
596     ; delete: delete infected file
597     ; nothing: do nothing</comment>
598     infected file action = <comment>delete</comment>
599    
600     <comment>; where to put infected files - you really want to change this!
601     ; it has to be on the same physical device as the share!</comment>
602     quarantine directory = /tmp
603     <comment>; prefix for files in quarantine</comment>
604     quarantine prefix = vir-
605    
606     <comment>; as Windows tries to open a file multiple time in a (very) short time
607     ; of period, samba-vscan use a last recently used file mechanism to avoid
608     ; multiple scans of a file. This setting specified the maximum number of
609     ; elements of the last recently used file list. (default: 100)</comment>
610     max lru files entries = 100
611    
612 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
613 swift 1.1 ; (Default: 5)</comment>
614     lru file entry lifetime = 5
615    
616     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
617     clamd socket name = /var/run/clamd
618     </pre>
619    
620     <p>
621     It is generally a good idea to start the virus scanner immediately. Add
622 swift 1.3 it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
623 swift 1.1 </p>
624    
625     <pre caption="Add clamd to bootup and start it">
626     # <i>rc-update add clamd default</i>
627     # <i>/etc/init.d/clamd start</i>
628     </pre>
629    
630     </body>
631     </section>
632     <section>
633     <title>Configuring CUPS</title>
634     <body>
635    
636     <p>
637 swift 1.3 This is a little more complicated. CUPS' main config file is
638 swift 1.1 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
639     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
640     in the example are the directives that need to be changed:
641     </p>
642    
643     <pre caption="/etc/cups/cupsd.conf">
644     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
645     ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
646    
647     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
648     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
649    
650     LogLevel debug <comment># only while isntalling and testing, should later be
651     # changed to 'info'</comment>
652    
653     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
654     # there seemed to be a bug in CUPS' controlling of the web interface,
655     # making CUPS think a denial of service attack was in progress when
656     # I tried to configure a printer with the web interface. weird.</comment>
657    
658     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
659    
660     &lt;Location /&gt;
661     Order Deny,Allow
662     Deny From All
663     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
664     # eg 192.168.1.* will allow connections from any host on
665     # the 192.168.1.0 network. change to whatever suits you</comment>
666     &lt;/Location&gt;
667    
668     &lt;Location /admin&gt;
669     AuthType Basic
670     AuthClass System
671     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
672     # 192.168.1.0 network to connect and do
673     # administrative tasks after authenticating</comment>
674     Order Deny,Allow
675     Deny From All
676     &lt;/Location&gt;
677     </pre>
678    
679     <p>
680     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
681 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
682     needed to make CUPS print Microsoft Office document files.
683 swift 1.1 </p>
684    
685     <pre caption="/etc/cups/mime.convs">
686     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
687     application/octet-stream application/vnd.cups-raw 0
688     </pre>
689    
690     <p>
691     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
692     </p>
693    
694     <pre caption="/etc/cups/mime.types">
695     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
696     application/octet-stream
697     </pre>
698    
699     <p>
700     CUPS needs to be started on boot, and started immediately.
701     </p>
702    
703     <pre caption="Setting up the CUPS service" >
704     <comment>(To start CUPS on boot)</comment>
705     # <i>rc-update add cupsd default</i>
706     <comment>(To start CUPS if it isn't started)</comment>
707     # <i>/etc/init.d/cupsd start</i>
708     <comment>(If CUPS is already started we'll need to restart it!)</comment>
709     # <i>/etc/init.d/cupsd restart</i>
710     </pre>
711    
712     </body>
713     </section>
714     <section>
715     <title>Installing a printer for and with CUPS</title>
716     <body>
717    
718     <p>
719 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
720     find and download the correct PPD file for your printer and CUPS. To do so,
721     click the link Printer Listings to the left. Select your printers manufacturer
722     and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
723     the page coming up click the "recommended driver" link after reading the
724     various notes and information. Then fetch the PPD file from the next page,
725     again after reading the notes and introductions there. You may have to select
726     your printers manufacturer and model again. Reading the <uri
727     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
728     is also very helpful when working with CUPS.
729 swift 1.1 </p>
730    
731     <p>
732     Now you have a PPD file for your printer to work with CUPS. Place it in
733     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
734 swift 1.3 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
735 swift 1.1 This can be done via the CUPS web interface or via command line. The web
736 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
737 swift 1.1 </p>
738    
739     <pre caption="Install the printer via command line">
740     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
741     </pre>
742    
743     <p>
744 swift 1.3 Remember to adjust to what you have. Be sure to have the name
745     (<c>-p</c> argument) right (the name you set above during the Samba
746     configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
747     <c>parallel:/dev/blah</c> or whatever device you are using for your
748     printer.
749 swift 1.1 </p>
750    
751     <p>
752 swift 1.3 You should now be able to access the printer from the web interface
753     and be able to print a test page.
754 swift 1.1 </p>
755    
756     </body>
757     </section>
758     <section>
759     <title>Installing the Windows printer drivers</title>
760     <body>
761    
762     <p>
763     Now that the printer should be working it is time to install the drivers
764     for the Windows clients to work. Samba 2.2 introduced this functionality.
765     Browsing to the print server in the Network Neighbourhood, right-clicking
766     on the printershare and selecting "connect" downloads the appropriate
767     drivers automagically to the connecting client, avoiding the hassle of
768     manually installing printer drivers locally.
769     </p>
770    
771     <p>
772     There are two sets of printer drivers for this. First, the Adobe PS
773     drivers which can be obtained from <uri
774     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
775     (PostScript printer drivers). Second, there are the CUPS PS drivers,
776     to be obtained from <uri link="http://www.cups.org/software.php">the
777     CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
778     pull down menu. There doesn't seem to be a difference between the
779     functionality of the two, but the Adobe PS drivers need to be extracted
780     on a Windows System since it's a Windows binary. Also the whole procedure
781     of finding and copying the correct files is a bit more hassle. The CUPS
782     drivers seem to support some options the Adobe drivers don't.
783     </p>
784    
785     <p>
786     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
787     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
788     contained into a directory.
789     </p>
790    
791     <pre caption="Extract the drivers and run the install">
792     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
793     # <i>cd cups-samba-5.0rc2</i>
794     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
795     # <i>./cups-samba.install</i>
796     </pre>
797    
798     <p>
799 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
800     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
801     <path>cupsui5.dll</path>. These are the actual driver files.
802 swift 1.1 </p>
803    
804     <warn>
805 swift 1.3 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
806 swift 1.1 because almost everything which is not part of the base system is
807     installed somewhere under the prefix <path>/usr/local/</path>. This
808     seems not to be the case for most things you install under GNU/Linux.
809     However, if your CUPS installation is somewhere other than
810 swift 1.3 <path>/usr/share/cups/</path> see the example below.
811 swift 1.1 </warn>
812    
813     <p>
814     Suppose your CUPS installation resides under
815     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
816     Do the following:
817     </p>
818    
819     <pre caption="Manually installing the drivers">
820     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
821     # <i>tar -xf cups-samba.ss</i>
822     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
823     # <i>cd usr/share/cups/drivers</i>
824     <comment>(no leading / !)</comment>
825     # <i>cp cups* /usr/local/share/cups/drivers</i>
826     </pre>
827    
828     <p>
829     Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
830     distribution. It's man page is an interesting read.
831     </p>
832    
833     <pre caption="Run cupsaddsmb">
834     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
835     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
836     "export all known printers".)</comment>
837     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
838     </pre>
839    
840     <warn>
841     The execution of this command often causes the most trouble.
842     Reading through the <uri
843 cam 1.4 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
844 swift 1.1 thread</uri>.
845     </warn>
846    
847     <p>
848     Here are common errors that may happen:
849     </p>
850    
851     <ul>
852     <li>
853 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
854     (<c>PrintServer</c>) often does not resolve correctly and doesn't
855     identify the print server for CUPS/Samba interaction. If an error
856     like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
857     skipping!</b> occurs, the first thing you should do is substitute
858     <c>PrintServer</c> with <c>localhost</c> and try it again.
859 swift 1.1 </li>
860     <li>
861     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
862     is quite common, but can be triggered by many problems. It's unfortunately
863 swift 1.3 not very helpful. One thing to try is to temporarily set <c>security =
864     user</c> in your <path>smb.conf</path>. After/if the installation completes
865 swift 1.1 successfully, you should set it back to share, or whatever it was set to
866     before.
867     </li>
868     </ul>
869    
870     <p>
871     This should install the correct driver directory structure under
872     <path>/etc/samba/printer</path>. That would be
873     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
874     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
875     (the name which you gave the printer when installing it (see above).
876     </p>
877    
878     <p>
879     Pending no errors or other complications, your drivers are now
880     installed.
881     </p>
882    
883     </body>
884     </section>
885     <section>
886     <title>Finalizing our setup</title>
887     <body>
888    
889     <p>
890     Lastly, setup our directories.
891     </p>
892    
893     <pre caption="Final changes needed">
894     # <i>mkdir /home/samba</i>
895     # <i>mkdir /home/samba/public</i>
896     # <i>chmod 755 /home/samba</i>
897     # <i>chmod 755 /home/samba/public</i>
898     </pre>
899    
900     </body>
901     </section>
902     <section>
903     <title>Testing our Samba configuration</title>
904     <body>
905    
906     <p>
907     We will want to test our configuration file to ensure that it is formatted
908     properly and all of our options have at least the correct syntax. To do
909     this we run <c>testparm</c>.
910     </p>
911    
912     <pre caption="Running the testparm">
913     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
914     # <i>/usr/bin/testparm</i>
915     Load smb config files from /etc/samba/smb.conf
916     Processing section &quot;[printers]&quot;
917     Global parameter guest account found in service section!
918     Processing section &quot;[public]&quot;
919     Global parameter guest account found in service section!
920     Loaded services file OK.
921     Server role: ROLE_STANDALONE
922     Press enter to see a dump of your service definitions
923     ...
924     ...
925     </pre>
926    
927     </body>
928     </section>
929     <section>
930     <title>Starting the Samba service</title>
931     <body>
932    
933     <p>
934     Now configure Samba to start at bootup; then go ahead and start it.
935     </p>
936    
937     <pre caption="Setting up the Samba service">
938     # <i>rc-update add samba default</i>
939     # <i>/etc/init.d/samba start</i>
940     </pre>
941    
942     </body>
943     </section>
944     <section>
945     <title>Checking our services</title>
946     <body>
947    
948     <p>
949     It would probably be prudent to check our logs at this time also.
950     We will also want to take a peak at our Samba shares using
951     <c>smbclient</c>.
952     </p>
953    
954     <pre caption="Checking the shares with smbclient">
955     # <i>smbclient -L localhost</i>
956     Password:
957     <comment>(You should see a BIG list of services here.)</comment>
958     </pre>
959    
960     </body>
961     </section>
962     </chapter>
963 neysx 1.5
964 swift 1.1 <chapter>
965     <title>Configuration of the Clients</title>
966     <section>
967     <title>Printer configuration of *nix based clients</title>
968     <body>
969    
970     <p>
971     Despite the variation or distribution, the only thing needed is CUPS.
972     Do the equivalent on any other UNIX/Linux/BSD client.
973     </p>
974    
975 neysx 1.5 <pre caption="Configuring a Gentoo system">
976 swift 1.1 # <i>emerge cups</i>
977     # <i>/etc/init.d/cupsd start</i>
978     # <i>rc-update add cupsd default</i>
979     </pre>
980    
981     <p>
982     That should be it. Nothing else will be needed. Just point your web
983 swift 1.3 browser to <c>http://localhost:631</c> on the client and you'll see that
984 swift 1.1 PrintServer broadcasts all available printers to all CUPS clients.
985     </p>
986    
987     <p>
988     To print, use for example
989     </p>
990    
991     <pre caption="Printing in *nix">
992     # <i>lpr -pHPDeskJet930C anything.txt</i>
993     # <i>lpr -PHPDeskJet930C foobar.whatever.ps</i>
994     </pre>
995    
996     <p>
997 swift 1.3 In order to setup a default printer, you have to edit
998     <path>/etc/cups/client.conf</path> and set the directive
999     <c>ServerName</c> to your printserver. In the case of this guide that
1000     would be the following example.
1001 swift 1.1 </p>
1002    
1003     <pre caption="/etc/cups/client.conf">
1004     ServerName PrintServer
1005     </pre>
1006    
1007     <p>
1008 swift 1.3 The following will print <path>foorbar.whatever.ps</path> directly to the print
1009 swift 1.1 server.
1010     </p>
1011    
1012     <pre caption="Printing to the default printer">
1013     $ <i>lpr foobar.whatever.ps</i>
1014     </pre>
1015    
1016     <p>
1017     Some common observations when setting a default printer in this manner
1018     include the following:
1019     </p>
1020    
1021     <ul>
1022     <li>
1023 swift 1.3 Setting the <c>ServerName</c> in <path>client.conf</path> seems to
1024     work well for only one printer, there may be yet another way to
1025     set a client's default remote printer.
1026 swift 1.1 </li>
1027     <li>
1028 swift 1.3 Also, when accessing <c>http://localhost:631</c> on the client
1029     now, no printers seem to be "found" by the client-CUPS. This is to
1030     be expected when setting <c>ServerName</c> in
1031     <path>client.conf</path>.
1032 swift 1.1 </li>
1033     </ul>
1034    
1035     </body>
1036     </section>
1037     <section>
1038     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1039     <body>
1040    
1041     <p>
1042 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1043     all compiled at least one kernel, we'll need to make sure we have all the right
1044     options selected in our kernel. For simplicity sake, make it a module for ease
1045     of use. It is the author's opinion that kernel modules are a good thing and
1046     should be used whenever possible.
1047 swift 1.1 </p>
1048    
1049     <pre caption="Relevant kernel options" >
1050     CONFIG_SMB_FS=m
1051     CONFIG_SMB_UNIX=y
1052     </pre>
1053    
1054     <p>
1055     Then make the module/install it; insert them with:
1056     </p>
1057    
1058     <pre caption="Loading the kernel module">
1059     # <i>modprobe smbfs</i>
1060     </pre>
1061    
1062     <p>
1063     Once the modules is loaded, mounting a Windows or Samba share is
1064     possible. Use <c>mount</c> to accomplish this, as detailed below:
1065     </p>
1066    
1067     <pre caption="Mounting a Windows/Samba share">
1068     <comment>(The syntax for mounting a Windows/Samba share is:
1069     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1070     If we are not using passwords or a password is not needed)</comment>
1071    
1072     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1073    
1074     <comment>(If a password is needed)</comment>
1075     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1076     </pre>
1077    
1078     <p>
1079     After you mount the share, you would access it as if it were a local
1080     drive.
1081     </p>
1082    
1083     </body>
1084     </section>
1085     <section>
1086     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1087     <body>
1088    
1089     <p>
1090 swift 1.3 That's just a bit of point-and-click. Browse to
1091     <path>\\PrintServer</path> and right click on the printer
1092     (HPDeskJet930C) and click connect. This will download the drivers to
1093     the Windows client and now every application (such as Word or Acrobat)
1094     will offer HPDeskJet930C as an available printer to print to. :-)
1095 swift 1.1 </p>
1096    
1097     </body>
1098     </section>
1099     </chapter>
1100 neysx 1.5
1101 swift 1.1 <chapter>
1102     <title>Final Notes</title>
1103     <section>
1104     <title>A Fond Farewell</title>
1105     <body>
1106    
1107     <p>
1108     Well that should be it. You should now have a successful printing enviroment
1109     that is friendly to both Windows and *nix as well as a fully virus-free working
1110     share!
1111     </p>
1112    
1113     </body>
1114     </section>
1115     </chapter>
1116 neysx 1.5
1117 swift 1.1 <chapter>
1118     <title>Links and Resources</title>
1119     <section>
1120     <title>Links</title>
1121     <body>
1122    
1123     <p>
1124     These are some links that may help you in setting up, configuration and
1125     troubleshooting your installation:
1126     </p>
1127    
1128     <ul>
1129     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1130     <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1131     <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1132     <li>
1133     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1134     Pfeifle's Samba Print HOWTO</uri> (
1135     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1136     I've written here, plus a LOT more concerning CUPS and Samba, and
1137     generally printing support on networks. A really interesting read,
1138     with lots and lots of details)
1139     </li>
1140     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1141     </ul>
1142    
1143     </body>
1144     </section>
1145     <section>
1146     <title>Troubleshooting</title>
1147     <body>
1148    
1149     <p>
1150     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1151     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1152     manual. Lots of useful tips there! Be sure to look this one up
1153     first, before posting questions and problems! Maybe the solution
1154     you're looking for is right there.
1155     </p>
1156    
1157     </body>
1158     </section>
1159     </chapter>
1160     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20