/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.9 - (hide annotations) (download) (as text)
Sun Aug 1 11:40:20 2004 UTC (9 years, 8 months ago) by swift
Branch: MAIN
Changes since 1.8: +14 -3 lines
File MIME type: application/xml
#42013 - Add NetBIOS support in nsswitch.conf

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 swift 1.9 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.8 2004/07/02 07:36:09 swift Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4     <guide link="quick-samba-howto.xml">
5 swift 1.3 <title>Gentoo Samba3/CUPS/Clam AV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 swift 1.3 Setup, install and configure a Samba Server under Gentoo that shares
15     files, printers without the need to install drivers and provides
16 swift 1.1 automatic virus scanning.
17     </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 swift 1.9 <version>1.6</version>
24     <date>August 01, 2004</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33     This HOWTO is designed to help you move a network from many different
34 neysx 1.5 clients speaking different languages, to many different machines that
35 swift 1.1 speak a common language. The ultimate goal is to help differing
36 swift 1.3 architectures and technologies, come together in a productive,
37     happily coexisting environment.
38 swift 1.1 </p>
39    
40     <p>
41     Following the directions outlined in this HOWTO should give you an
42     excellent step towards a peaceful cohabitation between Windows, and
43     virtually all known variations of *nix.
44     </p>
45    
46     <p>
47     This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48     intended to explore the functionality and power of the Gentoo system,
49     portage and the flexibility of USE flags. Like so many other projects,
50     it was quickly discovered what was missing in the Gentoo realm: there
51     weren't any Samba HOWTO's catered for Gentoo users. These users are
52     more demanding than most; they require performance, flexibility and
53     customization. This does not however imply that this HOWTO was not
54     intended for other distributions; rather that it was designed to work
55     with a highly customized version of Samba.
56     </p>
57    
58     <p>
59     This HOWTO will describe how to share files and printers between Windows
60     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61     File System) feature of Samba to incorporate automatic virus protection.
62     As a finale, it will show you how to mount and manipulate shares.
63     </p>
64    
65     <p>
66     There are a few topics that will be mentioned, but are out of the
67     scope of this HOWTO. These will be noted as they are presented.
68     </p>
69    
70     <p>
71     This HOWTO is based on a compilation and merge of an excellent HOWTO
72     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74     The link to this discussion is provided below for your reference:
75     </p>
76    
77     <ul>
78     <li>
79     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80     CUPS+Samba: printing from Windows &amp; Linux</uri>
81     </li>
82     </ul>
83    
84     </body>
85     </section>
86     <section>
87     <title>Before you use this guide</title>
88     <body>
89    
90     <p>
91 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
92     them as well, as they may tell you things left out of this HOWTO (intentional
93     or otherwise). One such document is the very useful and well written <uri
94     link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95     issues and specific printer setup is not discussed here.
96 swift 1.1 </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112     <li>Install and configure CLAM-AV</li>
113     <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146 swift 1.6 <li>app-antivirus/clamav</li>
147 swift 1.1 <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149     <li>net-print/hpijs (if you have an HP printer)</li>
150     <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151     <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161 swift 1.6 app-antivirus/clamav will be used also, but others should be easily adapted
162 swift 1.1 to work with Samba.
163     </p>
164    
165     </body>
166     </section>
167     </chapter>
168 neysx 1.5
169 swift 1.1 <chapter>
170     <title>Getting acquainted with Samba</title>
171     <section>
172     <title>The USE Flags</title>
173     <body>
174    
175     <p>
176     Before emerging anything, take a look at the various USE flags
177     available to Samba.
178     </p>
179    
180     <pre caption="Samba uses the following USE Variables:">
181     kerberos mysql xml acl cups ldap pam readline python oav
182     </pre>
183    
184     <p>
185     Depending on the network topology and the specific requirements of
186     the server, the USE flags outlined below will define what to include or
187     exclude from the emerging of Samba.
188     </p>
189    
190     <table>
191     <tr>
192     <th><b>USE flag</b></th>
193     <th>Description</th>
194     </tr>
195     <tr>
196     <th><b>kerberos</b></th>
197     <ti>
198     Include support for Kerberos. The server will need this if it is
199     intended to join an existing domain or Active Directory. See the note
200     below for more information.
201     </ti>
202     </tr>
203     <tr>
204     <th><b>mysql</b></th>
205     <ti>
206     This will allow Samba to use MySQL in order to do password authentication.
207     It will store ACLs, usernames, passwords, etc in a database versus a
208     flat file. If Samba is needed to do password authentication, such as
209     acting as a password validation server or a Primary Domain Controller
210     (PDC).
211     </ti>
212     </tr>
213     <tr>
214     <th><b>xml</b></th>
215     <ti>
216     The xml USE option for Samba provides a password database backend allowing
217     Samba to store account details in XML files, for the same reasons listed in
218     the mysql USE flag description.
219     </ti>
220     </tr>
221     <tr>
222     <th><b>acl</b></th>
223     <ti>
224     Enables Access Control Lists. The ACL support in Samba uses a patched
225     ext2/ext3, or SGI's XFS in order to function properly as it extends more
226     detailed access to files or directories; much more so than typical *nix
227     GID/UID schemas.
228     </ti>
229     </tr>
230     <tr>
231     <th><b>cups</b></th>
232     <ti>
233     This enables support for the Common Unix Printing System. This
234     provides an interface allowing local CUPS printers to be shared to
235     other systems in the network.
236     </ti>
237     </tr>
238     <tr>
239     <th><b>ldap</b></th>
240     <ti>
241     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
242     expected to use Active Directory, this option must be used. This would
243     be used in the event Samba needs to login to or provide login to
244     a Domain/Active Directory Server. The kerberos USE flag is needed for
245     proper functioning of this option.
246     </ti>
247     </tr>
248     <tr>
249     <th><b>pam</b></th>
250     <ti>
251     Include support for pluggable authentication modules (PAM). This
252     provides the ability to authenticate users on the Samba Server, which is
253     required if users have to login to your server. The kerberos USE flag
254     is recommended along with this option.
255     </ti>
256     </tr>
257     <tr>
258     <th><b>readline</b></th>
259     <ti>
260     Link Samba again libreadline. This is highly recommended and should
261     probably not be disabled
262     </ti>
263     </tr>
264     <tr>
265     <th><b>python</b></th>
266     <ti>
267     Python bindings API. Provides an API that will allow Python to
268     interface with Samba.
269     </ti>
270     </tr>
271     <tr>
272     <th><b>oav</b></th>
273     <ti>
274     Provides on-access scanning of Samba shares with FRISK F-Prot
275     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277     </ti>
278     </tr>
279     </table>
280    
281     <p>
282     A couple of things worth mentioning about the USE flags and different
283     Samba functions include:
284     </p>
285    
286     <ul>
287     <li>
288     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
289     ACL kernel options for ext2 and/or ext3 will need to be enabled
290     (depending on which file system is being used - both can be enabled).
291     </li>
292     <li>
293     While Active Directory, ACL, and PDC functions are out of the intended
294     scope of this HOWTO, you may find these links as helpful to your cause:
295     <ul>
296     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
297     <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
298     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
299     </ul>
300     </li>
301     </ul>
302    
303     </body>
304     </section>
305     </chapter>
306 neysx 1.5
307 swift 1.1 <chapter>
308     <title>Server Software Installation</title>
309     <section>
310     <title>Emerging Samba</title>
311     <body>
312    
313     <p>
314     First of all: be sure that all your hostnames resolve correctly.
315     Either have a working domain name system running on your network
316 swift 1.3 or appropriate entries in your <path>/etc/hosts</path> file.
317     <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
318     machines.
319 swift 1.1 </p>
320    
321     <p>
322     Hopefully now you can make an assessment of what you'll actually need in
323     order to use Samba with your particular setup. The setup used for this
324     HOWTO is:
325     </p>
326    
327     <ul>
328     <li>oav</li>
329     <li>cups</li>
330     <li>readline</li>
331     <li>pam</li>
332     </ul>
333    
334     <p>
335     To optimize performance, size and the time of the build, the
336     USE flags are specifically included or excluded.
337     </p>
338    
339     <pre caption="Emerge Samba">
340     <comment>(Note the USE flags!)</comment>
341     # <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i>
342     </pre>
343    
344     <note>
345     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346     ppc, sparc, hppa, ia64 and alpha
347     </note>
348    
349     <p>
350     This will emerge Samba and CUPS (if CUPS is not already emerged).
351     </p>
352    
353     </body>
354     </section>
355     <section>
356 swift 1.3 <title>Emerging Clam AV</title>
357 swift 1.1 <body>
358    
359     <p>
360 swift 1.3 Because the <e>oav</e> USE flag only provides an interface to allow on access
361 swift 1.1 virus scanning, the actual virus scanner must be emerged. The scanner
362 swift 1.3 used in this HOWTO is Clam AV.
363 swift 1.1 </p>
364    
365     <pre caption="Emerge clam-av">
366 swift 1.6 # <i>emerge app-antivirus/clamav</i>
367 swift 1.1 </pre>
368    
369     </body>
370     </section>
371     <section>
372     <title>Emerging foomatic</title>
373     <body>
374    
375     <pre caption="Emerge foomatic">
376     # <i>emerge net-print/foomatic</i>
377     </pre>
378    
379     </body>
380     </section>
381     <section>
382     <title>Emerging net-print/hpijs</title>
383     <body>
384    
385     <p>
386     You only need to emerge this if you use an HP printer.
387     </p>
388    
389     <pre caption="Emerge hpijs">
390 swift 1.2 # <i>emerge net-print/hpijs</i>
391 swift 1.1 </pre>
392    
393     </body>
394     </section>
395     </chapter>
396 neysx 1.5
397 swift 1.1 <chapter>
398     <title>Server Configuration</title>
399     <section>
400     <title>Configuring Samba</title>
401     <body>
402    
403     <p>
404     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
405     It is divided in sections indicated by [sectionname]. Comments are either
406     # or ;. A sample <path>smb.conf</path> is included below with comments and
407     suggestions for modifications. If more details are required, see the
408 swift 1.3 man page for <path>smb.conf</path>, the installed
409     <path>smb.conf.example</path>, the Samba Web site or any of the
410     numerous Samba books available.
411 swift 1.1 </p>
412    
413     <pre caption="A Sample /etc/samba/smb.conf">
414     [global]
415     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416     workgroup = <comment>MYWORKGROUPNAME</comment>
417     <comment># Of course this has no REAL purpose other than letting
418     # everyone know its not Windows!
419     # %v prints the version of Samba we are using.</comment>
420     server string = Samba Server %v
421     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
422     printcap name = cups
423     printing = cups
424     load printers = yes
425     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
426     log file = /var/log/samba/log.%m
427     max log size = 50
428     <comment># We are going to set some options for our interfaces...</comment>
429     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
430     <comment># This is a good idea, what we are doing is binding the
431     # samba server to our local network.
432     # For example, if eth0 is our local network device</comment>
433     interfaces = lo <i>eth0</i>
434     bind interfaces only = yes
435     <comment># Now we are going to specify who we allow, we are afterall
436     # very security conscience, since this configuration does
437     # not use passwords!</comment>
438     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
439     hosts deny = 0.0.0.0/0
440     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
441     # The default is user</comment>
442     security = share
443     <comment># No passwords, so we're going to use a guest account!</comment>
444     guest account = samba
445     guest ok = yes
446     <comment># We now will implement the on access virus scanner.
447     # NOTE: By putting this in our [Global] section, we enable
448     # scanning of ALL shares, you could optionally move
449     # these to a specific share and only scan it.</comment>
450 swift 1.8
451     <comment># For Samba 3.x</comment>
452     vfs object = vscan-clamav
453     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454    
455     <comment># For Samba 2.2.x</comment>
456 swift 1.1 vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457     vfs options = config-file = /etc/samba/vscan-clamav.conf
458    
459     <comment># Now we setup our print drivers information!</comment>
460     [print$]
461     comment = Printer Drivers
462     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
463     guest ok = no
464     browseable = yes
465     read only = yes
466     <comment># Modify this to "username,root" if you don't want root to
467     # be the only printer admin)</comment>
468     write list = <i>root</i>
469    
470     <comment># Now we'll setup a printer to share, while the name is arbitrary
471     # it should be consistent throughout Samba and CUPS!</comment>
472     [HPDeskJet930C]
473     comment = HP DeskJet 930C Network Printer
474     printable = yes
475     path = /var/spool/samba
476     public = yes
477     guest ok = yes
478     <comment># Modify this to "username,root" if you don't want root to
479     # be the only printer admin)</comment>
480     printer admin = <i>root</i>
481    
482     <comment># Now we setup our printers share. This should be
483     # browseable, printable, public.</comment>
484     [printers]
485     comment = All Printers
486     browseable = yes
487     printable = yes
488     public = yes
489     guest ok = yes
490     path = /var/spool/samba
491     <comment># Modify this to "username,root" if you don't want root to
492     # be the only printer admin)</comment>
493     printer admin = <i>root</i>
494    
495     <comment># We create a new share that we can read/write to from anywhere
496     # This is kind of like a public temp share, anyone can do what
497     # they want here.</comment>
498     [public]
499     comment = Public Files
500     browseable = yes
501     public = yes
502     create mode = 0766
503     guest ok = yes
504     path = /home/samba/public
505     </pre>
506    
507 swift 1.3 <warn>
508     If you like to use Samba's guest account to do anything concerning
509     printing from Windows clients: don't set <c>guest only = yes</c> in
510     the <c>[global]</c> section. The guest account seems to cause
511     problems when running <c>cupsaddsmb</c> sometimes when trying to
512     connect from Windows machines. See below, too, when we talk about
513     <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
514     printer user, like <c>printeruser</c> or <c>printer</c> or
515     <c>printme</c> or whatever. It doesn't hurt and it will certainly
516     protect you from a lot of problems.
517     </warn>
518 swift 1.1
519     <p>
520     Now create the directories required for the minimum configuration of
521     Samba to share the installed printer throughout the network.
522     </p>
523    
524     <pre caption="Create the directories">
525     # <i>mkdir /etc/samba/printer</i>
526     # <i>mkdir /var/spool/samba</i>
527     # <i>mkdir /home/samba/public</i>
528     </pre>
529    
530     <p>
531     At least one Samba user is required in order to install the printer
532     drivers and to allow users to connect to the printer. Users must
533     exist in the system's <path>/etc/passwd</path> file.
534     </p>
535    
536     <pre caption="Creating the users">
537     # <i>smbpasswd -a root</i>
538    
539     <comment>(If another user is to be a printer admin)</comment>
540     # <i>smbpasswd -a username</i>
541     </pre>
542    
543     <p>
544     The Samba passwords need not be the same as the system passwords
545     in <path>/etc/passwd</path>.
546     </p>
547    
548 swift 1.9 <p>
549     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
550     systems can be found easily using NetBIOS:
551     </p>
552    
553     <pre caption="Editing /etc/nsswitch.conf">
554     # <i>nano -w /etc/nsswitch.conf</i>
555     <comment>(Edit the hosts: line)</comment>
556     hosts: files dns <i>wins</i>
557     </pre>
558    
559 swift 1.1 </body>
560     </section>
561     <section>
562 swift 1.3 <title>Configuring Clam AV</title>
563 swift 1.1 <body>
564    
565     <p>
566     The configuration file specified to be used in <path>smb.conf</path> is
567     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
568     to the defaults, the infected file action may need to be changed.
569     </p>
570    
571     <pre caption="/etc/samba/vscan-clamav.conf">
572     [samba-vscan]
573     <comment>; run-time configuration for vscan-samba using
574     ; clamd
575     ; all options are set to default values</comment>
576    
577     <comment>; do not scan files larger than X bytes. If set to 0 (default),
578     ; this feature is disable (i.e. all files are scanned)</comment>
579     max file size = 0
580    
581     <comment>; log all file access (yes/no). If set to yes, every access will
582     ; be logged. If set to no (default), only access to infected files
583     ; will be logged</comment>
584     verbose file logging = no
585    
586     <comment>; if set to yes (default), a file will be scanned while opening</comment>
587     scan on open = yes
588     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
589     scan on close = yes
590    
591     <comment>; if communication to clamd fails, should access to file denied?
592     ; (default: yes)</comment>
593     deny access on error = yes
594    
595 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
596 swift 1.1 ; should access to file denied?
597     ; (default: yes)</comment>
598     deny access on minor error = yes
599    
600     <comment>; send a warning message via Windows Messenger service
601     ; when virus is found?
602     ; (default: yes)</comment>
603     send warning message = yes
604    
605     <comment>; what to do with an infected file
606     ; quarantine: try to move to quantine directory; delete it if moving fails
607     ; delete: delete infected file
608     ; nothing: do nothing</comment>
609     infected file action = <comment>delete</comment>
610    
611     <comment>; where to put infected files - you really want to change this!
612     ; it has to be on the same physical device as the share!</comment>
613     quarantine directory = /tmp
614     <comment>; prefix for files in quarantine</comment>
615     quarantine prefix = vir-
616    
617     <comment>; as Windows tries to open a file multiple time in a (very) short time
618     ; of period, samba-vscan use a last recently used file mechanism to avoid
619     ; multiple scans of a file. This setting specified the maximum number of
620     ; elements of the last recently used file list. (default: 100)</comment>
621     max lru files entries = 100
622    
623 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
624 swift 1.1 ; (Default: 5)</comment>
625     lru file entry lifetime = 5
626    
627     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
628     clamd socket name = /var/run/clamd
629     </pre>
630    
631     <p>
632     It is generally a good idea to start the virus scanner immediately. Add
633 swift 1.3 it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
634 swift 1.1 </p>
635    
636     <pre caption="Add clamd to bootup and start it">
637     # <i>rc-update add clamd default</i>
638     # <i>/etc/init.d/clamd start</i>
639     </pre>
640    
641     </body>
642     </section>
643     <section>
644     <title>Configuring CUPS</title>
645     <body>
646    
647     <p>
648 swift 1.3 This is a little more complicated. CUPS' main config file is
649 swift 1.1 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
650     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
651     in the example are the directives that need to be changed:
652     </p>
653    
654     <pre caption="/etc/cups/cupsd.conf">
655     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
656     ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
657    
658     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
659     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
660    
661     LogLevel debug <comment># only while isntalling and testing, should later be
662     # changed to 'info'</comment>
663    
664     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
665     # there seemed to be a bug in CUPS' controlling of the web interface,
666     # making CUPS think a denial of service attack was in progress when
667     # I tried to configure a printer with the web interface. weird.</comment>
668    
669     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
670    
671     &lt;Location /&gt;
672     Order Deny,Allow
673     Deny From All
674     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
675     # eg 192.168.1.* will allow connections from any host on
676     # the 192.168.1.0 network. change to whatever suits you</comment>
677     &lt;/Location&gt;
678    
679     &lt;Location /admin&gt;
680     AuthType Basic
681     AuthClass System
682     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
683     # 192.168.1.0 network to connect and do
684     # administrative tasks after authenticating</comment>
685     Order Deny,Allow
686     Deny From All
687     &lt;/Location&gt;
688     </pre>
689    
690     <p>
691     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
692 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
693     needed to make CUPS print Microsoft Office document files.
694 swift 1.1 </p>
695    
696     <pre caption="/etc/cups/mime.convs">
697     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
698     application/octet-stream application/vnd.cups-raw 0
699     </pre>
700    
701     <p>
702     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
703     </p>
704    
705     <pre caption="/etc/cups/mime.types">
706     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
707     application/octet-stream
708     </pre>
709    
710     <p>
711     CUPS needs to be started on boot, and started immediately.
712     </p>
713    
714     <pre caption="Setting up the CUPS service" >
715     <comment>(To start CUPS on boot)</comment>
716     # <i>rc-update add cupsd default</i>
717     <comment>(To start CUPS if it isn't started)</comment>
718     # <i>/etc/init.d/cupsd start</i>
719     <comment>(If CUPS is already started we'll need to restart it!)</comment>
720     # <i>/etc/init.d/cupsd restart</i>
721     </pre>
722    
723     </body>
724     </section>
725     <section>
726     <title>Installing a printer for and with CUPS</title>
727     <body>
728    
729     <p>
730 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
731     find and download the correct PPD file for your printer and CUPS. To do so,
732     click the link Printer Listings to the left. Select your printers manufacturer
733     and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
734     the page coming up click the "recommended driver" link after reading the
735     various notes and information. Then fetch the PPD file from the next page,
736     again after reading the notes and introductions there. You may have to select
737     your printers manufacturer and model again. Reading the <uri
738     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
739     is also very helpful when working with CUPS.
740 swift 1.1 </p>
741    
742     <p>
743     Now you have a PPD file for your printer to work with CUPS. Place it in
744     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
745 swift 1.3 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
746 swift 1.1 This can be done via the CUPS web interface or via command line. The web
747 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
748 swift 1.1 </p>
749    
750     <pre caption="Install the printer via command line">
751     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
752     </pre>
753    
754     <p>
755 swift 1.3 Remember to adjust to what you have. Be sure to have the name
756     (<c>-p</c> argument) right (the name you set above during the Samba
757     configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
758     <c>parallel:/dev/blah</c> or whatever device you are using for your
759     printer.
760 swift 1.1 </p>
761    
762     <p>
763 swift 1.3 You should now be able to access the printer from the web interface
764     and be able to print a test page.
765 swift 1.1 </p>
766    
767     </body>
768     </section>
769     <section>
770     <title>Installing the Windows printer drivers</title>
771     <body>
772    
773     <p>
774     Now that the printer should be working it is time to install the drivers
775     for the Windows clients to work. Samba 2.2 introduced this functionality.
776     Browsing to the print server in the Network Neighbourhood, right-clicking
777     on the printershare and selecting "connect" downloads the appropriate
778     drivers automagically to the connecting client, avoiding the hassle of
779     manually installing printer drivers locally.
780     </p>
781    
782     <p>
783     There are two sets of printer drivers for this. First, the Adobe PS
784     drivers which can be obtained from <uri
785     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
786     (PostScript printer drivers). Second, there are the CUPS PS drivers,
787     to be obtained from <uri link="http://www.cups.org/software.php">the
788     CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
789     pull down menu. There doesn't seem to be a difference between the
790     functionality of the two, but the Adobe PS drivers need to be extracted
791     on a Windows System since it's a Windows binary. Also the whole procedure
792     of finding and copying the correct files is a bit more hassle. The CUPS
793     drivers seem to support some options the Adobe drivers don't.
794     </p>
795    
796     <p>
797     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
798     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
799     contained into a directory.
800     </p>
801    
802     <pre caption="Extract the drivers and run the install">
803     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
804     # <i>cd cups-samba-5.0rc2</i>
805     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
806     # <i>./cups-samba.install</i>
807     </pre>
808    
809     <p>
810 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
811     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
812     <path>cupsui5.dll</path>. These are the actual driver files.
813 swift 1.1 </p>
814    
815     <warn>
816 swift 1.3 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
817 swift 1.1 because almost everything which is not part of the base system is
818     installed somewhere under the prefix <path>/usr/local/</path>. This
819     seems not to be the case for most things you install under GNU/Linux.
820     However, if your CUPS installation is somewhere other than
821 swift 1.3 <path>/usr/share/cups/</path> see the example below.
822 swift 1.1 </warn>
823    
824     <p>
825     Suppose your CUPS installation resides under
826     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
827     Do the following:
828     </p>
829    
830     <pre caption="Manually installing the drivers">
831     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
832     # <i>tar -xf cups-samba.ss</i>
833     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
834     # <i>cd usr/share/cups/drivers</i>
835     <comment>(no leading / !)</comment>
836     # <i>cp cups* /usr/local/share/cups/drivers</i>
837     </pre>
838    
839     <p>
840     Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
841     distribution. It's man page is an interesting read.
842     </p>
843    
844     <pre caption="Run cupsaddsmb">
845     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
846     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
847     "export all known printers".)</comment>
848     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
849     </pre>
850    
851     <warn>
852     The execution of this command often causes the most trouble.
853     Reading through the <uri
854 cam 1.4 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
855 swift 1.1 thread</uri>.
856     </warn>
857    
858     <p>
859     Here are common errors that may happen:
860     </p>
861    
862     <ul>
863     <li>
864 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
865     (<c>PrintServer</c>) often does not resolve correctly and doesn't
866     identify the print server for CUPS/Samba interaction. If an error
867     like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
868     skipping!</b> occurs, the first thing you should do is substitute
869     <c>PrintServer</c> with <c>localhost</c> and try it again.
870 swift 1.1 </li>
871     <li>
872     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
873     is quite common, but can be triggered by many problems. It's unfortunately
874 swift 1.3 not very helpful. One thing to try is to temporarily set <c>security =
875     user</c> in your <path>smb.conf</path>. After/if the installation completes
876 swift 1.1 successfully, you should set it back to share, or whatever it was set to
877     before.
878     </li>
879     </ul>
880    
881     <p>
882     This should install the correct driver directory structure under
883     <path>/etc/samba/printer</path>. That would be
884     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
885     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
886     (the name which you gave the printer when installing it (see above).
887     </p>
888    
889     <p>
890     Pending no errors or other complications, your drivers are now
891     installed.
892     </p>
893    
894     </body>
895     </section>
896     <section>
897     <title>Finalizing our setup</title>
898     <body>
899    
900     <p>
901     Lastly, setup our directories.
902     </p>
903    
904     <pre caption="Final changes needed">
905     # <i>mkdir /home/samba</i>
906     # <i>mkdir /home/samba/public</i>
907     # <i>chmod 755 /home/samba</i>
908     # <i>chmod 755 /home/samba/public</i>
909     </pre>
910    
911     </body>
912     </section>
913     <section>
914     <title>Testing our Samba configuration</title>
915     <body>
916    
917     <p>
918     We will want to test our configuration file to ensure that it is formatted
919     properly and all of our options have at least the correct syntax. To do
920     this we run <c>testparm</c>.
921     </p>
922    
923     <pre caption="Running the testparm">
924     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
925     # <i>/usr/bin/testparm</i>
926     Load smb config files from /etc/samba/smb.conf
927     Processing section &quot;[printers]&quot;
928     Global parameter guest account found in service section!
929     Processing section &quot;[public]&quot;
930     Global parameter guest account found in service section!
931     Loaded services file OK.
932     Server role: ROLE_STANDALONE
933     Press enter to see a dump of your service definitions
934     ...
935     ...
936     </pre>
937    
938     </body>
939     </section>
940     <section>
941     <title>Starting the Samba service</title>
942     <body>
943    
944     <p>
945     Now configure Samba to start at bootup; then go ahead and start it.
946     </p>
947    
948     <pre caption="Setting up the Samba service">
949     # <i>rc-update add samba default</i>
950     # <i>/etc/init.d/samba start</i>
951     </pre>
952    
953     </body>
954     </section>
955     <section>
956     <title>Checking our services</title>
957     <body>
958    
959     <p>
960     It would probably be prudent to check our logs at this time also.
961     We will also want to take a peak at our Samba shares using
962     <c>smbclient</c>.
963     </p>
964    
965     <pre caption="Checking the shares with smbclient">
966     # <i>smbclient -L localhost</i>
967     Password:
968     <comment>(You should see a BIG list of services here.)</comment>
969     </pre>
970    
971     </body>
972     </section>
973     </chapter>
974 neysx 1.5
975 swift 1.1 <chapter>
976     <title>Configuration of the Clients</title>
977     <section>
978     <title>Printer configuration of *nix based clients</title>
979     <body>
980    
981     <p>
982     Despite the variation or distribution, the only thing needed is CUPS.
983     Do the equivalent on any other UNIX/Linux/BSD client.
984     </p>
985    
986 neysx 1.5 <pre caption="Configuring a Gentoo system">
987 swift 1.1 # <i>emerge cups</i>
988     # <i>/etc/init.d/cupsd start</i>
989     # <i>rc-update add cupsd default</i>
990     </pre>
991    
992     <p>
993     That should be it. Nothing else will be needed. Just point your web
994 swift 1.3 browser to <c>http://localhost:631</c> on the client and you'll see that
995 swift 1.1 PrintServer broadcasts all available printers to all CUPS clients.
996     </p>
997    
998     <p>
999     To print, use for example
1000     </p>
1001    
1002     <pre caption="Printing in *nix">
1003     # <i>lpr -pHPDeskJet930C anything.txt</i>
1004     # <i>lpr -PHPDeskJet930C foobar.whatever.ps</i>
1005     </pre>
1006    
1007     <p>
1008 swift 1.3 In order to setup a default printer, you have to edit
1009     <path>/etc/cups/client.conf</path> and set the directive
1010     <c>ServerName</c> to your printserver. In the case of this guide that
1011     would be the following example.
1012 swift 1.1 </p>
1013    
1014     <pre caption="/etc/cups/client.conf">
1015     ServerName PrintServer
1016     </pre>
1017    
1018     <p>
1019 swift 1.3 The following will print <path>foorbar.whatever.ps</path> directly to the print
1020 swift 1.1 server.
1021     </p>
1022    
1023     <pre caption="Printing to the default printer">
1024     $ <i>lpr foobar.whatever.ps</i>
1025     </pre>
1026    
1027     <p>
1028     Some common observations when setting a default printer in this manner
1029     include the following:
1030     </p>
1031    
1032     <ul>
1033     <li>
1034 swift 1.3 Setting the <c>ServerName</c> in <path>client.conf</path> seems to
1035     work well for only one printer, there may be yet another way to
1036     set a client's default remote printer.
1037 swift 1.1 </li>
1038     <li>
1039 swift 1.3 Also, when accessing <c>http://localhost:631</c> on the client
1040     now, no printers seem to be "found" by the client-CUPS. This is to
1041     be expected when setting <c>ServerName</c> in
1042     <path>client.conf</path>.
1043 swift 1.1 </li>
1044     </ul>
1045    
1046     </body>
1047     </section>
1048     <section>
1049     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1050     <body>
1051    
1052     <p>
1053 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1054     all compiled at least one kernel, we'll need to make sure we have all the right
1055     options selected in our kernel. For simplicity sake, make it a module for ease
1056     of use. It is the author's opinion that kernel modules are a good thing and
1057     should be used whenever possible.
1058 swift 1.1 </p>
1059    
1060     <pre caption="Relevant kernel options" >
1061     CONFIG_SMB_FS=m
1062     CONFIG_SMB_UNIX=y
1063     </pre>
1064    
1065     <p>
1066     Then make the module/install it; insert them with:
1067     </p>
1068    
1069     <pre caption="Loading the kernel module">
1070     # <i>modprobe smbfs</i>
1071     </pre>
1072    
1073     <p>
1074     Once the modules is loaded, mounting a Windows or Samba share is
1075     possible. Use <c>mount</c> to accomplish this, as detailed below:
1076     </p>
1077    
1078     <pre caption="Mounting a Windows/Samba share">
1079     <comment>(The syntax for mounting a Windows/Samba share is:
1080     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1081     If we are not using passwords or a password is not needed)</comment>
1082    
1083     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1084    
1085     <comment>(If a password is needed)</comment>
1086     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1087     </pre>
1088    
1089     <p>
1090     After you mount the share, you would access it as if it were a local
1091     drive.
1092     </p>
1093    
1094     </body>
1095     </section>
1096     <section>
1097     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1098     <body>
1099    
1100     <p>
1101 swift 1.3 That's just a bit of point-and-click. Browse to
1102     <path>\\PrintServer</path> and right click on the printer
1103     (HPDeskJet930C) and click connect. This will download the drivers to
1104     the Windows client and now every application (such as Word or Acrobat)
1105     will offer HPDeskJet930C as an available printer to print to. :-)
1106 swift 1.1 </p>
1107    
1108     </body>
1109     </section>
1110     </chapter>
1111 neysx 1.5
1112 swift 1.1 <chapter>
1113     <title>Final Notes</title>
1114     <section>
1115     <title>A Fond Farewell</title>
1116     <body>
1117    
1118     <p>
1119     Well that should be it. You should now have a successful printing enviroment
1120     that is friendly to both Windows and *nix as well as a fully virus-free working
1121     share!
1122     </p>
1123    
1124     </body>
1125     </section>
1126     </chapter>
1127 neysx 1.5
1128 swift 1.1 <chapter>
1129     <title>Links and Resources</title>
1130     <section>
1131     <title>Links</title>
1132     <body>
1133    
1134     <p>
1135     These are some links that may help you in setting up, configuration and
1136     troubleshooting your installation:
1137     </p>
1138    
1139     <ul>
1140     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1141     <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1142     <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1143     <li>
1144     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1145     Pfeifle's Samba Print HOWTO</uri> (
1146     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1147     I've written here, plus a LOT more concerning CUPS and Samba, and
1148     generally printing support on networks. A really interesting read,
1149     with lots and lots of details)
1150     </li>
1151     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1152     </ul>
1153    
1154     </body>
1155     </section>
1156     <section>
1157     <title>Troubleshooting</title>
1158     <body>
1159    
1160     <p>
1161     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1162     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1163     manual. Lots of useful tips there! Be sure to look this one up
1164     first, before posting questions and problems! Maybe the solution
1165     you're looking for is right there.
1166     </p>
1167    
1168     </body>
1169     </section>
1170     </chapter>
1171     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20