/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.15 - (show annotations) (download) (as text)
Tue Dec 21 18:12:19 2004 UTC (9 years, 4 months ago) by neysx
Branch: MAIN
Changes since 1.14: +2 -2 lines
File MIME type: application/xml
#74878 Typo in comment

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.14 2004/12/21 18:09:59 neysx Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/Clam AV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12
13 <abstract>
14 Setup, install and configure a Samba Server under Gentoo that shares
15 files, printers without the need to install drivers and provides
16 automatic virus scanning.
17 </abstract>
18
19 <!-- The content of this document is licensed under the CC-BY-SA license -->
20 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21 <license/>
22
23 <version>1.10</version>
24 <date>2004-12-21</date>
25
26 <chapter>
27 <title>Introduction to this HOWTO</title>
28 <section>
29 <title>Purpose</title>
30 <body>
31
32 <p>
33 This HOWTO is designed to help you move a network from many different
34 clients speaking different languages, to many different machines that
35 speak a common language. The ultimate goal is to help differing
36 architectures and technologies, come together in a productive,
37 happily coexisting environment.
38 </p>
39
40 <p>
41 Following the directions outlined in this HOWTO should give you an
42 excellent step towards a peaceful cohabitation between Windows, and
43 virtually all known variations of *nix.
44 </p>
45
46 <p>
47 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 intended to explore the functionality and power of the Gentoo system,
49 portage and the flexibility of USE flags. Like so many other projects,
50 it was quickly discovered what was missing in the Gentoo realm: there
51 weren't any Samba HOWTO's catered for Gentoo users. These users are
52 more demanding than most; they require performance, flexibility and
53 customization. This does not however imply that this HOWTO was not
54 intended for other distributions; rather that it was designed to work
55 with a highly customized version of Samba.
56 </p>
57
58 <p>
59 This HOWTO will describe how to share files and printers between Windows
60 PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61 File System) feature of Samba to incorporate automatic virus protection.
62 As a finale, it will show you how to mount and manipulate shares.
63 </p>
64
65 <p>
66 There are a few topics that will be mentioned, but are out of the
67 scope of this HOWTO. These will be noted as they are presented.
68 </p>
69
70 <p>
71 This HOWTO is based on a compilation and merge of an excellent HOWTO
72 provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73 by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74 The link to this discussion is provided below for your reference:
75 </p>
76
77 <ul>
78 <li>
79 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80 CUPS+Samba: printing from Windows &amp; Linux</uri>
81 </li>
82 </ul>
83
84 </body>
85 </section>
86 <section>
87 <title>Before you use this guide</title>
88 <body>
89
90 <p>
91 There are a several other guides for setting up CUPS and/or Samba, please read
92 them as well, as they may tell you things left out of this HOWTO (intentional
93 or otherwise). One such document is the very useful and well written <uri
94 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95 issues and specific printer setup is not discussed here.
96 </p>
97
98 </body>
99 </section>
100 <section>
101 <title>Brief Overview</title>
102 <body>
103
104 <p>
105 After presenting the various USE flags, the following list will outline
106 all of the topics covered as they are presented:
107 </p>
108
109 <ul>
110 <li>On the Samba server:
111 <ul>
112 <li>Install and configure CLAM-AV</li>
113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul>
118 </li>
119 <li>On the Unix clients:
120 <ul>
121 <li>Install and configure CUPS</li>
122 <li>Configuring a default printer</li>
123 <li>Mounting a Windows or Samba share</li>
124 </ul>
125 </li>
126 <li>On the Windows Clients:
127 <ul>
128 <li>Configuring the printer</li>
129 <li>Accessing Samba shares</li>
130 </ul>
131 </li>
132 </ul>
133
134 </body>
135 </section>
136 <section>
137 <title>Requirements</title>
138 <body>
139
140 <p>
141 We will need the following:
142 </p>
143
144 <ul>
145 <li>net-fs/samba</li>
146 <li>app-antivirus/clamav</li>
147 <li>net-print/cups</li>
148 <li>net-print/foomatic</li>
149 <li>net-print/hpijs (if you have an HP printer)</li>
150 <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152 <li>
153 A working network (home/office/etc) consisting of more than one machine)
154 </li>
155 </ul>
156
157 <p>
158 The main package we use here is net-fs/samba, however, you will need
159 a kernel with smbfs support enabled in order to mount a samba or windows
160 share from another computer. CUPS will be emerged if it is not already.
161 app-antivirus/clamav will be used also, but others should be easily adapted
162 to work with Samba.
163 </p>
164
165 </body>
166 </section>
167 </chapter>
168
169 <chapter>
170 <title>Getting acquainted with Samba</title>
171 <section>
172 <title>The USE Flags</title>
173 <body>
174
175 <p>
176 Before emerging anything, take a look at the various USE flags
177 available to Samba.
178 </p>
179
180 <pre caption="Samba uses the following USE Variables:">
181 kerberos mysql xml acl cups ldap pam readline python oav
182 </pre>
183
184 <p>
185 Depending on the network topology and the specific requirements of
186 the server, the USE flags outlined below will define what to include or
187 exclude from the emerging of Samba.
188 </p>
189
190 <table>
191 <tr>
192 <th><b>USE flag</b></th>
193 <th>Description</th>
194 </tr>
195 <tr>
196 <th><b>kerberos</b></th>
197 <ti>
198 Include support for Kerberos. The server will need this if it is
199 intended to join an existing domain or Active Directory. See the note
200 below for more information.
201 </ti>
202 </tr>
203 <tr>
204 <th><b>mysql</b></th>
205 <ti>
206 This will allow Samba to use MySQL in order to do password authentication.
207 It will store ACLs, usernames, passwords, etc in a database versus a
208 flat file. If Samba is needed to do password authentication, such as
209 acting as a password validation server or a Primary Domain Controller
210 (PDC).
211 </ti>
212 </tr>
213 <tr>
214 <th><b>xml</b></th>
215 <ti>
216 The xml USE option for Samba provides a password database backend allowing
217 Samba to store account details in XML files, for the same reasons listed in
218 the mysql USE flag description.
219 </ti>
220 </tr>
221 <tr>
222 <th><b>acl</b></th>
223 <ti>
224 Enables Access Control Lists. The ACL support in Samba uses a patched
225 ext2/ext3, or SGI's XFS in order to function properly as it extends more
226 detailed access to files or directories; much more so than typical *nix
227 GID/UID schemas.
228 </ti>
229 </tr>
230 <tr>
231 <th><b>cups</b></th>
232 <ti>
233 This enables support for the Common Unix Printing System. This
234 provides an interface allowing local CUPS printers to be shared to
235 other systems in the network.
236 </ti>
237 </tr>
238 <tr>
239 <th><b>ldap</b></th>
240 <ti>
241 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
242 expected to use Active Directory, this option must be used. This would
243 be used in the event Samba needs to login to or provide login to
244 a Domain/Active Directory Server. The kerberos USE flag is needed for
245 proper functioning of this option.
246 </ti>
247 </tr>
248 <tr>
249 <th><b>pam</b></th>
250 <ti>
251 Include support for pluggable authentication modules (PAM). This
252 provides the ability to authenticate users on the Samba Server, which is
253 required if users have to login to your server. The kerberos USE flag
254 is recommended along with this option.
255 </ti>
256 </tr>
257 <tr>
258 <th><b>readline</b></th>
259 <ti>
260 Link Samba against libreadline. This is highly recommended and should
261 probably not be disabled
262 </ti>
263 </tr>
264 <tr>
265 <th><b>python</b></th>
266 <ti>
267 Python bindings API. Provides an API that will allow Python to
268 interface with Samba.
269 </ti>
270 </tr>
271 <tr>
272 <th><b>oav</b></th>
273 <ti>
274 Provides on-access scanning of Samba shares with FRISK F-Prot
275 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277 </ti>
278 </tr>
279 </table>
280
281 <p>
282 A couple of things worth mentioning about the USE flags and different
283 Samba functions include:
284 </p>
285
286 <ul>
287 <li>
288 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
289 ACL kernel options for ext2 and/or ext3 will need to be enabled
290 (depending on which file system is being used - both can be enabled).
291 </li>
292 <li>
293 While Active Directory, ACL, and PDC functions are out of the intended
294 scope of this HOWTO, you may find these links as helpful to your cause:
295 <ul>
296 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
297 <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
298 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
299 </ul>
300 </li>
301 </ul>
302
303 </body>
304 </section>
305 </chapter>
306
307 <chapter>
308 <title>Server Software Installation</title>
309 <section>
310 <title>Emerging Samba</title>
311 <body>
312
313 <p>
314 First of all: be sure that all your hostnames resolve correctly.
315 Either have a working domain name system running on your network
316 or appropriate entries in your <path>/etc/hosts</path> file.
317 <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
318 machines.
319 </p>
320
321 <p>
322 Hopefully now you can make an assessment of what you'll actually need in
323 order to use Samba with your particular setup. The setup used for this
324 HOWTO is:
325 </p>
326
327 <ul>
328 <li>oav</li>
329 <li>cups</li>
330 <li>readline</li>
331 <li>pam</li>
332 </ul>
333
334 <p>
335 To optimize performance, size and the time of the build, the
336 USE flags are specifically included or excluded.
337 </p>
338
339 <pre caption="Emerge Samba">
340 <comment>(Note the USE flags!)</comment>
341 # <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i>
342 </pre>
343
344 <note>
345 The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346 ppc, sparc, hppa, ia64 and alpha
347 </note>
348
349 <p>
350 This will emerge Samba and CUPS (if CUPS is not already emerged).
351 </p>
352
353 </body>
354 </section>
355 <section>
356 <title>Emerging Clam AV</title>
357 <body>
358
359 <p>
360 Because the <e>oav</e> USE flag only provides an interface to allow on access
361 virus scanning, the actual virus scanner must be emerged. The scanner
362 used in this HOWTO is Clam AV.
363 </p>
364
365 <pre caption="Emerge clam-av">
366 # <i>emerge app-antivirus/clamav</i>
367 </pre>
368
369 </body>
370 </section>
371 <section>
372 <title>Emerging foomatic</title>
373 <body>
374
375 <pre caption="Emerge foomatic">
376 # <i>emerge net-print/foomatic</i>
377 </pre>
378
379 </body>
380 </section>
381 <section>
382 <title>Emerging net-print/hpijs</title>
383 <body>
384
385 <p>
386 You only need to emerge this if you use an HP printer.
387 </p>
388
389 <pre caption="Emerge hpijs">
390 # <i>emerge net-print/hpijs</i>
391 </pre>
392
393 </body>
394 </section>
395 </chapter>
396
397 <chapter>
398 <title>Server Configuration</title>
399 <section>
400 <title>Configuring Samba</title>
401 <body>
402
403 <p>
404 The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
405 It is divided in sections indicated by [sectionname]. Comments are either
406 # or ;. A sample <path>smb.conf</path> is included below with comments and
407 suggestions for modifications. If more details are required, see the
408 man page for <path>smb.conf</path>, the installed
409 <path>smb.conf.example</path>, the Samba Web site or any of the
410 numerous Samba books available.
411 </p>
412
413 <pre caption="A Sample /etc/samba/smb.conf">
414 [global]
415 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416 workgroup = <comment>MYWORKGROUPNAME</comment>
417 <comment># Of course this has no REAL purpose other than letting
418 # everyone knows it's not Windows!
419 # %v prints the version of Samba we are using.</comment>
420 server string = Samba Server %v
421 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
422 printcap name = cups
423 printing = cups
424 load printers = yes
425 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
426 log file = /var/log/samba/log.%m
427 max log size = 50
428 <comment># We are going to set some options for our interfaces...</comment>
429 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
430 <comment># This is a good idea, what we are doing is binding the
431 # samba server to our local network.
432 # For example, if eth0 is our local network device</comment>
433 interfaces = lo <i>eth0</i>
434 bind interfaces only = yes
435 <comment># Now we are going to specify who we allow, we are afterall
436 # very security conscience, since this configuration does
437 # not use passwords!</comment>
438 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
439 hosts deny = 0.0.0.0/0
440 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
441 # The default is user</comment>
442 security = share
443 <comment># No passwords, so we're going to use a guest account!</comment>
444 guest account = samba
445 guest ok = yes
446 <comment># We now will implement the on access virus scanner.
447 # NOTE: By putting this in our [Global] section, we enable
448 # scanning of ALL shares, you could optionally move
449 # these to a specific share and only scan it.</comment>
450
451 <comment># For Samba 3.x</comment>
452 vfs object = vscan-clamav
453 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454
455 <comment># For Samba 2.2.x</comment>
456 vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457 vfs options = config-file = /etc/samba/vscan-clamav.conf
458
459 <comment># Now we setup our print drivers information!</comment>
460 [print$]
461 comment = Printer Drivers
462 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
463 guest ok = yes
464 browseable = yes
465 read only = yes
466 <comment># Modify this to "username,root" if you don't want root to
467 # be the only printer admin)</comment>
468 write list = <i>root</i>
469
470 <comment># Now we'll setup a printer to share, while the name is arbitrary
471 # it should be consistent throughout Samba and CUPS!</comment>
472 [HPDeskJet930C]
473 comment = HP DeskJet 930C Network Printer
474 printable = yes
475 path = /var/spool/samba
476 public = yes
477 guest ok = yes
478 <comment># Modify this to "username,root" if you don't want root to
479 # be the only printer admin)</comment>
480 printer admin = <i>root</i>
481
482 <comment># Now we setup our printers share. This should be
483 # browseable, printable, public.</comment>
484 [printers]
485 comment = All Printers
486 browseable = no
487 printable = yes
488 writable = no
489 public = yes
490 guest ok = yes
491 path = /var/spool/samba
492 <comment># Modify this to "username,root" if you don't want root to
493 # be the only printer admin)</comment>
494 printer admin = <i>root</i>
495
496 <comment># We create a new share that we can read/write to from anywhere
497 # This is kind of like a public temp share, anyone can do what
498 # they want here.</comment>
499 [public]
500 comment = Public Files
501 browseable = yes
502 public = yes
503 create mode = 0766
504 guest ok = yes
505 path = /home/samba/public
506 </pre>
507
508 <warn>
509 If you like to use Samba's guest account to do anything concerning
510 printing from Windows clients: don't set <c>guest only = yes</c> in
511 the <c>[global]</c> section. The guest account seems to cause
512 problems when running <c>cupsaddsmb</c> sometimes when trying to
513 connect from Windows machines. See below, too, when we talk about
514 <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
515 printer user, like <c>printeruser</c> or <c>printer</c> or
516 <c>printme</c> or whatever. It doesn't hurt and it will certainly
517 protect you from a lot of problems.
518 </warn>
519
520 <p>
521 Now create the directories required for the minimum configuration of
522 Samba to share the installed printer throughout the network.
523 </p>
524
525 <pre caption="Create the directories">
526 # <i>mkdir /etc/samba/printer</i>
527 # <i>mkdir /var/spool/samba</i>
528 # <i>mkdir /home/samba/public</i>
529 </pre>
530
531 <p>
532 At least one Samba user is required in order to install the printer
533 drivers and to allow users to connect to the printer. Users must
534 exist in the system's <path>/etc/passwd</path> file.
535 </p>
536
537 <pre caption="Creating the users">
538 # <i>smbpasswd -a root</i>
539
540 <comment>(If another user is to be a printer admin)</comment>
541 # <i>smbpasswd -a username</i>
542 </pre>
543
544 <p>
545 The Samba passwords need not be the same as the system passwords
546 in <path>/etc/passwd</path>.
547 </p>
548
549 <p>
550 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
551 systems can be found easily using NetBIOS:
552 </p>
553
554 <pre caption="Editing /etc/nsswitch.conf">
555 # <i>nano -w /etc/nsswitch.conf</i>
556 <comment>(Edit the hosts: line)</comment>
557 hosts: files dns <i>wins</i>
558 </pre>
559
560 </body>
561 </section>
562 <section>
563 <title>Configuring Clam AV</title>
564 <body>
565
566 <p>
567 The configuration file specified to be used in <path>smb.conf</path> is
568 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
569 to the defaults, the infected file action may need to be changed.
570 </p>
571
572 <pre caption="/etc/samba/vscan-clamav.conf">
573 [samba-vscan]
574 <comment>; run-time configuration for vscan-samba using
575 ; clamd
576 ; all options are set to default values</comment>
577
578 <comment>; do not scan files larger than X bytes. If set to 0 (default),
579 ; this feature is disable (i.e. all files are scanned)</comment>
580 max file size = 0
581
582 <comment>; log all file access (yes/no). If set to yes, every access will
583 ; be logged. If set to no (default), only access to infected files
584 ; will be logged</comment>
585 verbose file logging = no
586
587 <comment>; if set to yes (default), a file will be scanned while opening</comment>
588 scan on open = yes
589 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
590 scan on close = yes
591
592 <comment>; if communication to clamd fails, should access to file denied?
593 ; (default: yes)</comment>
594 deny access on error = yes
595
596 <comment>; if daemon fails with a minor error (corruption, etc.),
597 ; should access to file denied?
598 ; (default: yes)</comment>
599 deny access on minor error = yes
600
601 <comment>; send a warning message via Windows Messenger service
602 ; when virus is found?
603 ; (default: yes)</comment>
604 send warning message = yes
605
606 <comment>; what to do with an infected file
607 ; quarantine: try to move to quantine directory; delete it if moving fails
608 ; delete: delete infected file
609 ; nothing: do nothing</comment>
610 infected file action = <comment>delete</comment>
611
612 <comment>; where to put infected files - you really want to change this!
613 ; it has to be on the same physical device as the share!</comment>
614 quarantine directory = /tmp
615 <comment>; prefix for files in quarantine</comment>
616 quarantine prefix = vir-
617
618 <comment>; as Windows tries to open a file multiple time in a (very) short time
619 ; of period, samba-vscan use a last recently used file mechanism to avoid
620 ; multiple scans of a file. This setting specified the maximum number of
621 ; elements of the last recently used file list. (default: 100)</comment>
622 max lru files entries = 100
623
624 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
625 ; (Default: 5)</comment>
626 lru file entry lifetime = 5
627
628 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
629 clamd socket name = /var/run/clamd
630 </pre>
631
632 <p>
633 It is generally a good idea to start the virus scanner immediately. Add
634 it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
635 </p>
636
637 <pre caption="Add clamd to bootup and start it">
638 # <i>rc-update add clamd default</i>
639 # <i>/etc/init.d/clamd start</i>
640 </pre>
641
642 </body>
643 </section>
644 <section>
645 <title>Configuring CUPS</title>
646 <body>
647
648 <p>
649 This is a little more complicated. CUPS' main config file is
650 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
651 <path>httpd.conf</path> file, so many you may find it familiar. Outlined
652 in the example are the directives that need to be changed:
653 </p>
654
655 <pre caption="/etc/cups/cupsd.conf">
656 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
657 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
658
659 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
660 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
661
662 LogLevel debug <comment># only while isntalling and testing, should later be
663 # changed to 'info'</comment>
664
665 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
666 # there seemed to be a bug in CUPS' controlling of the web interface,
667 # making CUPS think a denial of service attack was in progress when
668 # I tried to configure a printer with the web interface. weird.</comment>
669
670 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
671
672 &lt;Location /&gt;
673 Order Deny,Allow
674 Deny From All
675 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
676 # eg 192.168.1.* will allow connections from any host on
677 # the 192.168.1.0 network. change to whatever suits you</comment>
678 &lt;/Location&gt;
679
680 &lt;Location /admin&gt;
681 AuthType Basic
682 AuthClass System
683 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
684 # 192.168.1.0 network to connect and do
685 # administrative tasks after authenticating</comment>
686 Order Deny,Allow
687 Deny From All
688 &lt;/Location&gt;
689 </pre>
690
691 <p>
692 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
693 The changes to <path>mime.convs</path> and <path>mime.types</path> are
694 needed to make CUPS print Microsoft Office document files.
695 </p>
696
697 <pre caption="/etc/cups/mime.convs">
698 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
699 application/octet-stream application/vnd.cups-raw 0
700 </pre>
701
702 <p>
703 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
704 </p>
705
706 <pre caption="/etc/cups/mime.types">
707 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
708 application/octet-stream
709 </pre>
710
711 <p>
712 CUPS needs to be started on boot, and started immediately.
713 </p>
714
715 <pre caption="Setting up the CUPS service" >
716 <comment>(To start CUPS on boot)</comment>
717 # <i>rc-update add cupsd default</i>
718 <comment>(To start or restart CUPS now)</comment>
719 # <i>/etc/init.d/cupsd restart</i>
720 </pre>
721
722 </body>
723 </section>
724 <section>
725 <title>Installing a printer for and with CUPS</title>
726 <body>
727
728 <p>
729 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
730 find and download the correct PPD file for your printer and CUPS. To do so,
731 click the link Printer Listings to the left. Select your printers manufacturer
732 and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
733 the page coming up click the "recommended driver" link after reading the
734 various notes and information. Then fetch the PPD file from the next page,
735 again after reading the notes and introductions there. You may have to select
736 your printers manufacturer and model again. Reading the <uri
737 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
738 is also very helpful when working with CUPS.
739 </p>
740
741 <p>
742 Now you have a PPD file for your printer to work with CUPS. Place it in
743 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
744 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
745 This can be done via the CUPS web interface or via command line. The web
746 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
747 </p>
748
749 <pre caption="Install the printer via command line">
750 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
751 </pre>
752
753 <p>
754 Remember to adjust to what you have. Be sure to have the name
755 (<c>-p</c> argument) right (the name you set above during the Samba
756 configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
757 <c>parallel:/dev/blah</c> or whatever device you are using for your
758 printer.
759 </p>
760
761 <p>
762 You should now be able to access the printer from the web interface
763 and be able to print a test page.
764 </p>
765
766 </body>
767 </section>
768 <section>
769 <title>Installing the Windows printer drivers</title>
770 <body>
771
772 <p>
773 Now that the printer should be working it is time to install the drivers
774 for the Windows clients to work. Samba 2.2 introduced this functionality.
775 Browsing to the print server in the Network Neighbourhood, right-clicking
776 on the printershare and selecting "connect" downloads the appropriate
777 drivers automagically to the connecting client, avoiding the hassle of
778 manually installing printer drivers locally.
779 </p>
780
781 <p>
782 There are two sets of printer drivers for this. First, the Adobe PS
783 drivers which can be obtained from <uri
784 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
785 (PostScript printer drivers). Second, there are the CUPS PS drivers,
786 to be obtained from <uri link="http://www.cups.org/software.php">the
787 CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
788 pull down menu. There doesn't seem to be a difference between the
789 functionality of the two, but the Adobe PS drivers need to be extracted
790 on a Windows System since it's a Windows binary. Also the whole procedure
791 of finding and copying the correct files is a bit more hassle. The CUPS
792 drivers seem to support some options the Adobe drivers don't.
793 </p>
794
795 <p>
796 This HOWTO uses the CUPS drivers for Windows. The downloaded file is
797 called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
798 contained into a directory.
799 </p>
800
801 <pre caption="Extract the drivers and run the install">
802 # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
803 # <i>cd cups-samba-5.0rc2</i>
804 <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
805 # <i>./cups-samba.install</i>
806 </pre>
807
808 <p>
809 <path>cups-samba.ss</path> is a TAR archive containing three files:
810 <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
811 <path>cupsui5.dll</path>. These are the actual driver files.
812 </p>
813
814 <warn>
815 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
816 because almost everything which is not part of the base system is
817 installed somewhere under the prefix <path>/usr/local/</path>. This
818 seems not to be the case for most things you install under GNU/Linux.
819 However, if your CUPS installation is somewhere other than
820 <path>/usr/share/cups/</path> see the example below.
821 </warn>
822
823 <p>
824 Suppose your CUPS installation resides under
825 <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
826 Do the following:
827 </p>
828
829 <pre caption="Manually installing the drivers">
830 # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
831 # <i>tar -xf cups-samba.ss</i>
832 <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
833 # <i>cd usr/share/cups/drivers</i>
834 <comment>(no leading / !)</comment>
835 # <i>cp cups* /usr/local/share/cups/drivers</i>
836 </pre>
837
838 <p>
839 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
840 distribution. It's man page is an interesting read.
841 </p>
842
843 <pre caption="Run cupsaddsmb">
844 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
846 "export all known printers".)</comment>
847 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
848 </pre>
849
850 <warn>
851 The execution of this command often causes the most trouble.
852 Reading through the <uri
853 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
854 thread</uri>.
855 </warn>
856
857 <p>
858 Here are common errors that may happen:
859 </p>
860
861 <ul>
862 <li>
863 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
864 (<c>PrintServer</c>) often does not resolve correctly and doesn't
865 identify the print server for CUPS/Samba interaction. If an error
866 like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
867 skipping!</b> occurs, the first thing you should do is substitute
868 <c>PrintServer</c> with <c>localhost</c> and try it again.
869 </li>
870 <li>
871 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
872 is quite common, but can be triggered by many problems. It's unfortunately
873 not very helpful. One thing to try is to temporarily set <c>security =
874 user</c> in your <path>smb.conf</path>. After/if the installation completes
875 successfully, you should set it back to share, or whatever it was set to
876 before.
877 </li>
878 </ul>
879
880 <p>
881 This should install the correct driver directory structure under
882 <path>/etc/samba/printer</path>. That would be
883 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
884 be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
885 (the name which you gave the printer when installing it (see above).
886 </p>
887
888 <p>
889 Pending no errors or other complications, your drivers are now
890 installed.
891 </p>
892
893 </body>
894 </section>
895 <section>
896 <title>Finalizing our setup</title>
897 <body>
898
899 <p>
900 Lastly, setup our directories.
901 </p>
902
903 <pre caption="Final changes needed">
904 # <i>mkdir /home/samba</i>
905 # <i>mkdir /home/samba/public</i>
906 # <i>chmod 755 /home/samba</i>
907 # <i>chmod 755 /home/samba/public</i>
908 </pre>
909
910 </body>
911 </section>
912 <section>
913 <title>Testing our Samba configuration</title>
914 <body>
915
916 <p>
917 We will want to test our configuration file to ensure that it is formatted
918 properly and all of our options have at least the correct syntax. To do
919 this we run <c>testparm</c>.
920 </p>
921
922 <pre caption="Running the testparm">
923 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
924 # <i>/usr/bin/testparm</i>
925 Load smb config files from /etc/samba/smb.conf
926 Processing section &quot;[printers]&quot;
927 Global parameter guest account found in service section!
928 Processing section &quot;[public]&quot;
929 Global parameter guest account found in service section!
930 Loaded services file OK.
931 Server role: ROLE_STANDALONE
932 Press enter to see a dump of your service definitions
933 ...
934 ...
935 </pre>
936
937 </body>
938 </section>
939 <section>
940 <title>Starting the Samba service</title>
941 <body>
942
943 <p>
944 Now configure Samba to start at bootup; then go ahead and start it.
945 </p>
946
947 <pre caption="Setting up the Samba service">
948 # <i>rc-update add samba default</i>
949 # <i>/etc/init.d/samba start</i>
950 </pre>
951
952 </body>
953 </section>
954 <section>
955 <title>Checking our services</title>
956 <body>
957
958 <p>
959 It would probably be prudent to check our logs at this time also.
960 We will also want to take a peak at our Samba shares using
961 <c>smbclient</c>.
962 </p>
963
964 <pre caption="Checking the shares with smbclient">
965 # <i>smbclient -L localhost</i>
966 Password:
967 <comment>(You should see a BIG list of services here.)</comment>
968 </pre>
969
970 </body>
971 </section>
972 </chapter>
973
974 <chapter>
975 <title>Configuration of the Clients</title>
976 <section>
977 <title>Printer configuration of *nix based clients</title>
978 <body>
979
980 <p>
981 Despite the variation or distribution, the only thing needed is CUPS. Do the
982 equivalent on any other UNIX/Linux/BSD client.
983 </p>
984
985 <pre caption="Configuring a Gentoo system">
986 # <i>emerge cups</i>
987 # <i>nano -w /etc/cups/client.conf</i>
988 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
989 </pre>
990
991 <p>
992 That should be it. Nothing else will be needed.
993 </p>
994
995 <p>
996 If you use only one printer, it will be your default printer. If your print
997 server manages several printers, your administrator will have defined a default
998 printer on the server. If you want to define a different default printer for
999 yourself, use the <c>lpoptions</c> command.
1000 </p>
1001
1002 <pre caption="Setting your default printer">
1003 <comment>(List available printers)</comment>
1004 # <i>lpstat -a</i>
1005 <comment>(Sample output, yours will differ)</comment>
1006 HPDeskJet930C accepting requests since Jan 01 00:00
1007 laser accepting requests since Jan 01 00:00
1008 <comment>(Define HPDeskJet930C as your default printer)</comment>
1009 # <i>lpoptions -d HPDeskJet930C</i>
1010 </pre>
1011
1012 <pre caption="Printing in *nix">
1013 <comment>(Specify the printer to be used)</comment>
1014 # <i>lp -d HPDeskJet930C anything.txt</i>
1015 <comment>(Use your default printer)</comment>
1016 # <i>lp foobar.whatever.ps</i>
1017 </pre>
1018
1019 <p>
1020 Just point your web browser to <c>http://printserver:631</c> on the client if
1021 you want to manage your printers and their jobs with a nice web interface.
1022 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1023 your print server, not the name you gave to the cups print server if you used
1024 different names.
1025 </p>
1026
1027 </body>
1028 </section>
1029 <section>
1030 <title>Mounting a Windows or Samba share in GNU/Linux</title>
1031 <body>
1032
1033 <p>
1034 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1035 all compiled at least one kernel, we'll need to make sure we have all the right
1036 options selected in our kernel. For simplicity sake, make it a module for ease
1037 of use. It is the author's opinion that kernel modules are a good thing and
1038 should be used whenever possible.
1039 </p>
1040
1041 <pre caption="Relevant kernel options" >
1042 CONFIG_SMB_FS=m
1043 CONFIG_SMB_UNIX=y
1044 </pre>
1045
1046 <p>
1047 Then make the module/install it; insert them with:
1048 </p>
1049
1050 <pre caption="Loading the kernel module">
1051 # <i>modprobe smbfs</i>
1052 </pre>
1053
1054 <p>
1055 Once the modules is loaded, mounting a Windows or Samba share is
1056 possible. Use <c>mount</c> to accomplish this, as detailed below:
1057 </p>
1058
1059 <pre caption="Mounting a Windows/Samba share">
1060 <comment>(The syntax for mounting a Windows/Samba share is:
1061 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1062 If we are not using passwords or a password is not needed)</comment>
1063
1064 # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1065
1066 <comment>(If a password is needed)</comment>
1067 # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1068 </pre>
1069
1070 <p>
1071 After you mount the share, you would access it as if it were a local
1072 drive.
1073 </p>
1074
1075 </body>
1076 </section>
1077 <section>
1078 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1079 <body>
1080
1081 <p>
1082 That's just a bit of point-and-click. Browse to
1083 <path>\\PrintServer</path> and right click on the printer
1084 (HPDeskJet930C) and click connect. This will download the drivers to
1085 the Windows client and now every application (such as Word or Acrobat)
1086 will offer HPDeskJet930C as an available printer to print to. :-)
1087 </p>
1088
1089 </body>
1090 </section>
1091 </chapter>
1092
1093 <chapter>
1094 <title>Final Notes</title>
1095 <section>
1096 <title>A Fond Farewell</title>
1097 <body>
1098
1099 <p>
1100 Well that should be it. You should now have a successful printing enviroment
1101 that is friendly to both Windows and *nix as well as a fully virus-free working
1102 share!
1103 </p>
1104
1105 </body>
1106 </section>
1107 </chapter>
1108
1109 <chapter>
1110 <title>Links and Resources</title>
1111 <section>
1112 <title>Links</title>
1113 <body>
1114
1115 <p>
1116 These are some links that may help you in setting up, configuration and
1117 troubleshooting your installation:
1118 </p>
1119
1120 <ul>
1121 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1122 <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1123 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1124 <li>
1125 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1126 Pfeifle's Samba Print HOWTO</uri> (
1127 This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1128 I've written here, plus a LOT more concerning CUPS and Samba, and
1129 generally printing support on networks. A really interesting read,
1130 with lots and lots of details)
1131 </li>
1132 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1133 </ul>
1134
1135 </body>
1136 </section>
1137 <section>
1138 <title>Troubleshooting</title>
1139 <body>
1140
1141 <p>
1142 See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1143 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1144 manual. Lots of useful tips there! Be sure to look this one up
1145 first, before posting questions and problems! Maybe the solution
1146 you're looking for is right there.
1147 </p>
1148
1149 </body>
1150 </section>
1151 </chapter>
1152 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20