/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.20 - (show annotations) (download) (as text)
Sun Jan 1 11:51:43 2006 UTC (8 years, 7 months ago) by neysx
Branch: MAIN
Changes since 1.19: +2 -2 lines
File MIME type: application/xml
Removed some tabs (blame rane) **No Content Change**

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.19 2005/10/02 21:26:32 rane Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12
13 <abstract>
14 Setup, install and configure a Samba Server under Gentoo that shares
15 files, printers without the need to install drivers and provides
16 automatic virus scanning.
17 </abstract>
18
19 <!-- The content of this document is licensed under the CC-BY-SA license -->
20 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21 <license/>
22
23 <version>1.12</version>
24 <date>2005-03-26</date>
25
26 <chapter>
27 <title>Introduction to this HOWTO</title>
28 <section>
29 <title>Purpose</title>
30 <body>
31
32 <p>
33 This HOWTO is designed to help you move a network from many different
34 clients speaking different languages, to many different machines that
35 speak a common language. The ultimate goal is to help differing
36 architectures and technologies, come together in a productive,
37 happily coexisting environment.
38 </p>
39
40 <p>
41 Following the directions outlined in this HOWTO should give you an
42 excellent step towards a peaceful cohabitation between Windows, and
43 virtually all known variations of *nix.
44 </p>
45
46 <p>
47 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 intended to explore the functionality and power of the Gentoo system,
49 portage and the flexibility of USE flags. Like so many other projects,
50 it was quickly discovered what was missing in the Gentoo realm: there
51 weren't any Samba HOWTO's catered for Gentoo users. These users are
52 more demanding than most; they require performance, flexibility and
53 customization. This does not however imply that this HOWTO was not
54 intended for other distributions; rather that it was designed to work
55 with a highly customized version of Samba.
56 </p>
57
58 <p>
59 This HOWTO will describe how to share files and printers between Windows
60 PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61 File System) feature of Samba to incorporate automatic virus protection.
62 As a finale, it will show you how to mount and manipulate shares.
63 </p>
64
65 <p>
66 There are a few topics that will be mentioned, but are out of the
67 scope of this HOWTO. These will be noted as they are presented.
68 </p>
69
70 <p>
71 This HOWTO is based on a compilation and merge of an excellent HOWTO
72 provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73 by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74 The link to this discussion is provided below for your reference:
75 </p>
76
77 <ul>
78 <li>
79 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80 CUPS+Samba: printing from Windows &amp; Linux</uri>
81 </li>
82 </ul>
83
84 </body>
85 </section>
86 <section>
87 <title>Before you use this guide</title>
88 <body>
89
90 <p>
91 There are a several other guides for setting up CUPS and/or Samba, please read
92 them as well, as they may tell you things left out of this HOWTO (intentional
93 or otherwise). One such document is the very useful and well written <uri
94 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95 issues and specific printer setup is not discussed here.
96 </p>
97
98 </body>
99 </section>
100 <section>
101 <title>Brief Overview</title>
102 <body>
103
104 <p>
105 After presenting the various USE flags, the following list will outline
106 all of the topics covered as they are presented:
107 </p>
108
109 <ul>
110 <li>On the Samba server:
111 <ul>
112 <li>Install and configure ClamAV</li>
113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul>
118 </li>
119 <li>On the Unix clients:
120 <ul>
121 <li>Install and configure CUPS</li>
122 <li>Configuring a default printer</li>
123 <li>Mounting a Windows or Samba share</li>
124 </ul>
125 </li>
126 <li>On the Windows Clients:
127 <ul>
128 <li>Configuring the printer</li>
129 <li>Accessing Samba shares</li>
130 </ul>
131 </li>
132 </ul>
133
134 </body>
135 </section>
136 <section>
137 <title>Requirements</title>
138 <body>
139
140 <p>
141 We will need the following:
142 </p>
143
144 <ul>
145 <li>net-fs/samba</li>
146 <li>app-antivirus/clamav</li>
147 <li>net-print/cups</li>
148 <li>net-print/foomatic</li>
149 <li>net-print/hpijs (if you have an HP printer)</li>
150 <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152 <li>
153 A working network (home/office/etc) consisting of more than one machine)
154 </li>
155 </ul>
156
157 <p>
158 The main package we use here is net-fs/samba, however, you will need
159 a kernel with smbfs support enabled in order to mount a samba or windows
160 share from another computer. CUPS will be emerged if it is not already.
161 app-antivirus/clamav will be used also, but others should be easily adapted
162 to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
164 </p>
165
166 </body>
167 </section>
168 </chapter>
169
170 <chapter>
171 <title>Getting acquainted with Samba</title>
172 <section>
173 <title>The USE Flags</title>
174 <body>
175
176 <p>
177 Before emerging anything, take a look at the various USE flags
178 available to Samba.
179 </p>
180
181 <pre caption="Samba uses the following USE Variables:">
182 kerberos mysql xml acl cups ldap pam readline python oav libclamav
183 </pre>
184
185 <p>
186 Depending on the network topology and the specific requirements of
187 the server, the USE flags outlined below will define what to include or
188 exclude from the emerging of Samba.
189 </p>
190
191 <table>
192 <tr>
193 <th><b>USE flag</b></th>
194 <th>Description</th>
195 </tr>
196 <tr>
197 <th><b>kerberos</b></th>
198 <ti>
199 Include support for Kerberos. The server will need this if it is
200 intended to join an existing domain or Active Directory. See the note
201 below for more information.
202 </ti>
203 </tr>
204 <tr>
205 <th><b>mysql</b></th>
206 <ti>
207 This will allow Samba to use MySQL in order to do password authentication.
208 It will store ACLs, usernames, passwords, etc in a database versus a
209 flat file. If Samba is needed to do password authentication, such as
210 acting as a password validation server or a Primary Domain Controller
211 (PDC).
212 </ti>
213 </tr>
214 <tr>
215 <th><b>xml</b></th>
216 <ti>
217 The xml USE option for Samba provides a password database backend allowing
218 Samba to store account details in XML files, for the same reasons listed in
219 the mysql USE flag description.
220 </ti>
221 </tr>
222 <tr>
223 <th><b>acl</b></th>
224 <ti>
225 Enables Access Control Lists. The ACL support in Samba uses a patched
226 ext2/ext3, or SGI's XFS in order to function properly as it extends more
227 detailed access to files or directories; much more so than typical *nix
228 GID/UID schemas.
229 </ti>
230 </tr>
231 <tr>
232 <th><b>cups</b></th>
233 <ti>
234 This enables support for the Common Unix Printing System. This
235 provides an interface allowing local CUPS printers to be shared to
236 other systems in the network.
237 </ti>
238 </tr>
239 <tr>
240 <th><b>ldap</b></th>
241 <ti>
242 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
243 expected to use Active Directory, this option must be used. This would
244 be used in the event Samba needs to login to or provide login to
245 a Domain/Active Directory Server. The kerberos USE flag is needed for
246 proper functioning of this option.
247 </ti>
248 </tr>
249 <tr>
250 <th><b>pam</b></th>
251 <ti>
252 Include support for pluggable authentication modules (PAM). This
253 provides the ability to authenticate users on the Samba Server, which is
254 required if users have to login to your server. The kerberos USE flag
255 is recommended along with this option.
256 </ti>
257 </tr>
258 <tr>
259 <th><b>readline</b></th>
260 <ti>
261 Link Samba against libreadline. This is highly recommended and should
262 probably not be disabled
263 </ti>
264 </tr>
265 <tr>
266 <th><b>python</b></th>
267 <ti>
268 Python bindings API. Provides an API that will allow Python to
269 interface with Samba.
270 </ti>
271 </tr>
272 <tr>
273 <th><b>oav</b></th>
274 <ti>
275 Provides on-access scanning of Samba shares with FRISK F-Prot
276 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
277 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
278 </ti>
279 </tr>
280 <tr>
281 <th><b>libclamav</b></th>
282 <ti>
283 Use the ClamAV library instead of the clamd daemon
284 </ti>
285 </tr>
286 </table>
287
288 <p>
289 A couple of things worth mentioning about the USE flags and different
290 Samba functions include:
291 </p>
292
293 <ul>
294 <li>
295 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
296 ACL kernel options for ext2 and/or ext3 will need to be enabled
297 (depending on which file system is being used - both can be enabled).
298 </li>
299 <li>
300 While Active Directory, ACL, and PDC functions are out of the intended
301 scope of this HOWTO, you may find these links as helpful to your cause:
302 <ul>
303 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
304 <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
305 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
306 </ul>
307 </li>
308 </ul>
309
310 </body>
311 </section>
312 </chapter>
313
314 <chapter>
315 <title>Server Software Installation</title>
316 <section>
317 <title>Emerging Samba</title>
318 <body>
319
320 <p>
321 First of all: be sure that all your hostnames resolve correctly.
322 Either have a working domain name system running on your network
323 or appropriate entries in your <path>/etc/hosts</path> file.
324 <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
325 machines.
326 </p>
327
328 <p>
329 Hopefully now you can make an assessment of what you'll actually need in
330 order to use Samba with your particular setup. The setup used for this
331 HOWTO is:
332 </p>
333
334 <ul>
335 <li>oav</li>
336 <li>cups</li>
337 <li>readline</li>
338 <li>pam</li>
339 </ul>
340
341 <p>
342 To optimize performance, size and the time of the build, the
343 USE flags are specifically included or excluded.
344 </p>
345
346 <pre caption="Emerge Samba">
347 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
348 # <i>emerge net-fs/samba</i>
349 </pre>
350
351 <note>
352 The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
353 ppc, sparc, hppa, ia64 and alpha
354 </note>
355
356 <p>
357 This will emerge Samba and CUPS (if CUPS is not already emerged).
358 </p>
359
360 </body>
361 </section>
362 <section>
363 <title>Emerging ClamAV</title>
364 <body>
365
366 <p>
367 Because the <e>oav</e> USE flag only provides an interface to allow on access
368 virus scanning, the actual virus scanner must be emerged. The scanner
369 used in this HOWTO is ClamAV.
370 </p>
371
372 <pre caption="Emerge Clamav">
373 # <i>emerge app-antivirus/clamav</i>
374 </pre>
375
376 </body>
377 </section>
378 <section>
379 <title>Emerging foomatic</title>
380 <body>
381
382 <pre caption="Emerge foomatic">
383 # <i>emerge net-print/foomatic</i>
384 </pre>
385
386 </body>
387 </section>
388 <section>
389 <title>Emerging net-print/hpijs</title>
390 <body>
391
392 <p>
393 You only need to emerge this if you use an HP printer.
394 </p>
395
396 <pre caption="Emerge hpijs">
397 # <i>emerge net-print/hpijs</i>
398 </pre>
399
400 </body>
401 </section>
402 </chapter>
403
404 <chapter>
405 <title>Server Configuration</title>
406 <section>
407 <title>Configuring Samba</title>
408 <body>
409
410 <p>
411 The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
412 It is divided in sections indicated by [sectionname]. Comments are either
413 # or ;. A sample <path>smb.conf</path> is included below with comments and
414 suggestions for modifications. If more details are required, see the
415 man page for <path>smb.conf</path>, the installed
416 <path>smb.conf.example</path>, the Samba Web site or any of the
417 numerous Samba books available.
418 </p>
419
420 <pre caption="A Sample /etc/samba/smb.conf">
421 [global]
422 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
423 workgroup = <comment>MYWORKGROUPNAME</comment>
424 <comment># Of course this has no REAL purpose other than letting
425 # everyone knows it's not Windows!
426 # %v prints the version of Samba we are using.</comment>
427 server string = Samba Server %v
428 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
429 printcap name = cups
430 printing = cups
431 load printers = yes
432 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
433 log file = /var/log/samba/log.%m
434 max log size = 50
435 <comment># We are going to set some options for our interfaces...</comment>
436 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
437 <comment># This is a good idea, what we are doing is binding the
438 # samba server to our local network.
439 # For example, if eth0 is our local network device</comment>
440 interfaces = lo <i>eth0</i>
441 bind interfaces only = yes
442 <comment># Now we are going to specify who we allow, we are afterall
443 # very security conscience, since this configuration does
444 # not use passwords!</comment>
445 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
446 hosts deny = 0.0.0.0/0
447 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
448 # The default is user</comment>
449 security = share
450 <comment># No passwords, so we're going to use a guest account!</comment>
451 guest account = samba
452 guest ok = yes
453 <comment># We now will implement the on access virus scanner.
454 # NOTE: By putting this in our [Global] section, we enable
455 # scanning of ALL shares, you could optionally move
456 # these to a specific share and only scan it.</comment>
457
458 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
459 vfs object = vscan-clamav
460 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
461
462 <comment># Now we setup our print drivers information!</comment>
463 [print$]
464 comment = Printer Drivers
465 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
466 guest ok = yes
467 browseable = yes
468 read only = yes
469 <comment># Modify this to "username,root" if you don't want root to
470 # be the only printer admin)</comment>
471 write list = <i>root</i>
472
473 <comment># Now we'll setup a printer to share, while the name is arbitrary
474 # it should be consistent throughout Samba and CUPS!</comment>
475 [HPDeskJet930C]
476 comment = HP DeskJet 930C Network Printer
477 printable = yes
478 path = /var/spool/samba
479 public = yes
480 guest ok = yes
481 <comment># Modify this to "username,root" if you don't want root to
482 # be the only printer admin)</comment>
483 printer admin = <i>root</i>
484
485 <comment># Now we setup our printers share. This should be
486 # browseable, printable, public.</comment>
487 [printers]
488 comment = All Printers
489 browseable = no
490 printable = yes
491 writable = no
492 public = yes
493 guest ok = yes
494 path = /var/spool/samba
495 <comment># Modify this to "username,root" if you don't want root to
496 # be the only printer admin)</comment>
497 printer admin = <i>root</i>
498
499 <comment># We create a new share that we can read/write to from anywhere
500 # This is kind of like a public temp share, anyone can do what
501 # they want here.</comment>
502 [public]
503 comment = Public Files
504 browseable = yes
505 public = yes
506 create mode = 0766
507 guest ok = yes
508 path = /home/samba/public
509 </pre>
510
511 <warn>
512 If you like to use Samba's guest account to do anything concerning
513 printing from Windows clients: don't set <c>guest only = yes</c> in
514 the <c>[global]</c> section. The guest account seems to cause
515 problems when running <c>cupsaddsmb</c> sometimes when trying to
516 connect from Windows machines. See below, too, when we talk about
517 <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
518 printer user, like <c>printeruser</c> or <c>printer</c> or
519 <c>printme</c> or whatever. It doesn't hurt and it will certainly
520 protect you from a lot of problems.
521 </warn>
522
523 <warn>
524 Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
525 down the performance of your Samba server dramatically.
526 </warn>
527
528 <p>
529 Now create the directories required for the minimum configuration of
530 Samba to share the installed printer throughout the network.
531 </p>
532
533 <pre caption="Create the directories">
534 # <i>mkdir /etc/samba/printer</i>
535 # <i>mkdir /var/spool/samba</i>
536 # <i>mkdir /home/samba/public</i>
537 </pre>
538
539 <p>
540 At least one Samba user is required in order to install the printer
541 drivers and to allow users to connect to the printer. Users must
542 exist in the system's <path>/etc/passwd</path> file.
543 </p>
544
545 <pre caption="Creating the users">
546 # <i>smbpasswd -a root</i>
547
548 <comment>(If another user is to be a printer admin)</comment>
549 # <i>smbpasswd -a username</i>
550 </pre>
551
552 <p>
553 The Samba passwords need not be the same as the system passwords
554 in <path>/etc/passwd</path>.
555 </p>
556
557 <p>
558 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
559 systems can be found easily using NetBIOS:
560 </p>
561
562 <pre caption="Editing /etc/nsswitch.conf">
563 # <i>nano -w /etc/nsswitch.conf</i>
564 <comment>(Edit the hosts: line)</comment>
565 hosts: files dns <i>wins</i>
566 </pre>
567
568 </body>
569 </section>
570 <section>
571 <title>Configuring ClamAV</title>
572 <body>
573
574 <p>
575 The configuration file specified to be used in <path>smb.conf</path> is
576 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
577 to the defaults, the infected file action may need to be changed.
578 </p>
579
580 <pre caption="/etc/samba/vscan-clamav.conf">
581 [samba-vscan]
582 <comment>; run-time configuration for vscan-samba using
583 ; clamd
584 ; all options are set to default values</comment>
585
586 <comment>; do not scan files larger than X bytes. If set to 0 (default),
587 ; this feature is disable (i.e. all files are scanned)</comment>
588 max file size = 0
589
590 <comment>; log all file access (yes/no). If set to yes, every access will
591 ; be logged. If set to no (default), only access to infected files
592 ; will be logged</comment>
593 verbose file logging = no
594
595 <comment>; if set to yes (default), a file will be scanned while opening</comment>
596 scan on open = yes
597 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
598 scan on close = yes
599
600 <comment>; if communication to clamd fails, should access to file denied?
601 ; (default: yes)</comment>
602 deny access on error = yes
603
604 <comment>; if daemon fails with a minor error (corruption, etc.),
605 ; should access to file denied?
606 ; (default: yes)</comment>
607 deny access on minor error = yes
608
609 <comment>; send a warning message via Windows Messenger service
610 ; when virus is found?
611 ; (default: yes)</comment>
612 send warning message = yes
613
614 <comment>; what to do with an infected file
615 ; quarantine: try to move to quantine directory; delete it if moving fails
616 ; delete: delete infected file
617 ; nothing: do nothing</comment>
618 infected file action = <comment>delete</comment>
619
620 <comment>; where to put infected files - you really want to change this!
621 ; it has to be on the same physical device as the share!</comment>
622 quarantine directory = /tmp
623 <comment>; prefix for files in quarantine</comment>
624 quarantine prefix = vir-
625
626 <comment>; as Windows tries to open a file multiple time in a (very) short time
627 ; of period, samba-vscan use a last recently used file mechanism to avoid
628 ; multiple scans of a file. This setting specified the maximum number of
629 ; elements of the last recently used file list. (default: 100)</comment>
630 max lru files entries = 100
631
632 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
633 ; (Default: 5)</comment>
634 lru file entry lifetime = 5
635
636 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
637 clamd socket name = /tmp/clamd
638
639 <comment>; port number the ScannerDaemon listens on</comment>
640 oav port = 8127
641 </pre>
642
643 <p>
644 It is generally a good idea to start the virus scanner immediately. Add
645 it to the <e>default</e> runlevel and then start the <c>clamd</c> service
646 immediately. The service has two processes: freshclam keeps the virus definition
647 database up to date while clamd is the actual anti-virus daemon. First you may
648 want to set the paths of the logfiles so that it fits your needs.
649 </p>
650
651 <pre caption="Checking the location of the logfiles">
652 # <i>vim /etc/clamd.conf</i>
653 <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
654 # <i>vim /etc/freshclam.conf</i>
655 <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
656 # <i>vim /etc/conf.d/clamd</i>
657 <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
658 </pre>
659
660 <p>
661 Now fire up the virus scanner.
662 </p>
663
664 <pre caption="Add clamd to bootup and start it">
665 # <i>rc-update add clamd default</i>
666 # <i>/etc/init.d/clamd start</i>
667 </pre>
668
669 </body>
670 </section>
671 <section>
672 <title>Configuring CUPS</title>
673 <body>
674
675 <p>
676 This is a little more complicated. CUPS' main config file is
677 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
678 <path>httpd.conf</path> file, so many you may find it familiar. Outlined
679 in the example are the directives that need to be changed:
680 </p>
681
682 <pre caption="/etc/cups/cupsd.conf">
683 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
684 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
685
686 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
687 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
688
689 LogLevel debug <comment># only while isntalling and testing, should later be
690 # changed to 'info'</comment>
691
692 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
693 # there seemed to be a bug in CUPS' controlling of the web interface,
694 # making CUPS think a denial of service attack was in progress when
695 # I tried to configure a printer with the web interface. weird.</comment>
696
697 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
698
699 &lt;Location /&gt;
700 Order Deny,Allow
701 Deny From All
702 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
703 # eg 192.168.1.* will allow connections from any host on
704 # the 192.168.1.0 network. change to whatever suits you</comment>
705 &lt;/Location&gt;
706
707 &lt;Location /admin&gt;
708 AuthType Basic
709 AuthClass System
710 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
711 # 192.168.1.0 network to connect and do
712 # administrative tasks after authenticating</comment>
713 Order Deny,Allow
714 Deny From All
715 &lt;/Location&gt;
716 </pre>
717
718 <p>
719 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
720 The changes to <path>mime.convs</path> and <path>mime.types</path> are
721 needed to make CUPS print Microsoft Office document files.
722 </p>
723
724 <pre caption="/etc/cups/mime.convs">
725 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
726 application/octet-stream application/vnd.cups-raw 0
727 </pre>
728
729 <p>
730 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
731 </p>
732
733 <pre caption="/etc/cups/mime.types">
734 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
735 application/octet-stream
736 </pre>
737
738 <p>
739 CUPS needs to be started on boot, and started immediately.
740 </p>
741
742 <pre caption="Setting up the CUPS service" >
743 <comment>(To start CUPS on boot)</comment>
744 # <i>rc-update add cupsd default</i>
745 <comment>(To start or restart CUPS now)</comment>
746 # <i>/etc/init.d/cupsd restart</i>
747 </pre>
748
749 </body>
750 </section>
751 <section>
752 <title>Installing a printer for and with CUPS</title>
753 <body>
754
755 <p>
756 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
757 find and download the correct PPD file for your printer and CUPS. To do so,
758 click the link Printer Listings to the left. Select your printers manufacturer
759 and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
760 the page coming up click the "recommended driver" link after reading the
761 various notes and information. Then fetch the PPD file from the next page,
762 again after reading the notes and introductions there. You may have to select
763 your printers manufacturer and model again. Reading the <uri
764 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
765 is also very helpful when working with CUPS.
766 </p>
767
768 <p>
769 Now you have a PPD file for your printer to work with CUPS. Place it in
770 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
771 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
772 This can be done via the CUPS web interface or via command line. The web
773 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
774 </p>
775
776 <pre caption="Install the printer via command line">
777 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
778 </pre>
779
780 <p>
781 Remember to adjust to what you have. Be sure to have the name
782 (<c>-p</c> argument) right (the name you set above during the Samba
783 configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
784 <c>parallel:/dev/blah</c> or whatever device you are using for your
785 printer.
786 </p>
787
788 <p>
789 You should now be able to access the printer from the web interface
790 and be able to print a test page.
791 </p>
792
793 </body>
794 </section>
795 <section>
796 <title>Installing the Windows printer drivers</title>
797 <body>
798
799 <p>
800 Now that the printer should be working it is time to install the drivers
801 for the Windows clients to work. Samba 2.2 introduced this functionality.
802 Browsing to the print server in the Network Neighbourhood, right-clicking
803 on the printershare and selecting "connect" downloads the appropriate
804 drivers automagically to the connecting client, avoiding the hassle of
805 manually installing printer drivers locally.
806 </p>
807
808 <p>
809 There are two sets of printer drivers for this. First, the Adobe PS
810 drivers which can be obtained from <uri
811 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
812 (PostScript printer drivers). Second, there are the CUPS PS drivers,
813 to be obtained from <uri link="http://www.cups.org/software.php">the
814 CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
815 pull down menu. There doesn't seem to be a difference between the
816 functionality of the two, but the Adobe PS drivers need to be extracted
817 on a Windows System since it's a Windows binary. Also the whole procedure
818 of finding and copying the correct files is a bit more hassle. The CUPS
819 drivers seem to support some options the Adobe drivers don't.
820 </p>
821
822 <p>
823 This HOWTO uses the CUPS drivers for Windows. The downloaded file is
824 called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
825 contained into a directory.
826 </p>
827
828 <pre caption="Extract the drivers and run the install">
829 # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
830 # <i>cd cups-samba-5.0rc2</i>
831 <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
832 # <i>./cups-samba.install</i>
833 </pre>
834
835 <p>
836 <path>cups-samba.ss</path> is a TAR archive containing three files:
837 <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
838 <path>cupsui5.dll</path>. These are the actual driver files.
839 </p>
840
841 <warn>
842 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
843 because almost everything which is not part of the base system is
844 installed somewhere under the prefix <path>/usr/local/</path>. This
845 seems not to be the case for most things you install under GNU/Linux.
846 However, if your CUPS installation is somewhere other than
847 <path>/usr/share/cups/</path> see the example below.
848 </warn>
849
850 <p>
851 Suppose your CUPS installation resides under
852 <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
853 Do the following:
854 </p>
855
856 <pre caption="Manually installing the drivers">
857 # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
858 # <i>tar -xf cups-samba.ss</i>
859 <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
860 # <i>cd usr/share/cups/drivers</i>
861 <comment>(no leading / !)</comment>
862 # <i>cp cups* /usr/local/share/cups/drivers</i>
863 </pre>
864
865 <p>
866 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
867 distribution. It's man page is an interesting read.
868 </p>
869
870 <pre caption="Run cupsaddsmb">
871 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
872 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
873 "export all known printers".)</comment>
874 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
875 </pre>
876
877 <warn>
878 The execution of this command often causes the most trouble.
879 Reading through the <uri
880 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
881 thread</uri>.
882 </warn>
883
884 <p>
885 Here are common errors that may happen:
886 </p>
887
888 <ul>
889 <li>
890 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
891 (<c>PrintServer</c>) often does not resolve correctly and doesn't
892 identify the print server for CUPS/Samba interaction. If an error
893 like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
894 skipping!</b> occurs, the first thing you should do is substitute
895 <c>PrintServer</c> with <c>localhost</c> and try it again.
896 </li>
897 <li>
898 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
899 is quite common, but can be triggered by many problems. It's unfortunately
900 not very helpful. One thing to try is to temporarily set <c>security =
901 user</c> in your <path>smb.conf</path>. After/if the installation completes
902 successfully, you should set it back to share, or whatever it was set to
903 before.
904 </li>
905 </ul>
906
907 <p>
908 This should install the correct driver directory structure under
909 <path>/etc/samba/printer</path>. That would be
910 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
911 be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
912 (the name which you gave the printer when installing it (see above).
913 </p>
914
915 <p>
916 Pending no errors or other complications, your drivers are now
917 installed.
918 </p>
919
920 </body>
921 </section>
922 <section>
923 <title>Finalizing our setup</title>
924 <body>
925
926 <p>
927 Lastly, setup our directories.
928 </p>
929
930 <pre caption="Final changes needed">
931 # <i>mkdir /home/samba</i>
932 # <i>mkdir /home/samba/public</i>
933 # <i>chmod 755 /home/samba</i>
934 # <i>chmod 755 /home/samba/public</i>
935 </pre>
936
937 </body>
938 </section>
939 <section>
940 <title>Testing our Samba configuration</title>
941 <body>
942
943 <p>
944 We will want to test our configuration file to ensure that it is formatted
945 properly and all of our options have at least the correct syntax. To do
946 this we run <c>testparm</c>.
947 </p>
948
949 <pre caption="Running the testparm">
950 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
951 # <i>/usr/bin/testparm</i>
952 Load smb config files from /etc/samba/smb.conf
953 Processing section &quot;[printers]&quot;
954 Global parameter guest account found in service section!
955 Processing section &quot;[public]&quot;
956 Global parameter guest account found in service section!
957 Loaded services file OK.
958 Server role: ROLE_STANDALONE
959 Press enter to see a dump of your service definitions
960 ...
961 ...
962 </pre>
963
964 </body>
965 </section>
966 <section>
967 <title>Starting the Samba service</title>
968 <body>
969
970 <p>
971 Now configure Samba to start at bootup; then go ahead and start it.
972 </p>
973
974 <pre caption="Setting up the Samba service">
975 # <i>rc-update add samba default</i>
976 # <i>/etc/init.d/samba start</i>
977 </pre>
978
979 </body>
980 </section>
981 <section>
982 <title>Checking our services</title>
983 <body>
984
985 <p>
986 It would probably be prudent to check our logs at this time also.
987 We will also want to take a peak at our Samba shares using
988 <c>smbclient</c>.
989 </p>
990
991 <pre caption="Checking the shares with smbclient">
992 # <i>smbclient -L localhost</i>
993 Password:
994 <comment>(You should see a BIG list of services here.)</comment>
995 </pre>
996
997 </body>
998 </section>
999 </chapter>
1000
1001 <chapter>
1002 <title>Configuration of the Clients</title>
1003 <section>
1004 <title>Printer configuration of *nix based clients</title>
1005 <body>
1006
1007 <p>
1008 Despite the variation or distribution, the only thing needed is CUPS. Do the
1009 equivalent on any other UNIX/Linux/BSD client.
1010 </p>
1011
1012 <pre caption="Configuring a Gentoo system">
1013 # <i>emerge cups</i>
1014 # <i>nano -w /etc/cups/client.conf</i>
1015 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
1016 </pre>
1017
1018 <p>
1019 That should be it. Nothing else will be needed.
1020 </p>
1021
1022 <p>
1023 If you use only one printer, it will be your default printer. If your print
1024 server manages several printers, your administrator will have defined a default
1025 printer on the server. If you want to define a different default printer for
1026 yourself, use the <c>lpoptions</c> command.
1027 </p>
1028
1029 <pre caption="Setting your default printer">
1030 <comment>(List available printers)</comment>
1031 # <i>lpstat -a</i>
1032 <comment>(Sample output, yours will differ)</comment>
1033 HPDeskJet930C accepting requests since Jan 01 00:00
1034 laser accepting requests since Jan 01 00:00
1035 <comment>(Define HPDeskJet930C as your default printer)</comment>
1036 # <i>lpoptions -d HPDeskJet930C</i>
1037 </pre>
1038
1039 <pre caption="Printing in *nix">
1040 <comment>(Specify the printer to be used)</comment>
1041 # <i>lp -d HPDeskJet930C anything.txt</i>
1042 <comment>(Use your default printer)</comment>
1043 # <i>lp foobar.whatever.ps</i>
1044 </pre>
1045
1046 <p>
1047 Just point your web browser to <c>http://printserver:631</c> on the client if
1048 you want to manage your printers and their jobs with a nice web interface.
1049 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1050 your print server, not the name you gave to the cups print server if you used
1051 different names.
1052 </p>
1053
1054 </body>
1055 </section>
1056 <section>
1057 <title>Mounting a Windows or Samba share in GNU/Linux</title>
1058 <body>
1059
1060 <p>
1061 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1062 all compiled at least one kernel, we'll need to make sure we have all the right
1063 options selected in our kernel. For simplicity sake, make it a module for ease
1064 of use. It is the author's opinion that kernel modules are a good thing and
1065 should be used whenever possible.
1066 </p>
1067
1068 <pre caption="Relevant kernel options" >
1069 CONFIG_SMB_FS=m
1070 CONFIG_SMB_UNIX=y
1071 </pre>
1072
1073 <p>
1074 Then make the module/install it; insert them with:
1075 </p>
1076
1077 <pre caption="Loading the kernel module">
1078 # <i>modprobe smbfs</i>
1079 </pre>
1080
1081 <p>
1082 Once the modules is loaded, mounting a Windows or Samba share is
1083 possible. Use <c>mount</c> to accomplish this, as detailed below:
1084 </p>
1085
1086 <pre caption="Mounting a Windows/Samba share">
1087 <comment>(The syntax for mounting a Windows/Samba share is:
1088 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1089 If we are not using passwords or a password is not needed)</comment>
1090
1091 # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1092
1093 <comment>(If a password is needed)</comment>
1094 # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1095 </pre>
1096
1097 <p>
1098 After you mount the share, you would access it as if it were a local
1099 drive.
1100 </p>
1101
1102 </body>
1103 </section>
1104 <section>
1105 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1106 <body>
1107
1108 <p>
1109 That's just a bit of point-and-click. Browse to
1110 <path>\\PrintServer</path> and right click on the printer
1111 (HPDeskJet930C) and click connect. This will download the drivers to
1112 the Windows client and now every application (such as Word or Acrobat)
1113 will offer HPDeskJet930C as an available printer to print to. :-)
1114 </p>
1115
1116 </body>
1117 </section>
1118 </chapter>
1119
1120 <chapter>
1121 <title>Final Notes</title>
1122 <section>
1123 <title>A Fond Farewell</title>
1124 <body>
1125
1126 <p>
1127 Well that should be it. You should now have a successful printing enviroment
1128 that is friendly to both Windows and *nix as well as a fully virus-free working
1129 share!
1130 </p>
1131
1132 </body>
1133 </section>
1134 </chapter>
1135
1136 <chapter>
1137 <title>Links and Resources</title>
1138 <section>
1139 <title>Links</title>
1140 <body>
1141
1142 <p>
1143 These are some links that may help you in setting up, configuration and
1144 troubleshooting your installation:
1145 </p>
1146
1147 <ul>
1148 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1149 <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1150 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1151 <li>
1152 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1153 Pfeifle's Samba Print HOWTO</uri> (
1154 This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1155 I've written here, plus a LOT more concerning CUPS and Samba, and
1156 generally printing support on networks. A really interesting read,
1157 with lots and lots of details)
1158 </li>
1159 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1160 </ul>
1161
1162 </body>
1163 </section>
1164 <section>
1165 <title>Troubleshooting</title>
1166 <body>
1167
1168 <p>
1169 See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1170 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1171 manual. Lots of useful tips there! Be sure to look this one up
1172 first, before posting questions and problems! Maybe the solution
1173 you're looking for is right there.
1174 </p>
1175
1176 </body>
1177 </section>
1178 </chapter>
1179 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20