/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.28 - (show annotations) (download) (as text)
Wed Jun 6 22:42:25 2007 UTC (7 years, 2 months ago) by nightmorph
Branch: MAIN
Changes since 1.27: +11 -35 lines
File MIME type: application/xml
some updates for bug 181130

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.27 2007/06/05 21:33:31 nightmorph Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="/doc/en/quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12
13 <abstract>
14 Setup, install and configure a Samba Server under Gentoo that shares
15 files, printers without the need to install drivers and provides
16 automatic virus scanning.
17 </abstract>
18
19 <!-- The content of this document is licensed under the CC-BY-SA license -->
20 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21 <license/>
22
23 <version>1.17</version>
24 <date>2007-06-06</date>
25
26 <chapter>
27 <title>Introduction to this HOWTO</title>
28 <section>
29 <title>Purpose</title>
30 <body>
31
32 <p>
33 This HOWTO is designed to help you move a network from many different
34 clients speaking different languages, to many different machines that
35 speak a common language. The ultimate goal is to help differing
36 architectures and technologies, come together in a productive,
37 happily coexisting environment.
38 </p>
39
40 <p>
41 Following the directions outlined in this HOWTO should give you an
42 excellent step towards a peaceful cohabitation between Windows, and
43 virtually all known variations of *nix.
44 </p>
45
46 <p>
47 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 intended to explore the functionality and power of the Gentoo system,
49 portage and the flexibility of USE flags. Like so many other projects,
50 it was quickly discovered what was missing in the Gentoo realm: there
51 weren't any Samba HOWTO's catered for Gentoo users. These users are
52 more demanding than most; they require performance, flexibility and
53 customization. This does not however imply that this HOWTO was not
54 intended for other distributions; rather that it was designed to work
55 with a highly customized version of Samba.
56 </p>
57
58 <p>
59 This HOWTO will describe how to share files and printers between Windows
60 PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61 File System) feature of Samba to incorporate automatic virus protection.
62 As a finale, it will show you how to mount and manipulate shares.
63 </p>
64
65 <p>
66 There are a few topics that will be mentioned, but are out of the
67 scope of this HOWTO. These will be noted as they are presented.
68 </p>
69
70 <p>
71 This HOWTO is based on a compilation and merge of an excellent HOWTO
72 provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73 by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74 The link to this discussion is provided below for your reference:
75 </p>
76
77 <ul>
78 <li>
79 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80 CUPS+Samba: printing from Windows &amp; Linux</uri>
81 </li>
82 </ul>
83
84 </body>
85 </section>
86 <section>
87 <title>Before you use this guide</title>
88 <body>
89
90 <p>
91 There are a several other guides for setting up CUPS and/or Samba, please read
92 them as well, as they may tell you things left out of this HOWTO (intentional
93 or otherwise). One such document is the very useful and well written <uri
94 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95 issues and specific printer setup is not discussed here.
96 </p>
97
98 </body>
99 </section>
100 <section>
101 <title>Brief Overview</title>
102 <body>
103
104 <p>
105 After presenting the various USE flags, the following list will outline
106 all of the topics covered as they are presented:
107 </p>
108
109 <ul>
110 <li>On the Samba server:
111 <ul>
112 <li>Install and configure ClamAV</li>
113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul>
118 </li>
119 <li>On the Unix clients:
120 <ul>
121 <li>Install and configure CUPS</li>
122 <li>Configuring a default printer</li>
123 <li>Mounting a Windows or Samba share</li>
124 </ul>
125 </li>
126 <li>On the Windows Clients:
127 <ul>
128 <li>Configuring the printer</li>
129 <li>Accessing Samba shares</li>
130 </ul>
131 </li>
132 </ul>
133
134 </body>
135 </section>
136 <section>
137 <title>Requirements</title>
138 <body>
139
140 <p>
141 We will need the following:
142 </p>
143
144 <ul>
145 <li>net-fs/samba</li>
146 <li>app-antivirus/clamav</li>
147 <li>net-print/cups</li>
148 <li>net-print/foomatic</li>
149 <li>net-print/hplip (if you have an HP printer)</li>
150 <li>A kernel of sorts (2.6)</li>
151 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152 <li>
153 A working network (home/office/etc) consisting of more than one machine)
154 </li>
155 </ul>
156
157 <p>
158 The main package we use here is net-fs/samba, however, you will need
159 a kernel with smbfs support enabled in order to mount a samba or windows
160 share from another computer. CUPS will be emerged if it is not already.
161 app-antivirus/clamav will be used also, but others should be easily adapted
162 to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
164 </p>
165
166 </body>
167 </section>
168 </chapter>
169
170 <chapter>
171 <title>Getting acquainted with Samba</title>
172 <section>
173 <title>The USE Flags</title>
174 <body>
175
176 <p>
177 Before emerging anything, take a look at some of the various USE flags available
178 to Samba.
179 </p>
180
181 <pre caption="Samba uses the following USE Variables:">
182 kerberos acl cups ldap pam readline python oav
183 </pre>
184
185 <p>
186 Depending on the network topology and the specific requirements of
187 the server, the USE flags outlined below will define what to include or
188 exclude from the emerging of Samba.
189 </p>
190
191 <table>
192 <tr>
193 <th><b>USE flag</b></th>
194 <th>Description</th>
195 </tr>
196 <tr>
197 <th><b>kerberos</b></th>
198 <ti>
199 Include support for Kerberos. The server will need this if it is
200 intended to join an existing domain or Active Directory. See the note
201 below for more information.
202 </ti>
203 </tr>
204 <tr>
205 <th><b>acl</b></th>
206 <ti>
207 Enables Access Control Lists. The ACL support in Samba uses a patched
208 ext2/ext3, or SGI's XFS in order to function properly as it extends more
209 detailed access to files or directories; much more so than typical *nix
210 GID/UID schemas.
211 </ti>
212 </tr>
213 <tr>
214 <th><b>cups</b></th>
215 <ti>
216 This enables support for the Common Unix Printing System. This
217 provides an interface allowing local CUPS printers to be shared to
218 other systems in the network.
219 </ti>
220 </tr>
221 <tr>
222 <th><b>ldap</b></th>
223 <ti>
224 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
225 expected to use Active Directory, this option must be used. This would
226 be used in the event Samba needs to login to or provide login to
227 a Domain/Active Directory Server. The kerberos USE flag is needed for
228 proper functioning of this option.
229 </ti>
230 </tr>
231 <tr>
232 <th><b>pam</b></th>
233 <ti>
234 Include support for pluggable authentication modules (PAM). This
235 provides the ability to authenticate users on the Samba Server, which is
236 required if users have to login to your server. The kerberos USE flag
237 is recommended along with this option.
238 </ti>
239 </tr>
240 <tr>
241 <th><b>readline</b></th>
242 <ti>
243 Link Samba against libreadline. This is highly recommended and should
244 probably not be disabled
245 </ti>
246 </tr>
247 <tr>
248 <th><b>python</b></th>
249 <ti>
250 Python bindings API. Provides an API that will allow Python to
251 interface with Samba.
252 </ti>
253 </tr>
254 <tr>
255 <th><b>oav</b></th>
256 <ti>
257 Provides on-access scanning of Samba shares with FRISK F-Prot
258 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
259 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
260 </ti>
261 </tr>
262 </table>
263
264 <p>
265 A couple of things worth mentioning about the USE flags and different
266 Samba functions include:
267 </p>
268
269 <ul>
270 <li>
271 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
272 ACL kernel options for ext2 and/or ext3 will need to be enabled
273 (depending on which file system is being used - both can be enabled).
274 </li>
275 <li>
276 While Active Directory, ACL, and PDC functions are out of the intended
277 scope of this HOWTO, you may find these links as helpful to your cause:
278 <ul>
279 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
280 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
281 </ul>
282 </li>
283 </ul>
284
285 </body>
286 </section>
287 </chapter>
288
289 <chapter>
290 <title>Server Software Installation</title>
291 <section>
292 <title>Emerging Samba</title>
293 <body>
294
295 <p>
296 First of all: be sure that all your hostnames resolve correctly.
297 Either have a working domain name system running on your network
298 or appropriate entries in your <path>/etc/hosts</path> file.
299 <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
300 machines.
301 </p>
302
303 <p>
304 Hopefully now you can make an assessment of what you'll actually need in
305 order to use Samba with your particular setup. The setup used for this
306 HOWTO is:
307 </p>
308
309 <ul>
310 <li>oav</li>
311 <li>cups</li>
312 <li>readline</li>
313 <li>pam</li>
314 </ul>
315
316 <p>
317 To optimize performance, size and the time of the build, the
318 USE flags are specifically included or excluded.
319 </p>
320
321 <pre caption="Emerge Samba">
322 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
323 # <i>emerge net-fs/samba</i>
324 </pre>
325
326 <note>
327 The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
328 ppc, sparc, hppa, ia64 and alpha
329 </note>
330
331 <p>
332 This will emerge Samba and CUPS (if CUPS is not already emerged).
333 </p>
334
335 </body>
336 </section>
337 <section>
338 <title>Emerging ClamAV</title>
339 <body>
340
341 <p>
342 Because the <e>oav</e> USE flag only provides an interface to allow on access
343 virus scanning, the actual virus scanner must be emerged. The scanner
344 used in this HOWTO is ClamAV.
345 </p>
346
347 <pre caption="Emerge Clamav">
348 # <i>emerge app-antivirus/clamav</i>
349 </pre>
350
351 </body>
352 </section>
353 <section>
354 <title>Emerging foomatic</title>
355 <body>
356
357 <pre caption="Emerge foomatic">
358 # <i>emerge net-print/foomatic</i>
359 </pre>
360
361 </body>
362 </section>
363 <section>
364 <title>Emerging net-print/hplip</title>
365 <body>
366
367 <p>
368 You only need to emerge this if you use an HP printer.
369 </p>
370
371 <pre caption="Emerge hplip">
372 # <i>emerge net-print/hplip</i>
373 </pre>
374
375 </body>
376 </section>
377 </chapter>
378
379 <chapter>
380 <title>Server Configuration</title>
381 <section>
382 <title>Configuring Samba</title>
383 <body>
384
385 <p>
386 The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
387 It is divided in sections indicated by [sectionname]. Comments are either
388 # or ;. A sample <path>smb.conf</path> is included below with comments and
389 suggestions for modifications. If more details are required, see the
390 man page for <path>smb.conf</path>, the installed
391 <path>smb.conf.example</path>, the Samba Web site or any of the
392 numerous Samba books available.
393 </p>
394
395 <pre caption="A Sample /etc/samba/smb.conf">
396 [global]
397 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
398 workgroup = <comment>MYWORKGROUPNAME</comment>
399 <comment># Of course this has no REAL purpose other than letting
400 # everyone knows it's not Windows!
401 # %v prints the version of Samba we are using.</comment>
402 server string = Samba Server %v
403 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
404 printcap name = cups
405 printing = cups
406 load printers = yes
407 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
408 log file = /var/log/samba/log.%m
409 max log size = 50
410 <comment># We are going to set some options for our interfaces...</comment>
411 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
412 <comment># This is a good idea, what we are doing is binding the
413 # samba server to our local network.
414 # For example, if eth0 is our local network device</comment>
415 interfaces = lo <i>eth0</i>
416 bind interfaces only = yes
417 <comment># Now we are going to specify who we allow, we are afterall
418 # very security conscience, since this configuration does
419 # not use passwords!</comment>
420 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
421 hosts deny = 0.0.0.0/0
422 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
423 # The default is user</comment>
424 security = share
425 <comment># No passwords, so we're going to use a guest account!</comment>
426 guest account = samba
427 guest ok = yes
428 <comment># We now will implement the on access virus scanner.
429 # NOTE: By putting this in our [Global] section, we enable
430 # scanning of ALL shares, you could optionally move
431 # these to a specific share and only scan it.</comment>
432
433 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
434 vfs object = vscan-clamav
435 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
436
437 <comment># Now we setup our print drivers information!</comment>
438 [print$]
439 comment = Printer Drivers
440 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
441 guest ok = yes
442 browseable = yes
443 read only = yes
444 <comment># Modify this to "username,root" if you don't want root to
445 # be the only printer admin)</comment>
446 write list = <i>root</i>
447
448 <comment># Now we'll setup a printer to share, while the name is arbitrary
449 # it should be consistent throughout Samba and CUPS!</comment>
450 [HPDeskJet930C]
451 comment = HP DeskJet 930C Network Printer
452 printable = yes
453 path = /var/spool/samba
454 public = yes
455 guest ok = yes
456 <comment># Modify this to "username,root" if you don't want root to
457 # be the only printer admin)</comment>
458 printer admin = <i>root</i>
459
460 <comment># Now we setup our printers share. This should be
461 # browseable, printable, public.</comment>
462 [printers]
463 comment = All Printers
464 browseable = no
465 printable = yes
466 writable = no
467 public = yes
468 guest ok = yes
469 path = /var/spool/samba
470 <comment># Modify this to "username,root" if you don't want root to
471 # be the only printer admin)</comment>
472 printer admin = <i>root</i>
473
474 <comment># We create a new share that we can read/write to from anywhere
475 # This is kind of like a public temp share, anyone can do what
476 # they want here.</comment>
477 [public]
478 comment = Public Files
479 browseable = yes
480 public = yes
481 create mode = 0766
482 guest ok = yes
483 path = /home/samba/public
484 </pre>
485
486 <warn>
487 If you like to use Samba's guest account to do anything concerning
488 printing from Windows clients: don't set <c>guest only = yes</c> in
489 the <c>[global]</c> section. The guest account seems to cause
490 problems when running <c>cupsaddsmb</c> sometimes when trying to
491 connect from Windows machines. See below, too, when we talk about
492 <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
493 printer user, like <c>printeruser</c> or <c>printer</c> or
494 <c>printme</c> or whatever. It doesn't hurt and it will certainly
495 protect you from a lot of problems.
496 </warn>
497
498 <warn>
499 Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
500 down the performance of your Samba server dramatically.
501 </warn>
502
503 <p>
504 Now create the directories required for the minimum configuration of
505 Samba to share the installed printer throughout the network.
506 </p>
507
508 <pre caption="Create the directories">
509 # <i>mkdir /etc/samba/printer</i>
510 # <i>mkdir /var/spool/samba</i>
511 # <i>mkdir /home/samba/public</i>
512 </pre>
513
514 <p>
515 At least one Samba user is required in order to install the printer
516 drivers and to allow users to connect to the printer. Users must
517 exist in the system's <path>/etc/passwd</path> file.
518 </p>
519
520 <pre caption="Creating the users">
521 # <i>smbpasswd -a root</i>
522
523 <comment>(If another user is to be a printer admin)</comment>
524 # <i>smbpasswd -a username</i>
525 </pre>
526
527 <p>
528 The Samba passwords need not be the same as the system passwords
529 in <path>/etc/passwd</path>.
530 </p>
531
532 <p>
533 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
534 systems can be found easily using NetBIOS:
535 </p>
536
537 <pre caption="Editing /etc/nsswitch.conf">
538 # <i>nano -w /etc/nsswitch.conf</i>
539 <comment>(Edit the hosts: line)</comment>
540 hosts: files dns <i>wins</i>
541 </pre>
542
543 </body>
544 </section>
545 <section>
546 <title>Configuring ClamAV</title>
547 <body>
548
549 <p>
550 The configuration file specified to be used in <path>smb.conf</path> is
551 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
552 to the defaults, the infected file action may need to be changed.
553 </p>
554
555 <pre caption="/etc/samba/vscan-clamav.conf">
556 [samba-vscan]
557 <comment>; run-time configuration for vscan-samba using
558 ; clamd
559 ; all options are set to default values</comment>
560
561 <comment>; do not scan files larger than X bytes. If set to 0 (default),
562 ; this feature is disable (i.e. all files are scanned)</comment>
563 max file size = 0
564
565 <comment>; log all file access (yes/no). If set to yes, every access will
566 ; be logged. If set to no (default), only access to infected files
567 ; will be logged</comment>
568 verbose file logging = no
569
570 <comment>; if set to yes (default), a file will be scanned while opening</comment>
571 scan on open = yes
572 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
573 scan on close = yes
574
575 <comment>; if communication to clamd fails, should access to file denied?
576 ; (default: yes)</comment>
577 deny access on error = yes
578
579 <comment>; if daemon fails with a minor error (corruption, etc.),
580 ; should access to file denied?
581 ; (default: yes)</comment>
582 deny access on minor error = yes
583
584 <comment>; send a warning message via Windows Messenger service
585 ; when virus is found?
586 ; (default: yes)</comment>
587 send warning message = yes
588
589 <comment>; what to do with an infected file
590 ; quarantine: try to move to quantine directory; delete it if moving fails
591 ; delete: delete infected file
592 ; nothing: do nothing</comment>
593 infected file action = <comment>delete</comment>
594
595 <comment>; where to put infected files - you really want to change this!
596 ; it has to be on the same physical device as the share!</comment>
597 quarantine directory = /tmp
598 <comment>; prefix for files in quarantine</comment>
599 quarantine prefix = vir-
600
601 <comment>; as Windows tries to open a file multiple time in a (very) short time
602 ; of period, samba-vscan use a last recently used file mechanism to avoid
603 ; multiple scans of a file. This setting specified the maximum number of
604 ; elements of the last recently used file list. (default: 100)</comment>
605 max lru files entries = 100
606
607 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
608 ; (Default: 5)</comment>
609 lru file entry lifetime = 5
610
611 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
612 clamd socket name = /tmp/clamd
613
614 <comment>; port number the ScannerDaemon listens on</comment>
615 oav port = 8127
616 </pre>
617
618 <p>
619 It is generally a good idea to start the virus scanner immediately. Add
620 it to the <e>default</e> runlevel and then start the <c>clamd</c> service
621 immediately. The service has two processes: freshclam keeps the virus definition
622 database up to date while clamd is the actual anti-virus daemon. First you may
623 want to set the paths of the logfiles so that it fits your needs.
624 </p>
625
626 <pre caption="Checking the location of the logfiles">
627 # <i>vim /etc/clamd.conf</i>
628 <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
629 # <i>vim /etc/freshclam.conf</i>
630 <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
631 # <i>vim /etc/conf.d/clamd</i>
632 <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
633 </pre>
634
635 <p>
636 Now fire up the virus scanner.
637 </p>
638
639 <pre caption="Add clamd to bootup and start it">
640 # <i>rc-update add clamd default</i>
641 # <i>/etc/init.d/clamd start</i>
642 </pre>
643
644 </body>
645 </section>
646 <section>
647 <title>Configuring CUPS</title>
648 <body>
649
650 <p>
651 This is a little more complicated. CUPS' main config file is
652 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
653 <path>httpd.conf</path> file, so many you may find it familiar. Outlined
654 in the example are the directives that need to be changed:
655 </p>
656
657 <pre caption="/etc/cups/cupsd.conf">
658 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
659 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
660
661 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
662 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
663
664 LogLevel debug <comment># only while isntalling and testing, should later be
665 # changed to 'info'</comment>
666
667 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
668 # there seemed to be a bug in CUPS' controlling of the web interface,
669 # making CUPS think a denial of service attack was in progress when
670 # I tried to configure a printer with the web interface. weird.</comment>
671
672 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
673
674 &lt;Location /&gt;
675 Order Deny,Allow
676 Deny From All
677 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
678 # e.g. 192.168.1.* will allow connections from any host on
679 # the 192.168.1.0 network. change to whatever suits you</comment>
680 &lt;/Location&gt;
681
682 &lt;Location /admin&gt;
683 AuthType Basic
684 AuthClass System
685 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
686 # 192.168.1.0 network to connect and do
687 # administrative tasks after authenticating</comment>
688 Order Deny,Allow
689 Deny From All
690 &lt;/Location&gt;
691 </pre>
692
693 <p>
694 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
695 The changes to <path>mime.convs</path> and <path>mime.types</path> are
696 needed to make CUPS print Microsoft Office document files.
697 </p>
698
699 <pre caption="/etc/cups/mime.convs">
700 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
701 application/octet-stream application/vnd.cups-raw 0
702 </pre>
703
704 <p>
705 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
706 </p>
707
708 <pre caption="/etc/cups/mime.types">
709 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
710 application/octet-stream
711 </pre>
712
713 <p>
714 CUPS needs to be started on boot, and started immediately.
715 </p>
716
717 <pre caption="Setting up the CUPS service" >
718 <comment>(To start CUPS on boot)</comment>
719 # <i>rc-update add cupsd default</i>
720 <comment>(To start or restart CUPS now)</comment>
721 # <i>/etc/init.d/cupsd restart</i>
722 </pre>
723
724 </body>
725 </section>
726 <section>
727 <title>Installing a printer for and with CUPS</title>
728 <body>
729
730 <p>
731 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
732 find and download the correct PPD file for your printer and CUPS. To do so,
733 click the link Printer Listings to the left. Select your printers manufacturer
734 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
735 the page coming up click the "recommended driver" link after reading the
736 various notes and information. Then fetch the PPD file from the next page,
737 again after reading the notes and introductions there. You may have to select
738 your printers manufacturer and model again. Reading the <uri
739 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
740 is also very helpful when working with CUPS.
741 </p>
742
743 <p>
744 Now you have a PPD file for your printer to work with CUPS. Place it in
745 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
746 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
747 This can be done via the CUPS web interface or via command line. The web
748 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
749 </p>
750
751 <pre caption="Install the printer via command line">
752 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
753 # <i>/etc/init.d/cupsd restart</i>
754 </pre>
755
756 <p>
757 Remember to adjust to what you have. Be sure to have the name
758 (<c>-p</c> argument) right (the name you set above during the Samba
759 configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
760 <c>parallel:/dev/blah</c> or whatever device you are using for your
761 printer.
762 </p>
763
764 <p>
765 You should now be able to access the printer from the web interface
766 and be able to print a test page.
767 </p>
768
769 </body>
770 </section>
771 <section>
772 <title>Installing the Windows printer drivers</title>
773 <body>
774
775 <p>
776 Now that the printer should be working it is time to install the drivers
777 for the Windows clients to work. Samba 2.2 introduced this functionality.
778 Browsing to the print server in the Network Neighbourhood, right-clicking
779 on the printershare and selecting "connect" downloads the appropriate
780 drivers automagically to the connecting client, avoiding the hassle of
781 manually installing printer drivers locally.
782 </p>
783
784 <p>
785 There are two sets of printer drivers for this. First, the Adobe PS drivers
786 which can be obtained from <uri
787 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
788 printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
789 link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
790 There doesn't seem to be a difference between the functionality of the two, but
791 the Adobe PS drivers need to be extracted on a Windows System since it's a
792 Windows binary. Also the whole procedure of finding and copying the correct
793 files is a bit more hassle. The CUPS drivers seem to support some options the
794 Adobe drivers don't.
795 </p>
796 <!--
797 used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
798 available. at some point, we should update this for 6.0.
799 -->
800
801 <p>
802 This HOWTO uses the CUPS drivers for Windows. The downloaded file is
803 called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
804 contained into a directory.
805 </p>
806
807 <pre caption="Extract the drivers and run the install">
808 # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
809 # <i>cd cups-samba-5.0rc2</i>
810 <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
811 # <i>./cups-samba.install</i>
812 </pre>
813
814 <p>
815 <path>cups-samba.ss</path> is a TAR archive containing three files:
816 <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
817 <path>cupsui5.dll</path>. These are the actual driver files.
818 </p>
819
820 <warn>
821 The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
822 because almost everything which is not part of the base system is
823 installed somewhere under the prefix <path>/usr/local/</path>. This
824 seems not to be the case for most things you install under GNU/Linux.
825 However, if your CUPS installation is somewhere other than
826 <path>/usr/share/cups/</path> see the example below.
827 </warn>
828
829 <p>
830 Suppose your CUPS installation resides under
831 <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
832 Do the following:
833 </p>
834
835 <pre caption="Manually installing the drivers">
836 # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
837 # <i>tar -xf cups-samba.ss</i>
838 <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
839 # <i>cd usr/share/cups/drivers</i>
840 <comment>(no leading / !)</comment>
841 # <i>cp cups* /usr/local/share/cups/drivers</i>
842 # <i>/etc/init.d/cupsd restart</i>
843 </pre>
844
845 <p>
846 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
847 Its man page is an interesting read.
848 </p>
849
850 <pre caption="Run cupsaddsmb">
851 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
852 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
853 "export all known printers".)</comment>
854 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
855 </pre>
856
857 <warn>
858 The execution of this command often causes the most trouble. Read through the
859 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
860 thread</uri> for some troubleshooting tips.
861 </warn>
862
863 <p>
864 Here are common errors that may happen:
865 </p>
866
867 <ul>
868 <li>
869 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
870 (<c>PrintServer</c>) often does not resolve correctly and doesn't
871 identify the print server for CUPS/Samba interaction. If an error
872 like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
873 skipping!</b> occurs, the first thing you should do is substitute
874 <c>PrintServer</c> with <c>localhost</c> and try it again.
875 </li>
876 <li>
877 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
878 is quite common, but can be triggered by many problems. It's unfortunately
879 not very helpful. One thing to try is to temporarily set <c>security =
880 user</c> in your <path>smb.conf</path>. After/if the installation completes
881 successfully, you should set it back to share, or whatever it was set to
882 before.
883 </li>
884 </ul>
885
886 <p>
887 This should install the correct driver directory structure under
888 <path>/etc/samba/printer</path>. That would be
889 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
890 be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
891 (the name which you gave the printer when installing it (see above).
892 </p>
893
894 <p>
895 Pending no errors or other complications, your drivers are now
896 installed.
897 </p>
898
899 </body>
900 </section>
901 <section>
902 <title>Finalizing our setup</title>
903 <body>
904
905 <p>
906 Lastly, setup our directories.
907 </p>
908
909 <pre caption="Final changes needed">
910 # <i>mkdir /home/samba</i>
911 # <i>mkdir /home/samba/public</i>
912 # <i>chmod 755 /home/samba</i>
913 # <i>chmod 755 /home/samba/public</i>
914 </pre>
915
916 </body>
917 </section>
918 <section>
919 <title>Testing our Samba configuration</title>
920 <body>
921
922 <p>
923 We will want to test our configuration file to ensure that it is formatted
924 properly and all of our options have at least the correct syntax. To do
925 this we run <c>testparm</c>.
926 </p>
927
928 <pre caption="Running the testparm">
929 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
930 # <i>/usr/bin/testparm</i>
931 Load smb config files from /etc/samba/smb.conf
932 Processing section &quot;[printers]&quot;
933 Global parameter guest account found in service section!
934 Processing section &quot;[public]&quot;
935 Global parameter guest account found in service section!
936 Loaded services file OK.
937 Server role: ROLE_STANDALONE
938 Press enter to see a dump of your service definitions
939 ...
940 ...
941 </pre>
942
943 </body>
944 </section>
945 <section>
946 <title>Starting the Samba service</title>
947 <body>
948
949 <p>
950 Now configure Samba to start at bootup; then go ahead and start it.
951 </p>
952
953 <pre caption="Setting up the Samba service">
954 # <i>rc-update add samba default</i>
955 # <i>/etc/init.d/samba start</i>
956 </pre>
957
958 </body>
959 </section>
960 <section>
961 <title>Checking our services</title>
962 <body>
963
964 <p>
965 It would probably be prudent to check our logs at this time also.
966 We will also want to take a peak at our Samba shares using
967 <c>smbclient</c>.
968 </p>
969
970 <pre caption="Checking the shares with smbclient">
971 # <i>smbclient -L localhost</i>
972 Password:
973 <comment>(You should see a BIG list of services here.)</comment>
974 </pre>
975
976 </body>
977 </section>
978 </chapter>
979
980 <chapter>
981 <title>Configuration of the Clients</title>
982 <section>
983 <title>Printer configuration of *nix based clients</title>
984 <body>
985
986 <p>
987 Despite the variation or distribution, the only thing needed is CUPS. Do the
988 equivalent on any other UNIX/Linux/BSD client.
989 </p>
990
991 <pre caption="Configuring a Gentoo system">
992 # <i>emerge cups</i>
993 # <i>nano -w /etc/cups/client.conf</i>
994 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
995 </pre>
996
997 <p>
998 That should be it. Nothing else will be needed.
999 </p>
1000
1001 <p>
1002 If you use only one printer, it will be your default printer. If your print
1003 server manages several printers, your administrator will have defined a default
1004 printer on the server. If you want to define a different default printer for
1005 yourself, use the <c>lpoptions</c> command.
1006 </p>
1007
1008 <pre caption="Setting your default printer">
1009 <comment>(List available printers)</comment>
1010 # <i>lpstat -a</i>
1011 <comment>(Sample output, yours will differ)</comment>
1012 HPDeskJet930C accepting requests since Jan 01 00:00
1013 laser accepting requests since Jan 01 00:00
1014 <comment>(Define HPDeskJet930C as your default printer)</comment>
1015 # <i>lpoptions -d HPDeskJet930C</i>
1016 </pre>
1017
1018 <pre caption="Printing in *nix">
1019 <comment>(Specify the printer to be used)</comment>
1020 # <i>lp -d HPDeskJet930C anything.txt</i>
1021 <comment>(Use your default printer)</comment>
1022 # <i>lp foobar.whatever.ps</i>
1023 </pre>
1024
1025 <p>
1026 Just point your web browser to <c>http://printserver:631</c> on the client if
1027 you want to manage your printers and their jobs with a nice web interface.
1028 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1029 your print server, not the name you gave to the cups print server if you used
1030 different names.
1031 </p>
1032
1033 </body>
1034 </section>
1035 <section>
1036 <title>Mounting a Windows or Samba share in GNU/Linux</title>
1037 <body>
1038
1039 <p>
1040 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1041 all compiled at least one kernel, we'll need to make sure we have all the right
1042 options selected in our kernel. For simplicity sake, make it a module for ease
1043 of use. It is the author's opinion that kernel modules are a good thing and
1044 should be used whenever possible.
1045 </p>
1046
1047 <pre caption="Relevant kernel options" >
1048 CONFIG_SMB_FS=m
1049 CONFIG_SMB_UNIX=y
1050 </pre>
1051
1052 <p>
1053 Then make the module/install it; insert them with:
1054 </p>
1055
1056 <pre caption="Loading the kernel module">
1057 # <i>modprobe smbfs</i>
1058 </pre>
1059
1060 <p>
1061 Once the modules is loaded, mounting a Windows or Samba share is
1062 possible. Use <c>mount</c> to accomplish this, as detailed below:
1063 </p>
1064
1065 <pre caption="Mounting a Windows/Samba share">
1066 <comment>(The syntax for mounting a Windows/Samba share is:
1067 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1068 If we are not using passwords or a password is not needed)</comment>
1069
1070 # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1071
1072 <comment>(If a password is needed)</comment>
1073 # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1074 </pre>
1075
1076 <p>
1077 After you mount the share, you would access it as if it were a local
1078 drive.
1079 </p>
1080
1081 </body>
1082 </section>
1083 <section>
1084 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1085 <body>
1086
1087 <p>
1088 That's just a bit of point-and-click. Browse to
1089 <path>\\PrintServer</path> and right click on the printer
1090 (HPDeskJet930C) and click connect. This will download the drivers to
1091 the Windows client and now every application (such as Word or Acrobat)
1092 will offer HPDeskJet930C as an available printer to print to. :-)
1093 </p>
1094
1095 </body>
1096 </section>
1097 </chapter>
1098
1099 <chapter>
1100 <title>Final Notes</title>
1101 <section>
1102 <title>A Fond Farewell</title>
1103 <body>
1104
1105 <p>
1106 Well that should be it. You should now have a successful printing enviroment
1107 that is friendly to both Windows and *nix as well as a fully virus-free working
1108 share!
1109 </p>
1110
1111 </body>
1112 </section>
1113 </chapter>
1114
1115 <chapter>
1116 <title>Links and Resources</title>
1117 <section>
1118 <title>Links</title>
1119 <body>
1120
1121 <p>
1122 These are some links that may help you in setting up, configuration and
1123 troubleshooting your installation:
1124 </p>
1125
1126 <ul>
1127 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1128 <li>
1129 <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1130 link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1131 on Samba/CUPS configuration</uri>
1132 </li>
1133 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1134 <li>
1135 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1136 Pfeifle's Samba Print HOWTO</uri> (
1137 This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1138 I've written here, plus a LOT more concerning CUPS and Samba, and
1139 generally printing support on networks. A really interesting read,
1140 with lots and lots of details)
1141 </li>
1142 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1143 </ul>
1144
1145 </body>
1146 </section>
1147 <section>
1148 <title>Troubleshooting</title>
1149 <body>
1150
1151 <p>
1152 See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1153 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1154 manual. Lots of useful tips there! Be sure to look this one up
1155 first, before posting questions and problems! Maybe the solution
1156 you're looking for is right there.
1157 </p>
1158
1159 </body>
1160 </section>
1161 </chapter>
1162 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20