/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.29 - (show annotations) (download) (as text)
Wed Jun 6 23:23:35 2007 UTC (7 years, 7 months ago) by nightmorph
Branch: MAIN
Changes since 1.28: +175 -188 lines
File MIME type: application/xml
proper guidexml coding style, linewrapping, typo fixes for correct english, and spacing fixes. no content change. just lots of little stuff all throughout the doc.

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.28 2007/06/06 22:42:25 nightmorph Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="/doc/en/quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12
13 <abstract>
14 Setup, install and configure a Samba Server under Gentoo that shares files,
15 printers without the need to install drivers and provides automatic virus
16 scanning.
17 </abstract>
18
19 <!-- The content of this document is licensed under the CC-BY-SA license -->
20 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21 <license/>
22
23 <version>1.17</version>
24 <date>2007-06-06</date>
25
26 <chapter>
27 <title>Introduction to this HOWTO</title>
28 <section>
29 <title>Purpose</title>
30 <body>
31
32 <p>
33 This HOWTO is designed to help you move a network from many different clients
34 speaking different languages, to many different machines that speak a common
35 language. The ultimate goal is to help differing architectures and technologies,
36 come together in a productive, happily coexisting environment.
37 </p>
38
39 <p>
40 Following the directions outlined in this HOWTO should give you an excellent
41 step towards a peaceful cohabitation between Windows, and virtually all known
42 variations of *nix.
43 </p>
44
45 <p>
46 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
47 explore the functionality and power of the Gentoo system, portage and the
48 flexibility of USE flags. Like so many other projects, it was quickly discovered
49 what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
50 for Gentoo users. These users are more demanding than most; they require
51 performance, flexibility and customization. This does not however imply that
52 this HOWTO was not intended for other distributions; rather that it was designed
53 to work with a highly customized version of Samba.
54 </p>
55
56 <p>
57 This HOWTO will describe how to share files and printers between Windows PCs and
58 *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
59 feature of Samba to incorporate automatic virus protection. As a finale, it will
60 show you how to mount and manipulate shares.
61 </p>
62
63 <p>
64 There are a few topics that will be mentioned, but are out of the scope of this
65 HOWTO. These will be noted as they are presented.
66 </p>
67
68 <p>
69 This HOWTO is based on a compilation and merge of an excellent HOWTO provided in
70 the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff"
71 Ntaflos and the collected knowledge of Joshua Preston. The link to this
72 discussion is provided below for your reference:
73 </p>
74
75 <ul>
76 <li>
77 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
78 CUPS+Samba: printing from Windows &amp; Linux</uri>
79 </li>
80 </ul>
81
82 </body>
83 </section>
84 <section>
85 <title>Before you use this guide</title>
86 <body>
87
88 <p>
89 There are a several other guides for setting up CUPS and/or Samba, please read
90 them as well, as they may tell you things left out of this HOWTO (intentional or
91 otherwise). One such document is the very useful and well written <uri
92 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
93 issues and specific printer setup is not discussed here.
94 </p>
95
96 </body>
97 </section>
98 <section>
99 <title>Brief Overview</title>
100 <body>
101
102 <p>
103 After presenting the various USE flags, the following list will outline all of
104 the topics covered as they are presented:
105 </p>
106
107 <ul>
108 <li>On the Samba server:
109 <ul>
110 <li>Install and configure ClamAV</li>
111 <li>Install and configure Samba</li>
112 <li>Install and configure CUPS</li>
113 <li>Adding the printer to CUPS</li>
114 <li>Adding the PS drivers for the Windows clients</li>
115 </ul>
116 </li>
117 <li>On the Unix clients:
118 <ul>
119 <li>Install and configure CUPS</li>
120 <li>Configuring a default printer</li>
121 <li>Mounting a Windows or Samba share</li>
122 </ul>
123 </li>
124 <li>On the Windows Clients:
125 <ul>
126 <li>Configuring the printer</li>
127 <li>Accessing Samba shares</li>
128 </ul>
129 </li>
130 </ul>
131
132 </body>
133 </section>
134 <section>
135 <title>Requirements</title>
136 <body>
137
138 <p>
139 We will need the following:
140 </p>
141
142 <ul>
143 <li>net-fs/samba</li>
144 <li>app-antivirus/clamav</li>
145 <li>net-print/cups</li>
146 <li>net-print/foomatic</li>
147 <li>net-print/hplip (if you have an HP printer)</li>
148 <li>A kernel of sorts (2.6)</li>
149 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
150 <li>
151 A working network (home/office/etc) consisting of more than one machine)
152 </li>
153 </ul>
154
155 <p>
156 The main package we use here is net-fs/samba, however, you will need a kernel
157 with smbfs support enabled in order to mount a samba or windows share from
158 another computer. CUPS will be emerged if it is not already.
159 app-antivirus/clamav will be used also, but others should be easily adapted to
160 work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
161 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
162 </p>
163
164 </body>
165 </section>
166 </chapter>
167
168 <chapter>
169 <title>Getting acquainted with Samba</title>
170 <section>
171 <title>The USE Flags</title>
172 <body>
173
174 <p>
175 Before emerging anything, take a look at some of the various USE flags available
176 to Samba.
177 </p>
178
179 <pre caption="Samba uses the following USE Variables:">
180 kerberos acl cups ldap pam readline python oav
181 </pre>
182
183 <p>
184 Depending on the network topology and the specific requirements of the server,
185 the USE flags outlined below will define what to include or exclude from the
186 emerging of Samba.
187 </p>
188
189 <table>
190 <tr>
191 <th><b>USE flag</b></th>
192 <th>Description</th>
193 </tr>
194 <tr>
195 <th><b>kerberos</b></th>
196 <ti>
197 Include support for Kerberos. The server will need this if it is
198 intended to join an existing domain or Active Directory. See the note
199 below for more information.
200 </ti>
201 </tr>
202 <tr>
203 <th><b>acl</b></th>
204 <ti>
205 Enables Access Control Lists. The ACL support in Samba uses a patched
206 ext2/ext3, or SGI's XFS in order to function properly as it extends more
207 detailed access to files or directories; much more so than typical *nix
208 GID/UID schemas.
209 </ti>
210 </tr>
211 <tr>
212 <th><b>cups</b></th>
213 <ti>
214 This enables support for the Common Unix Printing System. This provides an
215 interface allowing local CUPS printers to be shared to other systems in the
216 network.
217 </ti>
218 </tr>
219 <tr>
220 <th><b>ldap</b></th>
221 <ti>
222 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
223 expected to use Active Directory, this option must be used. This would be
224 used in the event Samba needs to login to or provide login to a
225 Domain/Active Directory Server. The kerberos USE flag is needed for proper
226 functioning of this option.
227 </ti>
228 </tr>
229 <tr>
230 <th><b>pam</b></th>
231 <ti>
232 Include support for pluggable authentication modules (PAM). This provides
233 the ability to authenticate users on the Samba Server, which is required if
234 users have to login to your server. The kerberos USE flag is recommended
235 along with this option.
236 </ti>
237 </tr>
238 <tr>
239 <th><b>readline</b></th>
240 <ti>
241 Link Samba against libreadline. This is highly recommended and should
242 probably not be disabled.
243 </ti>
244 </tr>
245 <tr>
246 <th><b>python</b></th>
247 <ti>
248 Python bindings API. Provides an API that will allow Python to interface
249 with Samba.
250 </ti>
251 </tr>
252 <tr>
253 <th><b>oav</b></th>
254 <ti>
255 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
256 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
257 Symantec CarrierScan, and Trend Micro (VSAPI).
258 </ti>
259 </tr>
260 </table>
261
262 <p>
263 A couple of things worth mentioning about the USE flags and different
264 Samba functions include:
265 </p>
266
267 <ul>
268 <li>
269 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
270 ACL kernel options for ext2 and/or ext3 will need to be enabled
271 (depending on which file system is being used - both can be enabled).
272 </li>
273 <li>
274 While Active Directory, ACL, and PDC functions are out of the intended
275 scope of this HOWTO, you may find these links as helpful to your cause:
276 <ul>
277 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
278 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
279 </ul>
280 </li>
281 </ul>
282
283 </body>
284 </section>
285 </chapter>
286
287 <chapter>
288 <title>Server Software Installation</title>
289 <section>
290 <title>Emerging Samba</title>
291 <body>
292
293 <p>
294 First of all: be sure that all your hostnames resolve correctly. Either have a
295 working domain name system running on your network or appropriate entries in
296 your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
297 don't point to the correct machines.
298 </p>
299
300 <p>
301 Hopefully now you can make an assessment of what you'll actually need in order
302 to use Samba with your particular setup. The setup used for this HOWTO is:
303 </p>
304
305 <ul>
306 <li>oav</li>
307 <li>cups</li>
308 <li>readline</li>
309 <li>pam</li>
310 </ul>
311
312 <p>
313 To optimize performance, size and the time of the build, the USE flags are
314 specifically included or excluded.
315 </p>
316
317 <pre caption="Emerge Samba">
318 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
319 # <i>emerge net-fs/samba</i>
320 </pre>
321
322 <note>
323 The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
324 ppc, sparc, hppa, ia64 and alpha
325 </note>
326
327 <p>
328 This will emerge Samba and CUPS (if CUPS is not already emerged).
329 </p>
330
331 </body>
332 </section>
333 <section>
334 <title>Emerging ClamAV</title>
335 <body>
336
337 <p>
338 Because the <e>oav</e> USE flag only provides an interface to allow on access
339 virus scanning, the actual virus scanner must be emerged. The scanner used in
340 this HOWTO is ClamAV.
341 </p>
342
343 <pre caption="Emerge Clamav">
344 # <i>emerge app-antivirus/clamav</i>
345 </pre>
346
347 </body>
348 </section>
349 <section>
350 <title>Emerging foomatic</title>
351 <body>
352
353 <pre caption="Emerge foomatic">
354 # <i>emerge net-print/foomatic</i>
355 </pre>
356
357 </body>
358 </section>
359 <section>
360 <title>Emerging net-print/hplip</title>
361 <body>
362
363 <p>
364 You only need to emerge this if you use an HP printer.
365 </p>
366
367 <pre caption="Emerge hplip">
368 # <i>emerge net-print/hplip</i>
369 </pre>
370
371 </body>
372 </section>
373 </chapter>
374
375 <chapter>
376 <title>Server Configuration</title>
377 <section>
378 <title>Configuring Samba</title>
379 <body>
380
381 <p>
382 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
383 divided in sections indicated by [sectionname]. Comments are either
384 # or ;. A sample <path>smb.conf</path> is included below with comments and
385 suggestions for modifications. If more details are required, see the man page
386 for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
387 Samba Web site or any of the numerous Samba books available.
388 </p>
389
390 <pre caption="A Sample /etc/samba/smb.conf">
391 [global]
392 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
393 workgroup = <comment>MYWORKGROUPNAME</comment>
394 <comment># Of course this has no REAL purpose other than letting
395 # everyone knows it's not Windows!
396 # %v prints the version of Samba we are using.</comment>
397 server string = Samba Server %v
398 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
399 printcap name = cups
400 printing = cups
401 load printers = yes
402 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
403 log file = /var/log/samba/log.%m
404 max log size = 50
405 <comment># We are going to set some options for our interfaces...</comment>
406 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
407 <comment># This is a good idea, what we are doing is binding the
408 # samba server to our local network.
409 # For example, if eth0 is our local network device</comment>
410 interfaces = lo <i>eth0</i>
411 bind interfaces only = yes
412 <comment># Now we are going to specify who we allow, we are afterall
413 # very security conscience, since this configuration does
414 # not use passwords!</comment>
415 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
416 hosts deny = 0.0.0.0/0
417 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
418 # The default is user</comment>
419 security = share
420 <comment># No passwords, so we're going to use a guest account!</comment>
421 guest account = samba
422 guest ok = yes
423 <comment># We now will implement the on access virus scanner.
424 # NOTE: By putting this in our [Global] section, we enable
425 # scanning of ALL shares, you could optionally move
426 # these to a specific share and only scan it.</comment>
427
428 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
429 vfs object = vscan-clamav
430 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
431
432 <comment># Now we setup our print drivers information!</comment>
433 [print$]
434 comment = Printer Drivers
435 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
436 guest ok = yes
437 browseable = yes
438 read only = yes
439 <comment># Modify this to "username,root" if you don't want root to
440 # be the only printer admin)</comment>
441 write list = <i>root</i>
442
443 <comment># Now we'll setup a printer to share, while the name is arbitrary
444 # it should be consistent throughout Samba and CUPS!</comment>
445 [HPDeskJet930C]
446 comment = HP DeskJet 930C Network Printer
447 printable = yes
448 path = /var/spool/samba
449 public = yes
450 guest ok = yes
451 <comment># Modify this to "username,root" if you don't want root to
452 # be the only printer admin)</comment>
453 printer admin = <i>root</i>
454
455 <comment># Now we setup our printers share. This should be
456 # browseable, printable, public.</comment>
457 [printers]
458 comment = All Printers
459 browseable = no
460 printable = yes
461 writable = no
462 public = yes
463 guest ok = yes
464 path = /var/spool/samba
465 <comment># Modify this to "username,root" if you don't want root to
466 # be the only printer admin)</comment>
467 printer admin = <i>root</i>
468
469 <comment># We create a new share that we can read/write to from anywhere
470 # This is kind of like a public temp share, anyone can do what
471 # they want here.</comment>
472 [public]
473 comment = Public Files
474 browseable = yes
475 public = yes
476 create mode = 0766
477 guest ok = yes
478 path = /home/samba/public
479 </pre>
480
481 <warn>
482 If you like to use Samba's guest account to do anything concerning printing from
483 Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
484 section. The guest account seems to cause problems when running
485 <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
486 below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
487 arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
488 or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
489 from a lot of problems.
490 </warn>
491
492 <warn>
493 Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
494 down the performance of your Samba server dramatically.
495 </warn>
496
497 <p>
498 Now create the directories required for the minimum configuration of Samba to
499 share the installed printer throughout the network.
500 </p>
501
502 <pre caption="Create the directories">
503 # <i>mkdir /etc/samba/printer</i>
504 # <i>mkdir /var/spool/samba</i>
505 # <i>mkdir /home/samba/public</i>
506 </pre>
507
508 <p>
509 At least one Samba user is required in order to install the printer drivers and
510 to allow users to connect to the printer. Users must exist in the system's
511 <path>/etc/passwd</path> file.
512 </p>
513
514 <pre caption="Creating the users">
515 # <i>smbpasswd -a root</i>
516
517 <comment>(If another user is to be a printer admin)</comment>
518 # <i>smbpasswd -a username</i>
519 </pre>
520
521 <p>
522 The Samba passwords need not be the same as the system passwords
523 in <path>/etc/passwd</path>.
524 </p>
525
526 <p>
527 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
528 systems can be found easily using NetBIOS:
529 </p>
530
531 <pre caption="Editing /etc/nsswitch.conf">
532 # <i>nano -w /etc/nsswitch.conf</i>
533 <comment>(Edit the hosts: line)</comment>
534 hosts: files dns <i>wins</i>
535 </pre>
536
537 </body>
538 </section>
539 <section>
540 <title>Configuring ClamAV</title>
541 <body>
542
543 <p>
544 The configuration file specified to be used in <path>smb.conf</path> is
545 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
546 defaults, the infected file action may need to be changed.
547 </p>
548
549 <pre caption="/etc/samba/vscan-clamav.conf">
550 [samba-vscan]
551 <comment>; run-time configuration for vscan-samba using
552 ; clamd
553 ; all options are set to default values</comment>
554
555 <comment>; do not scan files larger than X bytes. If set to 0 (default),
556 ; this feature is disable (i.e. all files are scanned)</comment>
557 max file size = 0
558
559 <comment>; log all file access (yes/no). If set to yes, every access will
560 ; be logged. If set to no (default), only access to infected files
561 ; will be logged</comment>
562 verbose file logging = no
563
564 <comment>; if set to yes (default), a file will be scanned while opening</comment>
565 scan on open = yes
566 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
567 scan on close = yes
568
569 <comment>; if communication to clamd fails, should access to file denied?
570 ; (default: yes)</comment>
571 deny access on error = yes
572
573 <comment>; if daemon fails with a minor error (corruption, etc.),
574 ; should access to file denied?
575 ; (default: yes)</comment>
576 deny access on minor error = yes
577
578 <comment>; send a warning message via Windows Messenger service
579 ; when virus is found?
580 ; (default: yes)</comment>
581 send warning message = yes
582
583 <comment>; what to do with an infected file
584 ; quarantine: try to move to quantine directory; delete it if moving fails
585 ; delete: delete infected file
586 ; nothing: do nothing</comment>
587 infected file action = <comment>delete</comment>
588
589 <comment>; where to put infected files - you really want to change this!
590 ; it has to be on the same physical device as the share!</comment>
591 quarantine directory = /tmp
592 <comment>; prefix for files in quarantine</comment>
593 quarantine prefix = vir-
594
595 <comment>; as Windows tries to open a file multiple time in a (very) short time
596 ; of period, samba-vscan use a last recently used file mechanism to avoid
597 ; multiple scans of a file. This setting specified the maximum number of
598 ; elements of the last recently used file list. (default: 100)</comment>
599 max lru files entries = 100
600
601 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
602 ; (Default: 5)</comment>
603 lru file entry lifetime = 5
604
605 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
606 clamd socket name = /tmp/clamd
607
608 <comment>; port number the ScannerDaemon listens on</comment>
609 oav port = 8127
610 </pre>
611
612 <p>
613 It is generally a good idea to start the virus scanner immediately. Add it to
614 the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
615 The service has two processes: freshclam keeps the virus definition database up
616 to date while clamd is the actual anti-virus daemon. First you may want to set
617 the paths of the logfiles so that it fits your needs.
618 </p>
619
620 <pre caption="Checking the location of the logfiles">
621 # <i>vim /etc/clamd.conf</i>
622 <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
623 # <i>vim /etc/freshclam.conf</i>
624 <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
625 # <i>vim /etc/conf.d/clamd</i>
626 <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
627 </pre>
628
629 <p>
630 Now fire up the virus scanner.
631 </p>
632
633 <pre caption="Add clamd to bootup and start it">
634 # <i>rc-update add clamd default</i>
635 # <i>/etc/init.d/clamd start</i>
636 </pre>
637
638 </body>
639 </section>
640 <section>
641 <title>Configuring CUPS</title>
642 <body>
643
644 <p>
645 This is a little more complicated. CUPS' main config file is
646 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
647 <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
648 example are the directives that need to be changed:
649 </p>
650
651 <pre caption="/etc/cups/cupsd.conf">
652 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
653 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
654
655 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
656 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
657
658 LogLevel debug <comment># only while isntalling and testing, should later be
659 # changed to 'info'</comment>
660
661 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
662 # there seemed to be a bug in CUPS' controlling of the web interface,
663 # making CUPS think a denial of service attack was in progress when
664 # I tried to configure a printer with the web interface. weird.</comment>
665
666 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
667
668 &lt;Location /&gt;
669 Order Deny,Allow
670 Deny From All
671 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
672 # e.g. 192.168.1.* will allow connections from any host on
673 # the 192.168.1.0 network. change to whatever suits you</comment>
674 &lt;/Location&gt;
675
676 &lt;Location /admin&gt;
677 AuthType Basic
678 AuthClass System
679 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
680 # 192.168.1.0 network to connect and do
681 # administrative tasks after authenticating</comment>
682 Order Deny,Allow
683 Deny From All
684 &lt;/Location&gt;
685 </pre>
686
687 <p>
688 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
689 The changes to <path>mime.convs</path> and <path>mime.types</path> are
690 needed to make CUPS print Microsoft Office document files.
691 </p>
692
693 <pre caption="/etc/cups/mime.convs">
694 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
695 application/octet-stream application/vnd.cups-raw 0
696 </pre>
697
698 <p>
699 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
700 </p>
701
702 <pre caption="/etc/cups/mime.types">
703 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
704 application/octet-stream
705 </pre>
706
707 <p>
708 CUPS needs to be started on boot, and started immediately.
709 </p>
710
711 <pre caption="Setting up the CUPS service" >
712 <comment>(To start CUPS on boot)</comment>
713 # <i>rc-update add cupsd default</i>
714 <comment>(To start or restart CUPS now)</comment>
715 # <i>/etc/init.d/cupsd restart</i>
716 </pre>
717
718 </body>
719 </section>
720 <section>
721 <title>Installing a printer for and with CUPS</title>
722 <body>
723
724 <p>
725 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
726 find and download the correct PPD file for your printer and CUPS. To do so,
727 click the link Printer Listings to the left. Select your printers manufacturer
728 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
729 the page coming up click the "recommended driver" link after reading the various
730 notes and information. Then fetch the PPD file from the next page, again after
731 reading the notes and introductions there. You may have to select your printers
732 manufacturer and model again. Reading the <uri
733 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
734 also very helpful when working with CUPS.
735 </p>
736
737 <p>
738 Now you have a PPD file for your printer to work with CUPS. Place it in
739 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
740 <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
741 This can be done via the CUPS web interface or via command line. The web
742 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
743 </p>
744
745 <pre caption="Install the printer via command line">
746 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
747 # <i>/etc/init.d/cupsd restart</i>
748 </pre>
749
750 <p>
751 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
752 argument) right (the name you set above during the Samba configuration!) and to
753 put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
754 whatever device you are using for your printer.
755 </p>
756
757 <p>
758 You should now be able to access the printer from the web interface and be able
759 to print a test page.
760 </p>
761
762 </body>
763 </section>
764 <section>
765 <title>Installing the Windows printer drivers</title>
766 <body>
767
768 <p>
769 Now that the printer should be working it is time to install the drivers for the
770 Windows clients to work. Samba 2.2 introduced this functionality. Browsing to
771 the print server in the Network Neighbourhood, right-clicking on the
772 printershare and selecting "connect" downloads the appropriate drivers
773 automagically to the connecting client, avoiding the hassle of manually
774 installing printer drivers locally.
775 </p>
776
777 <p>
778 There are two sets of printer drivers for this. First, the Adobe PS drivers
779 which can be obtained from <uri
780 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
781 printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
782 link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
783 There doesn't seem to be a difference between the functionality of the two, but
784 the Adobe PS drivers need to be extracted on a Windows System since it's a
785 Windows binary. Also the whole procedure of finding and copying the correct
786 files is a bit more hassle. The CUPS drivers seem to support some options the
787 Adobe drivers don't.
788 </p>
789 <!--
790 used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
791 available. at some point, we should update this for 6.0.
792 -->
793
794 <p>
795 This HOWTO uses the CUPS drivers for Windows. The downloaded file is
796 called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
797 contained into a directory.
798 </p>
799
800 <pre caption="Extract the drivers and run the install">
801 # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
802 # <i>cd cups-samba-5.0rc2</i>
803 <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
804 # <i>./cups-samba.install</i>
805 </pre>
806
807 <p>
808 <path>cups-samba.ss</path> is a TAR archive containing three files:
809 <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
810 <path>cupsui5.dll</path>. These are the actual driver files.
811 </p>
812
813 <warn>
814 The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
815 because almost everything which is not part of the base system is installed
816 somewhere under the prefix <path>/usr/local/</path>. This seems not to be the
817 case for most things you install under GNU/Linux. However, if your CUPS
818 installation is somewhere other than <path>/usr/share/cups/</path> see the
819 example below.
820 </warn>
821
822 <p>
823 Suppose your CUPS installation resides under
824 <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
825 Do the following:
826 </p>
827
828 <pre caption="Manually installing the drivers">
829 # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
830 # <i>tar -xf cups-samba.ss</i>
831 <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
832 # <i>cd usr/share/cups/drivers</i>
833 <comment>(no leading / !)</comment>
834 # <i>cp cups* /usr/local/share/cups/drivers</i>
835 # <i>/etc/init.d/cupsd restart</i>
836 </pre>
837
838 <p>
839 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840 Its man page is an interesting read.
841 </p>
842
843 <pre caption="Run cupsaddsmb">
844 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
846 "export all known printers".)</comment>
847 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
848 </pre>
849
850 <warn>
851 The execution of this command often causes the most trouble. Read through the
852 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
853 thread</uri> for some troubleshooting tips.
854 </warn>
855
856 <p>
857 Here are common errors that may happen:
858 </p>
859
860 <ul>
861 <li>
862 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
863 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
864 the print server for CUPS/Samba interaction. If an error like: <b>Warning:
865 No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
866 first thing you should do is substitute <c>PrintServer</c> with
867 <c>localhost</c> and try it again.
868 </li>
869 <li>
870 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
871 is quite common, but can be triggered by many problems. It's unfortunately
872 not very helpful. One thing to try is to temporarily set <c>security =
873 user</c> in your <path>smb.conf</path>. After/if the installation completes
874 successfully, you should set it back to share, or whatever it was set to
875 before.
876 </li>
877 </ul>
878
879 <p>
880 This should install the correct driver directory structure under
881 <path>/etc/samba/printer</path>. That would be
882 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
883 driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
884 name which you gave the printer when installing it (see above).
885 </p>
886
887 <p>
888 Pending no errors or other complications, your drivers are now installed.
889 </p>
890
891 </body>
892 </section>
893 <section>
894 <title>Finalizing our setup</title>
895 <body>
896
897 <p>
898 Lastly, setup our directories.
899 </p>
900
901 <pre caption="Final changes needed">
902 # <i>mkdir /home/samba</i>
903 # <i>mkdir /home/samba/public</i>
904 # <i>chmod 755 /home/samba</i>
905 # <i>chmod 755 /home/samba/public</i>
906 </pre>
907
908 </body>
909 </section>
910 <section>
911 <title>Testing our Samba configuration</title>
912 <body>
913
914 <p>
915 We will want to test our configuration file to ensure that it is formatted
916 properly and all of our options have at least the correct syntax. To do this we
917 run <c>testparm</c>.
918 </p>
919
920 <pre caption="Running the testparm">
921 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
922 # <i>/usr/bin/testparm</i>
923 Load smb config files from /etc/samba/smb.conf
924 Processing section &quot;[printers]&quot;
925 Global parameter guest account found in service section!
926 Processing section &quot;[public]&quot;
927 Global parameter guest account found in service section!
928 Loaded services file OK.
929 Server role: ROLE_STANDALONE
930 Press enter to see a dump of your service definitions
931 ...
932 ...
933 </pre>
934
935 </body>
936 </section>
937 <section>
938 <title>Starting the Samba service</title>
939 <body>
940
941 <p>
942 Now configure Samba to start at bootup; then go ahead and start it.
943 </p>
944
945 <pre caption="Setting up the Samba service">
946 # <i>rc-update add samba default</i>
947 # <i>/etc/init.d/samba start</i>
948 </pre>
949
950 </body>
951 </section>
952 <section>
953 <title>Checking our services</title>
954 <body>
955
956 <p>
957 It would probably be prudent to check our logs at this time also. We will also
958 want to take a peak at our Samba shares using <c>smbclient</c>.
959 </p>
960
961 <pre caption="Checking the shares with smbclient">
962 # <i>smbclient -L localhost</i>
963 Password:
964 <comment>(You should see a BIG list of services here.)</comment>
965 </pre>
966
967 </body>
968 </section>
969 </chapter>
970
971 <chapter>
972 <title>Configuration of the Clients</title>
973 <section>
974 <title>Printer configuration of *nix based clients</title>
975 <body>
976
977 <p>
978 Despite the variation or distribution, the only thing needed is CUPS. Do the
979 equivalent on any other UNIX/Linux/BSD client.
980 </p>
981
982 <pre caption="Configuring a Gentoo system">
983 # <i>emerge cups</i>
984 # <i>nano -w /etc/cups/client.conf</i>
985 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
986 </pre>
987
988 <p>
989 That should be it. Nothing else will be needed.
990 </p>
991
992 <p>
993 If you use only one printer, it will be your default printer. If your print
994 server manages several printers, your administrator will have defined a default
995 printer on the server. If you want to define a different default printer for
996 yourself, use the <c>lpoptions</c> command.
997 </p>
998
999 <pre caption="Setting your default printer">
1000 <comment>(List available printers)</comment>
1001 # <i>lpstat -a</i>
1002 <comment>(Sample output, yours will differ)</comment>
1003 HPDeskJet930C accepting requests since Jan 01 00:00
1004 laser accepting requests since Jan 01 00:00
1005 <comment>(Define HPDeskJet930C as your default printer)</comment>
1006 # <i>lpoptions -d HPDeskJet930C</i>
1007 </pre>
1008
1009 <pre caption="Printing in *nix">
1010 <comment>(Specify the printer to be used)</comment>
1011 # <i>lp -d HPDeskJet930C anything.txt</i>
1012 <comment>(Use your default printer)</comment>
1013 # <i>lp foobar.whatever.ps</i>
1014 </pre>
1015
1016 <p>
1017 Just point your web browser to <c>http://printserver:631</c> on the client if
1018 you want to manage your printers and their jobs with a nice web interface.
1019 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
1020 print server, not the name you gave to the cups print server if you used
1021 different names.
1022 </p>
1023
1024 </body>
1025 </section>
1026 <section>
1027 <title>Mounting a Windows or Samba share in GNU/Linux</title>
1028 <body>
1029
1030 <p>
1031 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1032 all compiled at least one kernel, we'll need to make sure we have all the right
1033 options selected in our kernel. For simplicity's sake, make it a module for ease
1034 of use. It is the author's opinion that kernel modules are a good thing and
1035 should be used whenever possible.
1036 </p>
1037
1038 <pre caption="Relevant kernel options" >
1039 CONFIG_SMB_FS=m
1040 CONFIG_SMB_UNIX=y
1041 </pre>
1042
1043 <p>
1044 Then make the module/install it; insert them with:
1045 </p>
1046
1047 <pre caption="Loading the kernel module">
1048 # <i>modprobe smbfs</i>
1049 </pre>
1050
1051 <p>
1052 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1053 <c>mount</c> to accomplish this, as detailed below:
1054 </p>
1055
1056 <pre caption="Mounting a Windows/Samba share">
1057 <comment>(The syntax for mounting a Windows/Samba share is:
1058 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1059 If we are not using passwords or a password is not needed)</comment>
1060
1061 # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1062
1063 <comment>(If a password is needed)</comment>
1064 # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1065 </pre>
1066
1067 <p>
1068 After you mount the share, you would access it as if it were a local drive.
1069 </p>
1070
1071 </body>
1072 </section>
1073 <section>
1074 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1075 <body>
1076
1077 <p>
1078 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1079 right click on the printer (HPDeskJet930C) and click connect. This will download
1080 the drivers to the Windows client and now every application (such as Word or
1081 Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1082 </p>
1083
1084 </body>
1085 </section>
1086 </chapter>
1087
1088 <chapter>
1089 <title>Final Notes</title>
1090 <section>
1091 <title>A Fond Farewell</title>
1092 <body>
1093
1094 <p>
1095 That should be it. You should now have a successful printing enviroment that is
1096 friendly to both Windows and *nix as well as a fully virus-free working share!
1097 </p>
1098
1099 </body>
1100 </section>
1101 </chapter>
1102
1103 <chapter>
1104 <title>Links and Resources</title>
1105 <section>
1106 <title>Links</title>
1107 <body>
1108
1109 <p>
1110 These are some links that may help you in setting up, configuration and
1111 troubleshooting your installation:
1112 </p>
1113
1114 <ul>
1115 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1116 <li>
1117 <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1118 link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1119 on Samba/CUPS configuration</uri>
1120 </li>
1121 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1122 <li>
1123 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1124 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1125 and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1126 Samba, and generally printing support on networks. A really interesting
1127 read, with lots and lots of details.)
1128 </li>
1129 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1130 </ul>
1131
1132 </body>
1133 </section>
1134 <section>
1135 <title>Troubleshooting</title>
1136 <body>
1137
1138 <p>
1139 See <uri
1140 link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1141 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1142 useful tips there! Be sure to look this one up first, before posting questions
1143 and problems! Maybe the solution you're looking for is right there.
1144 </p>
1145
1146 </body>
1147 </section>
1148 </chapter>
1149 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20