/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.31 - (show annotations) (download) (as text)
Sun Jul 29 06:48:12 2007 UTC (6 years, 8 months ago) by nightmorph
Branch: MAIN
Changes since 1.30: +16 -17 lines
File MIME type: application/xml
updated cifs stuff for bug 186776

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.30 2007/07/08 02:22:04 nightmorph Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="/doc/en/quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12 <author title="Editor">
13 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
14 </author>
15
16 <abstract>
17 Setup, install and configure a Samba Server under Gentoo that shares files,
18 printers without the need to install drivers and provides automatic virus
19 scanning.
20 </abstract>
21
22 <!-- The content of this document is licensed under the CC-BY-SA license -->
23 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
24 <license/>
25
26 <version>1.19</version>
27 <date>2007-07-28</date>
28
29 <chapter>
30 <title>Introduction to this HOWTO</title>
31 <section>
32 <title>Purpose</title>
33 <body>
34
35 <p>
36 This HOWTO is designed to help you move a network from many different clients
37 speaking different languages, to many different machines that speak a common
38 language. The ultimate goal is to help differing architectures and technologies,
39 come together in a productive, happily coexisting environment.
40 </p>
41
42 <p>
43 Following the directions outlined in this HOWTO should give you an excellent
44 step towards a peaceful cohabitation between Windows, and virtually all known
45 variations of *nix.
46 </p>
47
48 <p>
49 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
50 explore the functionality and power of the Gentoo system, portage and the
51 flexibility of USE flags. Like so many other projects, it was quickly discovered
52 what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
53 for Gentoo users. These users are more demanding than most; they require
54 performance, flexibility and customization. This does not however imply that
55 this HOWTO was not intended for other distributions; rather that it was designed
56 to work with a highly customized version of Samba.
57 </p>
58
59 <p>
60 This HOWTO will describe how to share files and printers between Windows PCs and
61 *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
62 feature of Samba to incorporate automatic virus protection. As a finale, it will
63 show you how to mount and manipulate shares.
64 </p>
65
66 <p>
67 There are a few topics that will be mentioned, but are out of the scope of this
68 HOWTO. These will be noted as they are presented.
69 </p>
70
71 <p>
72 This HOWTO is based on a compilation and merge of an excellent HOWTO provided in
73 the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff"
74 Ntaflos and the collected knowledge of Joshua Preston. The link to this
75 discussion is provided below for your reference:
76 </p>
77
78 <ul>
79 <li>
80 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
81 CUPS+Samba: printing from Windows &amp; Linux</uri>
82 </li>
83 </ul>
84
85 </body>
86 </section>
87 <section>
88 <title>Before you use this guide</title>
89 <body>
90
91 <p>
92 There are a several other guides for setting up CUPS and/or Samba, please read
93 them as well, as they may tell you things left out of this HOWTO (intentional or
94 otherwise). One such document is the very useful and well written <uri
95 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
96 issues and specific printer setup is not discussed here.
97 </p>
98
99 </body>
100 </section>
101 <section>
102 <title>Brief Overview</title>
103 <body>
104
105 <p>
106 After presenting the various USE flags, the following list will outline all of
107 the topics covered as they are presented:
108 </p>
109
110 <ul>
111 <li>On the Samba server:
112 <ul>
113 <li>Install and configure ClamAV</li>
114 <li>Install and configure Samba</li>
115 <li>Install and configure CUPS</li>
116 <li>Adding the printer to CUPS</li>
117 <li>Adding the PS drivers for the Windows clients</li>
118 </ul>
119 </li>
120 <li>On the Unix clients:
121 <ul>
122 <li>Install and configure CUPS</li>
123 <li>Configuring a default printer</li>
124 <li>Mounting a Windows or Samba share</li>
125 </ul>
126 </li>
127 <li>On the Windows Clients:
128 <ul>
129 <li>Configuring the printer</li>
130 <li>Accessing Samba shares</li>
131 </ul>
132 </li>
133 </ul>
134
135 </body>
136 </section>
137 <section>
138 <title>Requirements</title>
139 <body>
140
141 <p>
142 We will need the following:
143 </p>
144
145 <ul>
146 <li>net-fs/samba</li>
147 <li>app-antivirus/clamav</li>
148 <li>net-print/cups</li>
149 <li>net-print/foomatic</li>
150 <li>net-print/hplip (if you have an HP printer)</li>
151 <li>A kernel of sorts (2.6)</li>
152 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
153 <li>
154 A working network (home/office/etc) consisting of more than one machine)
155 </li>
156 </ul>
157
158 <p>
159 The main package we use here is net-fs/samba, however, you will need a kernel
160 with cifs support enabled in order to mount a samba or windows share from
161 another computer. CUPS will be emerged if it is not already.
162 app-antivirus/clamav will be used also, but others should be easily adapted to
163 work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
164 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
165 </p>
166
167 </body>
168 </section>
169 </chapter>
170
171 <chapter>
172 <title>Getting acquainted with Samba</title>
173 <section>
174 <title>The USE Flags</title>
175 <body>
176
177 <p>
178 Before emerging anything, take a look at some of the various USE flags available
179 to Samba.
180 </p>
181
182 <pre caption="Samba uses the following USE Variables:">
183 kerberos acl cups ldap pam readline python oav
184 </pre>
185
186 <p>
187 Depending on the network topology and the specific requirements of the server,
188 the USE flags outlined below will define what to include or exclude from the
189 emerging of Samba.
190 </p>
191
192 <table>
193 <tr>
194 <th><b>USE flag</b></th>
195 <th>Description</th>
196 </tr>
197 <tr>
198 <th><b>kerberos</b></th>
199 <ti>
200 Include support for Kerberos. The server will need this if it is
201 intended to join an existing domain or Active Directory. See the note
202 below for more information.
203 </ti>
204 </tr>
205 <tr>
206 <th><b>acl</b></th>
207 <ti>
208 Enables Access Control Lists. The ACL support in Samba uses a patched
209 ext2/ext3, or SGI's XFS in order to function properly as it extends more
210 detailed access to files or directories; much more so than typical *nix
211 GID/UID schemas.
212 </ti>
213 </tr>
214 <tr>
215 <th><b>cups</b></th>
216 <ti>
217 This enables support for the Common Unix Printing System. This provides an
218 interface allowing local CUPS printers to be shared to other systems in the
219 network.
220 </ti>
221 </tr>
222 <tr>
223 <th><b>ldap</b></th>
224 <ti>
225 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
226 expected to use Active Directory, this option must be used. This would be
227 used in the event Samba needs to login to or provide login to a
228 Domain/Active Directory Server. The kerberos USE flag is needed for proper
229 functioning of this option.
230 </ti>
231 </tr>
232 <tr>
233 <th><b>pam</b></th>
234 <ti>
235 Include support for pluggable authentication modules (PAM). This provides
236 the ability to authenticate users on the Samba Server, which is required if
237 users have to login to your server. The kerberos USE flag is recommended
238 along with this option.
239 </ti>
240 </tr>
241 <tr>
242 <th><b>readline</b></th>
243 <ti>
244 Link Samba against libreadline. This is highly recommended and should
245 probably not be disabled.
246 </ti>
247 </tr>
248 <tr>
249 <th><b>python</b></th>
250 <ti>
251 Python bindings API. Provides an API that will allow Python to interface
252 with Samba.
253 </ti>
254 </tr>
255 <tr>
256 <th><b>oav</b></th>
257 <ti>
258 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
259 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
260 Symantec CarrierScan, and Trend Micro (VSAPI).
261 </ti>
262 </tr>
263 </table>
264
265 <p>
266 A couple of things worth mentioning about the USE flags and different
267 Samba functions include:
268 </p>
269
270 <ul>
271 <li>
272 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
273 ACL kernel options for ext2 and/or ext3 will need to be enabled
274 (depending on which file system is being used - both can be enabled).
275 </li>
276 <li>
277 While Active Directory, ACL, and PDC functions are out of the intended
278 scope of this HOWTO, you may find these links as helpful to your cause:
279 <ul>
280 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
281 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
282 </ul>
283 </li>
284 </ul>
285
286 </body>
287 </section>
288 </chapter>
289
290 <chapter>
291 <title>Server Software Installation</title>
292 <section>
293 <title>Emerging Samba</title>
294 <body>
295
296 <p>
297 First of all: be sure that all your hostnames resolve correctly. Either have a
298 working domain name system running on your network or appropriate entries in
299 your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
300 don't point to the correct machines.
301 </p>
302
303 <p>
304 Hopefully now you can make an assessment of what you'll actually need in order
305 to use Samba with your particular setup. The setup used for this HOWTO is:
306 </p>
307
308 <ul>
309 <li>oav</li>
310 <li>cups</li>
311 <li>readline</li>
312 <li>pam</li>
313 </ul>
314
315 <p>
316 To optimize performance, size and the time of the build, the USE flags are
317 specifically included or excluded.
318 </p>
319
320 <pre caption="Emerge Samba">
321 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
322 # <i>emerge net-fs/samba</i>
323 </pre>
324
325 <note>
326 The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
327 ppc, sparc, hppa, ia64 and alpha
328 </note>
329
330 <p>
331 This will emerge Samba and CUPS (if CUPS is not already emerged).
332 </p>
333
334 </body>
335 </section>
336 <section>
337 <title>Emerging ClamAV</title>
338 <body>
339
340 <p>
341 Because the <e>oav</e> USE flag only provides an interface to allow on access
342 virus scanning, the actual virus scanner must be emerged. The scanner used in
343 this HOWTO is ClamAV.
344 </p>
345
346 <pre caption="Emerge Clamav">
347 # <i>emerge app-antivirus/clamav</i>
348 </pre>
349
350 </body>
351 </section>
352 <section>
353 <title>Emerging foomatic</title>
354 <body>
355
356 <pre caption="Emerge foomatic">
357 # <i>emerge net-print/foomatic</i>
358 </pre>
359
360 </body>
361 </section>
362 <section>
363 <title>Emerging net-print/hplip</title>
364 <body>
365
366 <p>
367 You only need to emerge this if you use an HP printer.
368 </p>
369
370 <pre caption="Emerge hplip">
371 # <i>emerge net-print/hplip</i>
372 </pre>
373
374 </body>
375 </section>
376 </chapter>
377
378 <chapter>
379 <title>Server Configuration</title>
380 <section>
381 <title>Configuring Samba</title>
382 <body>
383
384 <p>
385 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
386 divided in sections indicated by [sectionname]. Comments are either
387 # or ;. A sample <path>smb.conf</path> is included below with comments and
388 suggestions for modifications. If more details are required, see the man page
389 for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
390 Samba Web site or any of the numerous Samba books available.
391 </p>
392
393 <pre caption="A Sample /etc/samba/smb.conf">
394 [global]
395 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
396 workgroup = <comment>MYWORKGROUPNAME</comment>
397 <comment># Of course this has no REAL purpose other than letting
398 # everyone knows it's not Windows!
399 # %v prints the version of Samba we are using.</comment>
400 server string = Samba Server %v
401 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
402 printcap name = cups
403 printing = cups
404 load printers = yes
405 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
406 log file = /var/log/samba/log.%m
407 max log size = 50
408 <comment># We are going to set some options for our interfaces...</comment>
409 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
410 <comment># This is a good idea, what we are doing is binding the
411 # samba server to our local network.
412 # For example, if eth0 is our local network device</comment>
413 interfaces = lo <i>eth0</i>
414 bind interfaces only = yes
415 <comment># Now we are going to specify who we allow, we are afterall
416 # very security conscience, since this configuration does
417 # not use passwords!</comment>
418 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
419 hosts deny = 0.0.0.0/0
420 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
421 # The default is user</comment>
422 security = share
423 <comment># No passwords, so we're going to use a guest account!</comment>
424 guest account = samba
425 guest ok = yes
426 <comment># We now will implement the on access virus scanner.
427 # NOTE: By putting this in our [Global] section, we enable
428 # scanning of ALL shares, you could optionally move
429 # these to a specific share and only scan it.</comment>
430
431 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
432 vfs object = vscan-clamav
433 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
434
435 <comment># Now we setup our print drivers information!</comment>
436 [print$]
437 comment = Printer Drivers
438 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
439 guest ok = yes
440 browseable = yes
441 read only = yes
442 <comment># Modify this to "username,root" if you don't want root to
443 # be the only printer admin)</comment>
444 write list = <i>root</i>
445
446 <comment># Now we'll setup a printer to share, while the name is arbitrary
447 # it should be consistent throughout Samba and CUPS!</comment>
448 [HPDeskJet930C]
449 comment = HP DeskJet 930C Network Printer
450 printable = yes
451 path = /var/spool/samba
452 public = yes
453 guest ok = yes
454 <comment># Modify this to "username,root" if you don't want root to
455 # be the only printer admin)</comment>
456 printer admin = <i>root</i>
457
458 <comment># Now we setup our printers share. This should be
459 # browseable, printable, public.</comment>
460 [printers]
461 comment = All Printers
462 browseable = no
463 printable = yes
464 writable = no
465 public = yes
466 guest ok = yes
467 path = /var/spool/samba
468 <comment># Modify this to "username,root" if you don't want root to
469 # be the only printer admin)</comment>
470 printer admin = <i>root</i>
471
472 <comment># We create a new share that we can read/write to from anywhere
473 # This is kind of like a public temp share, anyone can do what
474 # they want here.</comment>
475 [public]
476 comment = Public Files
477 browseable = yes
478 public = yes
479 create mode = 0766
480 guest ok = yes
481 path = /home/samba/public
482 </pre>
483
484 <warn>
485 If you like to use Samba's guest account to do anything concerning printing from
486 Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
487 section. The guest account seems to cause problems when running
488 <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
489 below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
490 arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
491 or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
492 from a lot of problems.
493 </warn>
494
495 <warn>
496 Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
497 down the performance of your Samba server dramatically.
498 </warn>
499
500 <p>
501 Now create the directories required for the minimum configuration of Samba to
502 share the installed printer throughout the network.
503 </p>
504
505 <pre caption="Create the directories">
506 # <i>mkdir /etc/samba/printer</i>
507 # <i>mkdir /var/spool/samba</i>
508 # <i>mkdir /home/samba/public</i>
509 </pre>
510
511 <p>
512 At least one Samba user is required in order to install the printer drivers and
513 to allow users to connect to the printer. Users must exist in the system's
514 <path>/etc/passwd</path> file.
515 </p>
516
517 <pre caption="Creating the users">
518 # <i>smbpasswd -a root</i>
519
520 <comment>(If another user is to be a printer admin)</comment>
521 # <i>smbpasswd -a username</i>
522 </pre>
523
524 <p>
525 The Samba passwords need not be the same as the system passwords
526 in <path>/etc/passwd</path>.
527 </p>
528
529 <p>
530 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
531 systems can be found easily using NetBIOS:
532 </p>
533
534 <pre caption="Editing /etc/nsswitch.conf">
535 # <i>nano -w /etc/nsswitch.conf</i>
536 <comment>(Edit the hosts: line)</comment>
537 hosts: files dns <i>wins</i>
538 </pre>
539
540 </body>
541 </section>
542 <section>
543 <title>Configuring ClamAV</title>
544 <body>
545
546 <p>
547 The configuration file specified to be used in <path>smb.conf</path> is
548 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
549 defaults, the infected file action may need to be changed.
550 </p>
551
552 <pre caption="/etc/samba/vscan-clamav.conf">
553 [samba-vscan]
554 <comment>; run-time configuration for vscan-samba using
555 ; clamd
556 ; all options are set to default values</comment>
557
558 <comment>; do not scan files larger than X bytes. If set to 0 (default),
559 ; this feature is disable (i.e. all files are scanned)</comment>
560 max file size = 0
561
562 <comment>; log all file access (yes/no). If set to yes, every access will
563 ; be logged. If set to no (default), only access to infected files
564 ; will be logged</comment>
565 verbose file logging = no
566
567 <comment>; if set to yes (default), a file will be scanned while opening</comment>
568 scan on open = yes
569 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
570 scan on close = yes
571
572 <comment>; if communication to clamd fails, should access to file denied?
573 ; (default: yes)</comment>
574 deny access on error = yes
575
576 <comment>; if daemon fails with a minor error (corruption, etc.),
577 ; should access to file denied?
578 ; (default: yes)</comment>
579 deny access on minor error = yes
580
581 <comment>; send a warning message via Windows Messenger service
582 ; when virus is found?
583 ; (default: yes)</comment>
584 send warning message = yes
585
586 <comment>; what to do with an infected file
587 ; quarantine: try to move to quantine directory; delete it if moving fails
588 ; delete: delete infected file
589 ; nothing: do nothing</comment>
590 infected file action = <comment>delete</comment>
591
592 <comment>; where to put infected files - you really want to change this!
593 ; it has to be on the same physical device as the share!</comment>
594 quarantine directory = /tmp
595 <comment>; prefix for files in quarantine</comment>
596 quarantine prefix = vir-
597
598 <comment>; as Windows tries to open a file multiple time in a (very) short time
599 ; of period, samba-vscan use a last recently used file mechanism to avoid
600 ; multiple scans of a file. This setting specified the maximum number of
601 ; elements of the last recently used file list. (default: 100)</comment>
602 max lru files entries = 100
603
604 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
605 ; (Default: 5)</comment>
606 lru file entry lifetime = 5
607
608 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
609 clamd socket name = /tmp/clamd
610
611 <comment>; port number the ScannerDaemon listens on</comment>
612 oav port = 8127
613 </pre>
614
615 <p>
616 It is generally a good idea to start the virus scanner immediately. Add it to
617 the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
618 The service has two processes: freshclam keeps the virus definition database up
619 to date while clamd is the actual anti-virus daemon. First you may want to set
620 the paths of the logfiles so that it fits your needs.
621 </p>
622
623 <pre caption="Checking the location of the logfiles">
624 # <i>vim /etc/clamd.conf</i>
625 <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
626 # <i>vim /etc/freshclam.conf</i>
627 <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
628 # <i>vim /etc/conf.d/clamd</i>
629 <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
630 </pre>
631
632 <p>
633 Now fire up the virus scanner.
634 </p>
635
636 <pre caption="Add clamd to bootup and start it">
637 # <i>rc-update add clamd default</i>
638 # <i>/etc/init.d/clamd start</i>
639 </pre>
640
641 </body>
642 </section>
643 <section>
644 <title>Configuring CUPS</title>
645 <body>
646
647 <p>
648 This is a little more complicated. CUPS' main config file is
649 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
650 <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
651 example are the directives that need to be changed:
652 </p>
653
654 <pre caption="/etc/cups/cupsd.conf">
655 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
656 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
657
658 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
659 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
660
661 LogLevel debug <comment># only while isntalling and testing, should later be
662 # changed to 'info'</comment>
663
664 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
665 # there seemed to be a bug in CUPS' controlling of the web interface,
666 # making CUPS think a denial of service attack was in progress when
667 # I tried to configure a printer with the web interface. weird.</comment>
668
669 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
670
671 &lt;Location /&gt;
672 Order Deny,Allow
673 Deny From All
674 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
675 # e.g. 192.168.1.* will allow connections from any host on
676 # the 192.168.1.0 network. change to whatever suits you</comment>
677 &lt;/Location&gt;
678
679 &lt;Location /admin&gt;
680 AuthType Basic
681 AuthClass System
682 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
683 # 192.168.1.0 network to connect and do
684 # administrative tasks after authenticating</comment>
685 Order Deny,Allow
686 Deny From All
687 &lt;/Location&gt;
688 </pre>
689
690 <p>
691 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
692 The changes to <path>mime.convs</path> and <path>mime.types</path> are
693 needed to make CUPS print Microsoft Office document files.
694 </p>
695
696 <pre caption="/etc/cups/mime.convs">
697 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
698 application/octet-stream application/vnd.cups-raw 0
699 </pre>
700
701 <p>
702 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
703 </p>
704
705 <pre caption="/etc/cups/mime.types">
706 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
707 application/octet-stream
708 </pre>
709
710 <p>
711 CUPS needs to be started on boot, and started immediately.
712 </p>
713
714 <pre caption="Setting up the CUPS service" >
715 <comment>(To start CUPS on boot)</comment>
716 # <i>rc-update add cupsd default</i>
717 <comment>(To start or restart CUPS now)</comment>
718 # <i>/etc/init.d/cupsd restart</i>
719 </pre>
720
721 </body>
722 </section>
723 <section>
724 <title>Installing a printer for and with CUPS</title>
725 <body>
726
727 <p>
728 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
729 find and download the correct PPD file for your printer and CUPS. To do so,
730 click the link Printer Listings to the left. Select your printers manufacturer
731 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
732 the page coming up click the "recommended driver" link after reading the various
733 notes and information. Then fetch the PPD file from the next page, again after
734 reading the notes and introductions there. You may have to select your printers
735 manufacturer and model again. Reading the <uri
736 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
737 also very helpful when working with CUPS.
738 </p>
739
740 <p>
741 Now you have a PPD file for your printer to work with CUPS. Place it in
742 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
743 <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
744 This can be done via the CUPS web interface or via command line. The web
745 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
746 </p>
747
748 <pre caption="Install the printer via command line">
749 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
750 # <i>/etc/init.d/cupsd restart</i>
751 </pre>
752
753 <p>
754 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
755 argument) right (the name you set above during the Samba configuration!) and to
756 put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
757 whatever device you are using for your printer.
758 </p>
759
760 <p>
761 You should now be able to access the printer from the web interface and be able
762 to print a test page.
763 </p>
764
765 </body>
766 </section>
767 <section>
768 <title>Installing the Windows printer drivers</title>
769 <body>
770
771 <p>
772 Now that the printer should be working it is time to install the drivers for the
773 Windows clients to work. Samba 2.2 introduced this functionality. Browsing to
774 the print server in the Network Neighbourhood, right-clicking on the
775 printershare and selecting "connect" downloads the appropriate drivers
776 automagically to the connecting client, avoiding the hassle of manually
777 installing printer drivers locally.
778 </p>
779
780 <p>
781 There are two sets of printer drivers for this. First, the Adobe PS drivers
782 which can be obtained from <uri
783 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
784 printer drivers). Second, there are the CUPS PS drivers, to be obtained by
785 emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
786 so you may need to add it to <path>/etc/portage/package.keywords</path>. There
787 doesn't seem to be a difference between the functionality of the two, but the
788 Adobe PS drivers need to be extracted on a Windows System since it's a Windows
789 binary. Also the whole procedure of finding and copying the correct files is a
790 bit more hassle. The CUPS drivers seem to support some options the Adobe drivers
791 don't.
792 </p>
793
794 <p>
795 This HOWTO uses the CUPS drivers for Windows. Install them as shown:
796 </p>
797
798 <pre caption="Install the drivers and restart CUPS">
799 # <i>emerge -av cups-windows</i>
800 # <i>/etc/init.d/cupsd restart</i>
801 </pre>
802
803 <p>
804 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
805 Its man page is an interesting read.
806 </p>
807
808 <pre caption="Run cupsaddsmb">
809 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
810 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
811 "export all known printers".)</comment>
812 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
813 </pre>
814
815 <warn>
816 The execution of this command often causes the most trouble. Read through the
817 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
818 thread</uri> for some troubleshooting tips.
819 </warn>
820
821 <p>
822 Here are common errors that may happen:
823 </p>
824
825 <ul>
826 <li>
827 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
828 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
829 the print server for CUPS/Samba interaction. If an error like: <b>Warning:
830 No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
831 first thing you should do is substitute <c>PrintServer</c> with
832 <c>localhost</c> and try it again.
833 </li>
834 <li>
835 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
836 is quite common, but can be triggered by many problems. It's unfortunately
837 not very helpful. One thing to try is to temporarily set <c>security =
838 user</c> in your <path>smb.conf</path>. After/if the installation completes
839 successfully, you should set it back to share, or whatever it was set to
840 before.
841 </li>
842 </ul>
843
844 <p>
845 This should install the correct driver directory structure under
846 <path>/etc/samba/printer</path>. That would be
847 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
848 driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
849 name which you gave the printer when installing it (see above).
850 </p>
851
852 <p>
853 Pending no errors or other complications, your drivers are now installed.
854 </p>
855
856 </body>
857 </section>
858 <section>
859 <title>Finalizing our setup</title>
860 <body>
861
862 <p>
863 Lastly, setup our directories.
864 </p>
865
866 <pre caption="Final changes needed">
867 # <i>mkdir /home/samba</i>
868 # <i>mkdir /home/samba/public</i>
869 # <i>chmod 755 /home/samba</i>
870 # <i>chmod 755 /home/samba/public</i>
871 </pre>
872
873 </body>
874 </section>
875 <section>
876 <title>Testing our Samba configuration</title>
877 <body>
878
879 <p>
880 We will want to test our configuration file to ensure that it is formatted
881 properly and all of our options have at least the correct syntax. To do this we
882 run <c>testparm</c>.
883 </p>
884
885 <pre caption="Running the testparm">
886 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
887 # <i>/usr/bin/testparm</i>
888 Load smb config files from /etc/samba/smb.conf
889 Processing section &quot;[printers]&quot;
890 Global parameter guest account found in service section!
891 Processing section &quot;[public]&quot;
892 Global parameter guest account found in service section!
893 Loaded services file OK.
894 Server role: ROLE_STANDALONE
895 Press enter to see a dump of your service definitions
896 ...
897 ...
898 </pre>
899
900 </body>
901 </section>
902 <section>
903 <title>Starting the Samba service</title>
904 <body>
905
906 <p>
907 Now configure Samba to start at bootup; then go ahead and start it.
908 </p>
909
910 <pre caption="Setting up the Samba service">
911 # <i>rc-update add samba default</i>
912 # <i>/etc/init.d/samba start</i>
913 </pre>
914
915 </body>
916 </section>
917 <section>
918 <title>Checking our services</title>
919 <body>
920
921 <p>
922 It would probably be prudent to check our logs at this time also. We will also
923 want to take a peak at our Samba shares using <c>smbclient</c>.
924 </p>
925
926 <pre caption="Checking the shares with smbclient">
927 # <i>smbclient -L localhost</i>
928 Password:
929 <comment>(You should see a BIG list of services here.)</comment>
930 </pre>
931
932 </body>
933 </section>
934 </chapter>
935
936 <chapter>
937 <title>Configuration of the Clients</title>
938 <section>
939 <title>Printer configuration of *nix based clients</title>
940 <body>
941
942 <p>
943 Despite the variation or distribution, the only thing needed is CUPS. Do the
944 equivalent on any other UNIX/Linux/BSD client.
945 </p>
946
947 <pre caption="Configuring a Gentoo system">
948 # <i>emerge cups</i>
949 # <i>nano -w /etc/cups/client.conf</i>
950 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
951 </pre>
952
953 <p>
954 That should be it. Nothing else will be needed.
955 </p>
956
957 <p>
958 If you use only one printer, it will be your default printer. If your print
959 server manages several printers, your administrator will have defined a default
960 printer on the server. If you want to define a different default printer for
961 yourself, use the <c>lpoptions</c> command.
962 </p>
963
964 <pre caption="Setting your default printer">
965 <comment>(List available printers)</comment>
966 # <i>lpstat -a</i>
967 <comment>(Sample output, yours will differ)</comment>
968 HPDeskJet930C accepting requests since Jan 01 00:00
969 laser accepting requests since Jan 01 00:00
970 <comment>(Define HPDeskJet930C as your default printer)</comment>
971 # <i>lpoptions -d HPDeskJet930C</i>
972 </pre>
973
974 <pre caption="Printing in *nix">
975 <comment>(Specify the printer to be used)</comment>
976 # <i>lp -d HPDeskJet930C anything.txt</i>
977 <comment>(Use your default printer)</comment>
978 # <i>lp foobar.whatever.ps</i>
979 </pre>
980
981 <p>
982 Just point your web browser to <c>http://printserver:631</c> on the client if
983 you want to manage your printers and their jobs with a nice web interface.
984 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
985 print server, not the name you gave to the cups print server if you used
986 different names.
987 </p>
988
989 </body>
990 </section>
991 <section>
992 <title>Mounting a Windows or Samba share in GNU/Linux</title>
993 <body>
994
995 <p>
996 Now is time to configure our kernel to support cifs. Since I'm assuming
997 we've all compiled at least one kernel, we'll need to make sure we have all the
998 right options selected in our kernel. For simplicity's sake, make it a module
999 for ease of use. It is the author's opinion that kernel modules are a good thing
1000 and should be used whenever possible.
1001 </p>
1002
1003 <pre caption="Kernel support" >
1004 CONFIG_CIFS=m
1005 </pre>
1006
1007 <p>
1008 Then make the module/install it; insert it with:
1009 </p>
1010
1011 <pre caption="Loading the kernel module">
1012 # <i>modprobe cifs</i>
1013 </pre>
1014
1015 <p>
1016 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1017 <c>mount</c> to accomplish this, as detailed below:
1018 </p>
1019
1020 <pre caption="Mounting a Windows/Samba share">
1021 <comment>(The syntax for mounting a Windows/Samba share is:
1022 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1023 If we are not using passwords or a password is not needed)</comment>
1024
1025 # <i>mount -t cifs //PrintServer/public /mnt/public</i>
1026
1027 <comment>(If a password is needed)</comment>
1028 # <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1029 </pre>
1030
1031 <p>
1032 After you mount the share, you would access it as if it were a local drive.
1033 </p>
1034
1035 </body>
1036 </section>
1037 <section>
1038 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1039 <body>
1040
1041 <p>
1042 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1043 right click on the printer (HPDeskJet930C) and click connect. This will download
1044 the drivers to the Windows client and now every application (such as Word or
1045 Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1046 </p>
1047
1048 </body>
1049 </section>
1050 </chapter>
1051
1052 <chapter>
1053 <title>Final Notes</title>
1054 <section>
1055 <title>A Fond Farewell</title>
1056 <body>
1057
1058 <p>
1059 That should be it. You should now have a successful printing enviroment that is
1060 friendly to both Windows and *nix as well as a fully virus-free working share!
1061 </p>
1062
1063 </body>
1064 </section>
1065 </chapter>
1066
1067 <chapter>
1068 <title>Links and Resources</title>
1069 <section>
1070 <title>Links</title>
1071 <body>
1072
1073 <p>
1074 These are some links that may help you in setting up, configuration and
1075 troubleshooting your installation:
1076 </p>
1077
1078 <ul>
1079 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1080 <li>
1081 <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1082 link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1083 on Samba/CUPS configuration</uri>
1084 </li>
1085 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1086 <li>
1087 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1088 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1089 and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1090 Samba, and generally printing support on networks. A really interesting
1091 read, with lots and lots of details.)
1092 </li>
1093 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1094 </ul>
1095
1096 </body>
1097 </section>
1098 <section>
1099 <title>Troubleshooting</title>
1100 <body>
1101
1102 <p>
1103 See <uri
1104 link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1105 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1106 useful tips there! Be sure to look this one up first, before posting questions
1107 and problems! Maybe the solution you're looking for is right there.
1108 </p>
1109
1110 </body>
1111 </section>
1112 </chapter>
1113 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20