/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.39 - (show annotations) (download) (as text)
Thu Dec 20 19:13:21 2007 UTC (6 years, 8 months ago) by swift
Branch: MAIN
Changes since 1.38: +13 -4 lines
File MIME type: application/xml
#196950 - Adding winbind as Samba USE flag, not listing them all though

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.38 2007/12/01 11:34:22 neysx Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4
5 <guide link="/doc/en/quick-samba-howto.xml">
6
7 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
8
9 <author title="Author">
10 Andreas "daff" Ntaflos <!--daff at dword dot org-->
11 </author>
12 <author title="Author">
13 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
14 </author>
15 <author title="Editor">
16 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
17 </author>
18
19 <abstract>
20 Setup, install and configure a Samba Server under Gentoo that shares files,
21 printers without the need to install drivers and provides automatic virus
22 scanning.
23 </abstract>
24
25 <!-- The content of this document is licensed under the CC-BY-SA license -->
26 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
27 <license/>
28
29 <version>1.24</version>
30 <date>2007-12-20</date>
31
32 <chapter>
33 <title>Introduction to this HOWTO</title>
34 <section>
35 <title>Purpose</title>
36 <body>
37
38 <p>
39 This HOWTO is designed to help you move a network from many different clients
40 speaking different languages, to many different machines that speak a common
41 language. The ultimate goal is to help differing architectures and technologies,
42 come together in a productive, happily coexisting environment.
43 </p>
44
45 <p>
46 Following the directions outlined in this HOWTO should give you an excellent
47 step towards a peaceful cohabitation between Windows, and virtually all known
48 variations of *nix.
49 </p>
50
51 <p>
52 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
53 explore the functionality and power of the Gentoo system, portage and the
54 flexibility of USE flags. Like so many other projects, it was quickly discovered
55 what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
56 for Gentoo users. These users are more demanding than most; they require
57 performance, flexibility and customization. This does not however imply that
58 this HOWTO was not intended for other distributions; rather that it was designed
59 to work with a highly customized version of Samba.
60 </p>
61
62 <p>
63 This HOWTO will describe how to share files and printers between Windows PCs and
64 *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
65 feature of Samba to incorporate automatic virus protection. As a finale, it will
66 show you how to mount and manipulate shares.
67 </p>
68
69 <p>
70 There are a few topics that will be mentioned, but are out of the scope of this
71 HOWTO. These will be noted as they are presented.
72 </p>
73
74 <p>
75 This HOWTO is based on a compilation and merge of an excellent HOWTO provided
76 in the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas
77 "daff" Ntaflos and the collected knowledge of Joshua Preston. The link to this
78 discussion is provided below for your reference:
79 </p>
80
81 <ul>
82 <li>
83 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
84 CUPS+Samba: printing from Windows &amp; Linux</uri>
85 </li>
86 </ul>
87
88 </body>
89 </section>
90 <section>
91 <title>Before you use this guide</title>
92 <body>
93
94 <p>
95 There are a several other guides for setting up CUPS and/or Samba, please read
96 them as well, as they may tell you things left out of this HOWTO (intentional or
97 otherwise). One such document is the very useful and well written <uri
98 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
99 issues and specific printer setup is not discussed here.
100 </p>
101
102 </body>
103 </section>
104 <section>
105 <title>Brief Overview</title>
106 <body>
107
108 <p>
109 After presenting the various USE flags, the following list will outline all of
110 the topics covered as they are presented:
111 </p>
112
113 <ul>
114 <li>On the Samba server:
115 <ul>
116 <li>Install and configure ClamAV</li>
117 <li>Install and configure Samba</li>
118 <li>Install and configure CUPS</li>
119 <li>Adding the printer to CUPS</li>
120 <li>Adding the PS drivers for the Windows clients</li>
121 </ul>
122 </li>
123 <li>On the Unix clients:
124 <ul>
125 <li>Install and configure CUPS</li>
126 <li>Configuring a default printer</li>
127 <li>Mounting a Windows or Samba share</li>
128 </ul>
129 </li>
130 <li>On the Windows Clients:
131 <ul>
132 <li>Configuring the printer</li>
133 <li>Accessing Samba shares</li>
134 </ul>
135 </li>
136 </ul>
137
138 </body>
139 </section>
140 <section>
141 <title>Requirements</title>
142 <body>
143
144 <p>
145 We will need the following:
146 </p>
147
148 <ul>
149 <li>net-fs/samba</li>
150 <li>app-antivirus/clamav</li>
151 <li>net-print/cups</li>
152 <li>net-print/foomatic</li>
153 <li>net-print/hplip (if you have an HP printer)</li>
154 <li>A kernel of sorts (2.6)</li>
155 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
156 <li>
157 A working network (home/office/etc) consisting of more than one machine)
158 </li>
159 </ul>
160
161 <p>
162 The main package we use here is net-fs/samba, however, you will need a kernel
163 with cifs support enabled in order to mount a samba or windows share from
164 another computer. CUPS will be emerged if it is not already.
165 app-antivirus/clamav will be used also, but others should be easily adapted to
166 work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
167 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
168 </p>
169
170 </body>
171 </section>
172 </chapter>
173
174 <chapter>
175 <title>Getting acquainted with Samba</title>
176 <section>
177 <title>The USE Flags</title>
178 <body>
179
180 <p>
181 Before emerging anything, take a look at some of the various USE flags available
182 to Samba.
183 </p>
184
185 <pre caption="Samba uses the following USE Variables:">
186 kerberos acl cups ldap pam readline python oav winbind
187 </pre>
188
189 <p>
190 Depending on the network topology and the specific requirements of the server,
191 the USE flags outlined below will define what to include or exclude from the
192 emerging of Samba.
193 </p>
194
195 <table>
196 <tr>
197 <th><b>USE flag</b></th>
198 <th>Description</th>
199 </tr>
200 <tr>
201 <th><b>kerberos</b></th>
202 <ti>
203 Include support for Kerberos. The server will need this if it is intended
204 to join an existing domain or Active Directory. See the note below for more
205 information.
206 </ti>
207 </tr>
208 <tr>
209 <th><b>acl</b></th>
210 <ti>
211 Enables Access Control Lists. The ACL support in Samba uses a patched
212 ext2/ext3, or SGI's XFS in order to function properly as it extends more
213 detailed access to files or directories; much more so than typical *nix
214 GID/UID schemas.
215 </ti>
216 </tr>
217 <tr>
218 <th><b>cups</b></th>
219 <ti>
220 This enables support for the Common Unix Printing System. This provides an
221 interface allowing local CUPS printers to be shared to other systems in the
222 network.
223 </ti>
224 </tr>
225 <tr>
226 <th><b>ldap</b></th>
227 <ti>
228 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
229 expected to use Active Directory, this option must be used. This would be
230 used in the event Samba needs to login to or provide login to a
231 Domain/Active Directory Server. The kerberos USE flag is needed for proper
232 functioning of this option.
233 </ti>
234 </tr>
235 <tr>
236 <th><b>pam</b></th>
237 <ti>
238 Include support for pluggable authentication modules (PAM). This provides
239 the ability to authenticate users on the Samba Server, which is required if
240 users have to login to your server. The kerberos USE flag is recommended
241 along with this option.
242 </ti>
243 </tr>
244 <tr>
245 <th><b>readline</b></th>
246 <ti>
247 Link Samba against libreadline. This is highly recommended and should
248 probably not be disabled.
249 </ti>
250 </tr>
251 <tr>
252 <th><b>python</b></th>
253 <ti>
254 Python bindings API. Provides an API that will allow Python to interface
255 with Samba.
256 </ti>
257 </tr>
258 <tr>
259 <th><b>oav</b></th>
260 <ti>
261 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
262 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
263 Symantec CarrierScan, and Trend Micro (VSAPI).
264 </ti>
265 </tr>
266 <tr>
267 <th><b>winbind</b></th>
268 <ti>
269 Winbind allows for a unified logon within a Samba environment. It uses a
270 Unix implementation of Windows RPC calls, PAM and the name service switch
271 (supported by the c library) to enable Windows NT domain users to appear and
272 work as Unix users on a Unix system.
273 </ti>
274 </tr>
275 </table>
276
277 <p>
278 A couple of things worth mentioning about the USE flags and different
279 Samba functions include:
280 </p>
281
282 <ul>
283 <li>
284 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
285 ACL kernel options for ext2 and/or ext3 will need to be enabled (depending
286 on which file system is being used - both can be enabled).
287 </li>
288 <li>
289 While Active Directory, ACL, and PDC functions are out of the intended
290 scope of this HOWTO, you may find these links as helpful to your cause:
291 <ul>
292 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
293 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
294 </ul>
295 </li>
296 </ul>
297
298 </body>
299 </section>
300 </chapter>
301
302 <chapter>
303 <title>Server Software Installation</title>
304 <section>
305 <title>Emerging Samba</title>
306 <body>
307
308 <p>
309 First of all: be sure that all your hostnames resolve correctly. Either have a
310 working domain name system running on your network or appropriate entries in
311 your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
312 don't point to the correct machines.
313 </p>
314
315 <p>
316 Hopefully now you can make an assessment of what you'll actually need in order
317 to use Samba with your particular setup. The setup used for this HOWTO is:
318 </p>
319
320 <ul>
321 <li>oav</li>
322 <li>cups</li>
323 <li>readline</li>
324 <li>pam</li>
325 </ul>
326
327 <p>
328 To optimize performance, size and the time of the build, the USE flags are
329 specifically included or excluded.
330 </p>
331
332 <pre caption="Emerge Samba">
333 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
334 # <i>emerge net-fs/samba</i>
335 </pre>
336
337 <p>
338 This will emerge Samba and CUPS (if CUPS is not already emerged).
339 </p>
340
341 </body>
342 </section>
343 <section>
344 <title>Emerging ClamAV</title>
345 <body>
346
347 <p>
348 Because the <e>oav</e> USE flag only provides an interface to allow on access
349 virus scanning, the actual virus scanner must be emerged. The scanner used in
350 this HOWTO is ClamAV.
351 </p>
352
353 <pre caption="Emerge Clamav">
354 # <i>emerge app-antivirus/clamav</i>
355 </pre>
356
357 </body>
358 </section>
359 <section>
360 <title>Emerging foomatic</title>
361 <body>
362
363 <pre caption="Emerge foomatic">
364 # <i>emerge net-print/foomatic</i>
365 </pre>
366
367 </body>
368 </section>
369 <section>
370 <title>Emerging net-print/hplip</title>
371 <body>
372
373 <p>
374 You only need to emerge this if you use an HP printer.
375 </p>
376
377 <pre caption="Emerge hplip">
378 # <i>emerge net-print/hplip</i>
379 </pre>
380
381 </body>
382 </section>
383 </chapter>
384
385 <chapter>
386 <title>Server Configuration</title>
387 <section>
388 <title>Configuring Samba</title>
389 <body>
390
391 <p>
392 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
393 divided in sections indicated by [sectionname]. Comments are either
394 # or ;. A sample <path>smb.conf</path> is included below with comments and
395 suggestions for modifications. If more details are required, see the man page
396 for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
397 Samba Web site or any of the numerous Samba books available.
398 </p>
399
400 <pre caption="A Sample /etc/samba/smb.conf">
401 [global]
402 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
403 workgroup = <comment>MYWORKGROUPNAME</comment>
404 <comment># Of course this has no REAL purpose other than letting
405 # everyone knows it's not Windows!
406 # %v prints the version of Samba we are using.</comment>
407 server string = Samba Server %v
408 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
409 printcap name = cups
410 printing = cups
411 load printers = yes
412 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
413 log file = /var/log/samba/log.%m
414 max log size = 50
415 <comment># We are going to set some options for our interfaces...</comment>
416 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
417 <comment># This is a good idea, what we are doing is binding the
418 # samba server to our local network.
419 # For example, if eth0 is our local network device</comment>
420 interfaces = lo <i>eth0</i>
421 bind interfaces only = yes
422 <comment># Now we are going to specify who we allow, we are afterall
423 # very security conscience, since this configuration does
424 # not use passwords!</comment>
425 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
426 hosts deny = 0.0.0.0/0
427 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
428 # The default is user</comment>
429 security = share
430 <comment># No passwords, so we're going to use a guest account!</comment>
431 guest ok = yes
432 <comment># We now will implement the on access virus scanner.
433 # NOTE: By putting this in our [Global] section, we enable
434 # scanning of ALL shares, you could optionally move
435 # these to a specific share and only scan it.</comment>
436
437 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
438 vfs object = vscan-clamav
439 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
440
441 <comment># Now we setup our print drivers information!</comment>
442 [print$]
443 comment = Printer Drivers
444 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
445 guest ok = yes
446 browseable = yes
447 read only = yes
448 <comment># Modify this to "username,root" if you don't want root to
449 # be the only printer admin)</comment>
450 write list = <i>root</i>
451
452 <comment># Now we'll setup a printer to share, while the name is arbitrary
453 # it should be consistent throughout Samba and CUPS!</comment>
454 [HPDeskJet930C]
455 comment = HP DeskJet 930C Network Printer
456 printable = yes
457 path = /var/spool/samba
458 public = yes
459 guest ok = yes
460 <comment># Modify this to "username,root" if you don't want root to
461 # be the only printer admin)</comment>
462 printer admin = <i>root</i>
463
464 <comment># Now we setup our printers share. This should be
465 # browseable, printable, public.</comment>
466 [printers]
467 comment = All Printers
468 browseable = no
469 printable = yes
470 writable = no
471 public = yes
472 guest ok = yes
473 path = /var/spool/samba
474 <comment># Modify this to "username,root" if you don't want root to
475 # be the only printer admin)</comment>
476 printer admin = <i>root</i>
477
478 <comment># We create a new share that we can read/write to from anywhere
479 # This is kind of like a public temp share, anyone can do what
480 # they want here.</comment>
481 [public]
482 comment = Public Files
483 browseable = yes
484 public = yes
485 create mode = 0766
486 guest ok = yes
487 path = /home/samba/public
488 </pre>
489
490 <warn>
491 If you like to use Samba's guest account to do anything concerning printing from
492 Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
493 section. The guest account seems to cause problems when running
494 <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
495 below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
496 arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
497 or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
498 from a lot of problems.
499 </warn>
500
501 <warn>
502 Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
503 down the performance of your Samba server dramatically.
504 </warn>
505
506 <p>
507 Now create the directories required for the minimum configuration of Samba to
508 share the installed printer throughout the network.
509 </p>
510
511 <pre caption="Create the directories">
512 # <i>mkdir /etc/samba/printer</i>
513 # <i>mkdir /var/spool/samba</i>
514 # <i>mkdir /home/samba/public</i>
515 </pre>
516
517 <p>
518 At least one Samba user is required in order to install the printer drivers and
519 to allow users to connect to the printer. Users must exist in the system's
520 <path>/etc/passwd</path> file.
521 </p>
522
523 <pre caption="Creating the users">
524 # <i>smbpasswd -a root</i>
525
526 <comment>(If another user is to be a printer admin)</comment>
527 # <i>smbpasswd -a username</i>
528 </pre>
529
530 <p>
531 The Samba passwords need not be the same as the system passwords
532 in <path>/etc/passwd</path>.
533 </p>
534
535 <p>
536 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
537 systems can be found easily using NetBIOS:
538 </p>
539
540 <pre caption="Editing /etc/nsswitch.conf">
541 # <i>nano -w /etc/nsswitch.conf</i>
542 <comment>(Edit the hosts: line)</comment>
543 hosts: files dns <i>wins</i>
544 </pre>
545
546 </body>
547 </section>
548 <section>
549 <title>Configuring ClamAV</title>
550 <body>
551
552 <p>
553 The configuration file specified to be used in <path>smb.conf</path> is
554 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
555 defaults, the infected file action may need to be changed.
556 </p>
557
558 <pre caption="/etc/samba/vscan-clamav.conf">
559 [samba-vscan]
560 <comment>; run-time configuration for vscan-samba using
561 ; clamd
562 ; all options are set to default values</comment>
563
564 <comment>; do not scan files larger than X bytes. If set to 0 (default),
565 ; this feature is disable (i.e. all files are scanned)</comment>
566 max file size = 0
567
568 <comment>; log all file access (yes/no). If set to yes, every access will
569 ; be logged. If set to no (default), only access to infected files
570 ; will be logged</comment>
571 verbose file logging = no
572
573 <comment>; if set to yes (default), a file will be scanned while opening</comment>
574 scan on open = yes
575 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
576 scan on close = yes
577
578 <comment>; if communication to clamd fails, should access to file denied?
579 ; (default: yes)</comment>
580 deny access on error = yes
581
582 <comment>; if daemon fails with a minor error (corruption, etc.),
583 ; should access to file denied?
584 ; (default: yes)</comment>
585 deny access on minor error = yes
586
587 <comment>; send a warning message via Windows Messenger service
588 ; when virus is found?
589 ; (default: yes)</comment>
590 send warning message = yes
591
592 <comment>; what to do with an infected file
593 ; quarantine: try to move to quantine directory; delete it if moving fails
594 ; delete: delete infected file
595 ; nothing: do nothing</comment>
596 infected file action = <comment>delete</comment>
597
598 <comment>; where to put infected files - you really want to change this!
599 ; it has to be on the same physical device as the share!</comment>
600 quarantine directory = /tmp
601 <comment>; prefix for files in quarantine</comment>
602 quarantine prefix = vir-
603
604 <comment>; as Windows tries to open a file multiple time in a (very) short time
605 ; of period, samba-vscan use a last recently used file mechanism to avoid
606 ; multiple scans of a file. This setting specified the maximum number of
607 ; elements of the last recently used file list. (default: 100)</comment>
608 max lru files entries = 100
609
610 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
611 ; (Default: 5)</comment>
612 lru file entry lifetime = 5
613
614 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
615 clamd socket name = /tmp/clamd
616
617 <comment>; port number the ScannerDaemon listens on</comment>
618 oav port = 8127
619 </pre>
620
621 <p>
622 It is generally a good idea to start the virus scanner immediately. Add it to
623 the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
624 The service has two processes: freshclam keeps the virus definition database up
625 to date while clamd is the actual anti-virus daemon. First you may want to set
626 the paths of the logfiles so that it fits your needs.
627 </p>
628
629 <pre caption="Checking the location of the logfiles">
630 # <i>vim /etc/clamd.conf</i>
631 <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
632 # <i>vim /etc/freshclam.conf</i>
633 <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
634 # <i>vim /etc/conf.d/clamd</i>
635 <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
636 </pre>
637
638 <p>
639 Now fire up the virus scanner.
640 </p>
641
642 <pre caption="Add clamd to bootup and start it">
643 # <i>rc-update add clamd default</i>
644 # <i>/etc/init.d/clamd start</i>
645 </pre>
646
647 </body>
648 </section>
649 <section>
650 <title>Configuring CUPS</title>
651 <body>
652
653 <p>
654 This is a little more complicated. CUPS' main config file is
655 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
656 <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
657 example are the directives that need to be changed:
658 </p>
659
660 <pre caption="/etc/cups/cupsd.conf">
661 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
662 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
663
664 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
665 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
666
667 LogLevel debug <comment># only while installing and testing, should later be
668 # changed to 'info'</comment>
669
670 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
671 # there seemed to be a bug in CUPS' controlling of the web interface,
672 # making CUPS think a denial of service attack was in progress when
673 # I tried to configure a printer with the web interface. weird.</comment>
674
675 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
676
677 &lt;Location /&gt;
678 Order Deny,Allow
679 Deny From All
680 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
681 # e.g. 192.168.1.* will allow connections from any host on
682 # the 192.168.1.0 network. change to whatever suits you</comment>
683 &lt;/Location&gt;
684
685 &lt;Location /admin&gt;
686 AuthType Basic
687 AuthClass System
688 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
689 # 192.168.1.0 network to connect and do
690 # administrative tasks after authenticating</comment>
691 Order Deny,Allow
692 Deny From All
693 &lt;/Location&gt;
694 </pre>
695
696 <p>
697 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. The changes to
698 <path>mime.convs</path> and <path>mime.types</path> are needed to make CUPS
699 print Microsoft Office document files.
700 </p>
701
702 <pre caption="/etc/cups/mime.convs">
703 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
704 application/octet-stream application/vnd.cups-raw 0
705 </pre>
706
707 <p>
708 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
709 </p>
710
711 <pre caption="/etc/cups/mime.types">
712 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
713 application/octet-stream
714 </pre>
715
716 <p>
717 CUPS needs to be started on boot, and started immediately.
718 </p>
719
720 <pre caption="Setting up the CUPS service" >
721 <comment>(To start CUPS on boot)</comment>
722 # <i>rc-update add cupsd default</i>
723 <comment>(To start or restart CUPS now)</comment>
724 # <i>/etc/init.d/cupsd restart</i>
725 </pre>
726
727 </body>
728 </section>
729 <section>
730 <title>Installing a printer for and with CUPS</title>
731 <body>
732
733 <p>
734 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
735 find and download the correct PPD file for your printer and CUPS. To do so,
736 click the link Printer Listings to the left. Select your printers manufacturer
737 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
738 the page coming up click the "recommended driver" link after reading the various
739 notes and information. Then fetch the PPD file from the next page, again after
740 reading the notes and introductions there. You may have to select your printers
741 manufacturer and model again. Reading the <uri
742 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
743 also very helpful when working with CUPS.
744 </p>
745
746 <p>
747 Now you have a PPD file for your printer to work with CUPS. Place it in
748 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
749 <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
750 This can be done via the CUPS web interface or via command line. The web
751 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
752 </p>
753
754 <pre caption="Install the printer via command line">
755 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
756 # <i>/etc/init.d/cupsd restart</i>
757 </pre>
758
759 <p>
760 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
761 argument) right (the name you set above during the Samba configuration!) and to
762 put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
763 whatever device you are using for your printer.
764 </p>
765
766 <p>
767 You should now be able to access the printer from the web interface and be able
768 to print a test page.
769 </p>
770
771 </body>
772 </section>
773 <section>
774 <title>Installing the Windows printer drivers</title>
775 <body>
776
777 <p>
778 Now that the printer should be working it is time to install the drivers for
779 the Windows clients to work. Samba 2.2 introduced this functionality. Browsing
780 to the print server in the Network Neighbourhood, right-clicking on the
781 printershare and selecting "connect" downloads the appropriate drivers
782 automagically to the connecting client, avoiding the hassle of manually
783 installing printer drivers locally.
784 </p>
785
786 <p>
787 There are two sets of printer drivers for this. First, the Adobe PS drivers
788 which can be obtained from <uri
789 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
790 printer drivers). Second, there are the CUPS PS drivers, to be obtained by
791 emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
792 so you may need to add it to <path>/etc/portage/package.keywords</path>. There
793 doesn't seem to be a difference between the functionality of the two, but the
794 Adobe PS drivers need to be extracted on a Windows System since it's a Windows
795 binary. Also the whole procedure of finding and copying the correct files is a
796 bit more hassle. The CUPS drivers support some options the Adobe drivers
797 don't.
798 </p>
799
800 <p>
801 This HOWTO uses the CUPS drivers for Windows. Install them as shown:
802 </p>
803
804 <pre caption="Install the drivers">
805 # <i>emerge -av cups-windows</i>
806 </pre>
807
808 <p>
809 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
810 Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
811 Windows drivers you'll need to copy to the proper CUPS directory. Once you've
812 copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
813 Next, run <c>cupsaddsmb</c> as shown:
814 </p>
815
816 <pre caption="Run cupsaddsmb">
817 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
818 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
819 "export all known printers".)</comment>
820 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
821 </pre>
822
823 <warn>
824 The execution of this command often causes the most trouble. Read through the
825 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
826 thread</uri> for some troubleshooting tips.
827 </warn>
828
829 <p>
830 Here are common errors that may happen:
831 </p>
832
833 <ul>
834 <li>
835 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
836 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
837 the print server for CUPS/Samba interaction. If an error like: <b>Warning:
838 No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
839 first thing you should do is substitute <c>PrintServer</c> with
840 <c>localhost</c> and try it again.
841 </li>
842 <li>
843 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
844 is quite common, but can be triggered by many problems. It's unfortunately
845 not very helpful. One thing to try is to temporarily set <c>security =
846 user</c> in your <path>smb.conf</path>. After/if the installation completes
847 successfully, you should set it back to share, or whatever it was set to
848 before.
849 </li>
850 </ul>
851
852 <p>
853 This should install the correct driver directory structure under
854 <path>/etc/samba/printer</path>. That would be
855 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
856 driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
857 name which you gave the printer when installing it (see above).
858 </p>
859
860 <p>
861 Pending no errors or other complications, your drivers are now installed.
862 </p>
863
864 </body>
865 </section>
866 <section>
867 <title>Finalizing our setup</title>
868 <body>
869
870 <p>
871 Lastly, setup our directories.
872 </p>
873
874 <pre caption="Final changes needed">
875 # <i>mkdir /home/samba</i>
876 # <i>mkdir /home/samba/public</i>
877 # <i>chmod 755 /home/samba</i>
878 # <i>chmod 755 /home/samba/public</i>
879 </pre>
880
881 </body>
882 </section>
883 <section>
884 <title>Testing our Samba configuration</title>
885 <body>
886
887 <p>
888 We will want to test our configuration file to ensure that it is formatted
889 properly and all of our options have at least the correct syntax. To do this we
890 run <c>testparm</c>.
891 </p>
892
893 <pre caption="Running the testparm">
894 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
895 # <i>/usr/bin/testparm</i>
896 Load smb config files from /etc/samba/smb.conf
897 Processing section &quot;[printers]&quot;
898 Global parameter guest account found in service section!
899 Processing section &quot;[public]&quot;
900 Global parameter guest account found in service section!
901 Loaded services file OK.
902 Server role: ROLE_STANDALONE
903 Press enter to see a dump of your service definitions
904 ...
905 ...
906 </pre>
907
908 </body>
909 </section>
910 <section>
911 <title>Starting the Samba service</title>
912 <body>
913
914 <p>
915 Now configure Samba to start at bootup; then go ahead and start it.
916 </p>
917
918 <pre caption="Setting up the Samba service">
919 # <i>rc-update add samba default</i>
920 # <i>/etc/init.d/samba start</i>
921 </pre>
922
923 </body>
924 </section>
925 <section>
926 <title>Checking our services</title>
927 <body>
928
929 <p>
930 It would probably be prudent to check our logs at this time also. We will also
931 want to take a peak at our Samba shares using <c>smbclient</c>.
932 </p>
933
934 <pre caption="Checking the shares with smbclient">
935 # <i>smbclient -L localhost</i>
936 Password:
937 <comment>(You should see a BIG list of services here.)</comment>
938 </pre>
939
940 </body>
941 </section>
942 </chapter>
943
944 <chapter>
945 <title>Configuration of the Clients</title>
946 <section>
947 <title>Printer configuration of *nix based clients</title>
948 <body>
949
950 <p>
951 Despite the variation or distribution, the only thing needed is CUPS. Do the
952 equivalent on any other UNIX/Linux/BSD client.
953 </p>
954
955 <pre caption="Configuring a Gentoo system">
956 # <i>emerge cups</i>
957 # <i>nano -w /etc/cups/client.conf</i>
958 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
959 </pre>
960
961 <p>
962 That should be it. Nothing else will be needed.
963 </p>
964
965 <p>
966 If you use only one printer, it will be your default printer. If your print
967 server manages several printers, your administrator will have defined a default
968 printer on the server. If you want to define a different default printer for
969 yourself, use the <c>lpoptions</c> command.
970 </p>
971
972 <pre caption="Setting your default printer">
973 <comment>(List available printers)</comment>
974 # <i>lpstat -a</i>
975 <comment>(Sample output, yours will differ)</comment>
976 HPDeskJet930C accepting requests since Jan 01 00:00
977 laser accepting requests since Jan 01 00:00
978 <comment>(Define HPDeskJet930C as your default printer)</comment>
979 # <i>lpoptions -d HPDeskJet930C</i>
980 </pre>
981
982 <pre caption="Printing in *nix">
983 <comment>(Specify the printer to be used)</comment>
984 # <i>lp -d HPDeskJet930C anything.txt</i>
985 <comment>(Use your default printer)</comment>
986 # <i>lp foobar.whatever.ps</i>
987 </pre>
988
989 <p>
990 Just point your web browser to <c>http://printserver:631</c> on the client if
991 you want to manage your printers and their jobs with a nice web interface.
992 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
993 print server, not the name you gave to the cups print server if you used
994 different names.
995 </p>
996
997 </body>
998 </section>
999 <section>
1000 <title>Mounting a Windows or Samba share in GNU/Linux</title>
1001 <body>
1002
1003 <note>
1004 Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the
1005 client(s) that will be accessing the shares.
1006 </note>
1007
1008 <p>
1009 Now is time to configure our kernel to support cifs. Since I'm assuming
1010 we've all compiled at least one kernel, we'll need to make sure we have all the
1011 right options selected in our kernel. For simplicity's sake, make it a module
1012 for ease of use. It is the author's opinion that kernel modules are a good thing
1013 and should be used whenever possible.
1014 </p>
1015
1016 <pre caption="Kernel support" >
1017 CONFIG_CIFS=m
1018 </pre>
1019
1020 <p>
1021 Then make the module/install it; insert it with:
1022 </p>
1023
1024 <pre caption="Loading the kernel module">
1025 # <i>modprobe cifs</i>
1026 </pre>
1027
1028 <p>
1029 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1030 <c>mount</c> to accomplish this, as detailed below:
1031 </p>
1032
1033 <pre caption="Mounting a Windows/Samba share">
1034 <comment>(The syntax for mounting a Windows/Samba share is:
1035 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1036 If we are not using passwords or a password is not needed)</comment>
1037
1038 # <i>mount -t cifs //PrintServer/public /mnt/public</i>
1039
1040 <comment>(If a password is needed)</comment>
1041 # <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1042 </pre>
1043
1044 <p>
1045 After you mount the share, you would access it as if it were a local drive.
1046 </p>
1047
1048 </body>
1049 </section>
1050 <section>
1051 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1052 <body>
1053
1054 <p>
1055 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1056 right click on the printer (HPDeskJet930C) and click connect. This will download
1057 the drivers to the Windows client and now every application (such as Word or
1058 Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1059 </p>
1060
1061 </body>
1062 </section>
1063 </chapter>
1064
1065 <chapter>
1066 <title>Final Notes</title>
1067 <section>
1068 <title>A Fond Farewell</title>
1069 <body>
1070
1071 <p>
1072 That should be it. You should now have a successful printing enviroment that is
1073 friendly to both Windows and *nix as well as a fully virus-free working share!
1074 </p>
1075
1076 </body>
1077 </section>
1078 </chapter>
1079
1080 <chapter>
1081 <title>Links and Resources</title>
1082 <section>
1083 <title>Links</title>
1084 <body>
1085
1086 <p>
1087 These are some links that may help you in setting up, configuration and
1088 troubleshooting your installation:
1089 </p>
1090
1091 <ul>
1092 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1093 <li>
1094 <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1095 link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1096 on Samba/CUPS configuration</uri>
1097 </li>
1098 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1099 <li>
1100 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1101 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1102 and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1103 Samba, and generally printing support on networks. A really interesting
1104 read, with lots and lots of details.)
1105 </li>
1106 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1107 </ul>
1108
1109 </body>
1110 </section>
1111 <section>
1112 <title>Troubleshooting</title>
1113 <body>
1114
1115 <p>
1116 See <uri
1117 link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1118 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1119 useful tips there! Be sure to look this one up first, before posting questions
1120 and problems! Maybe the solution you're looking for is right there.
1121 </p>
1122
1123 </body>
1124 </section>
1125 </chapter>
1126 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20