/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.8 - (show annotations) (download) (as text)
Fri Jul 2 07:36:09 2004 UTC (10 years, 2 months ago) by swift
Branch: MAIN
Changes since 1.7: +9 -3 lines
File MIME type: application/xml
#48754 - Fix minor complication with the use of ClamAV

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.7 2004/06/25 22:28:55 vapier Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/Clam AV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12
13 <abstract>
14 Setup, install and configure a Samba Server under Gentoo that shares
15 files, printers without the need to install drivers and provides
16 automatic virus scanning.
17 </abstract>
18
19 <!-- The content of this document is licensed under the CC-BY-SA license -->
20 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21 <license/>
22
23 <version>1.5</version>
24 <date>June 30, 2004</date>
25
26 <chapter>
27 <title>Introduction to this HOWTO</title>
28 <section>
29 <title>Purpose</title>
30 <body>
31
32 <p>
33 This HOWTO is designed to help you move a network from many different
34 clients speaking different languages, to many different machines that
35 speak a common language. The ultimate goal is to help differing
36 architectures and technologies, come together in a productive,
37 happily coexisting environment.
38 </p>
39
40 <p>
41 Following the directions outlined in this HOWTO should give you an
42 excellent step towards a peaceful cohabitation between Windows, and
43 virtually all known variations of *nix.
44 </p>
45
46 <p>
47 This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48 intended to explore the functionality and power of the Gentoo system,
49 portage and the flexibility of USE flags. Like so many other projects,
50 it was quickly discovered what was missing in the Gentoo realm: there
51 weren't any Samba HOWTO's catered for Gentoo users. These users are
52 more demanding than most; they require performance, flexibility and
53 customization. This does not however imply that this HOWTO was not
54 intended for other distributions; rather that it was designed to work
55 with a highly customized version of Samba.
56 </p>
57
58 <p>
59 This HOWTO will describe how to share files and printers between Windows
60 PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61 File System) feature of Samba to incorporate automatic virus protection.
62 As a finale, it will show you how to mount and manipulate shares.
63 </p>
64
65 <p>
66 There are a few topics that will be mentioned, but are out of the
67 scope of this HOWTO. These will be noted as they are presented.
68 </p>
69
70 <p>
71 This HOWTO is based on a compilation and merge of an excellent HOWTO
72 provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73 by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74 The link to this discussion is provided below for your reference:
75 </p>
76
77 <ul>
78 <li>
79 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80 CUPS+Samba: printing from Windows &amp; Linux</uri>
81 </li>
82 </ul>
83
84 </body>
85 </section>
86 <section>
87 <title>Before you use this guide</title>
88 <body>
89
90 <p>
91 There are a several other guides for setting up CUPS and/or Samba, please read
92 them as well, as they may tell you things left out of this HOWTO (intentional
93 or otherwise). One such document is the very useful and well written <uri
94 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95 issues and specific printer setup is not discussed here.
96 </p>
97
98 </body>
99 </section>
100 <section>
101 <title>Brief Overview</title>
102 <body>
103
104 <p>
105 After presenting the various USE flags, the following list will outline
106 all of the topics covered as they are presented:
107 </p>
108
109 <ul>
110 <li>On the Samba server:
111 <ul>
112 <li>Install and configure CLAM-AV</li>
113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul>
118 </li>
119 <li>On the Unix clients:
120 <ul>
121 <li>Install and configure CUPS</li>
122 <li>Configuring a default printer</li>
123 <li>Mounting a Windows or Samba share</li>
124 </ul>
125 </li>
126 <li>On the Windows Clients:
127 <ul>
128 <li>Configuring the printer</li>
129 <li>Accessing Samba shares</li>
130 </ul>
131 </li>
132 </ul>
133
134 </body>
135 </section>
136 <section>
137 <title>Requirements</title>
138 <body>
139
140 <p>
141 We will need the following:
142 </p>
143
144 <ul>
145 <li>net-fs/samba</li>
146 <li>app-antivirus/clamav</li>
147 <li>net-print/cups</li>
148 <li>net-print/foomatic</li>
149 <li>net-print/hpijs (if you have an HP printer)</li>
150 <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152 <li>
153 A working network (home/office/etc) consisting of more than one machine)
154 </li>
155 </ul>
156
157 <p>
158 The main package we use here is net-fs/samba, however, you will need
159 a kernel with smbfs support enabled in order to mount a samba or windows
160 share from another computer. CUPS will be emerged if it is not already.
161 app-antivirus/clamav will be used also, but others should be easily adapted
162 to work with Samba.
163 </p>
164
165 </body>
166 </section>
167 </chapter>
168
169 <chapter>
170 <title>Getting acquainted with Samba</title>
171 <section>
172 <title>The USE Flags</title>
173 <body>
174
175 <p>
176 Before emerging anything, take a look at the various USE flags
177 available to Samba.
178 </p>
179
180 <pre caption="Samba uses the following USE Variables:">
181 kerberos mysql xml acl cups ldap pam readline python oav
182 </pre>
183
184 <p>
185 Depending on the network topology and the specific requirements of
186 the server, the USE flags outlined below will define what to include or
187 exclude from the emerging of Samba.
188 </p>
189
190 <table>
191 <tr>
192 <th><b>USE flag</b></th>
193 <th>Description</th>
194 </tr>
195 <tr>
196 <th><b>kerberos</b></th>
197 <ti>
198 Include support for Kerberos. The server will need this if it is
199 intended to join an existing domain or Active Directory. See the note
200 below for more information.
201 </ti>
202 </tr>
203 <tr>
204 <th><b>mysql</b></th>
205 <ti>
206 This will allow Samba to use MySQL in order to do password authentication.
207 It will store ACLs, usernames, passwords, etc in a database versus a
208 flat file. If Samba is needed to do password authentication, such as
209 acting as a password validation server or a Primary Domain Controller
210 (PDC).
211 </ti>
212 </tr>
213 <tr>
214 <th><b>xml</b></th>
215 <ti>
216 The xml USE option for Samba provides a password database backend allowing
217 Samba to store account details in XML files, for the same reasons listed in
218 the mysql USE flag description.
219 </ti>
220 </tr>
221 <tr>
222 <th><b>acl</b></th>
223 <ti>
224 Enables Access Control Lists. The ACL support in Samba uses a patched
225 ext2/ext3, or SGI's XFS in order to function properly as it extends more
226 detailed access to files or directories; much more so than typical *nix
227 GID/UID schemas.
228 </ti>
229 </tr>
230 <tr>
231 <th><b>cups</b></th>
232 <ti>
233 This enables support for the Common Unix Printing System. This
234 provides an interface allowing local CUPS printers to be shared to
235 other systems in the network.
236 </ti>
237 </tr>
238 <tr>
239 <th><b>ldap</b></th>
240 <ti>
241 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
242 expected to use Active Directory, this option must be used. This would
243 be used in the event Samba needs to login to or provide login to
244 a Domain/Active Directory Server. The kerberos USE flag is needed for
245 proper functioning of this option.
246 </ti>
247 </tr>
248 <tr>
249 <th><b>pam</b></th>
250 <ti>
251 Include support for pluggable authentication modules (PAM). This
252 provides the ability to authenticate users on the Samba Server, which is
253 required if users have to login to your server. The kerberos USE flag
254 is recommended along with this option.
255 </ti>
256 </tr>
257 <tr>
258 <th><b>readline</b></th>
259 <ti>
260 Link Samba again libreadline. This is highly recommended and should
261 probably not be disabled
262 </ti>
263 </tr>
264 <tr>
265 <th><b>python</b></th>
266 <ti>
267 Python bindings API. Provides an API that will allow Python to
268 interface with Samba.
269 </ti>
270 </tr>
271 <tr>
272 <th><b>oav</b></th>
273 <ti>
274 Provides on-access scanning of Samba shares with FRISK F-Prot
275 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277 </ti>
278 </tr>
279 </table>
280
281 <p>
282 A couple of things worth mentioning about the USE flags and different
283 Samba functions include:
284 </p>
285
286 <ul>
287 <li>
288 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
289 ACL kernel options for ext2 and/or ext3 will need to be enabled
290 (depending on which file system is being used - both can be enabled).
291 </li>
292 <li>
293 While Active Directory, ACL, and PDC functions are out of the intended
294 scope of this HOWTO, you may find these links as helpful to your cause:
295 <ul>
296 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
297 <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
298 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
299 </ul>
300 </li>
301 </ul>
302
303 </body>
304 </section>
305 </chapter>
306
307 <chapter>
308 <title>Server Software Installation</title>
309 <section>
310 <title>Emerging Samba</title>
311 <body>
312
313 <p>
314 First of all: be sure that all your hostnames resolve correctly.
315 Either have a working domain name system running on your network
316 or appropriate entries in your <path>/etc/hosts</path> file.
317 <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
318 machines.
319 </p>
320
321 <p>
322 Hopefully now you can make an assessment of what you'll actually need in
323 order to use Samba with your particular setup. The setup used for this
324 HOWTO is:
325 </p>
326
327 <ul>
328 <li>oav</li>
329 <li>cups</li>
330 <li>readline</li>
331 <li>pam</li>
332 </ul>
333
334 <p>
335 To optimize performance, size and the time of the build, the
336 USE flags are specifically included or excluded.
337 </p>
338
339 <pre caption="Emerge Samba">
340 <comment>(Note the USE flags!)</comment>
341 # <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i>
342 </pre>
343
344 <note>
345 The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346 ppc, sparc, hppa, ia64 and alpha
347 </note>
348
349 <p>
350 This will emerge Samba and CUPS (if CUPS is not already emerged).
351 </p>
352
353 </body>
354 </section>
355 <section>
356 <title>Emerging Clam AV</title>
357 <body>
358
359 <p>
360 Because the <e>oav</e> USE flag only provides an interface to allow on access
361 virus scanning, the actual virus scanner must be emerged. The scanner
362 used in this HOWTO is Clam AV.
363 </p>
364
365 <pre caption="Emerge clam-av">
366 # <i>emerge app-antivirus/clamav</i>
367 </pre>
368
369 </body>
370 </section>
371 <section>
372 <title>Emerging foomatic</title>
373 <body>
374
375 <pre caption="Emerge foomatic">
376 # <i>emerge net-print/foomatic</i>
377 </pre>
378
379 </body>
380 </section>
381 <section>
382 <title>Emerging net-print/hpijs</title>
383 <body>
384
385 <p>
386 You only need to emerge this if you use an HP printer.
387 </p>
388
389 <pre caption="Emerge hpijs">
390 # <i>emerge net-print/hpijs</i>
391 </pre>
392
393 </body>
394 </section>
395 </chapter>
396
397 <chapter>
398 <title>Server Configuration</title>
399 <section>
400 <title>Configuring Samba</title>
401 <body>
402
403 <p>
404 The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
405 It is divided in sections indicated by [sectionname]. Comments are either
406 # or ;. A sample <path>smb.conf</path> is included below with comments and
407 suggestions for modifications. If more details are required, see the
408 man page for <path>smb.conf</path>, the installed
409 <path>smb.conf.example</path>, the Samba Web site or any of the
410 numerous Samba books available.
411 </p>
412
413 <pre caption="A Sample /etc/samba/smb.conf">
414 [global]
415 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416 workgroup = <comment>MYWORKGROUPNAME</comment>
417 <comment># Of course this has no REAL purpose other than letting
418 # everyone know its not Windows!
419 # %v prints the version of Samba we are using.</comment>
420 server string = Samba Server %v
421 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
422 printcap name = cups
423 printing = cups
424 load printers = yes
425 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
426 log file = /var/log/samba/log.%m
427 max log size = 50
428 <comment># We are going to set some options for our interfaces...</comment>
429 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
430 <comment># This is a good idea, what we are doing is binding the
431 # samba server to our local network.
432 # For example, if eth0 is our local network device</comment>
433 interfaces = lo <i>eth0</i>
434 bind interfaces only = yes
435 <comment># Now we are going to specify who we allow, we are afterall
436 # very security conscience, since this configuration does
437 # not use passwords!</comment>
438 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
439 hosts deny = 0.0.0.0/0
440 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
441 # The default is user</comment>
442 security = share
443 <comment># No passwords, so we're going to use a guest account!</comment>
444 guest account = samba
445 guest ok = yes
446 <comment># We now will implement the on access virus scanner.
447 # NOTE: By putting this in our [Global] section, we enable
448 # scanning of ALL shares, you could optionally move
449 # these to a specific share and only scan it.</comment>
450
451 <comment># For Samba 3.x</comment>
452 vfs object = vscan-clamav
453 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454
455 <comment># For Samba 2.2.x</comment>
456 vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457 vfs options = config-file = /etc/samba/vscan-clamav.conf
458
459 <comment># Now we setup our print drivers information!</comment>
460 [print$]
461 comment = Printer Drivers
462 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
463 guest ok = no
464 browseable = yes
465 read only = yes
466 <comment># Modify this to "username,root" if you don't want root to
467 # be the only printer admin)</comment>
468 write list = <i>root</i>
469
470 <comment># Now we'll setup a printer to share, while the name is arbitrary
471 # it should be consistent throughout Samba and CUPS!</comment>
472 [HPDeskJet930C]
473 comment = HP DeskJet 930C Network Printer
474 printable = yes
475 path = /var/spool/samba
476 public = yes
477 guest ok = yes
478 <comment># Modify this to "username,root" if you don't want root to
479 # be the only printer admin)</comment>
480 printer admin = <i>root</i>
481
482 <comment># Now we setup our printers share. This should be
483 # browseable, printable, public.</comment>
484 [printers]
485 comment = All Printers
486 browseable = yes
487 printable = yes
488 public = yes
489 guest ok = yes
490 path = /var/spool/samba
491 <comment># Modify this to "username,root" if you don't want root to
492 # be the only printer admin)</comment>
493 printer admin = <i>root</i>
494
495 <comment># We create a new share that we can read/write to from anywhere
496 # This is kind of like a public temp share, anyone can do what
497 # they want here.</comment>
498 [public]
499 comment = Public Files
500 browseable = yes
501 public = yes
502 create mode = 0766
503 guest ok = yes
504 path = /home/samba/public
505 </pre>
506
507 <warn>
508 If you like to use Samba's guest account to do anything concerning
509 printing from Windows clients: don't set <c>guest only = yes</c> in
510 the <c>[global]</c> section. The guest account seems to cause
511 problems when running <c>cupsaddsmb</c> sometimes when trying to
512 connect from Windows machines. See below, too, when we talk about
513 <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
514 printer user, like <c>printeruser</c> or <c>printer</c> or
515 <c>printme</c> or whatever. It doesn't hurt and it will certainly
516 protect you from a lot of problems.
517 </warn>
518
519 <p>
520 Now create the directories required for the minimum configuration of
521 Samba to share the installed printer throughout the network.
522 </p>
523
524 <pre caption="Create the directories">
525 # <i>mkdir /etc/samba/printer</i>
526 # <i>mkdir /var/spool/samba</i>
527 # <i>mkdir /home/samba/public</i>
528 </pre>
529
530 <p>
531 At least one Samba user is required in order to install the printer
532 drivers and to allow users to connect to the printer. Users must
533 exist in the system's <path>/etc/passwd</path> file.
534 </p>
535
536 <pre caption="Creating the users">
537 # <i>smbpasswd -a root</i>
538
539 <comment>(If another user is to be a printer admin)</comment>
540 # <i>smbpasswd -a username</i>
541 </pre>
542
543 <p>
544 The Samba passwords need not be the same as the system passwords
545 in <path>/etc/passwd</path>.
546 </p>
547
548 </body>
549 </section>
550 <section>
551 <title>Configuring Clam AV</title>
552 <body>
553
554 <p>
555 The configuration file specified to be used in <path>smb.conf</path> is
556 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
557 to the defaults, the infected file action may need to be changed.
558 </p>
559
560 <pre caption="/etc/samba/vscan-clamav.conf">
561 [samba-vscan]
562 <comment>; run-time configuration for vscan-samba using
563 ; clamd
564 ; all options are set to default values</comment>
565
566 <comment>; do not scan files larger than X bytes. If set to 0 (default),
567 ; this feature is disable (i.e. all files are scanned)</comment>
568 max file size = 0
569
570 <comment>; log all file access (yes/no). If set to yes, every access will
571 ; be logged. If set to no (default), only access to infected files
572 ; will be logged</comment>
573 verbose file logging = no
574
575 <comment>; if set to yes (default), a file will be scanned while opening</comment>
576 scan on open = yes
577 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
578 scan on close = yes
579
580 <comment>; if communication to clamd fails, should access to file denied?
581 ; (default: yes)</comment>
582 deny access on error = yes
583
584 <comment>; if daemon fails with a minor error (corruption, etc.),
585 ; should access to file denied?
586 ; (default: yes)</comment>
587 deny access on minor error = yes
588
589 <comment>; send a warning message via Windows Messenger service
590 ; when virus is found?
591 ; (default: yes)</comment>
592 send warning message = yes
593
594 <comment>; what to do with an infected file
595 ; quarantine: try to move to quantine directory; delete it if moving fails
596 ; delete: delete infected file
597 ; nothing: do nothing</comment>
598 infected file action = <comment>delete</comment>
599
600 <comment>; where to put infected files - you really want to change this!
601 ; it has to be on the same physical device as the share!</comment>
602 quarantine directory = /tmp
603 <comment>; prefix for files in quarantine</comment>
604 quarantine prefix = vir-
605
606 <comment>; as Windows tries to open a file multiple time in a (very) short time
607 ; of period, samba-vscan use a last recently used file mechanism to avoid
608 ; multiple scans of a file. This setting specified the maximum number of
609 ; elements of the last recently used file list. (default: 100)</comment>
610 max lru files entries = 100
611
612 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
613 ; (Default: 5)</comment>
614 lru file entry lifetime = 5
615
616 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
617 clamd socket name = /var/run/clamd
618 </pre>
619
620 <p>
621 It is generally a good idea to start the virus scanner immediately. Add
622 it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
623 </p>
624
625 <pre caption="Add clamd to bootup and start it">
626 # <i>rc-update add clamd default</i>
627 # <i>/etc/init.d/clamd start</i>
628 </pre>
629
630 </body>
631 </section>
632 <section>
633 <title>Configuring CUPS</title>
634 <body>
635
636 <p>
637 This is a little more complicated. CUPS' main config file is
638 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
639 <path>httpd.conf</path> file, so many you may find it familiar. Outlined
640 in the example are the directives that need to be changed:
641 </p>
642
643 <pre caption="/etc/cups/cupsd.conf">
644 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
645 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
646
647 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
648 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
649
650 LogLevel debug <comment># only while isntalling and testing, should later be
651 # changed to 'info'</comment>
652
653 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
654 # there seemed to be a bug in CUPS' controlling of the web interface,
655 # making CUPS think a denial of service attack was in progress when
656 # I tried to configure a printer with the web interface. weird.</comment>
657
658 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
659
660 &lt;Location /&gt;
661 Order Deny,Allow
662 Deny From All
663 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
664 # eg 192.168.1.* will allow connections from any host on
665 # the 192.168.1.0 network. change to whatever suits you</comment>
666 &lt;/Location&gt;
667
668 &lt;Location /admin&gt;
669 AuthType Basic
670 AuthClass System
671 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
672 # 192.168.1.0 network to connect and do
673 # administrative tasks after authenticating</comment>
674 Order Deny,Allow
675 Deny From All
676 &lt;/Location&gt;
677 </pre>
678
679 <p>
680 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
681 The changes to <path>mime.convs</path> and <path>mime.types</path> are
682 needed to make CUPS print Microsoft Office document files.
683 </p>
684
685 <pre caption="/etc/cups/mime.convs">
686 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
687 application/octet-stream application/vnd.cups-raw 0
688 </pre>
689
690 <p>
691 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
692 </p>
693
694 <pre caption="/etc/cups/mime.types">
695 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
696 application/octet-stream
697 </pre>
698
699 <p>
700 CUPS needs to be started on boot, and started immediately.
701 </p>
702
703 <pre caption="Setting up the CUPS service" >
704 <comment>(To start CUPS on boot)</comment>
705 # <i>rc-update add cupsd default</i>
706 <comment>(To start CUPS if it isn't started)</comment>
707 # <i>/etc/init.d/cupsd start</i>
708 <comment>(If CUPS is already started we'll need to restart it!)</comment>
709 # <i>/etc/init.d/cupsd restart</i>
710 </pre>
711
712 </body>
713 </section>
714 <section>
715 <title>Installing a printer for and with CUPS</title>
716 <body>
717
718 <p>
719 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
720 find and download the correct PPD file for your printer and CUPS. To do so,
721 click the link Printer Listings to the left. Select your printers manufacturer
722 and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
723 the page coming up click the "recommended driver" link after reading the
724 various notes and information. Then fetch the PPD file from the next page,
725 again after reading the notes and introductions there. You may have to select
726 your printers manufacturer and model again. Reading the <uri
727 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
728 is also very helpful when working with CUPS.
729 </p>
730
731 <p>
732 Now you have a PPD file for your printer to work with CUPS. Place it in
733 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
734 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
735 This can be done via the CUPS web interface or via command line. The web
736 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
737 </p>
738
739 <pre caption="Install the printer via command line">
740 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
741 </pre>
742
743 <p>
744 Remember to adjust to what you have. Be sure to have the name
745 (<c>-p</c> argument) right (the name you set above during the Samba
746 configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
747 <c>parallel:/dev/blah</c> or whatever device you are using for your
748 printer.
749 </p>
750
751 <p>
752 You should now be able to access the printer from the web interface
753 and be able to print a test page.
754 </p>
755
756 </body>
757 </section>
758 <section>
759 <title>Installing the Windows printer drivers</title>
760 <body>
761
762 <p>
763 Now that the printer should be working it is time to install the drivers
764 for the Windows clients to work. Samba 2.2 introduced this functionality.
765 Browsing to the print server in the Network Neighbourhood, right-clicking
766 on the printershare and selecting "connect" downloads the appropriate
767 drivers automagically to the connecting client, avoiding the hassle of
768 manually installing printer drivers locally.
769 </p>
770
771 <p>
772 There are two sets of printer drivers for this. First, the Adobe PS
773 drivers which can be obtained from <uri
774 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
775 (PostScript printer drivers). Second, there are the CUPS PS drivers,
776 to be obtained from <uri link="http://www.cups.org/software.php">the
777 CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
778 pull down menu. There doesn't seem to be a difference between the
779 functionality of the two, but the Adobe PS drivers need to be extracted
780 on a Windows System since it's a Windows binary. Also the whole procedure
781 of finding and copying the correct files is a bit more hassle. The CUPS
782 drivers seem to support some options the Adobe drivers don't.
783 </p>
784
785 <p>
786 This HOWTO uses the CUPS drivers for Windows. The downloaded file is
787 called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
788 contained into a directory.
789 </p>
790
791 <pre caption="Extract the drivers and run the install">
792 # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
793 # <i>cd cups-samba-5.0rc2</i>
794 <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
795 # <i>./cups-samba.install</i>
796 </pre>
797
798 <p>
799 <path>cups-samba.ss</path> is a TAR archive containing three files:
800 <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
801 <path>cupsui5.dll</path>. These are the actual driver files.
802 </p>
803
804 <warn>
805 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
806 because almost everything which is not part of the base system is
807 installed somewhere under the prefix <path>/usr/local/</path>. This
808 seems not to be the case for most things you install under GNU/Linux.
809 However, if your CUPS installation is somewhere other than
810 <path>/usr/share/cups/</path> see the example below.
811 </warn>
812
813 <p>
814 Suppose your CUPS installation resides under
815 <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
816 Do the following:
817 </p>
818
819 <pre caption="Manually installing the drivers">
820 # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
821 # <i>tar -xf cups-samba.ss</i>
822 <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
823 # <i>cd usr/share/cups/drivers</i>
824 <comment>(no leading / !)</comment>
825 # <i>cp cups* /usr/local/share/cups/drivers</i>
826 </pre>
827
828 <p>
829 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
830 distribution. It's man page is an interesting read.
831 </p>
832
833 <pre caption="Run cupsaddsmb">
834 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
835 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
836 "export all known printers".)</comment>
837 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
838 </pre>
839
840 <warn>
841 The execution of this command often causes the most trouble.
842 Reading through the <uri
843 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
844 thread</uri>.
845 </warn>
846
847 <p>
848 Here are common errors that may happen:
849 </p>
850
851 <ul>
852 <li>
853 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
854 (<c>PrintServer</c>) often does not resolve correctly and doesn't
855 identify the print server for CUPS/Samba interaction. If an error
856 like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
857 skipping!</b> occurs, the first thing you should do is substitute
858 <c>PrintServer</c> with <c>localhost</c> and try it again.
859 </li>
860 <li>
861 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
862 is quite common, but can be triggered by many problems. It's unfortunately
863 not very helpful. One thing to try is to temporarily set <c>security =
864 user</c> in your <path>smb.conf</path>. After/if the installation completes
865 successfully, you should set it back to share, or whatever it was set to
866 before.
867 </li>
868 </ul>
869
870 <p>
871 This should install the correct driver directory structure under
872 <path>/etc/samba/printer</path>. That would be
873 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
874 be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
875 (the name which you gave the printer when installing it (see above).
876 </p>
877
878 <p>
879 Pending no errors or other complications, your drivers are now
880 installed.
881 </p>
882
883 </body>
884 </section>
885 <section>
886 <title>Finalizing our setup</title>
887 <body>
888
889 <p>
890 Lastly, setup our directories.
891 </p>
892
893 <pre caption="Final changes needed">
894 # <i>mkdir /home/samba</i>
895 # <i>mkdir /home/samba/public</i>
896 # <i>chmod 755 /home/samba</i>
897 # <i>chmod 755 /home/samba/public</i>
898 </pre>
899
900 </body>
901 </section>
902 <section>
903 <title>Testing our Samba configuration</title>
904 <body>
905
906 <p>
907 We will want to test our configuration file to ensure that it is formatted
908 properly and all of our options have at least the correct syntax. To do
909 this we run <c>testparm</c>.
910 </p>
911
912 <pre caption="Running the testparm">
913 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
914 # <i>/usr/bin/testparm</i>
915 Load smb config files from /etc/samba/smb.conf
916 Processing section &quot;[printers]&quot;
917 Global parameter guest account found in service section!
918 Processing section &quot;[public]&quot;
919 Global parameter guest account found in service section!
920 Loaded services file OK.
921 Server role: ROLE_STANDALONE
922 Press enter to see a dump of your service definitions
923 ...
924 ...
925 </pre>
926
927 </body>
928 </section>
929 <section>
930 <title>Starting the Samba service</title>
931 <body>
932
933 <p>
934 Now configure Samba to start at bootup; then go ahead and start it.
935 </p>
936
937 <pre caption="Setting up the Samba service">
938 # <i>rc-update add samba default</i>
939 # <i>/etc/init.d/samba start</i>
940 </pre>
941
942 </body>
943 </section>
944 <section>
945 <title>Checking our services</title>
946 <body>
947
948 <p>
949 It would probably be prudent to check our logs at this time also.
950 We will also want to take a peak at our Samba shares using
951 <c>smbclient</c>.
952 </p>
953
954 <pre caption="Checking the shares with smbclient">
955 # <i>smbclient -L localhost</i>
956 Password:
957 <comment>(You should see a BIG list of services here.)</comment>
958 </pre>
959
960 </body>
961 </section>
962 </chapter>
963
964 <chapter>
965 <title>Configuration of the Clients</title>
966 <section>
967 <title>Printer configuration of *nix based clients</title>
968 <body>
969
970 <p>
971 Despite the variation or distribution, the only thing needed is CUPS.
972 Do the equivalent on any other UNIX/Linux/BSD client.
973 </p>
974
975 <pre caption="Configuring a Gentoo system">
976 # <i>emerge cups</i>
977 # <i>/etc/init.d/cupsd start</i>
978 # <i>rc-update add cupsd default</i>
979 </pre>
980
981 <p>
982 That should be it. Nothing else will be needed. Just point your web
983 browser to <c>http://localhost:631</c> on the client and you'll see that
984 PrintServer broadcasts all available printers to all CUPS clients.
985 </p>
986
987 <p>
988 To print, use for example
989 </p>
990
991 <pre caption="Printing in *nix">
992 # <i>lpr -pHPDeskJet930C anything.txt</i>
993 # <i>lpr -PHPDeskJet930C foobar.whatever.ps</i>
994 </pre>
995
996 <p>
997 In order to setup a default printer, you have to edit
998 <path>/etc/cups/client.conf</path> and set the directive
999 <c>ServerName</c> to your printserver. In the case of this guide that
1000 would be the following example.
1001 </p>
1002
1003 <pre caption="/etc/cups/client.conf">
1004 ServerName PrintServer
1005 </pre>
1006
1007 <p>
1008 The following will print <path>foorbar.whatever.ps</path> directly to the print
1009 server.
1010 </p>
1011
1012 <pre caption="Printing to the default printer">
1013 $ <i>lpr foobar.whatever.ps</i>
1014 </pre>
1015
1016 <p>
1017 Some common observations when setting a default printer in this manner
1018 include the following:
1019 </p>
1020
1021 <ul>
1022 <li>
1023 Setting the <c>ServerName</c> in <path>client.conf</path> seems to
1024 work well for only one printer, there may be yet another way to
1025 set a client's default remote printer.
1026 </li>
1027 <li>
1028 Also, when accessing <c>http://localhost:631</c> on the client
1029 now, no printers seem to be "found" by the client-CUPS. This is to
1030 be expected when setting <c>ServerName</c> in
1031 <path>client.conf</path>.
1032 </li>
1033 </ul>
1034
1035 </body>
1036 </section>
1037 <section>
1038 <title>Mounting a Windows or Samba share in GNU/Linux</title>
1039 <body>
1040
1041 <p>
1042 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1043 all compiled at least one kernel, we'll need to make sure we have all the right
1044 options selected in our kernel. For simplicity sake, make it a module for ease
1045 of use. It is the author's opinion that kernel modules are a good thing and
1046 should be used whenever possible.
1047 </p>
1048
1049 <pre caption="Relevant kernel options" >
1050 CONFIG_SMB_FS=m
1051 CONFIG_SMB_UNIX=y
1052 </pre>
1053
1054 <p>
1055 Then make the module/install it; insert them with:
1056 </p>
1057
1058 <pre caption="Loading the kernel module">
1059 # <i>modprobe smbfs</i>
1060 </pre>
1061
1062 <p>
1063 Once the modules is loaded, mounting a Windows or Samba share is
1064 possible. Use <c>mount</c> to accomplish this, as detailed below:
1065 </p>
1066
1067 <pre caption="Mounting a Windows/Samba share">
1068 <comment>(The syntax for mounting a Windows/Samba share is:
1069 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1070 If we are not using passwords or a password is not needed)</comment>
1071
1072 # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1073
1074 <comment>(If a password is needed)</comment>
1075 # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1076 </pre>
1077
1078 <p>
1079 After you mount the share, you would access it as if it were a local
1080 drive.
1081 </p>
1082
1083 </body>
1084 </section>
1085 <section>
1086 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1087 <body>
1088
1089 <p>
1090 That's just a bit of point-and-click. Browse to
1091 <path>\\PrintServer</path> and right click on the printer
1092 (HPDeskJet930C) and click connect. This will download the drivers to
1093 the Windows client and now every application (such as Word or Acrobat)
1094 will offer HPDeskJet930C as an available printer to print to. :-)
1095 </p>
1096
1097 </body>
1098 </section>
1099 </chapter>
1100
1101 <chapter>
1102 <title>Final Notes</title>
1103 <section>
1104 <title>A Fond Farewell</title>
1105 <body>
1106
1107 <p>
1108 Well that should be it. You should now have a successful printing enviroment
1109 that is friendly to both Windows and *nix as well as a fully virus-free working
1110 share!
1111 </p>
1112
1113 </body>
1114 </section>
1115 </chapter>
1116
1117 <chapter>
1118 <title>Links and Resources</title>
1119 <section>
1120 <title>Links</title>
1121 <body>
1122
1123 <p>
1124 These are some links that may help you in setting up, configuration and
1125 troubleshooting your installation:
1126 </p>
1127
1128 <ul>
1129 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1130 <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1131 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1132 <li>
1133 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1134 Pfeifle's Samba Print HOWTO</uri> (
1135 This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1136 I've written here, plus a LOT more concerning CUPS and Samba, and
1137 generally printing support on networks. A really interesting read,
1138 with lots and lots of details)
1139 </li>
1140 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1141 </ul>
1142
1143 </body>
1144 </section>
1145 <section>
1146 <title>Troubleshooting</title>
1147 <body>
1148
1149 <p>
1150 See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1151 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1152 manual. Lots of useful tips there! Be sure to look this one up
1153 first, before posting questions and problems! Maybe the solution
1154 you're looking for is right there.
1155 </p>
1156
1157 </body>
1158 </section>
1159 </chapter>
1160 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20