/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.13 Revision 1.20
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.13 2004/12/18 16:08:58 neysx Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.20 2006/01/01 11:51:43 neysx Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4<guide link="quick-samba-howto.xml"> 4<guide link="quick-samba-howto.xml">
5<title>Gentoo Samba3/CUPS/Clam AV HOWTO</title> 5<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6<author title="Author"> 6<author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> 7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8</author> 8</author>
9<author title="Author"> 9<author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> 10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
18 18
19<!-- The content of this document is licensed under the CC-BY-SA license --> 19<!-- The content of this document is licensed under the CC-BY-SA license -->
20<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 20<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21<license/> 21<license/>
22 22
23<version>1.9</version> 23<version>1.12</version>
24<date>2004-11-24</date> 24<date>2005-03-26</date>
25 25
26<chapter> 26<chapter>
27<title>Introduction to this HOWTO</title> 27<title>Introduction to this HOWTO</title>
28<section> 28<section>
29<title>Purpose</title> 29<title>Purpose</title>
107</p> 107</p>
108 108
109<ul> 109<ul>
110 <li>On the Samba server: 110 <li>On the Samba server:
111 <ul> 111 <ul>
112 <li>Install and configure CLAM-AV</li> 112 <li>Install and configure ClamAV</li>
113 <li>Install and configure Samba</li> 113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li> 114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li> 115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li> 116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul> 117 </ul>
157<p> 157<p>
158The main package we use here is net-fs/samba, however, you will need 158The main package we use here is net-fs/samba, however, you will need
159a kernel with smbfs support enabled in order to mount a samba or windows 159a kernel with smbfs support enabled in order to mount a samba or windows
160share from another computer. CUPS will be emerged if it is not already. 160share from another computer. CUPS will be emerged if it is not already.
161app-antivirus/clamav will be used also, but others should be easily adapted 161app-antivirus/clamav will be used also, but others should be easily adapted
162to work with Samba. 162to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
163</p> 164</p>
164 165
165</body> 166</body>
166</section> 167</section>
167</chapter> 168</chapter>
176Before emerging anything, take a look at the various USE flags 177Before emerging anything, take a look at the various USE flags
177available to Samba. 178available to Samba.
178</p> 179</p>
179 180
180<pre caption="Samba uses the following USE Variables:"> 181<pre caption="Samba uses the following USE Variables:">
181kerberos mysql xml acl cups ldap pam readline python oav 182kerberos mysql xml acl cups ldap pam readline python oav libclamav
182</pre> 183</pre>
183 184
184<p> 185<p>
185Depending on the network topology and the specific requirements of 186Depending on the network topology and the specific requirements of
186the server, the USE flags outlined below will define what to include or 187the server, the USE flags outlined below will define what to include or
274 Provides on-access scanning of Samba shares with FRISK F-Prot 275 Provides on-access scanning of Samba shares with FRISK F-Prot
275 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep 276 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI). 277 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277 </ti> 278 </ti>
278</tr> 279</tr>
280<tr>
281 <th><b>libclamav</b></th>
282 <ti>
283 Use the ClamAV library instead of the clamd daemon
284 </ti>
285</tr>
279</table> 286</table>
280 287
281<p> 288<p>
282A couple of things worth mentioning about the USE flags and different 289A couple of things worth mentioning about the USE flags and different
283Samba functions include: 290Samba functions include:
335To optimize performance, size and the time of the build, the 342To optimize performance, size and the time of the build, the
336USE flags are specifically included or excluded. 343USE flags are specifically included or excluded.
337</p> 344</p>
338 345
339<pre caption="Emerge Samba"> 346<pre caption="Emerge Samba">
340<comment>(Note the USE flags!)</comment> 347# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
341# <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i> 348# <i>emerge net-fs/samba</i>
342</pre> 349</pre>
343 350
344<note> 351<note>
345The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86, 352The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346ppc, sparc, hppa, ia64 and alpha 353ppc, sparc, hppa, ia64 and alpha
351</p> 358</p>
352 359
353</body> 360</body>
354</section> 361</section>
355<section> 362<section>
356<title>Emerging Clam AV</title> 363<title>Emerging ClamAV</title>
357<body> 364<body>
358 365
359<p> 366<p>
360Because the <e>oav</e> USE flag only provides an interface to allow on access 367Because the <e>oav</e> USE flag only provides an interface to allow on access
361virus scanning, the actual virus scanner must be emerged. The scanner 368virus scanning, the actual virus scanner must be emerged. The scanner
362used in this HOWTO is Clam AV. 369used in this HOWTO is ClamAV.
363</p> 370</p>
364 371
365<pre caption="Emerge clam-av"> 372<pre caption="Emerge Clamav">
366# <i>emerge app-antivirus/clamav</i> 373# <i>emerge app-antivirus/clamav</i>
367</pre> 374</pre>
368 375
369</body> 376</body>
370</section> 377</section>
413<pre caption="A Sample /etc/samba/smb.conf"> 420<pre caption="A Sample /etc/samba/smb.conf">
414[global] 421[global]
415<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment> 422<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416workgroup = <comment>MYWORKGROUPNAME</comment> 423workgroup = <comment>MYWORKGROUPNAME</comment>
417<comment># Of course this has no REAL purpose other than letting 424<comment># Of course this has no REAL purpose other than letting
418# everyone know its not Windows! 425# everyone knows it's not Windows!
419# %v prints the version of Samba we are using.</comment> 426# %v prints the version of Samba we are using.</comment>
420server string = Samba Server %v 427server string = Samba Server %v
421<comment># We are going to use cups, so we are going to put it in here ;-)</comment> 428<comment># We are going to use cups, so we are going to put it in here ;-)</comment>
422printcap name = cups 429printcap name = cups
423printing = cups 430printing = cups
446<comment># We now will implement the on access virus scanner. 453<comment># We now will implement the on access virus scanner.
447# NOTE: By putting this in our [Global] section, we enable 454# NOTE: By putting this in our [Global] section, we enable
448# scanning of ALL shares, you could optionally move 455# scanning of ALL shares, you could optionally move
449# these to a specific share and only scan it.</comment> 456# these to a specific share and only scan it.</comment>
450 457
451<comment># For Samba 3.x</comment> 458<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
452vfs object = vscan-clamav 459vfs object = vscan-clamav
453vscan-clamav: config-file = /etc/samba/vscan-clamav.conf 460vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454
455<comment># For Samba 2.2.x</comment>
456vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457vfs options = config-file = /etc/samba/vscan-clamav.conf
458 461
459<comment># Now we setup our print drivers information!</comment> 462<comment># Now we setup our print drivers information!</comment>
460[print$] 463[print$]
461comment = Printer Drivers 464comment = Printer Drivers
462path = /etc/samba/printer <comment># this path holds the driver structure</comment> 465path = /etc/samba/printer <comment># this path holds the driver structure</comment>
515printer user, like <c>printeruser</c> or <c>printer</c> or 518printer user, like <c>printeruser</c> or <c>printer</c> or
516<c>printme</c> or whatever. It doesn't hurt and it will certainly 519<c>printme</c> or whatever. It doesn't hurt and it will certainly
517protect you from a lot of problems. 520protect you from a lot of problems.
518</warn> 521</warn>
519 522
523<warn>
524Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
525down the performance of your Samba server dramatically.
526</warn>
527
520<p> 528<p>
521Now create the directories required for the minimum configuration of 529Now create the directories required for the minimum configuration of
522Samba to share the installed printer throughout the network. 530Samba to share the installed printer throughout the network.
523</p> 531</p>
524 532
558</pre> 566</pre>
559 567
560</body> 568</body>
561</section> 569</section>
562<section> 570<section>
563<title>Configuring Clam AV</title> 571<title>Configuring ClamAV</title>
564<body> 572<body>
565 573
566<p> 574<p>
567The configuration file specified to be used in <path>smb.conf</path> is 575The configuration file specified to be used in <path>smb.conf</path> is
568<path>/etc/samba/vscan-clamav.conf</path>. While these options are set 576<path>/etc/samba/vscan-clamav.conf</path>. While these options are set
624<comment>; an entry is invalidated after lru file entry lifetime (in seconds). 632<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
625; (Default: 5)</comment> 633; (Default: 5)</comment>
626lru file entry lifetime = 5 634lru file entry lifetime = 5
627 635
628<comment>; socket name of clamd (default: /var/run/clamd)</comment> 636<comment>; socket name of clamd (default: /var/run/clamd)</comment>
629clamd socket name = /var/run/clamd 637clamd socket name = /tmp/clamd
638
639<comment>; port number the ScannerDaemon listens on</comment>
640oav port = 8127
630</pre> 641</pre>
631 642
632<p> 643<p>
633It is generally a good idea to start the virus scanner immediately. Add 644It is generally a good idea to start the virus scanner immediately. Add
634it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately. 645it to the <e>default</e> runlevel and then start the <c>clamd</c> service
646immediately. The service has two processes: freshclam keeps the virus definition
647database up to date while clamd is the actual anti-virus daemon. First you may
648want to set the paths of the logfiles so that it fits your needs.
649</p>
650
651<pre caption="Checking the location of the logfiles">
652# <i>vim /etc/clamd.conf</i>
653<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
654# <i>vim /etc/freshclam.conf</i>
655<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
656# <i>vim /etc/conf.d/clamd</i>
657<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
658</pre>
659
660<p>
661Now fire up the virus scanner.
635</p> 662</p>
636 663
637<pre caption="Add clamd to bootup and start it"> 664<pre caption="Add clamd to bootup and start it">
638# <i>rc-update add clamd default</i> 665# <i>rc-update add clamd default</i>
639# <i>/etc/init.d/clamd start</i> 666# <i>/etc/init.d/clamd start</i>
658 685
659AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> 686AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
660ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> 687ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
661 688
662LogLevel debug <comment># only while isntalling and testing, should later be 689LogLevel debug <comment># only while isntalling and testing, should later be
663 # changed to 'info'</comment> 690 # changed to 'info'</comment>
664 691
665MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, 692MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
666 # there seemed to be a bug in CUPS' controlling of the web interface, 693 # there seemed to be a bug in CUPS' controlling of the web interface,
667 # making CUPS think a denial of service attack was in progress when 694 # making CUPS think a denial of service attack was in progress when
668 # I tried to configure a printer with the web interface. weird.</comment> 695 # I tried to configure a printer with the web interface. weird.</comment>
713</p> 740</p>
714 741
715<pre caption="Setting up the CUPS service" > 742<pre caption="Setting up the CUPS service" >
716<comment>(To start CUPS on boot)</comment> 743<comment>(To start CUPS on boot)</comment>
717# <i>rc-update add cupsd default</i> 744# <i>rc-update add cupsd default</i>
718<comment>(To start CUPS if it isn't started)</comment> 745<comment>(To start or restart CUPS now)</comment>
719# <i>/etc/init.d/cupsd start</i>
720<comment>(If CUPS is already started we'll need to restart it!)</comment>
721# <i>/etc/init.d/cupsd restart</i> 746# <i>/etc/init.d/cupsd restart</i>
722</pre> 747</pre>
723 748
724</body> 749</body>
725</section> 750</section>

Legend:
Removed from v.1.13  
changed lines
  Added in v.1.20

  ViewVC Help
Powered by ViewVC 1.1.20