/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.15 Revision 1.26
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.15 2004/12/21 18:12:19 neysx Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.26 2006/12/25 17:30:26 nightmorph Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4<guide link="quick-samba-howto.xml"> 4<guide link="/doc/en/quick-samba-howto.xml">
5<title>Gentoo Samba3/CUPS/Clam AV HOWTO</title> 5<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6<author title="Author"> 6<author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> 7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8</author> 8</author>
9<author title="Author"> 9<author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> 10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
18 18
19<!-- The content of this document is licensed under the CC-BY-SA license --> 19<!-- The content of this document is licensed under the CC-BY-SA license -->
20<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 20<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21<license/> 21<license/>
22 22
23<version>1.10</version> 23<version>1.15</version>
24<date>2004-12-21</date> 24<date>2006-12-25</date>
25 25
26<chapter> 26<chapter>
27<title>Introduction to this HOWTO</title> 27<title>Introduction to this HOWTO</title>
28<section> 28<section>
29<title>Purpose</title> 29<title>Purpose</title>
107</p> 107</p>
108 108
109<ul> 109<ul>
110 <li>On the Samba server: 110 <li>On the Samba server:
111 <ul> 111 <ul>
112 <li>Install and configure CLAM-AV</li> 112 <li>Install and configure ClamAV</li>
113 <li>Install and configure Samba</li> 113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li> 114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li> 115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li> 116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul> 117 </ul>
157<p> 157<p>
158The main package we use here is net-fs/samba, however, you will need 158The main package we use here is net-fs/samba, however, you will need
159a kernel with smbfs support enabled in order to mount a samba or windows 159a kernel with smbfs support enabled in order to mount a samba or windows
160share from another computer. CUPS will be emerged if it is not already. 160share from another computer. CUPS will be emerged if it is not already.
161app-antivirus/clamav will be used also, but others should be easily adapted 161app-antivirus/clamav will be used also, but others should be easily adapted
162to work with Samba. 162to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
163</p> 164</p>
164 165
165</body> 166</body>
166</section> 167</section>
167</chapter> 168</chapter>
176Before emerging anything, take a look at the various USE flags 177Before emerging anything, take a look at the various USE flags
177available to Samba. 178available to Samba.
178</p> 179</p>
179 180
180<pre caption="Samba uses the following USE Variables:"> 181<pre caption="Samba uses the following USE Variables:">
181kerberos mysql xml acl cups ldap pam readline python oav 182kerberos mysql xml acl cups ldap pam readline python oav libclamav
182</pre> 183</pre>
183 184
184<p> 185<p>
185Depending on the network topology and the specific requirements of 186Depending on the network topology and the specific requirements of
186the server, the USE flags outlined below will define what to include or 187the server, the USE flags outlined below will define what to include or
274 Provides on-access scanning of Samba shares with FRISK F-Prot 275 Provides on-access scanning of Samba shares with FRISK F-Prot
275 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep 276 Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI). 277 (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277 </ti> 278 </ti>
278</tr> 279</tr>
280<tr>
281 <th><b>libclamav</b></th>
282 <ti>
283 Use the ClamAV library instead of the clamd daemon
284 </ti>
285</tr>
279</table> 286</table>
280 287
281<p> 288<p>
282A couple of things worth mentioning about the USE flags and different 289A couple of things worth mentioning about the USE flags and different
283Samba functions include: 290Samba functions include:
292 <li> 299 <li>
293 While Active Directory, ACL, and PDC functions are out of the intended 300 While Active Directory, ACL, and PDC functions are out of the intended
294 scope of this HOWTO, you may find these links as helpful to your cause: 301 scope of this HOWTO, you may find these links as helpful to your cause:
295 <ul> 302 <ul>
296 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li> 303 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
297 <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
298 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li> 304 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
299 </ul> 305 </ul>
300 </li> 306 </li>
301</ul> 307</ul>
302 308
335To optimize performance, size and the time of the build, the 341To optimize performance, size and the time of the build, the
336USE flags are specifically included or excluded. 342USE flags are specifically included or excluded.
337</p> 343</p>
338 344
339<pre caption="Emerge Samba"> 345<pre caption="Emerge Samba">
340<comment>(Note the USE flags!)</comment> 346# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
341# <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i> 347# <i>emerge net-fs/samba</i>
342</pre> 348</pre>
343 349
344<note> 350<note>
345The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86, 351The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346ppc, sparc, hppa, ia64 and alpha 352ppc, sparc, hppa, ia64 and alpha
351</p> 357</p>
352 358
353</body> 359</body>
354</section> 360</section>
355<section> 361<section>
356<title>Emerging Clam AV</title> 362<title>Emerging ClamAV</title>
357<body> 363<body>
358 364
359<p> 365<p>
360Because the <e>oav</e> USE flag only provides an interface to allow on access 366Because the <e>oav</e> USE flag only provides an interface to allow on access
361virus scanning, the actual virus scanner must be emerged. The scanner 367virus scanning, the actual virus scanner must be emerged. The scanner
362used in this HOWTO is Clam AV. 368used in this HOWTO is ClamAV.
363</p> 369</p>
364 370
365<pre caption="Emerge clam-av"> 371<pre caption="Emerge Clamav">
366# <i>emerge app-antivirus/clamav</i> 372# <i>emerge app-antivirus/clamav</i>
367</pre> 373</pre>
368 374
369</body> 375</body>
370</section> 376</section>
446<comment># We now will implement the on access virus scanner. 452<comment># We now will implement the on access virus scanner.
447# NOTE: By putting this in our [Global] section, we enable 453# NOTE: By putting this in our [Global] section, we enable
448# scanning of ALL shares, you could optionally move 454# scanning of ALL shares, you could optionally move
449# these to a specific share and only scan it.</comment> 455# these to a specific share and only scan it.</comment>
450 456
451<comment># For Samba 3.x</comment> 457<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
452vfs object = vscan-clamav 458vfs object = vscan-clamav
453vscan-clamav: config-file = /etc/samba/vscan-clamav.conf 459vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454
455<comment># For Samba 2.2.x</comment>
456vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457vfs options = config-file = /etc/samba/vscan-clamav.conf
458 460
459<comment># Now we setup our print drivers information!</comment> 461<comment># Now we setup our print drivers information!</comment>
460[print$] 462[print$]
461comment = Printer Drivers 463comment = Printer Drivers
462path = /etc/samba/printer <comment># this path holds the driver structure</comment> 464path = /etc/samba/printer <comment># this path holds the driver structure</comment>
515printer user, like <c>printeruser</c> or <c>printer</c> or 517printer user, like <c>printeruser</c> or <c>printer</c> or
516<c>printme</c> or whatever. It doesn't hurt and it will certainly 518<c>printme</c> or whatever. It doesn't hurt and it will certainly
517protect you from a lot of problems. 519protect you from a lot of problems.
518</warn> 520</warn>
519 521
522<warn>
523Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
524down the performance of your Samba server dramatically.
525</warn>
526
520<p> 527<p>
521Now create the directories required for the minimum configuration of 528Now create the directories required for the minimum configuration of
522Samba to share the installed printer throughout the network. 529Samba to share the installed printer throughout the network.
523</p> 530</p>
524 531
558</pre> 565</pre>
559 566
560</body> 567</body>
561</section> 568</section>
562<section> 569<section>
563<title>Configuring Clam AV</title> 570<title>Configuring ClamAV</title>
564<body> 571<body>
565 572
566<p> 573<p>
567The configuration file specified to be used in <path>smb.conf</path> is 574The configuration file specified to be used in <path>smb.conf</path> is
568<path>/etc/samba/vscan-clamav.conf</path>. While these options are set 575<path>/etc/samba/vscan-clamav.conf</path>. While these options are set
624<comment>; an entry is invalidated after lru file entry lifetime (in seconds). 631<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
625; (Default: 5)</comment> 632; (Default: 5)</comment>
626lru file entry lifetime = 5 633lru file entry lifetime = 5
627 634
628<comment>; socket name of clamd (default: /var/run/clamd)</comment> 635<comment>; socket name of clamd (default: /var/run/clamd)</comment>
629clamd socket name = /var/run/clamd 636clamd socket name = /tmp/clamd
637
638<comment>; port number the ScannerDaemon listens on</comment>
639oav port = 8127
630</pre> 640</pre>
631 641
632<p> 642<p>
633It is generally a good idea to start the virus scanner immediately. Add 643It is generally a good idea to start the virus scanner immediately. Add
634it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately. 644it to the <e>default</e> runlevel and then start the <c>clamd</c> service
645immediately. The service has two processes: freshclam keeps the virus definition
646database up to date while clamd is the actual anti-virus daemon. First you may
647want to set the paths of the logfiles so that it fits your needs.
648</p>
649
650<pre caption="Checking the location of the logfiles">
651# <i>vim /etc/clamd.conf</i>
652<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
653# <i>vim /etc/freshclam.conf</i>
654<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
655# <i>vim /etc/conf.d/clamd</i>
656<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
657</pre>
658
659<p>
660Now fire up the virus scanner.
635</p> 661</p>
636 662
637<pre caption="Add clamd to bootup and start it"> 663<pre caption="Add clamd to bootup and start it">
638# <i>rc-update add clamd default</i> 664# <i>rc-update add clamd default</i>
639# <i>/etc/init.d/clamd start</i> 665# <i>/etc/init.d/clamd start</i>
652in the example are the directives that need to be changed: 678in the example are the directives that need to be changed:
653</p> 679</p>
654 680
655<pre caption="/etc/cups/cupsd.conf"> 681<pre caption="/etc/cups/cupsd.conf">
656ServerName <i>PrintServer</i> <comment># your printserver name</comment> 682ServerName <i>PrintServer</i> <comment># your printserver name</comment>
657ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment> 683ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
658 684
659AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> 685AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
660ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> 686ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
661 687
662LogLevel debug <comment># only while isntalling and testing, should later be 688LogLevel debug <comment># only while isntalling and testing, should later be
663 # changed to 'info'</comment> 689 # changed to 'info'</comment>
664 690
665MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, 691MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
666 # there seemed to be a bug in CUPS' controlling of the web interface, 692 # there seemed to be a bug in CUPS' controlling of the web interface,
667 # making CUPS think a denial of service attack was in progress when 693 # making CUPS think a denial of service attack was in progress when
668 # I tried to configure a printer with the web interface. weird.</comment> 694 # I tried to configure a printer with the web interface. weird.</comment>
671 697
672&lt;Location /&gt; 698&lt;Location /&gt;
673Order Deny,Allow 699Order Deny,Allow
674Deny From All 700Deny From All
675Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network 701Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
676 # eg 192.168.1.* will allow connections from any host on 702 # e.g. 192.168.1.* will allow connections from any host on
677 # the 192.168.1.0 network. change to whatever suits you</comment> 703 # the 192.168.1.0 network. change to whatever suits you</comment>
678&lt;/Location&gt; 704&lt;/Location&gt;
679 705
680&lt;Location /admin&gt; 706&lt;Location /admin&gt;
681AuthType Basic 707AuthType Basic
727 753
728<p> 754<p>
729First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to 755First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
730find and download the correct PPD file for your printer and CUPS. To do so, 756find and download the correct PPD file for your printer and CUPS. To do so,
731click the link Printer Listings to the left. Select your printers manufacturer 757click the link Printer Listings to the left. Select your printers manufacturer
732and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On 758and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
733the page coming up click the "recommended driver" link after reading the 759the page coming up click the "recommended driver" link after reading the
734various notes and information. Then fetch the PPD file from the next page, 760various notes and information. Then fetch the PPD file from the next page,
735again after reading the notes and introductions there. You may have to select 761again after reading the notes and introductions there. You may have to select
736your printers manufacturer and model again. Reading the <uri 762your printers manufacturer and model again. Reading the <uri
737link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> 763link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
746interface is found at <path>http://PrintServer:631</path> once CUPS is running. 772interface is found at <path>http://PrintServer:631</path> once CUPS is running.
747</p> 773</p>
748 774
749<pre caption="Install the printer via command line"> 775<pre caption="Install the printer via command line">
750# <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i> 776# <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
777# <i>/etc/init.d/cupsd restart</i>
751</pre> 778</pre>
752 779
753<p> 780<p>
754Remember to adjust to what you have. Be sure to have the name 781Remember to adjust to what you have. Be sure to have the name
755(<c>-p</c> argument) right (the name you set above during the Samba 782(<c>-p</c> argument) right (the name you set above during the Samba
777drivers automagically to the connecting client, avoiding the hassle of 804drivers automagically to the connecting client, avoiding the hassle of
778manually installing printer drivers locally. 805manually installing printer drivers locally.
779</p> 806</p>
780 807
781<p> 808<p>
782There are two sets of printer drivers for this. First, the Adobe PS 809There are two sets of printer drivers for this. First, the Adobe PS drivers
783drivers which can be obtained from <uri 810which can be obtained from <uri
784link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> 811link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
785(PostScript printer drivers). Second, there are the CUPS PS drivers, 812printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
786to be obtained from <uri link="http://www.cups.org/software.php">the 813link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
787CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the 814There doesn't seem to be a difference between the functionality of the two, but
788pull down menu. There doesn't seem to be a difference between the 815the Adobe PS drivers need to be extracted on a Windows System since it's a
789functionality of the two, but the Adobe PS drivers need to be extracted 816Windows binary. Also the whole procedure of finding and copying the correct
790on a Windows System since it's a Windows binary. Also the whole procedure 817files is a bit more hassle. The CUPS drivers seem to support some options the
791of finding and copying the correct files is a bit more hassle. The CUPS 818Adobe drivers don't.
792drivers seem to support some options the Adobe drivers don't.
793</p> 819</p>
820<!--
821used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
822available. at some point, we should update this for 6.0.
823-->
794 824
795<p> 825<p>
796This HOWTO uses the CUPS drivers for Windows. The downloaded file is 826This HOWTO uses the CUPS drivers for Windows. The downloaded file is
797called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files 827called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
798contained into a directory. 828contained into a directory.
810<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and 840<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
811<path>cupsui5.dll</path>. These are the actual driver files. 841<path>cupsui5.dll</path>. These are the actual driver files.
812</p> 842</p>
813 843
814<warn> 844<warn>
815The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD) 845The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
816because almost everything which is not part of the base system is 846because almost everything which is not part of the base system is
817installed somewhere under the prefix <path>/usr/local/</path>. This 847installed somewhere under the prefix <path>/usr/local/</path>. This
818seems not to be the case for most things you install under GNU/Linux. 848seems not to be the case for most things you install under GNU/Linux.
819However, if your CUPS installation is somewhere other than 849However, if your CUPS installation is somewhere other than
820<path>/usr/share/cups/</path> see the example below. 850<path>/usr/share/cups/</path> see the example below.
831# <i>tar -xf cups-samba.ss</i> 861# <i>tar -xf cups-samba.ss</i>
832<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment> 862<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
833# <i>cd usr/share/cups/drivers</i> 863# <i>cd usr/share/cups/drivers</i>
834<comment>(no leading / !)</comment> 864<comment>(no leading / !)</comment>
835# <i>cp cups* /usr/local/share/cups/drivers</i> 865# <i>cp cups* /usr/local/share/cups/drivers</i>
866# <i>/etc/init.d/cupsd restart</i>
836</pre> 867</pre>
837 868
838<p> 869<p>
839Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS 870Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840distribution. It's man page is an interesting read. 871Its man page is an interesting read.
841</p> 872</p>
842 873
843<pre caption="Run cupsaddsmb"> 874<pre caption="Run cupsaddsmb">
844# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i> 875# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845<comment>(Instead of HPDeskJet930C you could also specify "-a", which will 876<comment>(Instead of HPDeskJet930C you could also specify "-a", which will
846"export all known printers".)</comment> 877"export all known printers".)</comment>
847# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i> 878# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
848</pre> 879</pre>
849 880
850<warn> 881<warn>
851The execution of this command often causes the most trouble. 882The execution of this command often causes the most trouble. Read through the
852Reading through the <uri
853link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this 883<uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
854thread</uri>. 884thread</uri> for some troubleshooting tips.
855</warn> 885</warn>
856 886
857<p> 887<p>
858Here are common errors that may happen: 888Here are common errors that may happen:
859</p> 889</p>

Legend:
Removed from v.1.15  
changed lines
  Added in v.1.26

  ViewVC Help
Powered by ViewVC 1.1.20