/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1 Revision 1.28
1<?xml version = '1.0' encoding = 'UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.28 2007/06/06 22:42:25 nightmorph Exp $ -->
2<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
3<guide link="quick-samba-howto.xml"> 4<guide link="/doc/en/quick-samba-howto.xml">
4<title>Gentoo Samba3/CUPS/clamav HOWTO</title> 5<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
5<author title="Author"> 6<author title="Author">
6 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> 7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
7</author> 8</author>
8<author title="Author"> 9<author title="Author">
9 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> 10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
10</author> 11</author>
11 12
12<abstract> 13<abstract>
13Setup, install and configure a Samba Server under Gentoo that shares 14Setup, install and configure a Samba Server under Gentoo that shares
14files, printers without the need to install drivers and provides 15files, printers without the need to install drivers and provides
15automatic virus scanning. 16automatic virus scanning.
16</abstract> 17</abstract>
17 18
18<!-- The content of this document is licensed under the CC-BY-SA license --> 19<!-- The content of this document is licensed under the CC-BY-SA license -->
19<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 20<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
20<license/> 21<license/>
21 22
22<version>1.1</version> 23<version>1.17</version>
23<date>May 09, 2004</date> 24<date>2007-06-06</date>
24 25
25<chapter> 26<chapter>
26<title>Introduction to this HOWTO</title> 27<title>Introduction to this HOWTO</title>
27<section> 28<section>
28<title>Purpose</title> 29<title>Purpose</title>
29<body> 30<body>
30 31
31<p> 32<p>
32This HOWTO is designed to help you move a network from many different 33This HOWTO is designed to help you move a network from many different
33clients speaking different languages, to many different manchines that 34clients speaking different languages, to many different machines that
34speak a common language. The ultimate goal is to help differing 35speak a common language. The ultimate goal is to help differing
35architechures and technologies, come together in a productive, 36architectures and technologies, come together in a productive,
36happily coexistant environment. 37happily coexisting environment.
37</p> 38</p>
38 39
39<p> 40<p>
40Following the directions outlined in this HOWTO should give you an 41Following the directions outlined in this HOWTO should give you an
41excellent step towards a peaceful cohabitation between Windows, and 42excellent step towards a peaceful cohabitation between Windows, and
85<section> 86<section>
86<title>Before you use this guide</title> 87<title>Before you use this guide</title>
87<body> 88<body>
88 89
89<p> 90<p>
90There are a several other guides for setting up CUPS and/or Samba, 91There are a several other guides for setting up CUPS and/or Samba, please read
91please read them as well, as they may tell you things left out of this 92them as well, as they may tell you things left out of this HOWTO (intentional
92HOWTO (intentional or otherwise). One such document is the very useful 93or otherwise). One such document is the very useful and well written <uri
93and well written <uri link="http://www.gentoo.org/doc/en/printing-howto.xml">Gentoo 94link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
94Printing Guide</uri>, as configuration issues and specific printer setup 95issues and specific printer setup is not discussed here.
95is not discussed here.
96</p> 96</p>
97 97
98</body> 98</body>
99</section> 99</section>
100<section> 100<section>
107</p> 107</p>
108 108
109<ul> 109<ul>
110 <li>On the Samba server: 110 <li>On the Samba server:
111 <ul> 111 <ul>
112 <li>Install and configure CLAM-AV</li> 112 <li>Install and configure ClamAV</li>
113 <li>Install and configure Samba</li> 113 <li>Install and configure Samba</li>
114 <li>Install and configure CUPS</li> 114 <li>Install and configure CUPS</li>
115 <li>Adding the printer to CUPS</li> 115 <li>Adding the printer to CUPS</li>
116 <li>Adding the PS drivers for the Windows clients</li> 116 <li>Adding the PS drivers for the Windows clients</li>
117 </ul> 117 </ul>
141We will need the following: 141We will need the following:
142</p> 142</p>
143 143
144<ul> 144<ul>
145 <li>net-fs/samba</li> 145 <li>net-fs/samba</li>
146 <li>net-mail/clamav</li> 146 <li>app-antivirus/clamav</li>
147 <li>net-print/cups</li> 147 <li>net-print/cups</li>
148 <li>net-print/foomatic</li> 148 <li>net-print/foomatic</li>
149 <li>net-print/hpijs (if you have an HP printer)</li> 149 <li>net-print/hplip (if you have an HP printer)</li>
150 <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li> 150 <li>A kernel of sorts (2.6)</li>
151 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li> 151 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152 <li> 152 <li>
153 A working network (home/office/etc) consisting of more than one machine) 153 A working network (home/office/etc) consisting of more than one machine)
154 </li> 154 </li>
155</ul> 155</ul>
156 156
157<p> 157<p>
158The main package we use here is net-fs/samba, however, you will need 158The main package we use here is net-fs/samba, however, you will need
159a kernel with smbfs support enabled in order to mount a samba or windows 159a kernel with smbfs support enabled in order to mount a samba or windows
160share from another computer. CUPS will be emerged if it is not already. 160share from another computer. CUPS will be emerged if it is not already.
161net-mail/clamav will be used also, but others should be easily adapted 161app-antivirus/clamav will be used also, but others should be easily adapted
162to work with Samba. 162to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
163technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
163</p> 164</p>
164 165
165</body> 166</body>
166</section> 167</section>
167</chapter> 168</chapter>
169
168<chapter> 170<chapter>
169<title>Getting acquainted with Samba</title> 171<title>Getting acquainted with Samba</title>
170<section> 172<section>
171<title>The USE Flags</title> 173<title>The USE Flags</title>
172<body> 174<body>
173 175
174<p> 176<p>
175Before emerging anything, take a look at the various USE flags 177Before emerging anything, take a look at some of the various USE flags available
176available to Samba. 178to Samba.
177</p> 179</p>
178 180
179<pre caption="Samba uses the following USE Variables:"> 181<pre caption="Samba uses the following USE Variables:">
180kerberos mysql xml acl cups ldap pam readline python oav 182kerberos acl cups ldap pam readline python oav
181</pre> 183</pre>
182 184
183<p> 185<p>
184Depending on the network topology and the specific requirements of 186Depending on the network topology and the specific requirements of
185the server, the USE flags outlined below will define what to include or 187the server, the USE flags outlined below will define what to include or
195 <th><b>kerberos</b></th> 197 <th><b>kerberos</b></th>
196 <ti> 198 <ti>
197 Include support for Kerberos. The server will need this if it is 199 Include support for Kerberos. The server will need this if it is
198 intended to join an existing domain or Active Directory. See the note 200 intended to join an existing domain or Active Directory. See the note
199 below for more information. 201 below for more information.
200 </ti>
201</tr>
202<tr>
203 <th><b>mysql</b></th>
204 <ti>
205 This will allow Samba to use MySQL in order to do password authentication.
206 It will store ACLs, usernames, passwords, etc in a database versus a
207 flat file. If Samba is needed to do password authentication, such as
208 acting as a password validation server or a Primary Domain Controller
209 (PDC).
210 </ti>
211</tr>
212<tr>
213 <th><b>xml</b></th>
214 <ti>
215 The xml USE option for Samba provides a password database backend allowing
216 Samba to store account details in XML files, for the same reasons listed in
217 the mysql USE flag description.
218 </ti> 202 </ti>
219</tr> 203</tr>
220<tr> 204<tr>
221 <th><b>acl</b></th> 205 <th><b>acl</b></th>
222 <ti> 206 <ti>
254 </ti> 238 </ti>
255</tr> 239</tr>
256<tr> 240<tr>
257 <th><b>readline</b></th> 241 <th><b>readline</b></th>
258 <ti> 242 <ti>
259 Link Samba again libreadline. This is highly recommended and should 243 Link Samba against libreadline. This is highly recommended and should
260 probably not be disabled 244 probably not be disabled
261 </ti> 245 </ti>
262</tr> 246</tr>
263<tr> 247<tr>
264 <th><b>python</b></th> 248 <th><b>python</b></th>
291 <li> 275 <li>
292 While Active Directory, ACL, and PDC functions are out of the intended 276 While Active Directory, ACL, and PDC functions are out of the intended
293 scope of this HOWTO, you may find these links as helpful to your cause: 277 scope of this HOWTO, you may find these links as helpful to your cause:
294 <ul> 278 <ul>
295 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li> 279 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
296 <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
297 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li> 280 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
298 </ul> 281 </ul>
299 </li> 282 </li>
300</ul> 283</ul>
301 284
302</body> 285</body>
303</section> 286</section>
304</chapter> 287</chapter>
288
305<chapter> 289<chapter>
306<title>Server Software Installation</title> 290<title>Server Software Installation</title>
307<section> 291<section>
308<title>Emerging Samba</title> 292<title>Emerging Samba</title>
309<body> 293<body>
310 294
311<p> 295<p>
312First of all: be sure that all your hostnames resolve correctly. 296First of all: be sure that all your hostnames resolve correctly.
313Either have a working domain name system running on your network 297Either have a working domain name system running on your network
314or appropriate entries in your /etc/hosts file. cupsaddsmb often 298or appropriate entries in your <path>/etc/hosts</path> file.
315borks if hostnames don't point to the correct machines. 299<c>cupsaddsmb</c> often borks if hostnames don't point to the correct
300machines.
316</p> 301</p>
317 302
318<p> 303<p>
319Hopefully now you can make an assessment of what you'll actually need in 304Hopefully now you can make an assessment of what you'll actually need in
320order to use Samba with your particular setup. The setup used for this 305order to use Samba with your particular setup. The setup used for this
332To optimize performance, size and the time of the build, the 317To optimize performance, size and the time of the build, the
333USE flags are specifically included or excluded. 318USE flags are specifically included or excluded.
334</p> 319</p>
335 320
336<pre caption="Emerge Samba"> 321<pre caption="Emerge Samba">
337<comment>(Note the USE flags!)</comment> 322# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
338# <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i> 323# <i>emerge net-fs/samba</i>
339</pre> 324</pre>
340 325
341<note> 326<note>
342The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86, 327The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
343ppc, sparc, hppa, ia64 and alpha 328ppc, sparc, hppa, ia64 and alpha
348</p> 333</p>
349 334
350</body> 335</body>
351</section> 336</section>
352<section> 337<section>
353<title>Emerging clam-av</title> 338<title>Emerging ClamAV</title>
354<body> 339<body>
355 340
356<p> 341<p>
357Because the oav USE flag only provides an interface to allow on access 342Because the <e>oav</e> USE flag only provides an interface to allow on access
358virus scanning, the actual virus scanner must be emerged. The scanner 343virus scanning, the actual virus scanner must be emerged. The scanner
359used in this HOWTO is <e>net-mail/clamav</e>. 344used in this HOWTO is ClamAV.
360</p> 345</p>
361 346
362<pre caption="Emerge clam-av"> 347<pre caption="Emerge Clamav">
363# <i>emerge net-mail/clamav</i> 348# <i>emerge app-antivirus/clamav</i>
364</pre> 349</pre>
365 350
366</body> 351</body>
367</section> 352</section>
368<section> 353<section>
374</pre> 359</pre>
375 360
376</body> 361</body>
377</section> 362</section>
378<section> 363<section>
379<title>Emerging net-print/hpijs</title> 364<title>Emerging net-print/hplip</title>
380<body> 365<body>
381 366
382<p> 367<p>
383You only need to emerge this if you use an HP printer. 368You only need to emerge this if you use an HP printer.
384</p> 369</p>
385 370
386<pre caption="Emerge hpijs"> 371<pre caption="Emerge hplip">
387# <i>emerge net-mail/hpijs</i> 372# <i>emerge net-print/hplip</i>
388</pre> 373</pre>
389 374
390</body> 375</body>
391</section> 376</section>
392</chapter> 377</chapter>
378
393<chapter> 379<chapter>
394<title>Server Configuration</title> 380<title>Server Configuration</title>
395<section> 381<section>
396<title>Configuring Samba</title> 382<title>Configuring Samba</title>
397<body> 383<body>
399<p> 385<p>
400The main Samba configuration file is <path>/etc/samba/smb.conf</path>. 386The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
401It is divided in sections indicated by [sectionname]. Comments are either 387It is divided in sections indicated by [sectionname]. Comments are either
402# or ;. A sample <path>smb.conf</path> is included below with comments and 388# or ;. A sample <path>smb.conf</path> is included below with comments and
403suggestions for modifications. If more details are required, see the 389suggestions for modifications. If more details are required, see the
404man page for <path>smb.conf</path>, the installed smb.conf.example, the Samba 390man page for <path>smb.conf</path>, the installed
405Web site or any of the numerous Samba books available. 391<path>smb.conf.example</path>, the Samba Web site or any of the
392numerous Samba books available.
406</p> 393</p>
407 394
408<pre caption="A Sample /etc/samba/smb.conf"> 395<pre caption="A Sample /etc/samba/smb.conf">
409[global] 396[global]
410<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment> 397<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
411workgroup = <comment>MYWORKGROUPNAME</comment> 398workgroup = <comment>MYWORKGROUPNAME</comment>
412<comment># Of course this has no REAL purpose other than letting 399<comment># Of course this has no REAL purpose other than letting
413# everyone know its not Windows! 400# everyone knows it's not Windows!
414# %v prints the version of Samba we are using.</comment> 401# %v prints the version of Samba we are using.</comment>
415server string = Samba Server %v 402server string = Samba Server %v
416<comment># We are going to use cups, so we are going to put it in here ;-)</comment> 403<comment># We are going to use cups, so we are going to put it in here ;-)</comment>
417printcap name = cups 404printcap name = cups
418printing = cups 405printing = cups
440guest ok = yes 427guest ok = yes
441<comment># We now will implement the on access virus scanner. 428<comment># We now will implement the on access virus scanner.
442# NOTE: By putting this in our [Global] section, we enable 429# NOTE: By putting this in our [Global] section, we enable
443# scanning of ALL shares, you could optionally move 430# scanning of ALL shares, you could optionally move
444# these to a specific share and only scan it.</comment> 431# these to a specific share and only scan it.</comment>
445vfs object = /usr/lib/samba/vfs/vscan-clamav.so 432
433<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
434vfs object = vscan-clamav
446vfs options = config-file = /etc/samba/vscan-clamav.conf 435vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
447 436
448<comment># Now we setup our print drivers information!</comment> 437<comment># Now we setup our print drivers information!</comment>
449[print$] 438[print$]
450comment = Printer Drivers 439comment = Printer Drivers
451path = /etc/samba/printer <comment># this path holds the driver structure</comment> 440path = /etc/samba/printer <comment># this path holds the driver structure</comment>
452guest ok = no 441guest ok = yes
453browseable = yes 442browseable = yes
454read only = yes 443read only = yes
455<comment># Modify this to "username,root" if you don't want root to 444<comment># Modify this to "username,root" if you don't want root to
456# be the only printer admin)</comment> 445# be the only printer admin)</comment>
457write list = <i>root</i> 446write list = <i>root</i>
470 459
471<comment># Now we setup our printers share. This should be 460<comment># Now we setup our printers share. This should be
472# browseable, printable, public.</comment> 461# browseable, printable, public.</comment>
473[printers] 462[printers]
474comment = All Printers 463comment = All Printers
475browseable = yes 464browseable = no
476printable = yes 465printable = yes
466writable = no
477public = yes 467public = yes
478guest ok = yes 468guest ok = yes
479path = /var/spool/samba 469path = /var/spool/samba
480<comment># Modify this to "username,root" if you don't want root to 470<comment># Modify this to "username,root" if you don't want root to
481# be the only printer admin)</comment> 471# be the only printer admin)</comment>
491create mode = 0766 481create mode = 0766
492guest ok = yes 482guest ok = yes
493path = /home/samba/public 483path = /home/samba/public
494</pre> 484</pre>
495 485
496<p> 486<warn>
497There are several warnings that we should put here:
498</p>
499
500<ul>
501 <li>
502 If you like to use Samba's guest account to do anything concerning 487If you like to use Samba's guest account to do anything concerning
503 printing from Windows clients: don't 488printing from Windows clients: don't set <c>guest only = yes</c> in
504 </li> 489the <c>[global]</c> section. The guest account seems to cause
505 <li>Don't set guest only = yes in the global section</li> 490problems when running <c>cupsaddsmb</c> sometimes when trying to
506 <li>
507 The guest account seems to cause problems when running cupsaddsmb sometimes
508 when trying to connect from Windows machines. See below, too, when we talk 491connect from Windows machines. See below, too, when we talk about
509 about cupsaddsmb and the problems that can arise. Use a dedicated printer 492<c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
510 user, like "printeruser" or "printer" or "printme" or whatever. It doesn't 493printer user, like <c>printeruser</c> or <c>printer</c> or
511 hurt and it will certainly protect you from a lot of problems. 494<c>printme</c> or whatever. It doesn't hurt and it will certainly
512 </li> 495protect you from a lot of problems.
513</ul> 496</warn>
497
498<warn>
499Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
500down the performance of your Samba server dramatically.
501</warn>
514 502
515<p> 503<p>
516Now create the directories required for the minimum configuration of 504Now create the directories required for the minimum configuration of
517Samba to share the installed printer throughout the network. 505Samba to share the installed printer throughout the network.
518</p> 506</p>
539<p> 527<p>
540The Samba passwords need not be the same as the system passwords 528The Samba passwords need not be the same as the system passwords
541in <path>/etc/passwd</path>. 529in <path>/etc/passwd</path>.
542</p> 530</p>
543 531
532<p>
533You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
534systems can be found easily using NetBIOS:
535</p>
536
537<pre caption="Editing /etc/nsswitch.conf">
538# <i>nano -w /etc/nsswitch.conf</i>
539<comment>(Edit the hosts: line)</comment>
540hosts: files dns <i>wins</i>
541</pre>
542
544</body> 543</body>
545</section>
546<section> 544</section>
545<section>
547<title>Configuring clam-av</title> 546<title>Configuring ClamAV</title>
548<body> 547<body>
549 548
550<p> 549<p>
551The configuration file specified to be used in <path>smb.conf</path> is 550The configuration file specified to be used in <path>smb.conf</path> is
552<path>/etc/samba/vscan-clamav.conf</path>. While these options are set 551<path>/etc/samba/vscan-clamav.conf</path>. While these options are set
575 574
576<comment>; if communication to clamd fails, should access to file denied? 575<comment>; if communication to clamd fails, should access to file denied?
577; (default: yes)</comment> 576; (default: yes)</comment>
578deny access on error = yes 577deny access on error = yes
579 578
580<comment>; if daemon files with a minor error (corruption, etc.), 579<comment>; if daemon fails with a minor error (corruption, etc.),
581; should access to file denied? 580; should access to file denied?
582; (default: yes)</comment> 581; (default: yes)</comment>
583deny access on minor error = yes 582deny access on minor error = yes
584 583
585<comment>; send a warning message via Windows Messenger service 584<comment>; send a warning message via Windows Messenger service
603; of period, samba-vscan use a last recently used file mechanism to avoid 602; of period, samba-vscan use a last recently used file mechanism to avoid
604; multiple scans of a file. This setting specified the maximum number of 603; multiple scans of a file. This setting specified the maximum number of
605; elements of the last recently used file list. (default: 100)</comment> 604; elements of the last recently used file list. (default: 100)</comment>
606max lru files entries = 100 605max lru files entries = 100
607 606
608<comment>; an entry is invalidad after lru file entry lifetime (in seconds). 607<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
609; (Default: 5)</comment> 608; (Default: 5)</comment>
610lru file entry lifetime = 5 609lru file entry lifetime = 5
611 610
612<comment>; socket name of clamd (default: /var/run/clamd)</comment> 611<comment>; socket name of clamd (default: /var/run/clamd)</comment>
613clamd socket name = /var/run/clamd 612clamd socket name = /tmp/clamd
613
614<comment>; port number the ScannerDaemon listens on</comment>
615oav port = 8127
614</pre> 616</pre>
615 617
616<p> 618<p>
617It is generally a good idea to start the virus scanner immediately. Add 619It is generally a good idea to start the virus scanner immediately. Add
618it to the default runlevel and then start the clamd service immediately. 620it to the <e>default</e> runlevel and then start the <c>clamd</c> service
621immediately. The service has two processes: freshclam keeps the virus definition
622database up to date while clamd is the actual anti-virus daemon. First you may
623want to set the paths of the logfiles so that it fits your needs.
624</p>
625
626<pre caption="Checking the location of the logfiles">
627# <i>vim /etc/clamd.conf</i>
628<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
629# <i>vim /etc/freshclam.conf</i>
630<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
631# <i>vim /etc/conf.d/clamd</i>
632<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
633</pre>
634
635<p>
636Now fire up the virus scanner.
619</p> 637</p>
620 638
621<pre caption="Add clamd to bootup and start it"> 639<pre caption="Add clamd to bootup and start it">
622# <i>rc-update add clamd default</i> 640# <i>rc-update add clamd default</i>
623# <i>/etc/init.d/clamd start</i> 641# <i>/etc/init.d/clamd start</i>
628<section> 646<section>
629<title>Configuring CUPS</title> 647<title>Configuring CUPS</title>
630<body> 648<body>
631 649
632<p> 650<p>
633This is a little more complicated). CUPS' main config file is 651This is a little more complicated. CUPS' main config file is
634<path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's 652<path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
635<path>httpd.conf</path> file, so many you may find it familiar. Outlined 653<path>httpd.conf</path> file, so many you may find it familiar. Outlined
636in the example are the directives that need to be changed: 654in the example are the directives that need to be changed:
637</p> 655</p>
638 656
639<pre caption="/etc/cups/cupsd.conf"> 657<pre caption="/etc/cups/cupsd.conf">
640ServerName <i>PrintServer</i> <comment># your printserver name</comment> 658ServerName <i>PrintServer</i> <comment># your printserver name</comment>
641ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment> 659ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
642 660
643AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> 661AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
644ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> 662ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
645 663
646LogLevel debug <comment># only while isntalling and testing, should later be 664LogLevel debug <comment># only while isntalling and testing, should later be
647 # changed to 'info'</comment> 665 # changed to 'info'</comment>
648 666
649MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, 667MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
650 # there seemed to be a bug in CUPS' controlling of the web interface, 668 # there seemed to be a bug in CUPS' controlling of the web interface,
651 # making CUPS think a denial of service attack was in progress when 669 # making CUPS think a denial of service attack was in progress when
652 # I tried to configure a printer with the web interface. weird.</comment> 670 # I tried to configure a printer with the web interface. weird.</comment>
655 673
656&lt;Location /&gt; 674&lt;Location /&gt;
657Order Deny,Allow 675Order Deny,Allow
658Deny From All 676Deny From All
659Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network 677Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
660 # eg 192.168.1.* will allow connections from any host on 678 # e.g. 192.168.1.* will allow connections from any host on
661 # the 192.168.1.0 network. change to whatever suits you</comment> 679 # the 192.168.1.0 network. change to whatever suits you</comment>
662&lt;/Location&gt; 680&lt;/Location&gt;
663 681
664&lt;Location /admin&gt; 682&lt;Location /admin&gt;
665AuthType Basic 683AuthType Basic
672&lt;/Location&gt; 690&lt;/Location&gt;
673</pre> 691</pre>
674 692
675<p> 693<p>
676Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. 694Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
677The changes to mime.convs and mime.types are needed to make CUPSprint Microsoft Office document files. 695The changes to <path>mime.convs</path> and <path>mime.types</path> are
696needed to make CUPS print Microsoft Office document files.
678</p> 697</p>
679 698
680<pre caption="/etc/cups/mime.convs"> 699<pre caption="/etc/cups/mime.convs">
681<comment>(The following line is found near the end of the file. Uncomment it)</comment> 700<comment>(The following line is found near the end of the file. Uncomment it)</comment>
682application/octet-stream application/vnd.cups-raw 0 701application/octet-stream application/vnd.cups-raw 0
683</pre> 702</pre>
684 703
685<p> 704<p>
686Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. 705Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
687</p> 706</p>
688 707
689<pre caption="/etc/cups/mime.types"> 708<pre caption="/etc/cups/mime.types">
690<comment>(The following line is found near the end of the file. Uncomment it)</comment> 709<comment>(The following line is found near the end of the file. Uncomment it)</comment>
691application/octet-stream 710application/octet-stream
696</p> 715</p>
697 716
698<pre caption="Setting up the CUPS service" > 717<pre caption="Setting up the CUPS service" >
699<comment>(To start CUPS on boot)</comment> 718<comment>(To start CUPS on boot)</comment>
700# <i>rc-update add cupsd default</i> 719# <i>rc-update add cupsd default</i>
701<comment>(To start CUPS if it isn't started)</comment> 720<comment>(To start or restart CUPS now)</comment>
702# <i>/etc/init.d/cupsd start</i>
703<comment>(If CUPS is already started we'll need to restart it!)</comment>
704# <i>/etc/init.d/cupsd restart</i> 721# <i>/etc/init.d/cupsd restart</i>
705</pre> 722</pre>
706 723
707</body> 724</body>
708</section> 725</section>
709<section> 726<section>
710<title>Installing a printer for and with CUPS</title> 727<title>Installing a printer for and with CUPS</title>
711<body> 728<body>
712 729
713<p> 730<p>
714First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> 731First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
715to find and download the correct PPD file for your printer and CUPS. To 732find and download the correct PPD file for your printer and CUPS. To do so,
716do so, click the link Printer Listings to the left. Select your 733click the link Printer Listings to the left. Select your printers manufacturer
717printers manufacturer and the model in the pulldown menu, eg HP and 734and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
718DeskJet 930C. Click "Show". On the page coming up click the "recommended 735the page coming up click the "recommended driver" link after reading the
719driver" link after reading the various notes and information. Then fetch 736various notes and information. Then fetch the PPD file from the next page,
720the PPD file from the next page, again after reading the notes and 737again after reading the notes and introductions there. You may have to select
721introductions there. You may have to select your printers manufacturer 738your printers manufacturer and model again. Reading the <uri
722and model again. Reading the <uri link="http://www.linuxprinting.org/cups-doc.html">CUPS 739link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
723quickstart guide</uri> is also very helpful when working with CUPS. 740is also very helpful when working with CUPS.
724</p> 741</p>
725 742
726<p> 743<p>
727Now you have a PPD file for your printer to work with CUPS. Place it in 744Now you have a PPD file for your printer to work with CUPS. Place it in
728<path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was 745<path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
729named HP-DeskJet_930C-hpijs.ppd. You should now install the printer. 746named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
730This can be done via the CUPS web interface or via command line. The web 747This can be done via the CUPS web interface or via command line. The web
731interface is found at http://PrintServer:631 once CUPS is running. 748interface is found at <path>http://PrintServer:631</path> once CUPS is running.
732</p> 749</p>
733 750
734<pre caption="Install the printer via command line"> 751<pre caption="Install the printer via command line">
735# <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i> 752# <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
753# <i>/etc/init.d/cupsd restart</i>
736</pre> 754</pre>
737 755
738<p> 756<p>
739Remember to adjust to what you have. Be sure to have the name (-p) right (the 757Remember to adjust to what you have. Be sure to have the name
740name you set above during the Samba configuration!) and to put in the 758(<c>-p</c> argument) right (the name you set above during the Samba
741correct usb:/dev/usb/blah, parallel:/dev/blah or whatever device you 759configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
742are using for your printer. 760<c>parallel:/dev/blah</c> or whatever device you are using for your
743</p> 761printer.
744
745<p> 762</p>
763
764<p>
746You should now be able to access the printer from the web interface. You 765You should now be able to access the printer from the web interface
747should now be able to print a test page. 766and be able to print a test page.
748</p> 767</p>
749 768
750</body> 769</body>
751</section> 770</section>
752<section> 771<section>
761drivers automagically to the connecting client, avoiding the hassle of 780drivers automagically to the connecting client, avoiding the hassle of
762manually installing printer drivers locally. 781manually installing printer drivers locally.
763</p> 782</p>
764 783
765<p> 784<p>
766There are two sets of printer drivers for this. First, the Adobe PS 785There are two sets of printer drivers for this. First, the Adobe PS drivers
767drivers which can be obtained from <uri 786which can be obtained from <uri
768link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> 787link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
769(PostScript printer drivers). Second, there are the CUPS PS drivers, 788printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri
770to be obtained from <uri link="http://www.cups.org/software.php">the 789link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.
771CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the 790There doesn't seem to be a difference between the functionality of the two, but
772pull down menu. There doesn't seem to be a difference between the 791the Adobe PS drivers need to be extracted on a Windows System since it's a
773functionality of the two, but the Adobe PS drivers need to be extracted 792Windows binary. Also the whole procedure of finding and copying the correct
774on a Windows System since it's a Windows binary. Also the whole procedure 793files is a bit more hassle. The CUPS drivers seem to support some options the
775of finding and copying the correct files is a bit more hassle. The CUPS 794Adobe drivers don't.
776drivers seem to support some options the Adobe drivers don't.
777</p> 795</p>
796<!--
797used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
798available. at some point, we should update this for 6.0.
799-->
778 800
779<p> 801<p>
780This HOWTO uses the CUPS drivers for Windows. The downloaded file is 802This HOWTO uses the CUPS drivers for Windows. The downloaded file is
781called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files 803called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
782contained into a directory. 804contained into a directory.
788<comment>(Only use this script if CUPS resides in /usr/share/cups)</comment> 810<comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
789# <i>./cups-samba.install</i> 811# <i>./cups-samba.install</i>
790</pre> 812</pre>
791 813
792<p> 814<p>
793cups-samba.ss is a TAR archive containing three files: 815<path>cups-samba.ss</path> is a TAR archive containing three files:
794cups5.hlp, cupsdrvr5.dll and cupsui5.dll. These are the actual driver 816<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
795files. 817<path>cupsui5.dll</path>. These are the actual driver files.
796</p> 818</p>
797 819
798<warn> 820<warn>
799The script cups-samba.install may not work for all *nixes (ie FreeBSD) 821The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
800because almost everything which is not part of the base system is 822because almost everything which is not part of the base system is
801installed somewhere under the prefix <path>/usr/local/</path>. This 823installed somewhere under the prefix <path>/usr/local/</path>. This
802seems not to be the case for most things you install under GNU/Linux. 824seems not to be the case for most things you install under GNU/Linux.
803However, if your CUPS installation is somewhere other than 825However, if your CUPS installation is somewhere other than
804<path>/usr/share/cups/</path> See the example below. 826<path>/usr/share/cups/</path> see the example below.
805</warn> 827</warn>
806 828
807<p> 829<p>
808Suppose your CUPS installation resides under 830Suppose your CUPS installation resides under
809<path>/usr/local/share/cups/</path>, and you want to install the drivers there. 831<path>/usr/local/share/cups/</path>, and you want to install the drivers there.
815# <i>tar -xf cups-samba.ss</i> 837# <i>tar -xf cups-samba.ss</i>
816<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment> 838<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
817# <i>cd usr/share/cups/drivers</i> 839# <i>cd usr/share/cups/drivers</i>
818<comment>(no leading / !)</comment> 840<comment>(no leading / !)</comment>
819# <i>cp cups* /usr/local/share/cups/drivers</i> 841# <i>cp cups* /usr/local/share/cups/drivers</i>
842# <i>/etc/init.d/cupsd restart</i>
820</pre> 843</pre>
821 844
822<p> 845<p>
823Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS 846Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
824distribution. It's man page is an interesting read. 847Its man page is an interesting read.
825</p> 848</p>
826 849
827<pre caption="Run cupsaddsmb"> 850<pre caption="Run cupsaddsmb">
828# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i> 851# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
829<comment>(Instead of HPDeskJet930C you could also specify "-a", which will 852<comment>(Instead of HPDeskJet930C you could also specify "-a", which will
830"export all known printers".)</comment> 853"export all known printers".)</comment>
831# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i> 854# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
832</pre> 855</pre>
833 856
834<warn> 857<warn>
835The execution of this command often causes the most trouble. 858The execution of this command often causes the most trouble. Read through the
836Reading through the <uri
837link="http://forums.gentoo.com/viewtopic.php?t=110931">posts in this 859<uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
838thread</uri>. 860thread</uri> for some troubleshooting tips.
839</warn> 861</warn>
840 862
841<p> 863<p>
842Here are common errors that may happen: 864Here are common errors that may happen:
843</p> 865</p>
844 866
845<ul> 867<ul>
846 <li> 868 <li>
847 The hostname given as a parameter for -h and -H (PrintServer) often does 869 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
848 not resolve correctly and doesn't identify the print server for CUPS/Samba 870 (<c>PrintServer</c>) often does not resolve correctly and doesn't
849 interaction. 871 identify the print server for CUPS/Samba interaction. If an error
850 If an error like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" - 872 like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
851 skipping!</b> occurs, the first thing you should do is substitute 873 skipping!</b> occurs, the first thing you should do is substitute
852 PrintServer with localhost and try it again. 874 <c>PrintServer</c> with <c>localhost</c> and try it again.
853 </li> 875 </li>
854 <li> 876 <li>
855 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message 877 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
856 is quite common, but can be triggered by many problems. It's unfortunately 878 is quite common, but can be triggered by many problems. It's unfortunately
857 not very helpful. One thing to try is to temporarily set <b>security = 879 not very helpful. One thing to try is to temporarily set <c>security =
858 user</b> in your <path>smb.conf</path>. After/if the installation completes 880 user</c> in your <path>smb.conf</path>. After/if the installation completes
859 successfully, you should set it back to share, or whatever it was set to 881 successfully, you should set it back to share, or whatever it was set to
860 before. 882 before.
861 </li> 883 </li>
862</ul> 884</ul>
863 885
952</pre> 974</pre>
953 975
954</body> 976</body>
955</section> 977</section>
956</chapter> 978</chapter>
979
957<chapter> 980<chapter>
958<title>Configuration of the Clients</title> 981<title>Configuration of the Clients</title>
959<section> 982<section>
960<title>Printer configuration of *nix based clients</title> 983<title>Printer configuration of *nix based clients</title>
961<body> 984<body>
962 985
963<p> 986<p>
964Despite the variation or distribution, the only thing needed is CUPS. 987Despite the variation or distribution, the only thing needed is CUPS. Do the
965Do the equivalent on any other UNIX/Linux/BSD client. 988equivalent on any other UNIX/Linux/BSD client.
966</p> 989</p>
967 990
968<pre caption="Configuring a Gentoo system."> 991<pre caption="Configuring a Gentoo system">
969# <i>emerge cups</i> 992# <i>emerge cups</i>
970# <i>/etc/init.d/cupsd start</i> 993# <i>nano -w /etc/cups/client.conf</i>
971# <i>rc-update add cupsd default</i> 994ServerName <i>PrintServer</i> <comment># your printserver name</comment>
972</pre> 995</pre>
973 996
974<p>
975That should be it. Nothing else will be needed. Just point your web
976browser to http://localhost:631 (on the CLIENT) and you'll see that
977PrintServer broadcasts all available printers to all CUPS clients.
978</p> 997<p>
979 998That should be it. Nothing else will be needed.
980<p> 999</p>
981To print, use for example 1000
982</p> 1001<p>
1002If you use only one printer, it will be your default printer. If your print
1003server manages several printers, your administrator will have defined a default
1004printer on the server. If you want to define a different default printer for
1005yourself, use the <c>lpoptions</c> command.
1006</p>
1007
1008<pre caption="Setting your default printer">
1009<comment>(List available printers)</comment>
1010# <i>lpstat -a</i>
1011<comment>(Sample output, yours will differ)</comment>
1012HPDeskJet930C accepting requests since Jan 01 00:00
1013laser accepting requests since Jan 01 00:00
1014<comment>(Define HPDeskJet930C as your default printer)</comment>
1015# <i>lpoptions -d HPDeskJet930C</i>
1016</pre>
983 1017
984<pre caption="Printing in *nix"> 1018<pre caption="Printing in *nix">
1019<comment>(Specify the printer to be used)</comment>
985# <i>lpr -pHPDeskJet930C anything.txt</i> 1020# <i>lp -d HPDeskJet930C anything.txt</i>
986# <i>lpr -PHPDeskJet930C foobar.whatever.ps</i> 1021<comment>(Use your default printer)</comment>
987</pre>
988
989<p>
990In order to setup a default printer, you have to edit
991<path>/etc/cups/client.conf</path> and set the directive ServerName to
992your printserver. In the case of this guide that would be the
993following example.
994</p>
995
996<pre caption="/etc/cups/client.conf">
997ServerName PrintServer
998</pre>
999
1000<p>
1001The following will print foorbar.whatever.ps directly to the print
1002server.
1003</p>
1004
1005<pre caption="Printing to the default printer">
1006$ <i>lpr foobar.whatever.ps</i> 1022# <i>lp foobar.whatever.ps</i>
1007</pre> 1023</pre>
1008 1024
1009<p>
1010Some common observations when setting a default printer in this manner
1011include the following:
1012</p> 1025<p>
1013 1026Just point your web browser to <c>http://printserver:631</c> on the client if
1014<ul> 1027you want to manage your printers and their jobs with a nice web interface.
1015 <li> 1028Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1016 Setting the ServerName in client.conf seems to work well for only one 1029your print server, not the name you gave to the cups print server if you used
1017 printer, there may be yet another way to set a client's default remote 1030different names.
1018 printer. 1031</p>
1019 </li>
1020 <li>
1021 Also, when accessing http://localhost:631 on the client now, no printers
1022 seem to be "found" by the client-CUPS. This is to be expected when setting
1023 ServerName in <path>client.conf</path>.
1024 </li>
1025</ul>
1026 1032
1027</body> 1033</body>
1028</section> 1034</section>
1029<section> 1035<section>
1030<title>Mounting a Windows or Samba share in GNU/Linux</title> 1036<title>Mounting a Windows or Samba share in GNU/Linux</title>
1031<body> 1037<body>
1032 1038
1033<p> 1039<p>
1034Now is time to configure our kernel to support it the smbfs. Since I'm 1040Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1035assumming we've all compiled at least one kernel, we'll need to make 1041all compiled at least one kernel, we'll need to make sure we have all the right
1036sure we have all the right options selected in our kernel. 1042options selected in our kernel. For simplicity sake, make it a module for ease
1037For simplicity sake, make it as a module for ease of use. It is the
1038authors opinion that kernel modules are a good thing and should be used 1043of use. It is the author's opinion that kernel modules are a good thing and
1039whenever possible. 1044should be used whenever possible.
1040</p> 1045</p>
1041 1046
1042<pre caption="Relevant kernel options" > 1047<pre caption="Relevant kernel options" >
1043CONFIG_SMB_FS=m 1048CONFIG_SMB_FS=m
1044CONFIG_SMB_UNIX=y 1049CONFIG_SMB_UNIX=y
1078<section> 1083<section>
1079<title>Printer Configuration for Windows NT/2000/XP clients</title> 1084<title>Printer Configuration for Windows NT/2000/XP clients</title>
1080<body> 1085<body>
1081 1086
1082<p> 1087<p>
1083That's just a bit of point-and-click. Browse to \\PrintServer and right 1088That's just a bit of point-and-click. Browse to
1084click on the printer (HPDeskJet930C) and click connect. This will 1089<path>\\PrintServer</path> and right click on the printer
1085download the drivers to the Windows client and now every application 1090(HPDeskJet930C) and click connect. This will download the drivers to
1086(such as Word or Acrobat) will offer HPDeskJet930C as an available 1091the Windows client and now every application (such as Word or Acrobat)
1087printer to print to. :-) 1092will offer HPDeskJet930C as an available printer to print to. :-)
1088</p> 1093</p>
1089 1094
1090</body> 1095</body>
1091</section> 1096</section>
1092</chapter> 1097</chapter>
1098
1093<chapter> 1099<chapter>
1094<title>Final Notes</title> 1100<title>Final Notes</title>
1095<section> 1101<section>
1096<title>A Fond Farewell</title> 1102<title>A Fond Farewell</title>
1097<body> 1103<body>
1103</p> 1109</p>
1104 1110
1105</body> 1111</body>
1106</section> 1112</section>
1107</chapter> 1113</chapter>
1114
1108<chapter> 1115<chapter>
1109<title>Links and Resources</title> 1116<title>Links and Resources</title>
1110<section> 1117<section>
1111<title>Links</title> 1118<title>Links</title>
1112<body> 1119<body>
1116troubleshooting your installation: 1123troubleshooting your installation:
1117</p> 1124</p>
1118 1125
1119<ul> 1126<ul>
1120 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li> 1127 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1128 <li>
1121 <li><uri link="http://www.samba.org/">Samba Homepage</uri></li> 1129 <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1130 link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1131 on Samba/CUPS configuration</uri>
1132 </li>
1122 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li> 1133 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1123 <li> 1134 <li>
1124 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt 1135 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1125 Pfeifle's Samba Print HOWTO</uri> ( 1136 Pfeifle's Samba Print HOWTO</uri> (
1126 This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e> 1137 This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.28

  ViewVC Help
Powered by ViewVC 1.1.20