/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.29 Revision 1.40
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.29 2007/06/06 23:23:35 nightmorph Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.40 2008/05/02 04:46:22 nightmorph Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4
4<guide link="/doc/en/quick-samba-howto.xml"> 5<guide link="/doc/en/quick-samba-howto.xml">
6
5<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title> 7<title>Gentoo Samba3/CUPS HOWTO</title>
8
6<author title="Author"> 9<author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> 10 Andreas "daff" Ntaflos <!--daff at dword dot org-->
8</author> 11</author>
9<author title="Author"> 12<author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> 13 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11</author> 14</author>
15<author title="Editor">
16 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
17</author>
12 18
13<abstract> 19<abstract>
14Setup, install and configure a Samba Server under Gentoo that shares files, 20Setup, install and configure a Samba server under Gentoo that shares files and
15printers without the need to install drivers and provides automatic virus 21printers without the need to install drivers.
16scanning.
17</abstract> 22</abstract>
18 23
19<!-- The content of this document is licensed under the CC-BY-SA license --> 24<!-- The content of this document is licensed under the CC-BY-SA license -->
20<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 25<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
21<license/> 26<license/>
22 27
23<version>1.17</version> 28<version>1.25</version>
24<date>2007-06-06</date> 29<date>2008-05-01</date>
25 30
26<chapter> 31<chapter>
27<title>Introduction to this HOWTO</title> 32<title>Introduction to this HOWTO</title>
28<section> 33<section>
29<title>Purpose</title> 34<title>Purpose</title>
44 49
45<p> 50<p>
46This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to 51This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
47explore the functionality and power of the Gentoo system, portage and the 52explore the functionality and power of the Gentoo system, portage and the
48flexibility of USE flags. Like so many other projects, it was quickly discovered 53flexibility of USE flags. Like so many other projects, it was quickly discovered
49what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered 54what was missing in the Gentoo realm: there weren't any Samba HOWTOs catered
50for Gentoo users. These users are more demanding than most; they require 55for Gentoo users. These users are more demanding than most; they require
51performance, flexibility and customization. This does not however imply that 56performance, flexibility and customization. This does not however imply that
52this HOWTO was not intended for other distributions; rather that it was designed 57this HOWTO was not intended for other distributions; rather that it was designed
53to work with a highly customized version of Samba. 58to work with a highly customized version of Samba.
54</p> 59</p>
55 60
56<p> 61<p>
57This HOWTO will describe how to share files and printers between Windows PCs and 62This HOWTO will describe how to share files and printers between Windows PCs and
58*nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
59feature of Samba to incorporate automatic virus protection. As a finale, it will
60show you how to mount and manipulate shares. 63*nix PCs. It will also show you how to mount and manipulate shares.
61</p> 64</p>
62 65
63<p> 66<p>
64There are a few topics that will be mentioned, but are out of the scope of this 67There are a few topics that will be mentioned, but are out of the scope of this
65HOWTO. These will be noted as they are presented. 68HOWTO. These will be noted as they are presented.
66</p> 69</p>
67 70
68<p> 71<p>
69This HOWTO is based on a compilation and merge of an excellent HOWTO provided in 72This HOWTO is based on a compilation and merge of an excellent HOWTO provided
70the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff" 73in the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas
71Ntaflos and the collected knowledge of Joshua Preston. The link to this 74"daff" Ntaflos and the collected knowledge of Joshua Preston. The link to this
72discussion is provided below for your reference: 75discussion is provided below for your reference:
73</p> 76</p>
74 77
75<ul> 78<ul>
76 <li> 79 <li>
77 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO 80 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
78 CUPS+Samba: printing from Windows &amp; Linux</uri> 81 CUPS+Samba: printing from Windows &amp; Linux</uri>
79 </li> 82 </li>
80</ul> 83</ul>
81 84
82</body> 85</body>
105</p> 108</p>
106 109
107<ul> 110<ul>
108 <li>On the Samba server: 111 <li>On the Samba server:
109 <ul> 112 <ul>
110 <li>Install and configure ClamAV</li>
111 <li>Install and configure Samba</li> 113 <li>Install and configure Samba</li>
112 <li>Install and configure CUPS</li> 114 <li>Install and configure CUPS</li>
113 <li>Adding the printer to CUPS</li> 115 <li>Adding the printer to CUPS</li>
114 <li>Adding the PS drivers for the Windows clients</li> 116 <li>Adding the PS drivers for the Windows clients</li>
115 </ul> 117 </ul>
139We will need the following: 141We will need the following:
140</p> 142</p>
141 143
142<ul> 144<ul>
143 <li>net-fs/samba</li> 145 <li>net-fs/samba</li>
144 <li>app-antivirus/clamav</li>
145 <li>net-print/cups</li> 146 <li>net-print/cups</li>
146 <li>net-print/foomatic</li> 147 <li>net-print/foomatic</li>
147 <li>net-print/hplip (if you have an HP printer)</li> 148 <li>net-print/hplip (if you have an HP printer)</li>
148 <li>A kernel of sorts (2.6)</li> 149 <li>A kernel of sorts (2.6)</li>
149 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li> 150 <li>A printer (PS or non-PS)</li>
150 <li> 151 <li>
151 A working network (home/office/etc) consisting of more than one machine) 152 A working network (home/office/etc) consisting of more than one machine)
152 </li> 153 </li>
153</ul> 154</ul>
154 155
155<p> 156<p>
156The main package we use here is net-fs/samba, however, you will need a kernel 157The main package we use here is <c>net-fs/samba</c>, however, you will need a
157with smbfs support enabled in order to mount a samba or windows share from 158kernel with CIFS support enabled in order to mount a Samba or Windows share from
158another computer. CUPS will be emerged if it is not already. 159another computer. CUPS will be emerged if it is not already.
159app-antivirus/clamav will be used also, but others should be easily adapted to
160work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
161technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
162</p> 160</p>
163 161
164</body> 162</body>
165</section> 163</section>
166</chapter> 164</chapter>
175Before emerging anything, take a look at some of the various USE flags available 173Before emerging anything, take a look at some of the various USE flags available
176to Samba. 174to Samba.
177</p> 175</p>
178 176
179<pre caption="Samba uses the following USE Variables:"> 177<pre caption="Samba uses the following USE Variables:">
180kerberos acl cups ldap pam readline python oav 178kerberos acl cups ldap pam readline python winbind
181</pre> 179</pre>
182 180
183<p> 181<p>
184Depending on the network topology and the specific requirements of the server, 182Depending on the network topology and the specific requirements of the server,
185the USE flags outlined below will define what to include or exclude from the 183the USE flags outlined below will define what to include or exclude from the
192 <th>Description</th> 190 <th>Description</th>
193</tr> 191</tr>
194<tr> 192<tr>
195 <th><b>kerberos</b></th> 193 <th><b>kerberos</b></th>
196 <ti> 194 <ti>
197 Include support for Kerberos. The server will need this if it is 195 Include support for Kerberos. The server will need this if it is intended
198 intended to join an existing domain or Active Directory. See the note 196 to join an existing domain or Active Directory. See the note below for more
199 below for more information. 197 information.
200 </ti> 198 </ti>
201</tr> 199</tr>
202<tr> 200<tr>
203 <th><b>acl</b></th> 201 <th><b>acl</b></th>
204 <ti> 202 <ti>
205 Enables Access Control Lists. The ACL support in Samba uses a patched 203 Enables Access Control Lists. The ACL support in Samba uses a patched
206 ext2/ext3, or SGI's XFS in order to function properly as it extends more 204 ext2/ext3, or SGI's XFS in order to function properly as it extends more
207 detailed access to files or directories; much more so than typical *nix 205 detailed access to files or directories; much more so than typical *nix
208 GID/UID schemas. 206 GID/UID schemas.
209 </ti> 207 </ti>
210</tr> 208</tr>
211<tr> 209<tr>
212 <th><b>cups</b></th> 210 <th><b>cups</b></th>
227 </ti> 225 </ti>
228</tr> 226</tr>
229<tr> 227<tr>
230 <th><b>pam</b></th> 228 <th><b>pam</b></th>
231 <ti> 229 <ti>
232 Include support for pluggable authentication modules (PAM). This provides 230 Include support for pluggable authentication modules (PAM). This provides
233 the ability to authenticate users on the Samba Server, which is required if 231 the ability to authenticate users on the Samba Server, which is required if
234 users have to login to your server. The kerberos USE flag is recommended 232 users have to login to your server. The kerberos USE flag is recommended
235 along with this option. 233 along with this option.
236 </ti> 234 </ti>
237</tr> 235</tr>
248 Python bindings API. Provides an API that will allow Python to interface 246 Python bindings API. Provides an API that will allow Python to interface
249 with Samba. 247 with Samba.
250 </ti> 248 </ti>
251</tr> 249</tr>
252<tr> 250<tr>
253 <th><b>oav</b></th> 251 <th><b>winbind</b></th>
254 <ti> 252 <ti>
255 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon, 253 Winbind allows for a unified logon within a Samba environment. It uses a
256 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI), 254 Unix implementation of Windows RPC calls, PAM and the name service switch
257 Symantec CarrierScan, and Trend Micro (VSAPI). 255 (supported by the c library) to enable Windows NT domain users to appear and
256 work as Unix users on a Unix system.
258 </ti> 257 </ti>
259</tr> 258</tr>
260</table> 259</table>
261 260
262<p> 261<p>
264Samba functions include: 263Samba functions include:
265</p> 264</p>
266 265
267<ul> 266<ul>
268 <li> 267 <li>
269 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and 268 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
270 ACL kernel options for ext2 and/or ext3 will need to be enabled 269 ACL kernel options for ext2 and/or ext3 will need to be enabled (depending
271 (depending on which file system is being used - both can be enabled). 270 on which file system is being used - both can be enabled).
272 </li> 271 </li>
273 <li> 272 <li>
274 While Active Directory, ACL, and PDC functions are out of the intended 273 While Active Directory, ACL, and PDC functions are out of the intended
275 scope of this HOWTO, you may find these links as helpful to your cause: 274 scope of this HOWTO, you may find these links as helpful to your cause:
276 <ul> 275 <ul>
292 291
293<p> 292<p>
294First of all: be sure that all your hostnames resolve correctly. Either have a 293First of all: be sure that all your hostnames resolve correctly. Either have a
295working domain name system running on your network or appropriate entries in 294working domain name system running on your network or appropriate entries in
296your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames 295your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
297don't point to the correct machines. 296don't point to the correct machines.
298</p> 297</p>
299 298
300<p> 299<p>
301Hopefully now you can make an assessment of what you'll actually need in order 300Hopefully now you can make an assessment of what you'll actually need in order
302to use Samba with your particular setup. The setup used for this HOWTO is: 301to use Samba with your particular setup. The setup used for this HOWTO is:
303</p> 302</p>
304 303
305<ul> 304<ul>
306 <li>oav</li>
307 <li>cups</li> 305 <li>cups</li>
308 <li>readline</li> 306 <li>readline</li>
309 <li>pam</li> 307 <li>pam</li>
310</ul> 308</ul>
311 309
313To optimize performance, size and the time of the build, the USE flags are 311To optimize performance, size and the time of the build, the USE flags are
314specifically included or excluded. 312specifically included or excluded.
315</p> 313</p>
316 314
317<pre caption="Emerge Samba"> 315<pre caption="Emerge Samba">
318# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i> 316# <i>echo "net-fs/samba readline cups pam" &gt;&gt; /etc/portage/package.use</i>
319# <i>emerge net-fs/samba</i> 317# <i>emerge net-fs/samba</i>
320</pre> 318</pre>
321 319
322<note>
323The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
324ppc, sparc, hppa, ia64 and alpha
325</note>
326
327<p> 320<p>
328This will emerge Samba and CUPS (if CUPS is not already emerged). 321This will emerge Samba and CUPS (if CUPS is not already emerged).
329</p> 322</p>
330
331</body>
332</section>
333<section>
334<title>Emerging ClamAV</title>
335<body>
336
337<p>
338Because the <e>oav</e> USE flag only provides an interface to allow on access
339virus scanning, the actual virus scanner must be emerged. The scanner used in
340this HOWTO is ClamAV.
341</p>
342
343<pre caption="Emerge Clamav">
344# <i>emerge app-antivirus/clamav</i>
345</pre>
346 323
347</body> 324</body>
348</section> 325</section>
349<section> 326<section>
350<title>Emerging foomatic</title> 327<title>Emerging foomatic</title>
377<section> 354<section>
378<title>Configuring Samba</title> 355<title>Configuring Samba</title>
379<body> 356<body>
380 357
381<p> 358<p>
382The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is 359The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
383divided in sections indicated by [sectionname]. Comments are either 360divided in sections indicated by [sectionname]. Comments are either
384# or ;. A sample <path>smb.conf</path> is included below with comments and 361# or ;. A sample <path>smb.conf</path> is included below with comments and
385suggestions for modifications. If more details are required, see the man page 362suggestions for modifications. If more details are required, see the man page
386for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the 363for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
387Samba Web site or any of the numerous Samba books available. 364Samba Web site or any of the numerous Samba books available.
388</p> 365</p>
389 366
390<pre caption="A Sample /etc/samba/smb.conf"> 367<pre caption="A Sample /etc/samba/smb.conf">
391[global] 368[global]
392<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment> 369<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416hosts deny = 0.0.0.0/0 393hosts deny = 0.0.0.0/0
417<comment># Other options for this are USER, DOMAIN, ADS, and SERVER 394<comment># Other options for this are USER, DOMAIN, ADS, and SERVER
418# The default is user</comment> 395# The default is user</comment>
419security = share 396security = share
420<comment># No passwords, so we're going to use a guest account!</comment> 397<comment># No passwords, so we're going to use a guest account!</comment>
421guest account = samba
422guest ok = yes 398guest ok = yes
423<comment># We now will implement the on access virus scanner.
424# NOTE: By putting this in our [Global] section, we enable
425# scanning of ALL shares, you could optionally move
426# these to a specific share and only scan it.</comment>
427
428<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
429vfs object = vscan-clamav
430vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
431 399
432<comment># Now we setup our print drivers information!</comment> 400<comment># Now we setup our print drivers information!</comment>
433[print$] 401[print$]
434comment = Printer Drivers 402comment = Printer Drivers
435path = /etc/samba/printer <comment># this path holds the driver structure</comment> 403path = /etc/samba/printer <comment># this path holds the driver structure</comment>
450guest ok = yes 418guest ok = yes
451<comment># Modify this to "username,root" if you don't want root to 419<comment># Modify this to "username,root" if you don't want root to
452# be the only printer admin)</comment> 420# be the only printer admin)</comment>
453printer admin = <i>root</i> 421printer admin = <i>root</i>
454 422
455<comment># Now we setup our printers share. This should be 423<comment># Now we setup our printers share. This should be
456# browseable, printable, public.</comment> 424# browseable, printable, public.</comment>
457[printers] 425[printers]
458comment = All Printers 426comment = All Printers
459browseable = no 427browseable = no
460printable = yes 428printable = yes
461writable = no 429writable = no
462public = yes 430public = yes
463guest ok = yes 431guest ok = yes
464path = /var/spool/samba 432path = /var/spool/samba
465<comment># Modify this to "username,root" if you don't want root to 433<comment># Modify this to "username,root" if you don't want root to
466# be the only printer admin)</comment> 434# be the only printer admin)</comment>
467printer admin = <i>root</i> 435printer admin = <i>root</i>
487arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c> 455arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
488or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you 456or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
489from a lot of problems. 457from a lot of problems.
490</warn> 458</warn>
491 459
492<warn>
493Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
494down the performance of your Samba server dramatically.
495</warn>
496
497<p> 460<p>
498Now create the directories required for the minimum configuration of Samba to 461Now create the directories required for the minimum configuration of Samba to
499share the installed printer throughout the network. 462share the installed printer throughout the network.
500</p> 463</p>
501 464
510to allow users to connect to the printer. Users must exist in the system's 473to allow users to connect to the printer. Users must exist in the system's
511<path>/etc/passwd</path> file. 474<path>/etc/passwd</path> file.
512</p> 475</p>
513 476
514<pre caption="Creating the users"> 477<pre caption="Creating the users">
515# <i>smbpasswd -a root</i> 478# <i>smbpasswd -a root</i>
516 479
517<comment>(If another user is to be a printer admin)</comment> 480<comment>(If another user is to be a printer admin)</comment>
518# <i>smbpasswd -a username</i> 481# <i>smbpasswd -a username</i>
519</pre> 482</pre>
520 483
521<p> 484<p>
522The Samba passwords need not be the same as the system passwords 485The Samba passwords need not be the same as the system passwords
523in <path>/etc/passwd</path>. 486in <path>/etc/passwd</path>.
524</p> 487</p>
525 488
526<p> 489<p>
527You will also need to update <path>/etc/nsswitch.conf</path> so that Windows 490You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
535</pre> 498</pre>
536 499
537</body> 500</body>
538</section> 501</section>
539<section> 502<section>
540<title>Configuring ClamAV</title>
541<body>
542
543<p>
544The configuration file specified to be used in <path>smb.conf</path> is
545<path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
546defaults, the infected file action may need to be changed.
547</p>
548
549<pre caption="/etc/samba/vscan-clamav.conf">
550[samba-vscan]
551<comment>; run-time configuration for vscan-samba using
552; clamd
553; all options are set to default values</comment>
554
555<comment>; do not scan files larger than X bytes. If set to 0 (default),
556; this feature is disable (i.e. all files are scanned)</comment>
557max file size = 0
558
559<comment>; log all file access (yes/no). If set to yes, every access will
560; be logged. If set to no (default), only access to infected files
561; will be logged</comment>
562verbose file logging = no
563
564<comment>; if set to yes (default), a file will be scanned while opening</comment>
565scan on open = yes
566<comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
567scan on close = yes
568
569<comment>; if communication to clamd fails, should access to file denied?
570; (default: yes)</comment>
571deny access on error = yes
572
573<comment>; if daemon fails with a minor error (corruption, etc.),
574; should access to file denied?
575; (default: yes)</comment>
576deny access on minor error = yes
577
578<comment>; send a warning message via Windows Messenger service
579; when virus is found?
580; (default: yes)</comment>
581send warning message = yes
582
583<comment>; what to do with an infected file
584; quarantine: try to move to quantine directory; delete it if moving fails
585; delete: delete infected file
586; nothing: do nothing</comment>
587infected file action = <comment>delete</comment>
588
589<comment>; where to put infected files - you really want to change this!
590; it has to be on the same physical device as the share!</comment>
591quarantine directory = /tmp
592<comment>; prefix for files in quarantine</comment>
593quarantine prefix = vir-
594
595<comment>; as Windows tries to open a file multiple time in a (very) short time
596; of period, samba-vscan use a last recently used file mechanism to avoid
597; multiple scans of a file. This setting specified the maximum number of
598; elements of the last recently used file list. (default: 100)</comment>
599max lru files entries = 100
600
601<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
602; (Default: 5)</comment>
603lru file entry lifetime = 5
604
605<comment>; socket name of clamd (default: /var/run/clamd)</comment>
606clamd socket name = /tmp/clamd
607
608<comment>; port number the ScannerDaemon listens on</comment>
609oav port = 8127
610</pre>
611
612<p>
613It is generally a good idea to start the virus scanner immediately. Add it to
614the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
615The service has two processes: freshclam keeps the virus definition database up
616to date while clamd is the actual anti-virus daemon. First you may want to set
617the paths of the logfiles so that it fits your needs.
618</p>
619
620<pre caption="Checking the location of the logfiles">
621# <i>vim /etc/clamd.conf</i>
622<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
623# <i>vim /etc/freshclam.conf</i>
624<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
625# <i>vim /etc/conf.d/clamd</i>
626<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
627</pre>
628
629<p>
630Now fire up the virus scanner.
631</p>
632
633<pre caption="Add clamd to bootup and start it">
634# <i>rc-update add clamd default</i>
635# <i>/etc/init.d/clamd start</i>
636</pre>
637
638</body>
639</section>
640<section>
641<title>Configuring CUPS</title> 503<title>Configuring CUPS</title>
642<body> 504<body>
643 505
644<p> 506<p>
645This is a little more complicated. CUPS' main config file is 507This is a little more complicated. CUPS' main config file is
653ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment> 515ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
654 516
655AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> 517AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
656ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> 518ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
657 519
658LogLevel debug <comment># only while isntalling and testing, should later be 520LogLevel debug <comment># only while installing and testing, should later be
659 # changed to 'info'</comment> 521 # changed to 'info'</comment>
660 522
661MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, 523MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
662 # there seemed to be a bug in CUPS' controlling of the web interface, 524 # there seemed to be a bug in CUPS' controlling of the web interface,
663 # making CUPS think a denial of service attack was in progress when 525 # making CUPS think a denial of service attack was in progress when
664 # I tried to configure a printer with the web interface. weird.</comment> 526 # I tried to configure a printer with the web interface. weird.</comment>
665 527
666BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment> 528BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
667 529
668&lt;Location /&gt; 530&lt;Location /&gt;
669Order Deny,Allow 531Order Deny,Allow
670Deny From All 532Deny From All
671Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network 533Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
675 537
676&lt;Location /admin&gt; 538&lt;Location /admin&gt;
677AuthType Basic 539AuthType Basic
678AuthClass System 540AuthClass System
679Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the 541Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
680 # 192.168.1.0 network to connect and do 542 # 192.168.1.0 network to connect and do
681 # administrative tasks after authenticating</comment> 543 # administrative tasks after authenticating</comment>
682Order Deny,Allow 544Order Deny,Allow
683Deny From All 545Deny From All
684&lt;/Location&gt; 546&lt;/Location&gt;
685</pre> 547</pre>
686 548
687<p> 549<p>
688Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. 550Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. The changes to
689The changes to <path>mime.convs</path> and <path>mime.types</path> are 551<path>mime.convs</path> and <path>mime.types</path> are needed to make CUPS
690needed to make CUPS print Microsoft Office document files. 552print Microsoft Office document files.
691</p> 553</p>
692 554
693<pre caption="/etc/cups/mime.convs"> 555<pre caption="/etc/cups/mime.convs">
694<comment>(The following line is found near the end of the file. Uncomment it)</comment> 556<comment>(The following line is found near the end of the file. Uncomment it)</comment>
695application/octet-stream application/vnd.cups-raw 0 557application/octet-stream application/vnd.cups-raw 0
696</pre> 558</pre>
697 559
698<p> 560<p>
699Edit <path>/etc/cups/mime.types</path> to uncomment some lines. 561Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
700</p> 562</p>
701 563
702<pre caption="/etc/cups/mime.types"> 564<pre caption="/etc/cups/mime.types">
703<comment>(The following line is found near the end of the file. Uncomment it)</comment> 565<comment>(The following line is found near the end of the file. Uncomment it)</comment>
704application/octet-stream 566application/octet-stream
705</pre> 567</pre>
706 568
707<p> 569<p>
708CUPS needs to be started on boot, and started immediately. 570CUPS needs to be started on boot, and started immediately.
709</p> 571</p>
710 572
711<pre caption="Setting up the CUPS service" > 573<pre caption="Setting up the CUPS service" >
712<comment>(To start CUPS on boot)</comment> 574<comment>(To start CUPS on boot)</comment>
713# <i>rc-update add cupsd default</i> 575# <i>rc-update add cupsd default</i>
764<section> 626<section>
765<title>Installing the Windows printer drivers</title> 627<title>Installing the Windows printer drivers</title>
766<body> 628<body>
767 629
768<p> 630<p>
769Now that the printer should be working it is time to install the drivers for the 631Now that the printer should be working it is time to install the drivers for
770Windows clients to work. Samba 2.2 introduced this functionality. Browsing to 632the Windows clients to work. Samba 2.2 introduced this functionality. Browsing
771the print server in the Network Neighbourhood, right-clicking on the 633to the print server in the Network Neighbourhood, right-clicking on the
772printershare and selecting "connect" downloads the appropriate drivers 634printershare and selecting "connect" downloads the appropriate drivers
773automagically to the connecting client, avoiding the hassle of manually 635automagically to the connecting client, avoiding the hassle of manually
774installing printer drivers locally. 636installing printer drivers locally.
775</p> 637</p>
776 638
777<p> 639<p>
778There are two sets of printer drivers for this. First, the Adobe PS drivers 640There are two sets of printer drivers for this. First, the Adobe PS drivers
779which can be obtained from <uri 641which can be obtained from <uri
780link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript 642link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
781printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri 643printer drivers). Second, there are the CUPS PS drivers, to be obtained by
782link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>. 644emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
645so you may need to add it to <path>/etc/portage/package.keywords</path>. There
783There doesn't seem to be a difference between the functionality of the two, but 646doesn't seem to be a difference between the functionality of the two, but the
784the Adobe PS drivers need to be extracted on a Windows System since it's a 647Adobe PS drivers need to be extracted on a Windows System since it's a Windows
785Windows binary. Also the whole procedure of finding and copying the correct 648binary. Also the whole procedure of finding and copying the correct files is a
786files is a bit more hassle. The CUPS drivers seem to support some options the 649bit more hassle. The CUPS drivers support some options the Adobe drivers
787Adobe drivers don't. 650don't.
788</p>
789<!--
790used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
791available. at some point, we should update this for 6.0.
792-->
793
794<p> 651</p>
795This HOWTO uses the CUPS drivers for Windows. The downloaded file is 652
796called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
797contained into a directory.
798</p> 653<p>
799 654This HOWTO uses the CUPS drivers for Windows. Install them as shown:
800<pre caption="Extract the drivers and run the install">
801# <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
802# <i>cd cups-samba-5.0rc2</i>
803<comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
804# <i>./cups-samba.install</i>
805</pre>
806
807<p> 655</p>
808<path>cups-samba.ss</path> is a TAR archive containing three files:
809<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
810<path>cupsui5.dll</path>. These are the actual driver files.
811</p>
812 656
813<warn>
814The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
815because almost everything which is not part of the base system is installed
816somewhere under the prefix <path>/usr/local/</path>. This seems not to be the
817case for most things you install under GNU/Linux. However, if your CUPS
818installation is somewhere other than <path>/usr/share/cups/</path> see the
819example below.
820</warn>
821
822<p>
823Suppose your CUPS installation resides under
824<path>/usr/local/share/cups/</path>, and you want to install the drivers there.
825Do the following:
826</p>
827
828<pre caption="Manually installing the drivers"> 657<pre caption="Install the drivers">
829# <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i> 658# <i>emerge -av cups-windows</i>
830# <i>tar -xf cups-samba.ss</i>
831<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
832# <i>cd usr/share/cups/drivers</i>
833<comment>(no leading / !)</comment>
834# <i>cp cups* /usr/local/share/cups/drivers</i>
835# <i>/etc/init.d/cupsd restart</i>
836</pre> 659</pre>
837 660
838<p> 661<p>
839Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution. 662Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840Its man page is an interesting read. 663Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
664Windows drivers you'll need to copy to the proper CUPS directory. Once you've
665copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
666Next, run <c>cupsaddsmb</c> as shown:
841</p> 667</p>
842 668
843<pre caption="Run cupsaddsmb"> 669<pre caption="Run cupsaddsmb">
844# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i> 670# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845<comment>(Instead of HPDeskJet930C you could also specify "-a", which will 671<comment>(Instead of HPDeskJet930C you could also specify "-a", which will
1025</section> 851</section>
1026<section> 852<section>
1027<title>Mounting a Windows or Samba share in GNU/Linux</title> 853<title>Mounting a Windows or Samba share in GNU/Linux</title>
1028<body> 854<body>
1029 855
856<note>
857Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the
858client(s) that will be accessing the shares.
859</note>
860
1030<p> 861<p>
1031Now is time to configure our kernel to support smbfs. Since I'm assumming we've 862Now is time to configure our kernel to support CIFS. Since I'm assuming
1032all compiled at least one kernel, we'll need to make sure we have all the right 863we've all compiled at least one kernel, we'll need to make sure we have all the
1033options selected in our kernel. For simplicity's sake, make it a module for ease 864right options selected in our kernel. For simplicity's sake, make it a module
1034of use. It is the author's opinion that kernel modules are a good thing and 865for ease of use. It is the author's opinion that kernel modules are a good thing
1035should be used whenever possible. 866and should be used whenever possible.
1036</p>
1037
1038<pre caption="Relevant kernel options" >
1039CONFIG_SMB_FS=m
1040CONFIG_SMB_UNIX=y
1041</pre>
1042
1043<p> 867</p>
868
869<pre caption="Kernel support" >
870CONFIG_CIFS=m
871</pre>
872
873<p>
1044Then make the module/install it; insert them with: 874Then make the module/install it; insert it with:
1045</p> 875</p>
1046 876
1047<pre caption="Loading the kernel module"> 877<pre caption="Loading the kernel module">
1048# <i>modprobe smbfs</i> 878# <i>modprobe cifs</i>
1049</pre> 879</pre>
1050 880
1051<p> 881<p>
1052Once the module is loaded, mounting a Windows or Samba share is possible. Use 882Once the module is loaded, mounting a Windows or Samba share is possible. Use
1053<c>mount</c> to accomplish this, as detailed below: 883<c>mount</c> to accomplish this, as detailed below:
1054</p> 884</p>
1055 885
1056<pre caption="Mounting a Windows/Samba share"> 886<pre caption="Mounting a Windows/Samba share">
1057<comment>(The syntax for mounting a Windows/Samba share is: 887<comment>(The syntax for mounting a Windows/Samba share is:
1058 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point 888 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1059If we are not using passwords or a password is not needed)</comment> 889If we are not using passwords or a password is not needed)</comment>
1060 890
1061# <i>mount -t smbfs //PrintServer/public /mnt/public</i> 891# <i>mount -t cifs //PrintServer/public /mnt/public</i>
1062 892
1063<comment>(If a password is needed)</comment> 893<comment>(If a password is needed)</comment>
1064# <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i> 894# <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1065</pre> 895</pre>
1066 896
1067<p> 897<p>
1068After you mount the share, you would access it as if it were a local drive. 898After you mount the share, you would access it as if it were a local drive.
1069</p> 899</p>
1091<title>A Fond Farewell</title> 921<title>A Fond Farewell</title>
1092<body> 922<body>
1093 923
1094<p> 924<p>
1095That should be it. You should now have a successful printing enviroment that is 925That should be it. You should now have a successful printing enviroment that is
1096friendly to both Windows and *nix as well as a fully virus-free working share! 926friendly to both Windows and *nix as well as a working share!
1097</p> 927</p>
1098 928
1099</body> 929</body>
1100</section> 930</section>
1101</chapter> 931</chapter>

Legend:
Removed from v.1.29  
changed lines
  Added in v.1.40

  ViewVC Help
Powered by ViewVC 1.1.20