/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.29 Revision 1.41
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.29 2007/06/06 23:23:35 nightmorph Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.41 2009/01/26 07:30:42 nightmorph Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4
4<guide link="/doc/en/quick-samba-howto.xml"> 5<guide link="/doc/en/quick-samba-howto.xml">
6
5<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title> 7<title>Gentoo Samba3/CUPS HOWTO</title>
8
6<author title="Author"> 9<author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> 10 Andreas "daff" Ntaflos <!--daff at dword dot org-->
8</author> 11</author>
9<author title="Author"> 12<author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> 13 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11</author> 14</author>
15<author title="Editor">
16 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
17</author>
12 18
13<abstract> 19<abstract>
14Setup, install and configure a Samba Server under Gentoo that shares files, 20Setup, install and configure a Samba server under Gentoo that shares files and
15printers without the need to install drivers and provides automatic virus 21printers without the need to install drivers.
16scanning.
17</abstract> 22</abstract>
18 23
19<!-- The content of this document is licensed under the CC-BY-SA license --> 24<!-- The content of this document is licensed under the CC-BY-SA license -->
20<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 25<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
21<license/> 26<license/>
22 27
23<version>1.17</version> 28<version>1.26</version>
24<date>2007-06-06</date> 29<date>2009-01-25</date>
25 30
26<chapter> 31<chapter>
27<title>Introduction to this HOWTO</title> 32<title>Introduction to this HOWTO</title>
28<section> 33<section>
29<title>Purpose</title> 34<title>Purpose</title>
44 49
45<p> 50<p>
46This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to 51This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
47explore the functionality and power of the Gentoo system, portage and the 52explore the functionality and power of the Gentoo system, portage and the
48flexibility of USE flags. Like so many other projects, it was quickly discovered 53flexibility of USE flags. Like so many other projects, it was quickly discovered
49what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered 54what was missing in the Gentoo realm: there weren't any Samba HOWTOs catered
50for Gentoo users. These users are more demanding than most; they require 55for Gentoo users. These users are more demanding than most; they require
51performance, flexibility and customization. This does not however imply that 56performance, flexibility and customization. This does not however imply that
52this HOWTO was not intended for other distributions; rather that it was designed 57this HOWTO was not intended for other distributions; rather that it was designed
53to work with a highly customized version of Samba. 58to work with a highly customized version of Samba.
54</p> 59</p>
55 60
56<p> 61<p>
57This HOWTO will describe how to share files and printers between Windows PCs and 62This HOWTO will describe how to share files and printers between Windows PCs and
58*nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
59feature of Samba to incorporate automatic virus protection. As a finale, it will
60show you how to mount and manipulate shares. 63*nix PCs. It will also show you how to mount and manipulate shares.
61</p> 64</p>
62 65
63<p> 66<p>
64There are a few topics that will be mentioned, but are out of the scope of this 67There are a few topics that will be mentioned, but are out of the scope of this
65HOWTO. These will be noted as they are presented. 68HOWTO. These will be noted as they are presented.
66</p> 69</p>
67 70
68<p> 71<p>
69This HOWTO is based on a compilation and merge of an excellent HOWTO provided in 72This HOWTO is based on a compilation and merge of an excellent HOWTO provided
70the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff" 73in the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas
71Ntaflos and the collected knowledge of Joshua Preston. The link to this 74"daff" Ntaflos and the collected knowledge of Joshua Preston. The link to this
72discussion is provided below for your reference: 75discussion is provided below for your reference:
73</p> 76</p>
74 77
75<ul> 78<ul>
76 <li> 79 <li>
77 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO 80 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
78 CUPS+Samba: printing from Windows &amp; Linux</uri> 81 CUPS+Samba: printing from Windows &amp; Linux</uri>
79 </li> 82 </li>
80</ul> 83</ul>
81 84
82</body> 85</body>
105</p> 108</p>
106 109
107<ul> 110<ul>
108 <li>On the Samba server: 111 <li>On the Samba server:
109 <ul> 112 <ul>
110 <li>Install and configure ClamAV</li>
111 <li>Install and configure Samba</li> 113 <li>Install and configure Samba</li>
112 <li>Install and configure CUPS</li> 114 <li>Install and configure CUPS</li>
113 <li>Adding the printer to CUPS</li> 115 <li>Adding the printer to CUPS</li>
114 <li>Adding the PS drivers for the Windows clients</li> 116 <li>Adding the PS drivers for the Windows clients</li>
115 </ul> 117 </ul>
139We will need the following: 141We will need the following:
140</p> 142</p>
141 143
142<ul> 144<ul>
143 <li>net-fs/samba</li> 145 <li>net-fs/samba</li>
144 <li>app-antivirus/clamav</li> 146 <li>net-print/cups (built with the <c>ppds</c> USE flag)</li>
145 <li>net-print/cups</li>
146 <li>net-print/foomatic</li>
147 <li>net-print/hplip (if you have an HP printer)</li> 147 <li>net-print/hplip (if you have an HP printer)</li>
148 <li>A kernel of sorts (2.6)</li> 148 <li>A kernel of sorts (2.6)</li>
149 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li> 149 <li>A printer (PS or non-PS)</li>
150 <li> 150 <li>
151 A working network (home/office/etc) consisting of more than one machine) 151 A working network (home/office/etc) consisting of more than one machine)
152 </li> 152 </li>
153</ul> 153</ul>
154 154
155<p> 155<p>
156The main package we use here is net-fs/samba, however, you will need a kernel 156The main package we use here is <c>net-fs/samba</c>, however, you will need a
157with smbfs support enabled in order to mount a samba or windows share from 157kernel with CIFS support enabled in order to mount a Samba or Windows share from
158another computer. CUPS will be emerged if it is not already. 158another computer. CUPS will be emerged if it is not already.
159app-antivirus/clamav will be used also, but others should be easily adapted to
160work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
161technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
162</p> 159</p>
163 160
164</body> 161</body>
165</section> 162</section>
166</chapter> 163</chapter>
175Before emerging anything, take a look at some of the various USE flags available 172Before emerging anything, take a look at some of the various USE flags available
176to Samba. 173to Samba.
177</p> 174</p>
178 175
179<pre caption="Samba uses the following USE Variables:"> 176<pre caption="Samba uses the following USE Variables:">
180kerberos acl cups ldap pam readline python oav 177kerberos acl cups ldap pam readline python winbind
181</pre> 178</pre>
182 179
183<p> 180<p>
184Depending on the network topology and the specific requirements of the server, 181Depending on the network topology and the specific requirements of the server,
185the USE flags outlined below will define what to include or exclude from the 182the USE flags outlined below will define what to include or exclude from the
192 <th>Description</th> 189 <th>Description</th>
193</tr> 190</tr>
194<tr> 191<tr>
195 <th><b>kerberos</b></th> 192 <th><b>kerberos</b></th>
196 <ti> 193 <ti>
197 Include support for Kerberos. The server will need this if it is 194 Include support for Kerberos. The server will need this if it is intended
198 intended to join an existing domain or Active Directory. See the note 195 to join an existing domain or Active Directory. See the note below for more
199 below for more information. 196 information.
200 </ti> 197 </ti>
201</tr> 198</tr>
202<tr> 199<tr>
203 <th><b>acl</b></th> 200 <th><b>acl</b></th>
204 <ti> 201 <ti>
205 Enables Access Control Lists. The ACL support in Samba uses a patched 202 Enables Access Control Lists. The ACL support in Samba uses a patched
206 ext2/ext3, or SGI's XFS in order to function properly as it extends more 203 ext2/ext3, or SGI's XFS in order to function properly as it extends more
207 detailed access to files or directories; much more so than typical *nix 204 detailed access to files or directories; much more so than typical *nix
208 GID/UID schemas. 205 GID/UID schemas.
209 </ti> 206 </ti>
210</tr> 207</tr>
211<tr> 208<tr>
212 <th><b>cups</b></th> 209 <th><b>cups</b></th>
227 </ti> 224 </ti>
228</tr> 225</tr>
229<tr> 226<tr>
230 <th><b>pam</b></th> 227 <th><b>pam</b></th>
231 <ti> 228 <ti>
232 Include support for pluggable authentication modules (PAM). This provides 229 Include support for pluggable authentication modules (PAM). This provides
233 the ability to authenticate users on the Samba Server, which is required if 230 the ability to authenticate users on the Samba Server, which is required if
234 users have to login to your server. The kerberos USE flag is recommended 231 users have to login to your server. The kerberos USE flag is recommended
235 along with this option. 232 along with this option.
236 </ti> 233 </ti>
237</tr> 234</tr>
248 Python bindings API. Provides an API that will allow Python to interface 245 Python bindings API. Provides an API that will allow Python to interface
249 with Samba. 246 with Samba.
250 </ti> 247 </ti>
251</tr> 248</tr>
252<tr> 249<tr>
253 <th><b>oav</b></th> 250 <th><b>winbind</b></th>
254 <ti> 251 <ti>
255 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon, 252 Winbind allows for a unified logon within a Samba environment. It uses a
256 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI), 253 Unix implementation of Windows RPC calls, PAM and the name service switch
257 Symantec CarrierScan, and Trend Micro (VSAPI). 254 (supported by the c library) to enable Windows NT domain users to appear and
255 work as Unix users on a Unix system.
258 </ti> 256 </ti>
259</tr> 257</tr>
260</table> 258</table>
261 259
262<p> 260<p>
264Samba functions include: 262Samba functions include:
265</p> 263</p>
266 264
267<ul> 265<ul>
268 <li> 266 <li>
269 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and 267 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
270 ACL kernel options for ext2 and/or ext3 will need to be enabled 268 ACL kernel options for ext2 and/or ext3 will need to be enabled (depending
271 (depending on which file system is being used - both can be enabled). 269 on which file system is being used - both can be enabled).
272 </li> 270 </li>
273 <li> 271 <li>
274 While Active Directory, ACL, and PDC functions are out of the intended 272 While Active Directory, ACL, and PDC functions are out of the intended
275 scope of this HOWTO, you may find these links as helpful to your cause: 273 scope of this HOWTO, you may find these links as helpful to your cause:
276 <ul> 274 <ul>
292 290
293<p> 291<p>
294First of all: be sure that all your hostnames resolve correctly. Either have a 292First of all: be sure that all your hostnames resolve correctly. Either have a
295working domain name system running on your network or appropriate entries in 293working domain name system running on your network or appropriate entries in
296your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames 294your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
297don't point to the correct machines. 295don't point to the correct machines.
298</p> 296</p>
299 297
300<p> 298<p>
301Hopefully now you can make an assessment of what you'll actually need in order 299Hopefully now you can make an assessment of what you'll actually need in order
302to use Samba with your particular setup. The setup used for this HOWTO is: 300to use Samba with your particular setup. The setup used for this HOWTO is:
303</p> 301</p>
304 302
305<ul> 303<ul>
306 <li>oav</li>
307 <li>cups</li> 304 <li>cups</li>
308 <li>readline</li> 305 <li>readline</li>
309 <li>pam</li> 306 <li>pam</li>
310</ul> 307</ul>
311 308
312<p> 309<p>
313To optimize performance, size and the time of the build, the USE flags are 310To optimize performance, size and the time of the build, the USE flags are
314specifically included or excluded. 311specifically included or excluded.
315</p> 312</p>
316 313
314<p>
315First, add <c>ppds</c> to your USE flags to make sure that when CUPS is built,
316it has proper foomatic support:
317</p>
318
319<pre caption="Adding ppds">
320# <i>echo "net-print/cups ppds" &gt;&gt; /etc/portage/package.use</i>
321</pre>
322
323<p>
324Now, emerge Samba:
325</p>
326
317<pre caption="Emerge Samba"> 327<pre caption="Emerge Samba">
318# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i> 328# <i>echo "net-fs/samba readline cups pam" &gt;&gt; /etc/portage/package.use</i>
319# <i>emerge net-fs/samba</i> 329# <i>emerge net-fs/samba</i>
320</pre> 330</pre>
321 331
322<note>
323The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
324ppc, sparc, hppa, ia64 and alpha
325</note>
326
327<p>
328This will emerge Samba and CUPS (if CUPS is not already emerged).
329</p> 332<p>
330 333This will emerge Samba and CUPS.
331</body>
332</section>
333<section>
334<title>Emerging ClamAV</title>
335<body>
336
337<p> 334</p>
338Because the <e>oav</e> USE flag only provides an interface to allow on access
339virus scanning, the actual virus scanner must be emerged. The scanner used in
340this HOWTO is ClamAV.
341</p>
342
343<pre caption="Emerge Clamav">
344# <i>emerge app-antivirus/clamav</i>
345</pre>
346
347</body>
348</section>
349<section>
350<title>Emerging foomatic</title>
351<body>
352
353<pre caption="Emerge foomatic">
354# <i>emerge net-print/foomatic</i>
355</pre>
356 335
357</body> 336</body>
358</section> 337</section>
359<section> 338<section>
360<title>Emerging net-print/hplip</title> 339<title>Emerging net-print/hplip</title>
377<section> 356<section>
378<title>Configuring Samba</title> 357<title>Configuring Samba</title>
379<body> 358<body>
380 359
381<p> 360<p>
382The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is 361The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
383divided in sections indicated by [sectionname]. Comments are either 362divided in sections indicated by [sectionname]. Comments are either
384# or ;. A sample <path>smb.conf</path> is included below with comments and 363# or ;. A sample <path>smb.conf</path> is included below with comments and
385suggestions for modifications. If more details are required, see the man page 364suggestions for modifications. If more details are required, see the man page
386for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the 365for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
387Samba Web site or any of the numerous Samba books available. 366Samba Web site or any of the numerous Samba books available.
388</p> 367</p>
389 368
390<pre caption="A Sample /etc/samba/smb.conf"> 369<pre caption="A Sample /etc/samba/smb.conf">
391[global] 370[global]
392<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment> 371<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416hosts deny = 0.0.0.0/0 395hosts deny = 0.0.0.0/0
417<comment># Other options for this are USER, DOMAIN, ADS, and SERVER 396<comment># Other options for this are USER, DOMAIN, ADS, and SERVER
418# The default is user</comment> 397# The default is user</comment>
419security = share 398security = share
420<comment># No passwords, so we're going to use a guest account!</comment> 399<comment># No passwords, so we're going to use a guest account!</comment>
421guest account = samba
422guest ok = yes 400guest ok = yes
423<comment># We now will implement the on access virus scanner.
424# NOTE: By putting this in our [Global] section, we enable
425# scanning of ALL shares, you could optionally move
426# these to a specific share and only scan it.</comment>
427
428<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
429vfs object = vscan-clamav
430vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
431 401
432<comment># Now we setup our print drivers information!</comment> 402<comment># Now we setup our print drivers information!</comment>
433[print$] 403[print$]
434comment = Printer Drivers 404comment = Printer Drivers
435path = /etc/samba/printer <comment># this path holds the driver structure</comment> 405path = /etc/samba/printer <comment># this path holds the driver structure</comment>
450guest ok = yes 420guest ok = yes
451<comment># Modify this to "username,root" if you don't want root to 421<comment># Modify this to "username,root" if you don't want root to
452# be the only printer admin)</comment> 422# be the only printer admin)</comment>
453printer admin = <i>root</i> 423printer admin = <i>root</i>
454 424
455<comment># Now we setup our printers share. This should be 425<comment># Now we setup our printers share. This should be
456# browseable, printable, public.</comment> 426# browseable, printable, public.</comment>
457[printers] 427[printers]
458comment = All Printers 428comment = All Printers
459browseable = no 429browseable = no
460printable = yes 430printable = yes
461writable = no 431writable = no
462public = yes 432public = yes
463guest ok = yes 433guest ok = yes
464path = /var/spool/samba 434path = /var/spool/samba
465<comment># Modify this to "username,root" if you don't want root to 435<comment># Modify this to "username,root" if you don't want root to
466# be the only printer admin)</comment> 436# be the only printer admin)</comment>
467printer admin = <i>root</i> 437printer admin = <i>root</i>
487arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c> 457arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
488or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you 458or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
489from a lot of problems. 459from a lot of problems.
490</warn> 460</warn>
491 461
492<warn>
493Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
494down the performance of your Samba server dramatically.
495</warn>
496
497<p> 462<p>
498Now create the directories required for the minimum configuration of Samba to 463Now create the directories required for the minimum configuration of Samba to
499share the installed printer throughout the network. 464share the installed printer throughout the network.
500</p> 465</p>
501 466
510to allow users to connect to the printer. Users must exist in the system's 475to allow users to connect to the printer. Users must exist in the system's
511<path>/etc/passwd</path> file. 476<path>/etc/passwd</path> file.
512</p> 477</p>
513 478
514<pre caption="Creating the users"> 479<pre caption="Creating the users">
515# <i>smbpasswd -a root</i> 480# <i>smbpasswd -a root</i>
516 481
517<comment>(If another user is to be a printer admin)</comment> 482<comment>(If another user is to be a printer admin)</comment>
518# <i>smbpasswd -a username</i> 483# <i>smbpasswd -a username</i>
519</pre> 484</pre>
520 485
521<p> 486<p>
522The Samba passwords need not be the same as the system passwords 487The Samba passwords need not be the same as the system passwords
523in <path>/etc/passwd</path>. 488in <path>/etc/passwd</path>.
524</p> 489</p>
525 490
526<p> 491<p>
527You will also need to update <path>/etc/nsswitch.conf</path> so that Windows 492You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
535</pre> 500</pre>
536 501
537</body> 502</body>
538</section> 503</section>
539<section> 504<section>
540<title>Configuring ClamAV</title>
541<body>
542
543<p>
544The configuration file specified to be used in <path>smb.conf</path> is
545<path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
546defaults, the infected file action may need to be changed.
547</p>
548
549<pre caption="/etc/samba/vscan-clamav.conf">
550[samba-vscan]
551<comment>; run-time configuration for vscan-samba using
552; clamd
553; all options are set to default values</comment>
554
555<comment>; do not scan files larger than X bytes. If set to 0 (default),
556; this feature is disable (i.e. all files are scanned)</comment>
557max file size = 0
558
559<comment>; log all file access (yes/no). If set to yes, every access will
560; be logged. If set to no (default), only access to infected files
561; will be logged</comment>
562verbose file logging = no
563
564<comment>; if set to yes (default), a file will be scanned while opening</comment>
565scan on open = yes
566<comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
567scan on close = yes
568
569<comment>; if communication to clamd fails, should access to file denied?
570; (default: yes)</comment>
571deny access on error = yes
572
573<comment>; if daemon fails with a minor error (corruption, etc.),
574; should access to file denied?
575; (default: yes)</comment>
576deny access on minor error = yes
577
578<comment>; send a warning message via Windows Messenger service
579; when virus is found?
580; (default: yes)</comment>
581send warning message = yes
582
583<comment>; what to do with an infected file
584; quarantine: try to move to quantine directory; delete it if moving fails
585; delete: delete infected file
586; nothing: do nothing</comment>
587infected file action = <comment>delete</comment>
588
589<comment>; where to put infected files - you really want to change this!
590; it has to be on the same physical device as the share!</comment>
591quarantine directory = /tmp
592<comment>; prefix for files in quarantine</comment>
593quarantine prefix = vir-
594
595<comment>; as Windows tries to open a file multiple time in a (very) short time
596; of period, samba-vscan use a last recently used file mechanism to avoid
597; multiple scans of a file. This setting specified the maximum number of
598; elements of the last recently used file list. (default: 100)</comment>
599max lru files entries = 100
600
601<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
602; (Default: 5)</comment>
603lru file entry lifetime = 5
604
605<comment>; socket name of clamd (default: /var/run/clamd)</comment>
606clamd socket name = /tmp/clamd
607
608<comment>; port number the ScannerDaemon listens on</comment>
609oav port = 8127
610</pre>
611
612<p>
613It is generally a good idea to start the virus scanner immediately. Add it to
614the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
615The service has two processes: freshclam keeps the virus definition database up
616to date while clamd is the actual anti-virus daemon. First you may want to set
617the paths of the logfiles so that it fits your needs.
618</p>
619
620<pre caption="Checking the location of the logfiles">
621# <i>vim /etc/clamd.conf</i>
622<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
623# <i>vim /etc/freshclam.conf</i>
624<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
625# <i>vim /etc/conf.d/clamd</i>
626<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
627</pre>
628
629<p>
630Now fire up the virus scanner.
631</p>
632
633<pre caption="Add clamd to bootup and start it">
634# <i>rc-update add clamd default</i>
635# <i>/etc/init.d/clamd start</i>
636</pre>
637
638</body>
639</section>
640<section>
641<title>Configuring CUPS</title> 505<title>Configuring CUPS</title>
642<body> 506<body>
643 507
644<p> 508<p>
645This is a little more complicated. CUPS' main config file is 509This is a little more complicated. CUPS' main config file is
653ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment> 517ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
654 518
655AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> 519AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
656ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> 520ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
657 521
658LogLevel debug <comment># only while isntalling and testing, should later be 522LogLevel debug <comment># only while installing and testing, should later be
659 # changed to 'info'</comment> 523 # changed to 'info'</comment>
660 524
661MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, 525MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
662 # there seemed to be a bug in CUPS' controlling of the web interface, 526 # there seemed to be a bug in CUPS' controlling of the web interface,
663 # making CUPS think a denial of service attack was in progress when 527 # making CUPS think a denial of service attack was in progress when
664 # I tried to configure a printer with the web interface. weird.</comment> 528 # I tried to configure a printer with the web interface. weird.</comment>
665 529
666BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment> 530BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
667 531
668&lt;Location /&gt; 532&lt;Location /&gt;
669Order Deny,Allow 533Order Deny,Allow
670Deny From All 534Deny From All
671Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network 535Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
675 539
676&lt;Location /admin&gt; 540&lt;Location /admin&gt;
677AuthType Basic 541AuthType Basic
678AuthClass System 542AuthClass System
679Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the 543Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
680 # 192.168.1.0 network to connect and do 544 # 192.168.1.0 network to connect and do
681 # administrative tasks after authenticating</comment> 545 # administrative tasks after authenticating</comment>
682Order Deny,Allow 546Order Deny,Allow
683Deny From All 547Deny From All
684&lt;/Location&gt; 548&lt;/Location&gt;
685</pre> 549</pre>
686 550
687<p> 551<p>
688Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. 552Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. The changes to
689The changes to <path>mime.convs</path> and <path>mime.types</path> are 553<path>mime.convs</path> and <path>mime.types</path> are needed to make CUPS
690needed to make CUPS print Microsoft Office document files. 554print Microsoft Office document files.
691</p> 555</p>
692 556
693<pre caption="/etc/cups/mime.convs"> 557<pre caption="/etc/cups/mime.convs">
694<comment>(The following line is found near the end of the file. Uncomment it)</comment> 558<comment>(The following line is found near the end of the file. Uncomment it)</comment>
695application/octet-stream application/vnd.cups-raw 0 559application/octet-stream application/vnd.cups-raw 0
696</pre> 560</pre>
697 561
698<p> 562<p>
699Edit <path>/etc/cups/mime.types</path> to uncomment some lines. 563Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
700</p> 564</p>
701 565
702<pre caption="/etc/cups/mime.types"> 566<pre caption="/etc/cups/mime.types">
703<comment>(The following line is found near the end of the file. Uncomment it)</comment> 567<comment>(The following line is found near the end of the file. Uncomment it)</comment>
704application/octet-stream 568application/octet-stream
705</pre> 569</pre>
706 570
707<p> 571<p>
708CUPS needs to be started on boot, and started immediately. 572CUPS needs to be started on boot, and started immediately.
709</p> 573</p>
710 574
711<pre caption="Setting up the CUPS service" > 575<pre caption="Setting up the CUPS service" >
712<comment>(To start CUPS on boot)</comment> 576<comment>(To start CUPS on boot)</comment>
713# <i>rc-update add cupsd default</i> 577# <i>rc-update add cupsd default</i>
764<section> 628<section>
765<title>Installing the Windows printer drivers</title> 629<title>Installing the Windows printer drivers</title>
766<body> 630<body>
767 631
768<p> 632<p>
769Now that the printer should be working it is time to install the drivers for the 633Now that the printer should be working it is time to install the drivers for
770Windows clients to work. Samba 2.2 introduced this functionality. Browsing to 634the Windows clients to work. Samba 2.2 introduced this functionality. Browsing
771the print server in the Network Neighbourhood, right-clicking on the 635to the print server in the Network Neighbourhood, right-clicking on the
772printershare and selecting "connect" downloads the appropriate drivers 636printershare and selecting "connect" downloads the appropriate drivers
773automagically to the connecting client, avoiding the hassle of manually 637automagically to the connecting client, avoiding the hassle of manually
774installing printer drivers locally. 638installing printer drivers locally.
775</p> 639</p>
776 640
777<p> 641<p>
778There are two sets of printer drivers for this. First, the Adobe PS drivers 642There are two sets of printer drivers for this. First, the Adobe PS drivers
779which can be obtained from <uri 643which can be obtained from <uri
780link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript 644link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
781printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri 645printer drivers). Second, there are the CUPS PS drivers, to be obtained by
782link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>. 646emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
647so you may need to add it to <path>/etc/portage/package.keywords</path>. There
783There doesn't seem to be a difference between the functionality of the two, but 648doesn't seem to be a difference between the functionality of the two, but the
784the Adobe PS drivers need to be extracted on a Windows System since it's a 649Adobe PS drivers need to be extracted on a Windows System since it's a Windows
785Windows binary. Also the whole procedure of finding and copying the correct 650binary. Also the whole procedure of finding and copying the correct files is a
786files is a bit more hassle. The CUPS drivers seem to support some options the 651bit more hassle. The CUPS drivers support some options the Adobe drivers
787Adobe drivers don't. 652don't.
788</p>
789<!--
790used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
791available. at some point, we should update this for 6.0.
792-->
793
794<p> 653</p>
795This HOWTO uses the CUPS drivers for Windows. The downloaded file is 654
796called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
797contained into a directory.
798</p> 655<p>
799 656This HOWTO uses the CUPS drivers for Windows. Install them as shown:
800<pre caption="Extract the drivers and run the install">
801# <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
802# <i>cd cups-samba-5.0rc2</i>
803<comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
804# <i>./cups-samba.install</i>
805</pre>
806
807<p> 657</p>
808<path>cups-samba.ss</path> is a TAR archive containing three files:
809<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
810<path>cupsui5.dll</path>. These are the actual driver files.
811</p>
812 658
813<warn>
814The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
815because almost everything which is not part of the base system is installed
816somewhere under the prefix <path>/usr/local/</path>. This seems not to be the
817case for most things you install under GNU/Linux. However, if your CUPS
818installation is somewhere other than <path>/usr/share/cups/</path> see the
819example below.
820</warn>
821
822<p>
823Suppose your CUPS installation resides under
824<path>/usr/local/share/cups/</path>, and you want to install the drivers there.
825Do the following:
826</p>
827
828<pre caption="Manually installing the drivers"> 659<pre caption="Install the drivers">
829# <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i> 660# <i>emerge -av cups-windows</i>
830# <i>tar -xf cups-samba.ss</i>
831<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
832# <i>cd usr/share/cups/drivers</i>
833<comment>(no leading / !)</comment>
834# <i>cp cups* /usr/local/share/cups/drivers</i>
835# <i>/etc/init.d/cupsd restart</i>
836</pre> 661</pre>
837 662
838<p> 663<p>
839Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution. 664Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840Its man page is an interesting read. 665Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
666Windows drivers you'll need to copy to the proper CUPS directory. Once you've
667copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
668Next, run <c>cupsaddsmb</c> as shown:
841</p> 669</p>
842 670
843<pre caption="Run cupsaddsmb"> 671<pre caption="Run cupsaddsmb">
844# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i> 672# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845<comment>(Instead of HPDeskJet930C you could also specify "-a", which will 673<comment>(Instead of HPDeskJet930C you could also specify "-a", which will
1025</section> 853</section>
1026<section> 854<section>
1027<title>Mounting a Windows or Samba share in GNU/Linux</title> 855<title>Mounting a Windows or Samba share in GNU/Linux</title>
1028<body> 856<body>
1029 857
858<note>
859Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the
860client(s) that will be accessing the shares.
861</note>
862
1030<p> 863<p>
1031Now is time to configure our kernel to support smbfs. Since I'm assumming we've 864Now is time to configure our kernel to support CIFS. Since I'm assuming
1032all compiled at least one kernel, we'll need to make sure we have all the right 865we've all compiled at least one kernel, we'll need to make sure we have all the
1033options selected in our kernel. For simplicity's sake, make it a module for ease 866right options selected in our kernel. For simplicity's sake, make it a module
1034of use. It is the author's opinion that kernel modules are a good thing and 867for ease of use. It is the author's opinion that kernel modules are a good thing
1035should be used whenever possible. 868and should be used whenever possible.
1036</p>
1037
1038<pre caption="Relevant kernel options" >
1039CONFIG_SMB_FS=m
1040CONFIG_SMB_UNIX=y
1041</pre>
1042
1043<p> 869</p>
870
871<pre caption="Kernel support" >
872CONFIG_CIFS=m
873</pre>
874
875<p>
1044Then make the module/install it; insert them with: 876Then make the module/install it; insert it with:
1045</p> 877</p>
1046 878
1047<pre caption="Loading the kernel module"> 879<pre caption="Loading the kernel module">
1048# <i>modprobe smbfs</i> 880# <i>modprobe cifs</i>
1049</pre> 881</pre>
1050 882
1051<p> 883<p>
1052Once the module is loaded, mounting a Windows or Samba share is possible. Use 884Once the module is loaded, mounting a Windows or Samba share is possible. Use
1053<c>mount</c> to accomplish this, as detailed below: 885<c>mount</c> to accomplish this, as detailed below:
1054</p> 886</p>
1055 887
1056<pre caption="Mounting a Windows/Samba share"> 888<pre caption="Mounting a Windows/Samba share">
1057<comment>(The syntax for mounting a Windows/Samba share is: 889<comment>(The syntax for mounting a Windows/Samba share is:
1058 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point 890 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1059If we are not using passwords or a password is not needed)</comment> 891If we are not using passwords or a password is not needed)</comment>
1060 892
1061# <i>mount -t smbfs //PrintServer/public /mnt/public</i> 893# <i>mount -t cifs //PrintServer/public /mnt/public</i>
1062 894
1063<comment>(If a password is needed)</comment> 895<comment>(If a password is needed)</comment>
1064# <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i> 896# <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1065</pre> 897</pre>
1066 898
1067<p> 899<p>
1068After you mount the share, you would access it as if it were a local drive. 900After you mount the share, you would access it as if it were a local drive.
1069</p> 901</p>
1091<title>A Fond Farewell</title> 923<title>A Fond Farewell</title>
1092<body> 924<body>
1093 925
1094<p> 926<p>
1095That should be it. You should now have a successful printing enviroment that is 927That should be it. You should now have a successful printing enviroment that is
1096friendly to both Windows and *nix as well as a fully virus-free working share! 928friendly to both Windows and *nix as well as a working share!
1097</p> 929</p>
1098 930
1099</body> 931</body>
1100</section> 932</section>
1101</chapter> 933</chapter>

Legend:
Removed from v.1.29  
changed lines
  Added in v.1.41

  ViewVC Help
Powered by ViewVC 1.1.20