/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory | Revision Log | View Patch Patch

Revision 1.29		Revision 1.41
1	<?xml version='1.0' encoding='UTF-8'?>	1	<?xml version='1.0' encoding='UTF-8'?>
2	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.29 2007/06/06 23:23:35 nightmorph Exp $ -->	2	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.41 2009/01/26 07:30:42 nightmorph Exp $ -->
3	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">	3	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
		4
4	<guide link="/doc/en/quick-samba-howto.xml">	5	<guide link="/doc/en/quick-samba-howto.xml">
		6
5	<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>	7	<title>Gentoo Samba3/CUPS HOWTO</title>
		8
6	<author title="Author">	9	<author title="Author">
7	<mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>	10	Andreas "daff" Ntaflos <!--daff at dword dot org-->
8	</author>	11	</author>
9	<author title="Author">	12	<author title="Author">
10	<mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>	13	<mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11	</author>	14	</author>
		15	<author title="Editor">
		16	<mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
		17	</author>
12		18
13	<abstract>	19	<abstract>
14	Setup, install and configure a Samba Server under Gentoo that shares files,	20	Setup, install and configure a Samba server under Gentoo that shares files and
15	printers without the need to install drivers and provides automatic virus	21	printers without the need to install drivers.
16	scanning.
17	</abstract>	22	</abstract>
18		23
19	<!-- The content of this document is licensed under the CC-BY-SA license -->	24	<!-- The content of this document is licensed under the CC-BY-SA license -->
20	<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->	25	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
21	<license/>	26	<license/>
22		27
23	<version>1.17</version>	28	<version>1.26</version>
24	<date>2007-06-06</date>	29	<date>2009-01-25</date>
25		30
26	<chapter>	31	<chapter>
27	<title>Introduction to this HOWTO</title>	32	<title>Introduction to this HOWTO</title>
28	<section>	33	<section>
29	<title>Purpose</title>	34	<title>Purpose</title>
…		…
44		49
45	<p>	50	<p>
46	This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to	51	This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
47	explore the functionality and power of the Gentoo system, portage and the	52	explore the functionality and power of the Gentoo system, portage and the
48	flexibility of USE flags. Like so many other projects, it was quickly discovered	53	flexibility of USE flags. Like so many other projects, it was quickly discovered
49	what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered	54	what was missing in the Gentoo realm: there weren't any Samba HOWTOs catered
50	for Gentoo users. These users are more demanding than most; they require	55	for Gentoo users. These users are more demanding than most; they require
51	performance, flexibility and customization. This does not however imply that	56	performance, flexibility and customization. This does not however imply that
52	this HOWTO was not intended for other distributions; rather that it was designed	57	this HOWTO was not intended for other distributions; rather that it was designed
53	to work with a highly customized version of Samba.	58	to work with a highly customized version of Samba.
54	</p>	59	</p>
55		60
56	<p>	61	<p>
57	This HOWTO will describe how to share files and printers between Windows PCs and	62	This HOWTO will describe how to share files and printers between Windows PCs and
58	*nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
59	feature of Samba to incorporate automatic virus protection. As a finale, it will
60	show you how to mount and manipulate shares.	63	*nix PCs. It will also show you how to mount and manipulate shares.
61	</p>	64	</p>
62		65
63	<p>	66	<p>
64	There are a few topics that will be mentioned, but are out of the scope of this	67	There are a few topics that will be mentioned, but are out of the scope of this
65	HOWTO. These will be noted as they are presented.	68	HOWTO. These will be noted as they are presented.
66	</p>	69	</p>
67		70
68	<p>	71	<p>
69	This HOWTO is based on a compilation and merge of an excellent HOWTO provided in	72	This HOWTO is based on a compilation and merge of an excellent HOWTO provided
70	the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff"	73	in the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas
71	Ntaflos and the collected knowledge of Joshua Preston. The link to this	74	"daff" Ntaflos and the collected knowledge of Joshua Preston. The link to this
72	discussion is provided below for your reference:	75	discussion is provided below for your reference:
73	</p>	76	</p>
74		77
75	<ul>	78	<ul>
76	<li>	79	<li>
77	<uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO	80	<uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
78	CUPS+Samba: printing from Windows & Linux</uri>	81	CUPS+Samba: printing from Windows & Linux</uri>
79	</li>	82	</li>
80	</ul>	83	</ul>
81		84
82	</body>	85	</body>
…		…
105	</p>	108	</p>
106		109
107	<ul>	110	<ul>
108	<li>On the Samba server:	111	<li>On the Samba server:
109	<ul>	112	<ul>
110	<li>Install and configure ClamAV</li>
111	<li>Install and configure Samba</li>	113	<li>Install and configure Samba</li>
112	<li>Install and configure CUPS</li>	114	<li>Install and configure CUPS</li>
113	<li>Adding the printer to CUPS</li>	115	<li>Adding the printer to CUPS</li>
114	<li>Adding the PS drivers for the Windows clients</li>	116	<li>Adding the PS drivers for the Windows clients</li>
115	</ul>	117	</ul>
…		…
139	We will need the following:	141	We will need the following:
140	</p>	142	</p>
141		143
142	<ul>	144	<ul>
143	<li>net-fs/samba</li>	145	<li>net-fs/samba</li>
144	<li>app-antivirus/clamav</li>	146	<li>net-print/cups (built with the <c>ppds</c> USE flag)</li>
145	<li>net-print/cups</li>
146	<li>net-print/foomatic</li>
147	<li>net-print/hplip (if you have an HP printer)</li>	147	<li>net-print/hplip (if you have an HP printer)</li>
148	<li>A kernel of sorts (2.6)</li>	148	<li>A kernel of sorts (2.6)</li>
149	<li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>	149	<li>A printer (PS or non-PS)</li>
150	<li>	150	<li>
151	A working network (home/office/etc) consisting of more than one machine)	151	A working network (home/office/etc) consisting of more than one machine)
152	</li>	152	</li>
153	</ul>	153	</ul>
154		154
155	<p>	155	<p>
156	The main package we use here is net-fs/samba, however, you will need a kernel	156	The main package we use here is <c>net-fs/samba</c>, however, you will need a
157	with smbfs support enabled in order to mount a samba or windows share from	157	kernel with CIFS support enabled in order to mount a Samba or Windows share from
158	another computer. CUPS will be emerged if it is not already.	158	another computer. CUPS will be emerged if it is not already.
159	app-antivirus/clamav will be used also, but others should be easily adapted to
160	work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
161	technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
162	</p>	159	</p>
163		160
164	</body>	161	</body>
165	</section>	162	</section>
166	</chapter>	163	</chapter>
…		…
175	Before emerging anything, take a look at some of the various USE flags available	172	Before emerging anything, take a look at some of the various USE flags available
176	to Samba.	173	to Samba.
177	</p>	174	</p>
178		175
179	<pre caption="Samba uses the following USE Variables:">	176	<pre caption="Samba uses the following USE Variables:">
180	kerberos acl cups ldap pam readline python oav	177	kerberos acl cups ldap pam readline python winbind
181	</pre>	178	</pre>
182		179
183	<p>	180	<p>
184	Depending on the network topology and the specific requirements of the server,	181	Depending on the network topology and the specific requirements of the server,
185	the USE flags outlined below will define what to include or exclude from the	182	the USE flags outlined below will define what to include or exclude from the
…		…
192	<th>Description</th>	189	<th>Description</th>
193	</tr>	190	</tr>
194	<tr>	191	<tr>
195	<th><b>kerberos</b></th>	192	<th><b>kerberos</b></th>
196	<ti>	193	<ti>
197	Include support for Kerberos. The server will need this if it is	194	Include support for Kerberos. The server will need this if it is intended
198	intended to join an existing domain or Active Directory. See the note	195	to join an existing domain or Active Directory. See the note below for more
199	below for more information.	196	information.
200	</ti>	197	</ti>
201	</tr>	198	</tr>
202	<tr>	199	<tr>
203	<th><b>acl</b></th>	200	<th><b>acl</b></th>
204	<ti>	201	<ti>
205	Enables Access Control Lists. The ACL support in Samba uses a patched	202	Enables Access Control Lists. The ACL support in Samba uses a patched
206	ext2/ext3, or SGI's XFS in order to function properly as it extends more	203	ext2/ext3, or SGI's XFS in order to function properly as it extends more
207	detailed access to files or directories; much more so than typical *nix	204	detailed access to files or directories; much more so than typical *nix
208	GID/UID schemas.	205	GID/UID schemas.
209	</ti>	206	</ti>
210	</tr>	207	</tr>
211	<tr>	208	<tr>
212	<th><b>cups</b></th>	209	<th><b>cups</b></th>
…		…
227	</ti>	224	</ti>
228	</tr>	225	</tr>
229	<tr>	226	<tr>
230	<th><b>pam</b></th>	227	<th><b>pam</b></th>
231	<ti>	228	<ti>
232	Include support for pluggable authentication modules (PAM). This provides	229	Include support for pluggable authentication modules (PAM). This provides
233	the ability to authenticate users on the Samba Server, which is required if	230	the ability to authenticate users on the Samba Server, which is required if
234	users have to login to your server. The kerberos USE flag is recommended	231	users have to login to your server. The kerberos USE flag is recommended
235	along with this option.	232	along with this option.
236	</ti>	233	</ti>
237	</tr>	234	</tr>
…		…
248	Python bindings API. Provides an API that will allow Python to interface	245	Python bindings API. Provides an API that will allow Python to interface
249	with Samba.	246	with Samba.
250	</ti>	247	</ti>
251	</tr>	248	</tr>
252	<tr>	249	<tr>
253	<th><b>oav</b></th>	250	<th><b>winbind</b></th>
254	<ti>	251	<ti>
255	Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,	252	Winbind allows for a unified logon within a Samba environment. It uses a
256	Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),	253	Unix implementation of Windows RPC calls, PAM and the name service switch
257	Symantec CarrierScan, and Trend Micro (VSAPI).	254	(supported by the c library) to enable Windows NT domain users to appear and
		255	work as Unix users on a Unix system.
258	</ti>	256	</ti>
259	</tr>	257	</tr>
260	</table>	258	</table>
261		259
262	<p>	260	<p>
…		…
264	Samba functions include:	262	Samba functions include:
265	</p>	263	</p>
266		264
267	<ul>	265	<ul>
268	<li>	266	<li>
269	ACLs on ext2/3 are implemented through extended attributes (EAs). EA and	267	ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
270	ACL kernel options for ext2 and/or ext3 will need to be enabled	268	ACL kernel options for ext2 and/or ext3 will need to be enabled (depending
271	(depending on which file system is being used - both can be enabled).	269	on which file system is being used - both can be enabled).
272	</li>	270	</li>
273	<li>	271	<li>
274	While Active Directory, ACL, and PDC functions are out of the intended	272	While Active Directory, ACL, and PDC functions are out of the intended
275	scope of this HOWTO, you may find these links as helpful to your cause:	273	scope of this HOWTO, you may find these links as helpful to your cause:
276	<ul>	274	<ul>
…		…
292		290
293	<p>	291	<p>
294	First of all: be sure that all your hostnames resolve correctly. Either have a	292	First of all: be sure that all your hostnames resolve correctly. Either have a
295	working domain name system running on your network or appropriate entries in	293	working domain name system running on your network or appropriate entries in
296	your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames	294	your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
297	don't point to the correct machines.	295	don't point to the correct machines.
298	</p>	296	</p>
299		297
300	<p>	298	<p>
301	Hopefully now you can make an assessment of what you'll actually need in order	299	Hopefully now you can make an assessment of what you'll actually need in order
302	to use Samba with your particular setup. The setup used for this HOWTO is:	300	to use Samba with your particular setup. The setup used for this HOWTO is:
303	</p>	301	</p>
304		302
305	<ul>	303	<ul>
306	<li>oav</li>
307	<li>cups</li>	304	<li>cups</li>
308	<li>readline</li>	305	<li>readline</li>
309	<li>pam</li>	306	<li>pam</li>
310	</ul>	307	</ul>
311		308
312	<p>	309	<p>
313	To optimize performance, size and the time of the build, the USE flags are	310	To optimize performance, size and the time of the build, the USE flags are
314	specifically included or excluded.	311	specifically included or excluded.
315	</p>	312	</p>
316		313
		314	<p>
		315	First, add <c>ppds</c> to your USE flags to make sure that when CUPS is built,
		316	it has proper foomatic support:
		317	</p>
		318
		319	<pre caption="Adding ppds">
		320	# <i>echo "net-print/cups ppds" >> /etc/portage/package.use</i>
		321	</pre>
		322
		323	<p>
		324	Now, emerge Samba:
		325	</p>
		326
317	<pre caption="Emerge Samba">	327	<pre caption="Emerge Samba">
318	# <i>echo "net-fs/samba oav readline cups pam" >> /etc/portage/package.use</i>	328	# <i>echo "net-fs/samba readline cups pam" >> /etc/portage/package.use</i>
319	# <i>emerge net-fs/samba</i>	329	# <i>emerge net-fs/samba</i>
320	</pre>	330	</pre>
321		331
322	<note>
323	The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
324	ppc, sparc, hppa, ia64 and alpha
325	</note>
326
327	<p>
328	This will emerge Samba and CUPS (if CUPS is not already emerged).
329	</p>	332	<p>
330		333	This will emerge Samba and CUPS.
331	</body>
332	</section>
333	<section>
334	<title>Emerging ClamAV</title>
335	<body>
336
337	<p>	334	</p>
338	Because the <e>oav</e> USE flag only provides an interface to allow on access
339	virus scanning, the actual virus scanner must be emerged. The scanner used in
340	this HOWTO is ClamAV.
341	</p>
342
343	<pre caption="Emerge Clamav">
344	# <i>emerge app-antivirus/clamav</i>
345	</pre>
346
347	</body>
348	</section>
349	<section>
350	<title>Emerging foomatic</title>
351	<body>
352
353	<pre caption="Emerge foomatic">
354	# <i>emerge net-print/foomatic</i>
355	</pre>
356		335
357	</body>	336	</body>
358	</section>	337	</section>
359	<section>	338	<section>
360	<title>Emerging net-print/hplip</title>	339	<title>Emerging net-print/hplip</title>
…		…
377	<section>	356	<section>
378	<title>Configuring Samba</title>	357	<title>Configuring Samba</title>
379	<body>	358	<body>
380		359
381	<p>	360	<p>
382	The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is	361	The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
383	divided in sections indicated by [sectionname]. Comments are either	362	divided in sections indicated by [sectionname]. Comments are either
384	# or ;. A sample <path>smb.conf</path> is included below with comments and	363	# or ;. A sample <path>smb.conf</path> is included below with comments and
385	suggestions for modifications. If more details are required, see the man page	364	suggestions for modifications. If more details are required, see the man page
386	for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the	365	for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
387	Samba Web site or any of the numerous Samba books available.	366	Samba Web site or any of the numerous Samba books available.
388	</p>	367	</p>
389		368
390	<pre caption="A Sample /etc/samba/smb.conf">	369	<pre caption="A Sample /etc/samba/smb.conf">
391	[global]	370	[global]
392	<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>	371	<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
…		…
416	hosts deny = 0.0.0.0/0	395	hosts deny = 0.0.0.0/0
417	<comment># Other options for this are USER, DOMAIN, ADS, and SERVER	396	<comment># Other options for this are USER, DOMAIN, ADS, and SERVER
418	# The default is user</comment>	397	# The default is user</comment>
419	security = share	398	security = share
420	<comment># No passwords, so we're going to use a guest account!</comment>	399	<comment># No passwords, so we're going to use a guest account!</comment>
421	guest account = samba
422	guest ok = yes	400	guest ok = yes
423	<comment># We now will implement the on access virus scanner.
424	# NOTE: By putting this in our [Global] section, we enable
425	# scanning of ALL shares, you could optionally move
426	# these to a specific share and only scan it.</comment>
427
428	<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
429	vfs object = vscan-clamav
430	vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
431		401
432	<comment># Now we setup our print drivers information!</comment>	402	<comment># Now we setup our print drivers information!</comment>
433	[print$]	403	[print$]
434	comment = Printer Drivers	404	comment = Printer Drivers
435	path = /etc/samba/printer <comment># this path holds the driver structure</comment>	405	path = /etc/samba/printer <comment># this path holds the driver structure</comment>
…		…
450	guest ok = yes	420	guest ok = yes
451	<comment># Modify this to "username,root" if you don't want root to	421	<comment># Modify this to "username,root" if you don't want root to
452	# be the only printer admin)</comment>	422	# be the only printer admin)</comment>
453	printer admin = <i>root</i>	423	printer admin = <i>root</i>
454		424
455	<comment># Now we setup our printers share. This should be	425	<comment># Now we setup our printers share. This should be
456	# browseable, printable, public.</comment>	426	# browseable, printable, public.</comment>
457	[printers]	427	[printers]
458	comment = All Printers	428	comment = All Printers
459	browseable = no	429	browseable = no
460	printable = yes	430	printable = yes
461	writable = no	431	writable = no
462	public = yes	432	public = yes
463	guest ok = yes	433	guest ok = yes
464	path = /var/spool/samba	434	path = /var/spool/samba
465	<comment># Modify this to "username,root" if you don't want root to	435	<comment># Modify this to "username,root" if you don't want root to
466	# be the only printer admin)</comment>	436	# be the only printer admin)</comment>
467	printer admin = <i>root</i>	437	printer admin = <i>root</i>
…		…
487	arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>	457	arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
488	or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you	458	or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
489	from a lot of problems.	459	from a lot of problems.
490	</warn>	460	</warn>
491		461
492	<warn>
493	Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
494	down the performance of your Samba server dramatically.
495	</warn>
496
497	<p>	462	<p>
498	Now create the directories required for the minimum configuration of Samba to	463	Now create the directories required for the minimum configuration of Samba to
499	share the installed printer throughout the network.	464	share the installed printer throughout the network.
500	</p>	465	</p>
501		466
…		…
510	to allow users to connect to the printer. Users must exist in the system's	475	to allow users to connect to the printer. Users must exist in the system's
511	<path>/etc/passwd</path> file.	476	<path>/etc/passwd</path> file.
512	</p>	477	</p>
513		478
514	<pre caption="Creating the users">	479	<pre caption="Creating the users">
515	# <i>smbpasswd -a root</i>	480	# <i>smbpasswd -a root</i>
516		481
517	<comment>(If another user is to be a printer admin)</comment>	482	<comment>(If another user is to be a printer admin)</comment>
518	# <i>smbpasswd -a username</i>	483	# <i>smbpasswd -a username</i>
519	</pre>	484	</pre>
520		485
521	<p>	486	<p>
522	The Samba passwords need not be the same as the system passwords	487	The Samba passwords need not be the same as the system passwords
523	in <path>/etc/passwd</path>.	488	in <path>/etc/passwd</path>.
524	</p>	489	</p>
525		490
526	<p>	491	<p>
527	You will also need to update <path>/etc/nsswitch.conf</path> so that Windows	492	You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
…		…
535	</pre>	500	</pre>
536		501
537	</body>	502	</body>
538	</section>	503	</section>
539	<section>	504	<section>
540	<title>Configuring ClamAV</title>
541	<body>
542
543	<p>
544	The configuration file specified to be used in <path>smb.conf</path> is
545	<path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
546	defaults, the infected file action may need to be changed.
547	</p>
548
549	<pre caption="/etc/samba/vscan-clamav.conf">
550	[samba-vscan]
551	<comment>; run-time configuration for vscan-samba using
552	; clamd
553	; all options are set to default values</comment>
554
555	<comment>; do not scan files larger than X bytes. If set to 0 (default),
556	; this feature is disable (i.e. all files are scanned)</comment>
557	max file size = 0
558
559	<comment>; log all file access (yes/no). If set to yes, every access will
560	; be logged. If set to no (default), only access to infected files
561	; will be logged</comment>
562	verbose file logging = no
563
564	<comment>; if set to yes (default), a file will be scanned while opening</comment>
565	scan on open = yes
566	<comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
567	scan on close = yes
568
569	<comment>; if communication to clamd fails, should access to file denied?
570	; (default: yes)</comment>
571	deny access on error = yes
572
573	<comment>; if daemon fails with a minor error (corruption, etc.),
574	; should access to file denied?
575	; (default: yes)</comment>
576	deny access on minor error = yes
577
578	<comment>; send a warning message via Windows Messenger service
579	; when virus is found?
580	; (default: yes)</comment>
581	send warning message = yes
582
583	<comment>; what to do with an infected file
584	; quarantine: try to move to quantine directory; delete it if moving fails
585	; delete: delete infected file
586	; nothing: do nothing</comment>
587	infected file action = <comment>delete</comment>
588
589	<comment>; where to put infected files - you really want to change this!
590	; it has to be on the same physical device as the share!</comment>
591	quarantine directory = /tmp
592	<comment>; prefix for files in quarantine</comment>
593	quarantine prefix = vir-
594
595	<comment>; as Windows tries to open a file multiple time in a (very) short time
596	; of period, samba-vscan use a last recently used file mechanism to avoid
597	; multiple scans of a file. This setting specified the maximum number of
598	; elements of the last recently used file list. (default: 100)</comment>
599	max lru files entries = 100
600
601	<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
602	; (Default: 5)</comment>
603	lru file entry lifetime = 5
604
605	<comment>; socket name of clamd (default: /var/run/clamd)</comment>
606	clamd socket name = /tmp/clamd
607
608	<comment>; port number the ScannerDaemon listens on</comment>
609	oav port = 8127
610	</pre>
611
612	<p>
613	It is generally a good idea to start the virus scanner immediately. Add it to
614	the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
615	The service has two processes: freshclam keeps the virus definition database up
616	to date while clamd is the actual anti-virus daemon. First you may want to set
617	the paths of the logfiles so that it fits your needs.
618	</p>
619
620	<pre caption="Checking the location of the logfiles">
621	# <i>vim /etc/clamd.conf</i>
622	<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
623	# <i>vim /etc/freshclam.conf</i>
624	<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
625	# <i>vim /etc/conf.d/clamd</i>
626	<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
627	</pre>
628
629	<p>
630	Now fire up the virus scanner.
631	</p>
632
633	<pre caption="Add clamd to bootup and start it">
634	# <i>rc-update add clamd default</i>
635	# <i>/etc/init.d/clamd start</i>
636	</pre>
637
638	</body>
639	</section>
640	<section>
641	<title>Configuring CUPS</title>	505	<title>Configuring CUPS</title>
642	<body>	506	<body>
643		507
644	<p>	508	<p>
645	This is a little more complicated. CUPS' main config file is	509	This is a little more complicated. CUPS' main config file is
…		…
653	ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>	517	ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
654		518
655	AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>	519	AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
656	ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>	520	ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
657		521
658	LogLevel debug <comment># only while isntalling and testing, should later be	522	LogLevel debug <comment># only while installing and testing, should later be
659	# changed to 'info'</comment>	523	# changed to 'info'</comment>
660		524
661	MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,	525	MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
662	# there seemed to be a bug in CUPS' controlling of the web interface,	526	# there seemed to be a bug in CUPS' controlling of the web interface,
663	# making CUPS think a denial of service attack was in progress when	527	# making CUPS think a denial of service attack was in progress when
664	# I tried to configure a printer with the web interface. weird.</comment>	528	# I tried to configure a printer with the web interface. weird.</comment>
665		529
666	BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>	530	BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
667		531
668	<Location />	532	<Location />
669	Order Deny,Allow	533	Order Deny,Allow
670	Deny From All	534	Deny From All
671	Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network	535	Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
…		…
675		539
676	<Location /admin>	540	<Location /admin>
677	AuthType Basic	541	AuthType Basic
678	AuthClass System	542	AuthClass System
679	Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the	543	Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
680	# 192.168.1.0 network to connect and do	544	# 192.168.1.0 network to connect and do
681	# administrative tasks after authenticating</comment>	545	# administrative tasks after authenticating</comment>
682	Order Deny,Allow	546	Order Deny,Allow
683	Deny From All	547	Deny From All
684	</Location>	548	</Location>
685	</pre>	549	</pre>
686		550
687	<p>	551	<p>
688	Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.	552	Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. The changes to
689	The changes to <path>mime.convs</path> and <path>mime.types</path> are	553	<path>mime.convs</path> and <path>mime.types</path> are needed to make CUPS
690	needed to make CUPS print Microsoft Office document files.	554	print Microsoft Office document files.
691	</p>	555	</p>
692		556
693	<pre caption="/etc/cups/mime.convs">	557	<pre caption="/etc/cups/mime.convs">
694	<comment>(The following line is found near the end of the file. Uncomment it)</comment>	558	<comment>(The following line is found near the end of the file. Uncomment it)</comment>
695	application/octet-stream application/vnd.cups-raw 0	559	application/octet-stream application/vnd.cups-raw 0
696	</pre>	560	</pre>
697		561
698	<p>	562	<p>
699	Edit <path>/etc/cups/mime.types</path> to uncomment some lines.	563	Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
700	</p>	564	</p>
701		565
702	<pre caption="/etc/cups/mime.types">	566	<pre caption="/etc/cups/mime.types">
703	<comment>(The following line is found near the end of the file. Uncomment it)</comment>	567	<comment>(The following line is found near the end of the file. Uncomment it)</comment>
704	application/octet-stream	568	application/octet-stream
705	</pre>	569	</pre>
706		570
707	<p>	571	<p>
708	CUPS needs to be started on boot, and started immediately.	572	CUPS needs to be started on boot, and started immediately.
709	</p>	573	</p>
710		574
711	<pre caption="Setting up the CUPS service" >	575	<pre caption="Setting up the CUPS service" >
712	<comment>(To start CUPS on boot)</comment>	576	<comment>(To start CUPS on boot)</comment>
713	# <i>rc-update add cupsd default</i>	577	# <i>rc-update add cupsd default</i>
…		…
764	<section>	628	<section>
765	<title>Installing the Windows printer drivers</title>	629	<title>Installing the Windows printer drivers</title>
766	<body>	630	<body>
767		631
768	<p>	632	<p>
769	Now that the printer should be working it is time to install the drivers for the	633	Now that the printer should be working it is time to install the drivers for
770	Windows clients to work. Samba 2.2 introduced this functionality. Browsing to	634	the Windows clients to work. Samba 2.2 introduced this functionality. Browsing
771	the print server in the Network Neighbourhood, right-clicking on the	635	to the print server in the Network Neighbourhood, right-clicking on the
772	printershare and selecting "connect" downloads the appropriate drivers	636	printershare and selecting "connect" downloads the appropriate drivers
773	automagically to the connecting client, avoiding the hassle of manually	637	automagically to the connecting client, avoiding the hassle of manually
774	installing printer drivers locally.	638	installing printer drivers locally.
775	</p>	639	</p>
776		640
777	<p>	641	<p>
778	There are two sets of printer drivers for this. First, the Adobe PS drivers	642	There are two sets of printer drivers for this. First, the Adobe PS drivers
779	which can be obtained from <uri	643	which can be obtained from <uri
780	link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript	644	link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
781	printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri	645	printer drivers). Second, there are the CUPS PS drivers, to be obtained by
782	link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>.	646	emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
		647	so you may need to add it to <path>/etc/portage/package.keywords</path>. There
783	There doesn't seem to be a difference between the functionality of the two, but	648	doesn't seem to be a difference between the functionality of the two, but the
784	the Adobe PS drivers need to be extracted on a Windows System since it's a	649	Adobe PS drivers need to be extracted on a Windows System since it's a Windows
785	Windows binary. Also the whole procedure of finding and copying the correct	650	binary. Also the whole procedure of finding and copying the correct files is a
786	files is a bit more hassle. The CUPS drivers seem to support some options the	651	bit more hassle. The CUPS drivers support some options the Adobe drivers
787	Adobe drivers don't.	652	don't.
788	</p>
789	<!--
790	used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
791	available. at some point, we should update this for 6.0.
792	-->
793
794	<p>	653	</p>
795	This HOWTO uses the CUPS drivers for Windows. The downloaded file is	654
796	called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
797	contained into a directory.
798	</p>	655	<p>
799		656	This HOWTO uses the CUPS drivers for Windows. Install them as shown:
800	<pre caption="Extract the drivers and run the install">
801	# <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
802	# <i>cd cups-samba-5.0rc2</i>
803	<comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
804	# <i>./cups-samba.install</i>
805	</pre>
806
807	<p>	657	</p>
808	<path>cups-samba.ss</path> is a TAR archive containing three files:
809	<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
810	<path>cupsui5.dll</path>. These are the actual driver files.
811	</p>
812		658
813	<warn>
814	The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
815	because almost everything which is not part of the base system is installed
816	somewhere under the prefix <path>/usr/local/</path>. This seems not to be the
817	case for most things you install under GNU/Linux. However, if your CUPS
818	installation is somewhere other than <path>/usr/share/cups/</path> see the
819	example below.
820	</warn>
821
822	<p>
823	Suppose your CUPS installation resides under
824	<path>/usr/local/share/cups/</path>, and you want to install the drivers there.
825	Do the following:
826	</p>
827
828	<pre caption="Manually installing the drivers">	659	<pre caption="Install the drivers">
829	# <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>	660	# <i>emerge -av cups-windows</i>
830	# <i>tar -xf cups-samba.ss</i>
831	<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
832	# <i>cd usr/share/cups/drivers</i>
833	<comment>(no leading / !)</comment>
834	# <i>cp cups* /usr/local/share/cups/drivers</i>
835	# <i>/etc/init.d/cupsd restart</i>
836	</pre>	661	</pre>
837		662
838	<p>	663	<p>
839	Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.	664	Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840	Its man page is an interesting read.	665	Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
		666	Windows drivers you'll need to copy to the proper CUPS directory. Once you've
		667	copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
		668	Next, run <c>cupsaddsmb</c> as shown:
841	</p>	669	</p>
842		670
843	<pre caption="Run cupsaddsmb">	671	<pre caption="Run cupsaddsmb">
844	# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>	672	# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845	<comment>(Instead of HPDeskJet930C you could also specify "-a", which will	673	<comment>(Instead of HPDeskJet930C you could also specify "-a", which will
…		…
1025	</section>	853	</section>
1026	<section>	854	<section>
1027	<title>Mounting a Windows or Samba share in GNU/Linux</title>	855	<title>Mounting a Windows or Samba share in GNU/Linux</title>
1028	<body>	856	<body>
1029		857
		858	<note>
		859	Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the
		860	client(s) that will be accessing the shares.
		861	</note>
		862
1030	<p>	863	<p>
1031	Now is time to configure our kernel to support smbfs. Since I'm assumming we've	864	Now is time to configure our kernel to support CIFS. Since I'm assuming
1032	all compiled at least one kernel, we'll need to make sure we have all the right	865	we've all compiled at least one kernel, we'll need to make sure we have all the
1033	options selected in our kernel. For simplicity's sake, make it a module for ease	866	right options selected in our kernel. For simplicity's sake, make it a module
1034	of use. It is the author's opinion that kernel modules are a good thing and	867	for ease of use. It is the author's opinion that kernel modules are a good thing
1035	should be used whenever possible.	868	and should be used whenever possible.
1036	</p>
1037
1038	<pre caption="Relevant kernel options" >
1039	CONFIG_SMB_FS=m
1040	CONFIG_SMB_UNIX=y
1041	</pre>
1042
1043	<p>	869	</p>
		870
		871	<pre caption="Kernel support" >
		872	CONFIG_CIFS=m
		873	</pre>
		874
		875	<p>
1044	Then make the module/install it; insert them with:	876	Then make the module/install it; insert it with:
1045	</p>	877	</p>
1046		878
1047	<pre caption="Loading the kernel module">	879	<pre caption="Loading the kernel module">
1048	# <i>modprobe smbfs</i>	880	# <i>modprobe cifs</i>
1049	</pre>	881	</pre>
1050		882
1051	<p>	883	<p>
1052	Once the module is loaded, mounting a Windows or Samba share is possible. Use	884	Once the module is loaded, mounting a Windows or Samba share is possible. Use
1053	<c>mount</c> to accomplish this, as detailed below:	885	<c>mount</c> to accomplish this, as detailed below:
1054	</p>	886	</p>
1055		887
1056	<pre caption="Mounting a Windows/Samba share">	888	<pre caption="Mounting a Windows/Samba share">
1057	<comment>(The syntax for mounting a Windows/Samba share is:	889	<comment>(The syntax for mounting a Windows/Samba share is:
1058	mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point	890	mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1059	If we are not using passwords or a password is not needed)</comment>	891	If we are not using passwords or a password is not needed)</comment>
1060		892
1061	# <i>mount -t smbfs //PrintServer/public /mnt/public</i>	893	# <i>mount -t cifs //PrintServer/public /mnt/public</i>
1062		894
1063	<comment>(If a password is needed)</comment>	895	<comment>(If a password is needed)</comment>
1064	# <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>	896	# <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1065	</pre>	897	</pre>
1066		898
1067	<p>	899	<p>
1068	After you mount the share, you would access it as if it were a local drive.	900	After you mount the share, you would access it as if it were a local drive.
1069	</p>	901	</p>
…		…
1091	<title>A Fond Farewell</title>	923	<title>A Fond Farewell</title>
1092	<body>	924	<body>
1093		925
1094	<p>	926	<p>
1095	That should be it. You should now have a successful printing enviroment that is	927	That should be it. You should now have a successful printing enviroment that is
1096	friendly to both Windows and *nix as well as a fully virus-free working share!	928	friendly to both Windows and *nix as well as a working share!
1097	</p>	929	</p>
1098		930
1099	</body>	931	</body>
1100	</section>	932	</section>
1101	</chapter>	933	</chapter>

 Legend:



Removed from v.1.29
 


changed lines


 
Added in v.1.41
 Legend:



Removed from v.1.29
 


changed lines


 
Added in v.1.41
-Removed from v.1.29
+Added in v.1.41

	ViewVC Help
Powered by ViewVC 1.1.13