/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.29 Revision 1.43
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.29 2007/06/06 23:23:35 nightmorph Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 2<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4<guide link="/doc/en/quick-samba-howto.xml"> 3<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.43 2012/07/27 02:25:41 nightmorph Exp $ -->
4
5<guide>
5<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title> 6<title>Gentoo Samba3/CUPS HOWTO</title>
7
6<author title="Author"> 8<author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> 9 Andreas "daff" Ntaflos <!--daff at dword dot org-->
8</author> 10</author>
9<author title="Author"> 11<author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> 12 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11</author> 13</author>
14<author title="Editor">
15 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
16</author>
12 17
13<abstract> 18<abstract>
14Setup, install and configure a Samba Server under Gentoo that shares files, 19Setup, install and configure a Samba server under Gentoo that shares files and
15printers without the need to install drivers and provides automatic virus 20printers without the need to install drivers.
16scanning.
17</abstract> 21</abstract>
18 22
19<!-- The content of this document is licensed under the CC-BY-SA license --> 23<!-- The content of this document is licensed under the CC-BY-SA license -->
20<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 24<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
21<license/> 25<license/>
22 26
23<version>1.17</version> 27<version>3</version>
24<date>2007-06-06</date> 28<date>2012-07-26</date>
25 29
26<chapter> 30<chapter>
27<title>Introduction to this HOWTO</title> 31<title>Introduction to this HOWTO</title>
28<section> 32<section>
29<title>Purpose</title> 33<title>Purpose</title>
44 48
45<p> 49<p>
46This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to 50This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
47explore the functionality and power of the Gentoo system, portage and the 51explore the functionality and power of the Gentoo system, portage and the
48flexibility of USE flags. Like so many other projects, it was quickly discovered 52flexibility of USE flags. Like so many other projects, it was quickly discovered
49what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered 53what was missing in the Gentoo realm: there weren't any Samba HOWTOs catered
50for Gentoo users. These users are more demanding than most; they require 54for Gentoo users. These users are more demanding than most; they require
51performance, flexibility and customization. This does not however imply that 55performance, flexibility and customization. This does not however imply that
52this HOWTO was not intended for other distributions; rather that it was designed 56this HOWTO was not intended for other distributions; rather that it was designed
53to work with a highly customized version of Samba. 57to work with a highly customized version of Samba.
54</p> 58</p>
55 59
56<p> 60<p>
57This HOWTO will describe how to share files and printers between Windows PCs and 61This HOWTO will describe how to share files and printers between Windows PCs and
58*nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
59feature of Samba to incorporate automatic virus protection. As a finale, it will
60show you how to mount and manipulate shares. 62*nix PCs. It will also show you how to mount and manipulate shares.
61</p> 63</p>
62 64
63<p> 65<p>
64There are a few topics that will be mentioned, but are out of the scope of this 66There are a few topics that will be mentioned, but are out of the scope of this
65HOWTO. These will be noted as they are presented. 67HOWTO. These will be noted as they are presented.
66</p> 68</p>
67 69
68<p> 70<p>
69This HOWTO is based on a compilation and merge of an excellent HOWTO provided in 71This HOWTO is based on a compilation and merge of an excellent HOWTO provided
70the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff" 72in the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas
71Ntaflos and the collected knowledge of Joshua Preston. The link to this 73"daff" Ntaflos and the collected knowledge of Joshua Preston. The link to this
72discussion is provided below for your reference: 74discussion is provided below for your reference:
73</p> 75</p>
74 76
75<ul> 77<ul>
76 <li> 78 <li>
77 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO 79 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
78 CUPS+Samba: printing from Windows &amp; Linux</uri> 80 CUPS+Samba: printing from Windows &amp; Linux</uri>
79 </li> 81 </li>
80</ul> 82</ul>
81 83
82</body> 84</body>
105</p> 107</p>
106 108
107<ul> 109<ul>
108 <li>On the Samba server: 110 <li>On the Samba server:
109 <ul> 111 <ul>
110 <li>Install and configure ClamAV</li>
111 <li>Install and configure Samba</li> 112 <li>Install and configure Samba</li>
112 <li>Install and configure CUPS</li> 113 <li>Install and configure CUPS</li>
113 <li>Adding the printer to CUPS</li> 114 <li>Adding the printer to CUPS</li>
114 <li>Adding the PS drivers for the Windows clients</li> 115 <li>Adding the PS drivers for the Windows clients</li>
115 </ul> 116 </ul>
139We will need the following: 140We will need the following:
140</p> 141</p>
141 142
142<ul> 143<ul>
143 <li>net-fs/samba</li> 144 <li>net-fs/samba</li>
144 <li>app-antivirus/clamav</li> 145 <li>net-print/cups (built with the <c>ppds</c> USE flag)</li>
145 <li>net-print/cups</li>
146 <li>net-print/foomatic</li>
147 <li>net-print/hplip (if you have an HP printer)</li> 146 <li>net-print/hplip (if you have an HP printer)</li>
148 <li>A kernel of sorts (2.6)</li> 147 <li>A kernel of sorts (2.6)</li>
149 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li> 148 <li>A printer (PS or non-PS)</li>
150 <li> 149 <li>
151 A working network (home/office/etc) consisting of more than one machine) 150 A working network (home/office/etc) consisting of more than one machine)
152 </li> 151 </li>
153</ul> 152</ul>
154 153
155<p> 154<p>
156The main package we use here is net-fs/samba, however, you will need a kernel 155The main package we use here is <c>net-fs/samba</c>, however, you will need a
157with smbfs support enabled in order to mount a samba or windows share from 156kernel with CIFS support enabled in order to mount a Samba or Windows share from
158another computer. CUPS will be emerged if it is not already. 157another computer. CUPS will be emerged if it is not already.
159app-antivirus/clamav will be used also, but others should be easily adapted to
160work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
161technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
162</p> 158</p>
163 159
164</body> 160</body>
165</section> 161</section>
166</chapter> 162</chapter>
175Before emerging anything, take a look at some of the various USE flags available 171Before emerging anything, take a look at some of the various USE flags available
176to Samba. 172to Samba.
177</p> 173</p>
178 174
179<pre caption="Samba uses the following USE Variables:"> 175<pre caption="Samba uses the following USE Variables:">
180kerberos acl cups ldap pam readline python oav 176kerberos acl cups ldap pam readline python winbind
181</pre> 177</pre>
182 178
183<p> 179<p>
184Depending on the network topology and the specific requirements of the server, 180Depending on the network topology and the specific requirements of the server,
185the USE flags outlined below will define what to include or exclude from the 181the USE flags outlined below will define what to include or exclude from the
192 <th>Description</th> 188 <th>Description</th>
193</tr> 189</tr>
194<tr> 190<tr>
195 <th><b>kerberos</b></th> 191 <th><b>kerberos</b></th>
196 <ti> 192 <ti>
197 Include support for Kerberos. The server will need this if it is 193 Include support for Kerberos. The server will need this if it is intended
198 intended to join an existing domain or Active Directory. See the note 194 to join an existing domain or Active Directory. See the note below for more
199 below for more information. 195 information.
200 </ti> 196 </ti>
201</tr> 197</tr>
202<tr> 198<tr>
203 <th><b>acl</b></th> 199 <th><b>acl</b></th>
204 <ti> 200 <ti>
205 Enables Access Control Lists. The ACL support in Samba uses a patched 201 Enables Access Control Lists. The ACL support in Samba uses a patched
206 ext2/ext3, or SGI's XFS in order to function properly as it extends more 202 ext2/ext3, or SGI's XFS in order to function properly as it extends more
207 detailed access to files or directories; much more so than typical *nix 203 detailed access to files or directories; much more so than typical *nix
208 GID/UID schemas. 204 GID/UID schemas.
209 </ti> 205 </ti>
210</tr> 206</tr>
211<tr> 207<tr>
212 <th><b>cups</b></th> 208 <th><b>cups</b></th>
227 </ti> 223 </ti>
228</tr> 224</tr>
229<tr> 225<tr>
230 <th><b>pam</b></th> 226 <th><b>pam</b></th>
231 <ti> 227 <ti>
232 Include support for pluggable authentication modules (PAM). This provides 228 Include support for pluggable authentication modules (PAM). This provides
233 the ability to authenticate users on the Samba Server, which is required if 229 the ability to authenticate users on the Samba Server, which is required if
234 users have to login to your server. The kerberos USE flag is recommended 230 users have to login to your server. The kerberos USE flag is recommended
235 along with this option. 231 along with this option.
236 </ti> 232 </ti>
237</tr> 233</tr>
248 Python bindings API. Provides an API that will allow Python to interface 244 Python bindings API. Provides an API that will allow Python to interface
249 with Samba. 245 with Samba.
250 </ti> 246 </ti>
251</tr> 247</tr>
252<tr> 248<tr>
253 <th><b>oav</b></th> 249 <th><b>winbind</b></th>
254 <ti> 250 <ti>
255 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon, 251 Winbind allows for a unified logon within a Samba environment. It uses a
256 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI), 252 Unix implementation of Windows RPC calls, PAM and the name service switch
257 Symantec CarrierScan, and Trend Micro (VSAPI). 253 (supported by the c library) to enable Windows NT domain users to appear and
254 work as Unix users on a Unix system.
258 </ti> 255 </ti>
259</tr> 256</tr>
260</table> 257</table>
261 258
262<p> 259<p>
264Samba functions include: 261Samba functions include:
265</p> 262</p>
266 263
267<ul> 264<ul>
268 <li> 265 <li>
269 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and 266 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
270 ACL kernel options for ext2 and/or ext3 will need to be enabled 267 ACL kernel options for ext2 and/or ext3 will need to be enabled (depending
271 (depending on which file system is being used - both can be enabled). 268 on which file system is being used - both can be enabled).
272 </li> 269 </li>
273 <li> 270 <li>
274 While Active Directory, ACL, and PDC functions are out of the intended 271 While Active Directory, ACL, and PDC functions are out of the intended
275 scope of this HOWTO, you may find these links as helpful to your cause: 272 scope of this HOWTO, you may find these links as helpful to your cause:
276 <ul> 273 <ul>
292 289
293<p> 290<p>
294First of all: be sure that all your hostnames resolve correctly. Either have a 291First of all: be sure that all your hostnames resolve correctly. Either have a
295working domain name system running on your network or appropriate entries in 292working domain name system running on your network or appropriate entries in
296your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames 293your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
297don't point to the correct machines. 294don't point to the correct machines.
298</p> 295</p>
299 296
300<p> 297<p>
301Hopefully now you can make an assessment of what you'll actually need in order 298Hopefully now you can make an assessment of what you'll actually need in order
302to use Samba with your particular setup. The setup used for this HOWTO is: 299to use Samba with your particular setup. The setup used for this HOWTO is:
303</p> 300</p>
304 301
305<ul> 302<ul>
306 <li>oav</li>
307 <li>cups</li> 303 <li>cups</li>
308 <li>readline</li> 304 <li>readline</li>
309 <li>pam</li> 305 <li>pam</li>
310</ul> 306</ul>
311 307
312<p> 308<p>
313To optimize performance, size and the time of the build, the USE flags are 309To optimize performance, size and the time of the build, the USE flags are
314specifically included or excluded. 310specifically included or excluded.
315</p> 311</p>
316 312
313<p>
314First, add <c>ppds</c> to your USE flags to make sure that when CUPS is built,
315it has proper foomatic support:
316</p>
317
318<pre caption="Adding ppds">
319# <i>echo "net-print/cups ppds" &gt;&gt; /etc/portage/package.use</i>
320</pre>
321
322<p>
323Now, emerge Samba:
324</p>
325
317<pre caption="Emerge Samba"> 326<pre caption="Emerge Samba">
318# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i> 327# <i>echo "net-fs/samba readline cups pam" &gt;&gt; /etc/portage/package.use</i>
319# <i>emerge net-fs/samba</i> 328# <i>emerge net-fs/samba</i>
320</pre> 329</pre>
321 330
322<note>
323The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
324ppc, sparc, hppa, ia64 and alpha
325</note>
326
327<p>
328This will emerge Samba and CUPS (if CUPS is not already emerged).
329</p> 331<p>
330 332This will emerge Samba and CUPS.
331</body>
332</section>
333<section>
334<title>Emerging ClamAV</title>
335<body>
336
337<p> 333</p>
338Because the <e>oav</e> USE flag only provides an interface to allow on access
339virus scanning, the actual virus scanner must be emerged. The scanner used in
340this HOWTO is ClamAV.
341</p>
342
343<pre caption="Emerge Clamav">
344# <i>emerge app-antivirus/clamav</i>
345</pre>
346
347</body>
348</section>
349<section>
350<title>Emerging foomatic</title>
351<body>
352
353<pre caption="Emerge foomatic">
354# <i>emerge net-print/foomatic</i>
355</pre>
356 334
357</body> 335</body>
358</section> 336</section>
359<section> 337<section>
360<title>Emerging net-print/hplip</title> 338<title>Emerging net-print/hplip</title>
377<section> 355<section>
378<title>Configuring Samba</title> 356<title>Configuring Samba</title>
379<body> 357<body>
380 358
381<p> 359<p>
382The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is 360The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
383divided in sections indicated by [sectionname]. Comments are either 361divided in sections indicated by [sectionname]. Comments are either
384# or ;. A sample <path>smb.conf</path> is included below with comments and 362# or ;. A sample <path>smb.conf</path> is included below with comments and
385suggestions for modifications. If more details are required, see the man page 363suggestions for modifications. If more details are required, see the man page
386for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the 364for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
387Samba Web site or any of the numerous Samba books available. 365Samba Web site or any of the numerous Samba books available.
388</p> 366</p>
389 367
390<pre caption="A Sample /etc/samba/smb.conf"> 368<pre caption="A Sample /etc/samba/smb.conf">
391[global] 369[global]
392<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment> 370<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416hosts deny = 0.0.0.0/0 394hosts deny = 0.0.0.0/0
417<comment># Other options for this are USER, DOMAIN, ADS, and SERVER 395<comment># Other options for this are USER, DOMAIN, ADS, and SERVER
418# The default is user</comment> 396# The default is user</comment>
419security = share 397security = share
420<comment># No passwords, so we're going to use a guest account!</comment> 398<comment># No passwords, so we're going to use a guest account!</comment>
421guest account = samba
422guest ok = yes 399guest ok = yes
423<comment># We now will implement the on access virus scanner.
424# NOTE: By putting this in our [Global] section, we enable
425# scanning of ALL shares, you could optionally move
426# these to a specific share and only scan it.</comment>
427
428<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
429vfs object = vscan-clamav
430vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
431 400
432<comment># Now we setup our print drivers information!</comment> 401<comment># Now we setup our print drivers information!</comment>
433[print$] 402[print$]
434comment = Printer Drivers 403comment = Printer Drivers
435path = /etc/samba/printer <comment># this path holds the driver structure</comment> 404path = /etc/samba/printer <comment># this path holds the driver structure</comment>
450guest ok = yes 419guest ok = yes
451<comment># Modify this to "username,root" if you don't want root to 420<comment># Modify this to "username,root" if you don't want root to
452# be the only printer admin)</comment> 421# be the only printer admin)</comment>
453printer admin = <i>root</i> 422printer admin = <i>root</i>
454 423
455<comment># Now we setup our printers share. This should be 424<comment># Now we setup our printers share. This should be
456# browseable, printable, public.</comment> 425# browseable, printable, public.</comment>
457[printers] 426[printers]
458comment = All Printers 427comment = All Printers
459browseable = no 428browseable = no
460printable = yes 429printable = yes
461writable = no 430writable = no
462public = yes 431public = yes
463guest ok = yes 432guest ok = yes
464path = /var/spool/samba 433path = /var/spool/samba
465<comment># Modify this to "username,root" if you don't want root to 434<comment># Modify this to "username,root" if you don't want root to
466# be the only printer admin)</comment> 435# be the only printer admin)</comment>
467printer admin = <i>root</i> 436printer admin = <i>root</i>
487arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c> 456arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
488or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you 457or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
489from a lot of problems. 458from a lot of problems.
490</warn> 459</warn>
491 460
492<warn>
493Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
494down the performance of your Samba server dramatically.
495</warn>
496
497<p> 461<p>
498Now create the directories required for the minimum configuration of Samba to 462Now create the directories required for the minimum configuration of Samba to
499share the installed printer throughout the network. 463share the installed printer throughout the network.
500</p> 464</p>
501 465
510to allow users to connect to the printer. Users must exist in the system's 474to allow users to connect to the printer. Users must exist in the system's
511<path>/etc/passwd</path> file. 475<path>/etc/passwd</path> file.
512</p> 476</p>
513 477
514<pre caption="Creating the users"> 478<pre caption="Creating the users">
515# <i>smbpasswd -a root</i> 479# <i>smbpasswd -a root</i>
516 480
517<comment>(If another user is to be a printer admin)</comment> 481<comment>(If another user is to be a printer admin)</comment>
518# <i>smbpasswd -a username</i> 482# <i>smbpasswd -a username</i>
519</pre> 483</pre>
520 484
521<p> 485<p>
522The Samba passwords need not be the same as the system passwords 486The Samba passwords need not be the same as the system passwords
523in <path>/etc/passwd</path>. 487in <path>/etc/passwd</path>.
524</p> 488</p>
525 489
526<p> 490<p>
527You will also need to update <path>/etc/nsswitch.conf</path> so that Windows 491You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
535</pre> 499</pre>
536 500
537</body> 501</body>
538</section> 502</section>
539<section> 503<section>
540<title>Configuring ClamAV</title>
541<body>
542
543<p>
544The configuration file specified to be used in <path>smb.conf</path> is
545<path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
546defaults, the infected file action may need to be changed.
547</p>
548
549<pre caption="/etc/samba/vscan-clamav.conf">
550[samba-vscan]
551<comment>; run-time configuration for vscan-samba using
552; clamd
553; all options are set to default values</comment>
554
555<comment>; do not scan files larger than X bytes. If set to 0 (default),
556; this feature is disable (i.e. all files are scanned)</comment>
557max file size = 0
558
559<comment>; log all file access (yes/no). If set to yes, every access will
560; be logged. If set to no (default), only access to infected files
561; will be logged</comment>
562verbose file logging = no
563
564<comment>; if set to yes (default), a file will be scanned while opening</comment>
565scan on open = yes
566<comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
567scan on close = yes
568
569<comment>; if communication to clamd fails, should access to file denied?
570; (default: yes)</comment>
571deny access on error = yes
572
573<comment>; if daemon fails with a minor error (corruption, etc.),
574; should access to file denied?
575; (default: yes)</comment>
576deny access on minor error = yes
577
578<comment>; send a warning message via Windows Messenger service
579; when virus is found?
580; (default: yes)</comment>
581send warning message = yes
582
583<comment>; what to do with an infected file
584; quarantine: try to move to quantine directory; delete it if moving fails
585; delete: delete infected file
586; nothing: do nothing</comment>
587infected file action = <comment>delete</comment>
588
589<comment>; where to put infected files - you really want to change this!
590; it has to be on the same physical device as the share!</comment>
591quarantine directory = /tmp
592<comment>; prefix for files in quarantine</comment>
593quarantine prefix = vir-
594
595<comment>; as Windows tries to open a file multiple time in a (very) short time
596; of period, samba-vscan use a last recently used file mechanism to avoid
597; multiple scans of a file. This setting specified the maximum number of
598; elements of the last recently used file list. (default: 100)</comment>
599max lru files entries = 100
600
601<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
602; (Default: 5)</comment>
603lru file entry lifetime = 5
604
605<comment>; socket name of clamd (default: /var/run/clamd)</comment>
606clamd socket name = /tmp/clamd
607
608<comment>; port number the ScannerDaemon listens on</comment>
609oav port = 8127
610</pre>
611
612<p>
613It is generally a good idea to start the virus scanner immediately. Add it to
614the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
615The service has two processes: freshclam keeps the virus definition database up
616to date while clamd is the actual anti-virus daemon. First you may want to set
617the paths of the logfiles so that it fits your needs.
618</p>
619
620<pre caption="Checking the location of the logfiles">
621# <i>vim /etc/clamd.conf</i>
622<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
623# <i>vim /etc/freshclam.conf</i>
624<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
625# <i>vim /etc/conf.d/clamd</i>
626<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
627</pre>
628
629<p>
630Now fire up the virus scanner.
631</p>
632
633<pre caption="Add clamd to bootup and start it">
634# <i>rc-update add clamd default</i>
635# <i>/etc/init.d/clamd start</i>
636</pre>
637
638</body>
639</section>
640<section>
641<title>Configuring CUPS</title> 504<title>Configuring CUPS</title>
642<body> 505<body>
643 506
644<p> 507<p>
645This is a little more complicated. CUPS' main config file is 508This is a little more complicated. CUPS' main config file is
653ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment> 516ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
654 517
655AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> 518AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
656ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> 519ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
657 520
658LogLevel debug <comment># only while isntalling and testing, should later be 521LogLevel debug <comment># only while installing and testing, should later be
659 # changed to 'info'</comment> 522 # changed to 'info'</comment>
660 523
661MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, 524MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
662 # there seemed to be a bug in CUPS' controlling of the web interface, 525 # there seemed to be a bug in CUPS' controlling of the web interface,
663 # making CUPS think a denial of service attack was in progress when 526 # making CUPS think a denial of service attack was in progress when
664 # I tried to configure a printer with the web interface. weird.</comment> 527 # I tried to configure a printer with the web interface. weird.</comment>
665 528
666BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment> 529BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
667 530
668&lt;Location /&gt; 531&lt;Location /&gt;
669Order Deny,Allow 532Order Deny,Allow
670Deny From All 533Deny From All
671Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network 534Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
675 538
676&lt;Location /admin&gt; 539&lt;Location /admin&gt;
677AuthType Basic 540AuthType Basic
678AuthClass System 541AuthClass System
679Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the 542Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
680 # 192.168.1.0 network to connect and do 543 # 192.168.1.0 network to connect and do
681 # administrative tasks after authenticating</comment> 544 # administrative tasks after authenticating</comment>
682Order Deny,Allow 545Order Deny,Allow
683Deny From All 546Deny From All
684&lt;/Location&gt; 547&lt;/Location&gt;
685</pre> 548</pre>
686 549
687<p> 550<p>
688Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. 551Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. The changes to
689The changes to <path>mime.convs</path> and <path>mime.types</path> are 552<path>mime.convs</path> and <path>mime.types</path> are needed to make CUPS
690needed to make CUPS print Microsoft Office document files. 553print Microsoft Office document files.
691</p> 554</p>
692 555
693<pre caption="/etc/cups/mime.convs"> 556<pre caption="/etc/cups/mime.convs">
694<comment>(The following line is found near the end of the file. Uncomment it)</comment> 557<comment>(The following line is found near the end of the file. Uncomment it)</comment>
695application/octet-stream application/vnd.cups-raw 0 558application/octet-stream application/vnd.cups-raw 0
696</pre> 559</pre>
697 560
698<p> 561<p>
699Edit <path>/etc/cups/mime.types</path> to uncomment some lines. 562Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
700</p> 563</p>
701 564
702<pre caption="/etc/cups/mime.types"> 565<pre caption="/etc/cups/mime.types">
703<comment>(The following line is found near the end of the file. Uncomment it)</comment> 566<comment>(The following line is found near the end of the file. Uncomment it)</comment>
704application/octet-stream 567application/octet-stream
705</pre> 568</pre>
706 569
707<p> 570<p>
708CUPS needs to be started on boot, and started immediately. 571CUPS needs to be started on boot, and started immediately.
709</p> 572</p>
710 573
711<pre caption="Setting up the CUPS service" > 574<pre caption="Setting up the CUPS service" >
712<comment>(To start CUPS on boot)</comment> 575<comment>(To start CUPS on boot)</comment>
713# <i>rc-update add cupsd default</i> 576# <i>rc-update add cupsd default</i>
764<section> 627<section>
765<title>Installing the Windows printer drivers</title> 628<title>Installing the Windows printer drivers</title>
766<body> 629<body>
767 630
768<p> 631<p>
769Now that the printer should be working it is time to install the drivers for the 632Now that the printer should be working it is time to install the drivers for
770Windows clients to work. Samba 2.2 introduced this functionality. Browsing to 633the Windows clients to work. Samba 2.2 introduced this functionality. Browsing
771the print server in the Network Neighbourhood, right-clicking on the 634to the print server in the Network Neighbourhood, right-clicking on the
772printershare and selecting "connect" downloads the appropriate drivers 635printershare and selecting "connect" downloads the appropriate drivers
773automagically to the connecting client, avoiding the hassle of manually 636automagically to the connecting client, avoiding the hassle of manually
774installing printer drivers locally. 637installing printer drivers locally.
775</p> 638</p>
776 639
777<p> 640<p>
778There are two sets of printer drivers for this. First, the Adobe PS drivers 641There are two sets of printer drivers for this. First, the Adobe PS drivers
779which can be obtained from <uri 642which can be obtained from <uri
780link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript 643link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
781printer drivers). Second, there are the CUPS PS drivers, to be obtained <uri 644printer drivers). Second, there are the CUPS PS drivers, to be obtained by
782link="http://dev.gentoo.org/~nightmorph/misc/cups-samba-5.0rc2.tar.gz">here</uri>. 645emerging <c>net-print/cups-windows</c>. There doesn't seem to be a difference
783There doesn't seem to be a difference between the functionality of the two, but 646between the functionality of the two, but the Adobe PS drivers need to be
784the Adobe PS drivers need to be extracted on a Windows System since it's a 647extracted on a Windows System since it's a Windows binary. Also the whole
785Windows binary. Also the whole procedure of finding and copying the correct 648procedure of finding and copying the correct files is a bit more hassle. The
786files is a bit more hassle. The CUPS drivers seem to support some options the 649CUPS drivers support some options the Adobe drivers don't.
787Adobe drivers don't.
788</p>
789<!--
790used to be available at www.cups.org/articles.php?L142+p4, but only 6.0 is
791available. at some point, we should update this for 6.0.
792-->
793
794<p> 650</p>
795This HOWTO uses the CUPS drivers for Windows. The downloaded file is 651
796called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
797contained into a directory.
798</p> 652<p>
799 653This HOWTO uses the CUPS drivers for Windows. Install them as shown:
800<pre caption="Extract the drivers and run the install">
801# <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
802# <i>cd cups-samba-5.0rc2</i>
803<comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
804# <i>./cups-samba.install</i>
805</pre>
806
807<p> 654</p>
808<path>cups-samba.ss</path> is a TAR archive containing three files:
809<path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
810<path>cupsui5.dll</path>. These are the actual driver files.
811</p>
812 655
813<warn>
814The script <c>cups-samba.install</c> may not work for all *nixes (i.e. FreeBSD)
815because almost everything which is not part of the base system is installed
816somewhere under the prefix <path>/usr/local/</path>. This seems not to be the
817case for most things you install under GNU/Linux. However, if your CUPS
818installation is somewhere other than <path>/usr/share/cups/</path> see the
819example below.
820</warn>
821
822<p>
823Suppose your CUPS installation resides under
824<path>/usr/local/share/cups/</path>, and you want to install the drivers there.
825Do the following:
826</p>
827
828<pre caption="Manually installing the drivers"> 656<pre caption="Install the drivers">
829# <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i> 657# <i>emerge -av cups-windows</i>
830# <i>tar -xf cups-samba.ss</i>
831<comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
832# <i>cd usr/share/cups/drivers</i>
833<comment>(no leading / !)</comment>
834# <i>cp cups* /usr/local/share/cups/drivers</i>
835# <i>/etc/init.d/cupsd restart</i>
836</pre> 658</pre>
837 659
838<p> 660<p>
839Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution. 661Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
840Its man page is an interesting read. 662Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
663Windows drivers you'll need to copy to the proper CUPS directory. Once you've
664copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
665Next, run <c>cupsaddsmb</c> as shown:
841</p> 666</p>
842 667
843<pre caption="Run cupsaddsmb"> 668<pre caption="Run cupsaddsmb">
844# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i> 669# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
845<comment>(Instead of HPDeskJet930C you could also specify "-a", which will 670<comment>(Instead of HPDeskJet930C you could also specify "-a", which will
1025</section> 850</section>
1026<section> 851<section>
1027<title>Mounting a Windows or Samba share in GNU/Linux</title> 852<title>Mounting a Windows or Samba share in GNU/Linux</title>
1028<body> 853<body>
1029 854
855<note>
856Don't forget to install <c>net-fs/samba</c> on the client(s) that will be
857accessing the shares.
858</note>
859
1030<p> 860<p>
1031Now is time to configure our kernel to support smbfs. Since I'm assumming we've 861Now is time to configure our kernel to support CIFS. Since I'm assuming
1032all compiled at least one kernel, we'll need to make sure we have all the right 862we've all compiled at least one kernel, we'll need to make sure we have all the
1033options selected in our kernel. For simplicity's sake, make it a module for ease 863right options selected in our kernel. For simplicity's sake, make it a module
1034of use. It is the author's opinion that kernel modules are a good thing and 864for ease of use. It is the author's opinion that kernel modules are a good thing
1035should be used whenever possible. 865and should be used whenever possible.
1036</p>
1037
1038<pre caption="Relevant kernel options" >
1039CONFIG_SMB_FS=m
1040CONFIG_SMB_UNIX=y
1041</pre>
1042
1043<p> 866</p>
867
868<pre caption="Kernel support" >
869CONFIG_CIFS=m
870</pre>
871
872<p>
1044Then make the module/install it; insert them with: 873Then make the module/install it; insert it with:
1045</p> 874</p>
1046 875
1047<pre caption="Loading the kernel module"> 876<pre caption="Loading the kernel module">
1048# <i>modprobe smbfs</i> 877# <i>modprobe cifs</i>
1049</pre> 878</pre>
1050 879
1051<p> 880<p>
1052Once the module is loaded, mounting a Windows or Samba share is possible. Use 881Once the module is loaded, mounting a Windows or Samba share is possible. Use
1053<c>mount</c> to accomplish this, as detailed below: 882<c>mount</c> to accomplish this, as detailed below:
1054</p> 883</p>
1055 884
1056<pre caption="Mounting a Windows/Samba share"> 885<pre caption="Mounting a Windows/Samba share">
1057<comment>(The syntax for mounting a Windows/Samba share is: 886<comment>(The syntax for mounting a Windows/Samba share is:
1058 mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point 887 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1059If we are not using passwords or a password is not needed)</comment> 888If we are not using passwords or a password is not needed)</comment>
1060 889
1061# <i>mount -t smbfs //PrintServer/public /mnt/public</i> 890# <i>mount -t cifs //PrintServer/public /mnt/public</i>
1062 891
1063<comment>(If a password is needed)</comment> 892<comment>(If a password is needed)</comment>
1064# <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i> 893# <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1065</pre> 894</pre>
1066 895
1067<p> 896<p>
1068After you mount the share, you would access it as if it were a local drive. 897After you mount the share, you would access it as if it were a local drive.
1069</p> 898</p>
1091<title>A Fond Farewell</title> 920<title>A Fond Farewell</title>
1092<body> 921<body>
1093 922
1094<p> 923<p>
1095That should be it. You should now have a successful printing enviroment that is 924That should be it. You should now have a successful printing enviroment that is
1096friendly to both Windows and *nix as well as a fully virus-free working share! 925friendly to both Windows and *nix as well as a working share!
1097</p> 926</p>
1098 927
1099</body> 928</body>
1100</section> 929</section>
1101</chapter> 930</chapter>

Legend:
Removed from v.1.29  
changed lines
  Added in v.1.43

  ViewVC Help
Powered by ViewVC 1.1.20