/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.39 Revision 1.40
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.39 2007/12/20 19:13:21 swift Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.40 2008/05/02 04:46:22 nightmorph Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 4
5<guide link="/doc/en/quick-samba-howto.xml"> 5<guide link="/doc/en/quick-samba-howto.xml">
6 6
7<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title> 7<title>Gentoo Samba3/CUPS HOWTO</title>
8 8
9<author title="Author"> 9<author title="Author">
10 Andreas "daff" Ntaflos <!--daff at dword dot org--> 10 Andreas "daff" Ntaflos <!--daff at dword dot org-->
11</author> 11</author>
12<author title="Author"> 12<author title="Author">
15<author title="Editor"> 15<author title="Editor">
16 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail> 16 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
17</author> 17</author>
18 18
19<abstract> 19<abstract>
20Setup, install and configure a Samba Server under Gentoo that shares files, 20Setup, install and configure a Samba server under Gentoo that shares files and
21printers without the need to install drivers and provides automatic virus 21printers without the need to install drivers.
22scanning.
23</abstract> 22</abstract>
24 23
25<!-- The content of this document is licensed under the CC-BY-SA license --> 24<!-- The content of this document is licensed under the CC-BY-SA license -->
26<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> 25<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
27<license/> 26<license/>
28 27
29<version>1.24</version> 28<version>1.25</version>
30<date>2007-12-20</date> 29<date>2008-05-01</date>
31 30
32<chapter> 31<chapter>
33<title>Introduction to this HOWTO</title> 32<title>Introduction to this HOWTO</title>
34<section> 33<section>
35<title>Purpose</title> 34<title>Purpose</title>
50 49
51<p> 50<p>
52This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to 51This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
53explore the functionality and power of the Gentoo system, portage and the 52explore the functionality and power of the Gentoo system, portage and the
54flexibility of USE flags. Like so many other projects, it was quickly discovered 53flexibility of USE flags. Like so many other projects, it was quickly discovered
55what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered 54what was missing in the Gentoo realm: there weren't any Samba HOWTOs catered
56for Gentoo users. These users are more demanding than most; they require 55for Gentoo users. These users are more demanding than most; they require
57performance, flexibility and customization. This does not however imply that 56performance, flexibility and customization. This does not however imply that
58this HOWTO was not intended for other distributions; rather that it was designed 57this HOWTO was not intended for other distributions; rather that it was designed
59to work with a highly customized version of Samba. 58to work with a highly customized version of Samba.
60</p> 59</p>
61 60
62<p> 61<p>
63This HOWTO will describe how to share files and printers between Windows PCs and 62This HOWTO will describe how to share files and printers between Windows PCs and
64*nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
65feature of Samba to incorporate automatic virus protection. As a finale, it will
66show you how to mount and manipulate shares. 63*nix PCs. It will also show you how to mount and manipulate shares.
67</p> 64</p>
68 65
69<p> 66<p>
70There are a few topics that will be mentioned, but are out of the scope of this 67There are a few topics that will be mentioned, but are out of the scope of this
71HOWTO. These will be noted as they are presented. 68HOWTO. These will be noted as they are presented.
111</p> 108</p>
112 109
113<ul> 110<ul>
114 <li>On the Samba server: 111 <li>On the Samba server:
115 <ul> 112 <ul>
116 <li>Install and configure ClamAV</li>
117 <li>Install and configure Samba</li> 113 <li>Install and configure Samba</li>
118 <li>Install and configure CUPS</li> 114 <li>Install and configure CUPS</li>
119 <li>Adding the printer to CUPS</li> 115 <li>Adding the printer to CUPS</li>
120 <li>Adding the PS drivers for the Windows clients</li> 116 <li>Adding the PS drivers for the Windows clients</li>
121 </ul> 117 </ul>
145We will need the following: 141We will need the following:
146</p> 142</p>
147 143
148<ul> 144<ul>
149 <li>net-fs/samba</li> 145 <li>net-fs/samba</li>
150 <li>app-antivirus/clamav</li>
151 <li>net-print/cups</li> 146 <li>net-print/cups</li>
152 <li>net-print/foomatic</li> 147 <li>net-print/foomatic</li>
153 <li>net-print/hplip (if you have an HP printer)</li> 148 <li>net-print/hplip (if you have an HP printer)</li>
154 <li>A kernel of sorts (2.6)</li> 149 <li>A kernel of sorts (2.6)</li>
155 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li> 150 <li>A printer (PS or non-PS)</li>
156 <li> 151 <li>
157 A working network (home/office/etc) consisting of more than one machine) 152 A working network (home/office/etc) consisting of more than one machine)
158 </li> 153 </li>
159</ul> 154</ul>
160 155
161<p> 156<p>
162The main package we use here is net-fs/samba, however, you will need a kernel 157The main package we use here is <c>net-fs/samba</c>, however, you will need a
163with cifs support enabled in order to mount a samba or windows share from 158kernel with CIFS support enabled in order to mount a Samba or Windows share from
164another computer. CUPS will be emerged if it is not already. 159another computer. CUPS will be emerged if it is not already.
165app-antivirus/clamav will be used also, but others should be easily adapted to
166work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
167technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
168</p> 160</p>
169 161
170</body> 162</body>
171</section> 163</section>
172</chapter> 164</chapter>
181Before emerging anything, take a look at some of the various USE flags available 173Before emerging anything, take a look at some of the various USE flags available
182to Samba. 174to Samba.
183</p> 175</p>
184 176
185<pre caption="Samba uses the following USE Variables:"> 177<pre caption="Samba uses the following USE Variables:">
186kerberos acl cups ldap pam readline python oav winbind 178kerberos acl cups ldap pam readline python winbind
187</pre> 179</pre>
188 180
189<p> 181<p>
190Depending on the network topology and the specific requirements of the server, 182Depending on the network topology and the specific requirements of the server,
191the USE flags outlined below will define what to include or exclude from the 183the USE flags outlined below will define what to include or exclude from the
254 Python bindings API. Provides an API that will allow Python to interface 246 Python bindings API. Provides an API that will allow Python to interface
255 with Samba. 247 with Samba.
256 </ti> 248 </ti>
257</tr> 249</tr>
258<tr> 250<tr>
259 <th><b>oav</b></th>
260 <ti>
261 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
262 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
263 Symantec CarrierScan, and Trend Micro (VSAPI).
264 </ti>
265</tr>
266<tr>
267 <th><b>winbind</b></th> 251 <th><b>winbind</b></th>
268 <ti> 252 <ti>
269 Winbind allows for a unified logon within a Samba environment. It uses a 253 Winbind allows for a unified logon within a Samba environment. It uses a
270 Unix implementation of Windows RPC calls, PAM and the name service switch 254 Unix implementation of Windows RPC calls, PAM and the name service switch
271 (supported by the c library) to enable Windows NT domain users to appear and 255 (supported by the c library) to enable Windows NT domain users to appear and
316Hopefully now you can make an assessment of what you'll actually need in order 300Hopefully now you can make an assessment of what you'll actually need in order
317to use Samba with your particular setup. The setup used for this HOWTO is: 301to use Samba with your particular setup. The setup used for this HOWTO is:
318</p> 302</p>
319 303
320<ul> 304<ul>
321 <li>oav</li>
322 <li>cups</li> 305 <li>cups</li>
323 <li>readline</li> 306 <li>readline</li>
324 <li>pam</li> 307 <li>pam</li>
325</ul> 308</ul>
326 309
328To optimize performance, size and the time of the build, the USE flags are 311To optimize performance, size and the time of the build, the USE flags are
329specifically included or excluded. 312specifically included or excluded.
330</p> 313</p>
331 314
332<pre caption="Emerge Samba"> 315<pre caption="Emerge Samba">
333# <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i> 316# <i>echo "net-fs/samba readline cups pam" &gt;&gt; /etc/portage/package.use</i>
334# <i>emerge net-fs/samba</i> 317# <i>emerge net-fs/samba</i>
335</pre> 318</pre>
336 319
337<p> 320<p>
338This will emerge Samba and CUPS (if CUPS is not already emerged). 321This will emerge Samba and CUPS (if CUPS is not already emerged).
339</p> 322</p>
340
341</body>
342</section>
343<section>
344<title>Emerging ClamAV</title>
345<body>
346
347<p>
348Because the <e>oav</e> USE flag only provides an interface to allow on access
349virus scanning, the actual virus scanner must be emerged. The scanner used in
350this HOWTO is ClamAV.
351</p>
352
353<pre caption="Emerge Clamav">
354# <i>emerge app-antivirus/clamav</i>
355</pre>
356 323
357</body> 324</body>
358</section> 325</section>
359<section> 326<section>
360<title>Emerging foomatic</title> 327<title>Emerging foomatic</title>
427<comment># Other options for this are USER, DOMAIN, ADS, and SERVER 394<comment># Other options for this are USER, DOMAIN, ADS, and SERVER
428# The default is user</comment> 395# The default is user</comment>
429security = share 396security = share
430<comment># No passwords, so we're going to use a guest account!</comment> 397<comment># No passwords, so we're going to use a guest account!</comment>
431guest ok = yes 398guest ok = yes
432<comment># We now will implement the on access virus scanner.
433# NOTE: By putting this in our [Global] section, we enable
434# scanning of ALL shares, you could optionally move
435# these to a specific share and only scan it.</comment>
436
437<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
438vfs object = vscan-clamav
439vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
440 399
441<comment># Now we setup our print drivers information!</comment> 400<comment># Now we setup our print drivers information!</comment>
442[print$] 401[print$]
443comment = Printer Drivers 402comment = Printer Drivers
444path = /etc/samba/printer <comment># this path holds the driver structure</comment> 403path = /etc/samba/printer <comment># this path holds the driver structure</comment>
496arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c> 455arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
497or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you 456or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
498from a lot of problems. 457from a lot of problems.
499</warn> 458</warn>
500 459
501<warn>
502Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
503down the performance of your Samba server dramatically.
504</warn>
505
506<p> 460<p>
507Now create the directories required for the minimum configuration of Samba to 461Now create the directories required for the minimum configuration of Samba to
508share the installed printer throughout the network. 462share the installed printer throughout the network.
509</p> 463</p>
510 464
539 493
540<pre caption="Editing /etc/nsswitch.conf"> 494<pre caption="Editing /etc/nsswitch.conf">
541# <i>nano -w /etc/nsswitch.conf</i> 495# <i>nano -w /etc/nsswitch.conf</i>
542<comment>(Edit the hosts: line)</comment> 496<comment>(Edit the hosts: line)</comment>
543hosts: files dns <i>wins</i> 497hosts: files dns <i>wins</i>
544</pre>
545
546</body>
547</section>
548<section>
549<title>Configuring ClamAV</title>
550<body>
551
552<p>
553The configuration file specified to be used in <path>smb.conf</path> is
554<path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
555defaults, the infected file action may need to be changed.
556</p>
557
558<pre caption="/etc/samba/vscan-clamav.conf">
559[samba-vscan]
560<comment>; run-time configuration for vscan-samba using
561; clamd
562; all options are set to default values</comment>
563
564<comment>; do not scan files larger than X bytes. If set to 0 (default),
565; this feature is disable (i.e. all files are scanned)</comment>
566max file size = 0
567
568<comment>; log all file access (yes/no). If set to yes, every access will
569; be logged. If set to no (default), only access to infected files
570; will be logged</comment>
571verbose file logging = no
572
573<comment>; if set to yes (default), a file will be scanned while opening</comment>
574scan on open = yes
575<comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
576scan on close = yes
577
578<comment>; if communication to clamd fails, should access to file denied?
579; (default: yes)</comment>
580deny access on error = yes
581
582<comment>; if daemon fails with a minor error (corruption, etc.),
583; should access to file denied?
584; (default: yes)</comment>
585deny access on minor error = yes
586
587<comment>; send a warning message via Windows Messenger service
588; when virus is found?
589; (default: yes)</comment>
590send warning message = yes
591
592<comment>; what to do with an infected file
593; quarantine: try to move to quantine directory; delete it if moving fails
594; delete: delete infected file
595; nothing: do nothing</comment>
596infected file action = <comment>delete</comment>
597
598<comment>; where to put infected files - you really want to change this!
599; it has to be on the same physical device as the share!</comment>
600quarantine directory = /tmp
601<comment>; prefix for files in quarantine</comment>
602quarantine prefix = vir-
603
604<comment>; as Windows tries to open a file multiple time in a (very) short time
605; of period, samba-vscan use a last recently used file mechanism to avoid
606; multiple scans of a file. This setting specified the maximum number of
607; elements of the last recently used file list. (default: 100)</comment>
608max lru files entries = 100
609
610<comment>; an entry is invalidated after lru file entry lifetime (in seconds).
611; (Default: 5)</comment>
612lru file entry lifetime = 5
613
614<comment>; socket name of clamd (default: /var/run/clamd)</comment>
615clamd socket name = /tmp/clamd
616
617<comment>; port number the ScannerDaemon listens on</comment>
618oav port = 8127
619</pre>
620
621<p>
622It is generally a good idea to start the virus scanner immediately. Add it to
623the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
624The service has two processes: freshclam keeps the virus definition database up
625to date while clamd is the actual anti-virus daemon. First you may want to set
626the paths of the logfiles so that it fits your needs.
627</p>
628
629<pre caption="Checking the location of the logfiles">
630# <i>vim /etc/clamd.conf</i>
631<comment>(Check the line "LogFile /var/log/clamd.log")</comment>
632# <i>vim /etc/freshclam.conf</i>
633<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
634# <i>vim /etc/conf.d/clamd</i>
635<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
636</pre>
637
638<p>
639Now fire up the virus scanner.
640</p>
641
642<pre caption="Add clamd to bootup and start it">
643# <i>rc-update add clamd default</i>
644# <i>/etc/init.d/clamd start</i>
645</pre> 498</pre>
646 499
647</body> 500</body>
648</section> 501</section>
649<section> 502<section>
1004Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the 857Don't forget to install <c>net-fs/mount-cifs</c> or <c>net-fs/samba</c> on the
1005client(s) that will be accessing the shares. 858client(s) that will be accessing the shares.
1006</note> 859</note>
1007 860
1008<p> 861<p>
1009Now is time to configure our kernel to support cifs. Since I'm assuming 862Now is time to configure our kernel to support CIFS. Since I'm assuming
1010we've all compiled at least one kernel, we'll need to make sure we have all the 863we've all compiled at least one kernel, we'll need to make sure we have all the
1011right options selected in our kernel. For simplicity's sake, make it a module 864right options selected in our kernel. For simplicity's sake, make it a module
1012for ease of use. It is the author's opinion that kernel modules are a good thing 865for ease of use. It is the author's opinion that kernel modules are a good thing
1013and should be used whenever possible. 866and should be used whenever possible.
1014</p> 867</p>
1068<title>A Fond Farewell</title> 921<title>A Fond Farewell</title>
1069<body> 922<body>
1070 923
1071<p> 924<p>
1072That should be it. You should now have a successful printing enviroment that is 925That should be it. You should now have a successful printing enviroment that is
1073friendly to both Windows and *nix as well as a fully virus-free working share! 926friendly to both Windows and *nix as well as a working share!
1074</p> 927</p>
1075 928
1076</body> 929</body>
1077</section> 930</section>
1078</chapter> 931</chapter>

Legend:
Removed from v.1.39  
changed lines
  Added in v.1.40

  ViewVC Help
Powered by ViewVC 1.1.20