/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.35 - (show annotations) (download) (as text)
Sun Oct 14 19:10:05 2007 UTC (8 years, 11 months ago) by nightmorph
Branch: MAIN
Changes since 1.34: +9 -7 lines
File MIME type: application/xml
additional clarification and reworked instructions for bug 195844

1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.34 2007/09/15 16:47:56 swift Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 <guide link="/doc/en/quick-samba-howto.xml">
5 <title>Gentoo Samba3/CUPS/ClamAV HOWTO</title>
6 <author title="Author">
7 <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8 </author>
9 <author title="Author">
10 <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11 </author>
12 <author title="Editor">
13 <mail link="nightmorph@gentoo.org">Joshua Saddler</mail>
14 </author>
15
16 <abstract>
17 Setup, install and configure a Samba Server under Gentoo that shares files,
18 printers without the need to install drivers and provides automatic virus
19 scanning.
20 </abstract>
21
22 <!-- The content of this document is licensed under the CC-BY-SA license -->
23 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
24 <license/>
25
26 <version>1.22</version>
27 <date>2007-10-14</date>
28
29 <chapter>
30 <title>Introduction to this HOWTO</title>
31 <section>
32 <title>Purpose</title>
33 <body>
34
35 <p>
36 This HOWTO is designed to help you move a network from many different clients
37 speaking different languages, to many different machines that speak a common
38 language. The ultimate goal is to help differing architectures and technologies,
39 come together in a productive, happily coexisting environment.
40 </p>
41
42 <p>
43 Following the directions outlined in this HOWTO should give you an excellent
44 step towards a peaceful cohabitation between Windows, and virtually all known
45 variations of *nix.
46 </p>
47
48 <p>
49 This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to
50 explore the functionality and power of the Gentoo system, portage and the
51 flexibility of USE flags. Like so many other projects, it was quickly discovered
52 what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered
53 for Gentoo users. These users are more demanding than most; they require
54 performance, flexibility and customization. This does not however imply that
55 this HOWTO was not intended for other distributions; rather that it was designed
56 to work with a highly customized version of Samba.
57 </p>
58
59 <p>
60 This HOWTO will describe how to share files and printers between Windows PCs and
61 *nix PCs. It will also demonstrate the use of the VFS (Virtual File System)
62 feature of Samba to incorporate automatic virus protection. As a finale, it will
63 show you how to mount and manipulate shares.
64 </p>
65
66 <p>
67 There are a few topics that will be mentioned, but are out of the scope of this
68 HOWTO. These will be noted as they are presented.
69 </p>
70
71 <p>
72 This HOWTO is based on a compilation and merge of an excellent HOWTO provided in
73 the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff"
74 Ntaflos and the collected knowledge of Joshua Preston. The link to this
75 discussion is provided below for your reference:
76 </p>
77
78 <ul>
79 <li>
80 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
81 CUPS+Samba: printing from Windows &amp; Linux</uri>
82 </li>
83 </ul>
84
85 </body>
86 </section>
87 <section>
88 <title>Before you use this guide</title>
89 <body>
90
91 <p>
92 There are a several other guides for setting up CUPS and/or Samba, please read
93 them as well, as they may tell you things left out of this HOWTO (intentional or
94 otherwise). One such document is the very useful and well written <uri
95 link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
96 issues and specific printer setup is not discussed here.
97 </p>
98
99 </body>
100 </section>
101 <section>
102 <title>Brief Overview</title>
103 <body>
104
105 <p>
106 After presenting the various USE flags, the following list will outline all of
107 the topics covered as they are presented:
108 </p>
109
110 <ul>
111 <li>On the Samba server:
112 <ul>
113 <li>Install and configure ClamAV</li>
114 <li>Install and configure Samba</li>
115 <li>Install and configure CUPS</li>
116 <li>Adding the printer to CUPS</li>
117 <li>Adding the PS drivers for the Windows clients</li>
118 </ul>
119 </li>
120 <li>On the Unix clients:
121 <ul>
122 <li>Install and configure CUPS</li>
123 <li>Configuring a default printer</li>
124 <li>Mounting a Windows or Samba share</li>
125 </ul>
126 </li>
127 <li>On the Windows Clients:
128 <ul>
129 <li>Configuring the printer</li>
130 <li>Accessing Samba shares</li>
131 </ul>
132 </li>
133 </ul>
134
135 </body>
136 </section>
137 <section>
138 <title>Requirements</title>
139 <body>
140
141 <p>
142 We will need the following:
143 </p>
144
145 <ul>
146 <li>net-fs/samba</li>
147 <li>app-antivirus/clamav</li>
148 <li>net-print/cups</li>
149 <li>net-print/foomatic</li>
150 <li>net-print/hplip (if you have an HP printer)</li>
151 <li>A kernel of sorts (2.6)</li>
152 <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
153 <li>
154 A working network (home/office/etc) consisting of more than one machine)
155 </li>
156 </ul>
157
158 <p>
159 The main package we use here is net-fs/samba, however, you will need a kernel
160 with cifs support enabled in order to mount a samba or windows share from
161 another computer. CUPS will be emerged if it is not already.
162 app-antivirus/clamav will be used also, but others should be easily adapted to
163 work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning
164 technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
165 </p>
166
167 </body>
168 </section>
169 </chapter>
170
171 <chapter>
172 <title>Getting acquainted with Samba</title>
173 <section>
174 <title>The USE Flags</title>
175 <body>
176
177 <p>
178 Before emerging anything, take a look at some of the various USE flags available
179 to Samba.
180 </p>
181
182 <pre caption="Samba uses the following USE Variables:">
183 kerberos acl cups ldap pam readline python oav
184 </pre>
185
186 <p>
187 Depending on the network topology and the specific requirements of the server,
188 the USE flags outlined below will define what to include or exclude from the
189 emerging of Samba.
190 </p>
191
192 <table>
193 <tr>
194 <th><b>USE flag</b></th>
195 <th>Description</th>
196 </tr>
197 <tr>
198 <th><b>kerberos</b></th>
199 <ti>
200 Include support for Kerberos. The server will need this if it is
201 intended to join an existing domain or Active Directory. See the note
202 below for more information.
203 </ti>
204 </tr>
205 <tr>
206 <th><b>acl</b></th>
207 <ti>
208 Enables Access Control Lists. The ACL support in Samba uses a patched
209 ext2/ext3, or SGI's XFS in order to function properly as it extends more
210 detailed access to files or directories; much more so than typical *nix
211 GID/UID schemas.
212 </ti>
213 </tr>
214 <tr>
215 <th><b>cups</b></th>
216 <ti>
217 This enables support for the Common Unix Printing System. This provides an
218 interface allowing local CUPS printers to be shared to other systems in the
219 network.
220 </ti>
221 </tr>
222 <tr>
223 <th><b>ldap</b></th>
224 <ti>
225 Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
226 expected to use Active Directory, this option must be used. This would be
227 used in the event Samba needs to login to or provide login to a
228 Domain/Active Directory Server. The kerberos USE flag is needed for proper
229 functioning of this option.
230 </ti>
231 </tr>
232 <tr>
233 <th><b>pam</b></th>
234 <ti>
235 Include support for pluggable authentication modules (PAM). This provides
236 the ability to authenticate users on the Samba Server, which is required if
237 users have to login to your server. The kerberos USE flag is recommended
238 along with this option.
239 </ti>
240 </tr>
241 <tr>
242 <th><b>readline</b></th>
243 <ti>
244 Link Samba against libreadline. This is highly recommended and should
245 probably not be disabled.
246 </ti>
247 </tr>
248 <tr>
249 <th><b>python</b></th>
250 <ti>
251 Python bindings API. Provides an API that will allow Python to interface
252 with Samba.
253 </ti>
254 </tr>
255 <tr>
256 <th><b>oav</b></th>
257 <ti>
258 Provides on-access scanning of Samba shares with FRISK F-Prot Daemon,
259 Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI),
260 Symantec CarrierScan, and Trend Micro (VSAPI).
261 </ti>
262 </tr>
263 </table>
264
265 <p>
266 A couple of things worth mentioning about the USE flags and different
267 Samba functions include:
268 </p>
269
270 <ul>
271 <li>
272 ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
273 ACL kernel options for ext2 and/or ext3 will need to be enabled
274 (depending on which file system is being used - both can be enabled).
275 </li>
276 <li>
277 While Active Directory, ACL, and PDC functions are out of the intended
278 scope of this HOWTO, you may find these links as helpful to your cause:
279 <ul>
280 <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
281 <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
282 </ul>
283 </li>
284 </ul>
285
286 </body>
287 </section>
288 </chapter>
289
290 <chapter>
291 <title>Server Software Installation</title>
292 <section>
293 <title>Emerging Samba</title>
294 <body>
295
296 <p>
297 First of all: be sure that all your hostnames resolve correctly. Either have a
298 working domain name system running on your network or appropriate entries in
299 your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames
300 don't point to the correct machines.
301 </p>
302
303 <p>
304 Hopefully now you can make an assessment of what you'll actually need in order
305 to use Samba with your particular setup. The setup used for this HOWTO is:
306 </p>
307
308 <ul>
309 <li>oav</li>
310 <li>cups</li>
311 <li>readline</li>
312 <li>pam</li>
313 </ul>
314
315 <p>
316 To optimize performance, size and the time of the build, the USE flags are
317 specifically included or excluded.
318 </p>
319
320 <pre caption="Emerge Samba">
321 # <i>echo "net-fs/samba oav readline cups pam" &gt;&gt; /etc/portage/package.use</i>
322 # <i>emerge net-fs/samba</i>
323 </pre>
324
325 <note>
326 The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
327 ppc, sparc, hppa, ia64 and alpha
328 </note>
329
330 <p>
331 This will emerge Samba and CUPS (if CUPS is not already emerged).
332 </p>
333
334 </body>
335 </section>
336 <section>
337 <title>Emerging ClamAV</title>
338 <body>
339
340 <p>
341 Because the <e>oav</e> USE flag only provides an interface to allow on access
342 virus scanning, the actual virus scanner must be emerged. The scanner used in
343 this HOWTO is ClamAV.
344 </p>
345
346 <pre caption="Emerge Clamav">
347 # <i>emerge app-antivirus/clamav</i>
348 </pre>
349
350 </body>
351 </section>
352 <section>
353 <title>Emerging foomatic</title>
354 <body>
355
356 <pre caption="Emerge foomatic">
357 # <i>emerge net-print/foomatic</i>
358 </pre>
359
360 </body>
361 </section>
362 <section>
363 <title>Emerging net-print/hplip</title>
364 <body>
365
366 <p>
367 You only need to emerge this if you use an HP printer.
368 </p>
369
370 <pre caption="Emerge hplip">
371 # <i>emerge net-print/hplip</i>
372 </pre>
373
374 </body>
375 </section>
376 </chapter>
377
378 <chapter>
379 <title>Server Configuration</title>
380 <section>
381 <title>Configuring Samba</title>
382 <body>
383
384 <p>
385 The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is
386 divided in sections indicated by [sectionname]. Comments are either
387 # or ;. A sample <path>smb.conf</path> is included below with comments and
388 suggestions for modifications. If more details are required, see the man page
389 for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the
390 Samba Web site or any of the numerous Samba books available.
391 </p>
392
393 <pre caption="A Sample /etc/samba/smb.conf">
394 [global]
395 <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
396 workgroup = <comment>MYWORKGROUPNAME</comment>
397 <comment># Of course this has no REAL purpose other than letting
398 # everyone knows it's not Windows!
399 # %v prints the version of Samba we are using.</comment>
400 server string = Samba Server %v
401 <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
402 printcap name = cups
403 printing = cups
404 load printers = yes
405 <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
406 log file = /var/log/samba/log.%m
407 max log size = 50
408 <comment># We are going to set some options for our interfaces...</comment>
409 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
410 <comment># This is a good idea, what we are doing is binding the
411 # samba server to our local network.
412 # For example, if eth0 is our local network device</comment>
413 interfaces = lo <i>eth0</i>
414 bind interfaces only = yes
415 <comment># Now we are going to specify who we allow, we are afterall
416 # very security conscience, since this configuration does
417 # not use passwords!</comment>
418 hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
419 hosts deny = 0.0.0.0/0
420 <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
421 # The default is user</comment>
422 security = share
423 <comment># No passwords, so we're going to use a guest account!</comment>
424 guest ok = yes
425 <comment># We now will implement the on access virus scanner.
426 # NOTE: By putting this in our [Global] section, we enable
427 # scanning of ALL shares, you could optionally move
428 # these to a specific share and only scan it.</comment>
429
430 <comment># For Samba 3.x. This enables ClamAV on access scanning.</comment>
431 vfs object = vscan-clamav
432 vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
433
434 <comment># Now we setup our print drivers information!</comment>
435 [print$]
436 comment = Printer Drivers
437 path = /etc/samba/printer <comment># this path holds the driver structure</comment>
438 guest ok = yes
439 browseable = yes
440 read only = yes
441 <comment># Modify this to "username,root" if you don't want root to
442 # be the only printer admin)</comment>
443 write list = <i>root</i>
444
445 <comment># Now we'll setup a printer to share, while the name is arbitrary
446 # it should be consistent throughout Samba and CUPS!</comment>
447 [HPDeskJet930C]
448 comment = HP DeskJet 930C Network Printer
449 printable = yes
450 path = /var/spool/samba
451 public = yes
452 guest ok = yes
453 <comment># Modify this to "username,root" if you don't want root to
454 # be the only printer admin)</comment>
455 printer admin = <i>root</i>
456
457 <comment># Now we setup our printers share. This should be
458 # browseable, printable, public.</comment>
459 [printers]
460 comment = All Printers
461 browseable = no
462 printable = yes
463 writable = no
464 public = yes
465 guest ok = yes
466 path = /var/spool/samba
467 <comment># Modify this to "username,root" if you don't want root to
468 # be the only printer admin)</comment>
469 printer admin = <i>root</i>
470
471 <comment># We create a new share that we can read/write to from anywhere
472 # This is kind of like a public temp share, anyone can do what
473 # they want here.</comment>
474 [public]
475 comment = Public Files
476 browseable = yes
477 public = yes
478 create mode = 0766
479 guest ok = yes
480 path = /home/samba/public
481 </pre>
482
483 <warn>
484 If you like to use Samba's guest account to do anything concerning printing from
485 Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c>
486 section. The guest account seems to cause problems when running
487 <c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See
488 below, too, when we talk about <c>cupsaddsmb</c> and the problems that can
489 arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c>
490 or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you
491 from a lot of problems.
492 </warn>
493
494 <warn>
495 Turning on ClamAV on access scanning in the <c>[global]</c> section will slow
496 down the performance of your Samba server dramatically.
497 </warn>
498
499 <p>
500 Now create the directories required for the minimum configuration of Samba to
501 share the installed printer throughout the network.
502 </p>
503
504 <pre caption="Create the directories">
505 # <i>mkdir /etc/samba/printer</i>
506 # <i>mkdir /var/spool/samba</i>
507 # <i>mkdir /home/samba/public</i>
508 </pre>
509
510 <p>
511 At least one Samba user is required in order to install the printer drivers and
512 to allow users to connect to the printer. Users must exist in the system's
513 <path>/etc/passwd</path> file.
514 </p>
515
516 <pre caption="Creating the users">
517 # <i>smbpasswd -a root</i>
518
519 <comment>(If another user is to be a printer admin)</comment>
520 # <i>smbpasswd -a username</i>
521 </pre>
522
523 <p>
524 The Samba passwords need not be the same as the system passwords
525 in <path>/etc/passwd</path>.
526 </p>
527
528 <p>
529 You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
530 systems can be found easily using NetBIOS:
531 </p>
532
533 <pre caption="Editing /etc/nsswitch.conf">
534 # <i>nano -w /etc/nsswitch.conf</i>
535 <comment>(Edit the hosts: line)</comment>
536 hosts: files dns <i>wins</i>
537 </pre>
538
539 </body>
540 </section>
541 <section>
542 <title>Configuring ClamAV</title>
543 <body>
544
545 <p>
546 The configuration file specified to be used in <path>smb.conf</path> is
547 <path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the
548 defaults, the infected file action may need to be changed.
549 </p>
550
551 <pre caption="/etc/samba/vscan-clamav.conf">
552 [samba-vscan]
553 <comment>; run-time configuration for vscan-samba using
554 ; clamd
555 ; all options are set to default values</comment>
556
557 <comment>; do not scan files larger than X bytes. If set to 0 (default),
558 ; this feature is disable (i.e. all files are scanned)</comment>
559 max file size = 0
560
561 <comment>; log all file access (yes/no). If set to yes, every access will
562 ; be logged. If set to no (default), only access to infected files
563 ; will be logged</comment>
564 verbose file logging = no
565
566 <comment>; if set to yes (default), a file will be scanned while opening</comment>
567 scan on open = yes
568 <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
569 scan on close = yes
570
571 <comment>; if communication to clamd fails, should access to file denied?
572 ; (default: yes)</comment>
573 deny access on error = yes
574
575 <comment>; if daemon fails with a minor error (corruption, etc.),
576 ; should access to file denied?
577 ; (default: yes)</comment>
578 deny access on minor error = yes
579
580 <comment>; send a warning message via Windows Messenger service
581 ; when virus is found?
582 ; (default: yes)</comment>
583 send warning message = yes
584
585 <comment>; what to do with an infected file
586 ; quarantine: try to move to quantine directory; delete it if moving fails
587 ; delete: delete infected file
588 ; nothing: do nothing</comment>
589 infected file action = <comment>delete</comment>
590
591 <comment>; where to put infected files - you really want to change this!
592 ; it has to be on the same physical device as the share!</comment>
593 quarantine directory = /tmp
594 <comment>; prefix for files in quarantine</comment>
595 quarantine prefix = vir-
596
597 <comment>; as Windows tries to open a file multiple time in a (very) short time
598 ; of period, samba-vscan use a last recently used file mechanism to avoid
599 ; multiple scans of a file. This setting specified the maximum number of
600 ; elements of the last recently used file list. (default: 100)</comment>
601 max lru files entries = 100
602
603 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
604 ; (Default: 5)</comment>
605 lru file entry lifetime = 5
606
607 <comment>; socket name of clamd (default: /var/run/clamd)</comment>
608 clamd socket name = /tmp/clamd
609
610 <comment>; port number the ScannerDaemon listens on</comment>
611 oav port = 8127
612 </pre>
613
614 <p>
615 It is generally a good idea to start the virus scanner immediately. Add it to
616 the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
617 The service has two processes: freshclam keeps the virus definition database up
618 to date while clamd is the actual anti-virus daemon. First you may want to set
619 the paths of the logfiles so that it fits your needs.
620 </p>
621
622 <pre caption="Checking the location of the logfiles">
623 # <i>vim /etc/clamd.conf</i>
624 <comment>(Check the line "LogFile /var/log/clamd.log")</comment>
625 # <i>vim /etc/freshclam.conf</i>
626 <comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment>
627 # <i>vim /etc/conf.d/clamd</i>
628 <comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment>
629 </pre>
630
631 <p>
632 Now fire up the virus scanner.
633 </p>
634
635 <pre caption="Add clamd to bootup and start it">
636 # <i>rc-update add clamd default</i>
637 # <i>/etc/init.d/clamd start</i>
638 </pre>
639
640 </body>
641 </section>
642 <section>
643 <title>Configuring CUPS</title>
644 <body>
645
646 <p>
647 This is a little more complicated. CUPS' main config file is
648 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
649 <path>httpd.conf</path> file, so many you may find it familiar. Outlined in the
650 example are the directives that need to be changed:
651 </p>
652
653 <pre caption="/etc/cups/cupsd.conf">
654 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
655 ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment>
656
657 AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
658 ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
659
660 LogLevel debug <comment># only while isntalling and testing, should later be
661 # changed to 'info'</comment>
662
663 MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
664 # there seemed to be a bug in CUPS' controlling of the web interface,
665 # making CUPS think a denial of service attack was in progress when
666 # I tried to configure a printer with the web interface. weird.</comment>
667
668 BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
669
670 &lt;Location /&gt;
671 Order Deny,Allow
672 Deny From All
673 Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
674 # e.g. 192.168.1.* will allow connections from any host on
675 # the 192.168.1.0 network. change to whatever suits you</comment>
676 &lt;/Location&gt;
677
678 &lt;Location /admin&gt;
679 AuthType Basic
680 AuthClass System
681 Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
682 # 192.168.1.0 network to connect and do
683 # administrative tasks after authenticating</comment>
684 Order Deny,Allow
685 Deny From All
686 &lt;/Location&gt;
687 </pre>
688
689 <p>
690 Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
691 The changes to <path>mime.convs</path> and <path>mime.types</path> are
692 needed to make CUPS print Microsoft Office document files.
693 </p>
694
695 <pre caption="/etc/cups/mime.convs">
696 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
697 application/octet-stream application/vnd.cups-raw 0
698 </pre>
699
700 <p>
701 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
702 </p>
703
704 <pre caption="/etc/cups/mime.types">
705 <comment>(The following line is found near the end of the file. Uncomment it)</comment>
706 application/octet-stream
707 </pre>
708
709 <p>
710 CUPS needs to be started on boot, and started immediately.
711 </p>
712
713 <pre caption="Setting up the CUPS service" >
714 <comment>(To start CUPS on boot)</comment>
715 # <i>rc-update add cupsd default</i>
716 <comment>(To start or restart CUPS now)</comment>
717 # <i>/etc/init.d/cupsd restart</i>
718 </pre>
719
720 </body>
721 </section>
722 <section>
723 <title>Installing a printer for and with CUPS</title>
724 <body>
725
726 <p>
727 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
728 find and download the correct PPD file for your printer and CUPS. To do so,
729 click the link Printer Listings to the left. Select your printers manufacturer
730 and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On
731 the page coming up click the "recommended driver" link after reading the various
732 notes and information. Then fetch the PPD file from the next page, again after
733 reading the notes and introductions there. You may have to select your printers
734 manufacturer and model again. Reading the <uri
735 link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is
736 also very helpful when working with CUPS.
737 </p>
738
739 <p>
740 Now you have a PPD file for your printer to work with CUPS. Place it in
741 <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named
742 <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
743 This can be done via the CUPS web interface or via command line. The web
744 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
745 </p>
746
747 <pre caption="Install the printer via command line">
748 # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
749 # <i>/etc/init.d/cupsd restart</i>
750 </pre>
751
752 <p>
753 Remember to adjust to what you have. Be sure to have the name (<c>-p</c>
754 argument) right (the name you set above during the Samba configuration!) and to
755 put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or
756 whatever device you are using for your printer.
757 </p>
758
759 <p>
760 You should now be able to access the printer from the web interface and be able
761 to print a test page.
762 </p>
763
764 </body>
765 </section>
766 <section>
767 <title>Installing the Windows printer drivers</title>
768 <body>
769
770 <p>
771 Now that the printer should be working it is time to install the drivers for the
772 Windows clients to work. Samba 2.2 introduced this functionality. Browsing to
773 the print server in the Network Neighbourhood, right-clicking on the
774 printershare and selecting "connect" downloads the appropriate drivers
775 automagically to the connecting client, avoiding the hassle of manually
776 installing printer drivers locally.
777 </p>
778
779 <p>
780 There are two sets of printer drivers for this. First, the Adobe PS drivers
781 which can be obtained from <uri
782 link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript
783 printer drivers). Second, there are the CUPS PS drivers, to be obtained by
784 emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch,
785 so you may need to add it to <path>/etc/portage/package.keywords</path>. There
786 doesn't seem to be a difference between the functionality of the two, but the
787 Adobe PS drivers need to be extracted on a Windows System since it's a Windows
788 binary. Also the whole procedure of finding and copying the correct files is a
789 bit more hassle. The CUPS drivers support some options the Adobe drivers
790 don't.
791 </p>
792
793 <p>
794 This HOWTO uses the CUPS drivers for Windows. Install them as shown:
795 </p>
796
797 <pre caption="Install the drivers">
798 # <i>emerge -av cups-windows</i>
799 </pre>
800
801 <p>
802 Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution.
803 Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which
804 Windows drivers you'll need to copy to the proper CUPS directory. Once you've
805 copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>.
806 Next, run <c>cupsaddsmb</c> as shown:
807 </p>
808
809 <pre caption="Run cupsaddsmb">
810 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
811 <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
812 "export all known printers".)</comment>
813 # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
814 </pre>
815
816 <warn>
817 The execution of this command often causes the most trouble. Read through the
818 <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
819 thread</uri> for some troubleshooting tips.
820 </warn>
821
822 <p>
823 Here are common errors that may happen:
824 </p>
825
826 <ul>
827 <li>
828 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
829 (<c>PrintServer</c>) often does not resolve correctly and doesn't identify
830 the print server for CUPS/Samba interaction. If an error like: <b>Warning:
831 No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the
832 first thing you should do is substitute <c>PrintServer</c> with
833 <c>localhost</c> and try it again.
834 </li>
835 <li>
836 The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
837 is quite common, but can be triggered by many problems. It's unfortunately
838 not very helpful. One thing to try is to temporarily set <c>security =
839 user</c> in your <path>smb.conf</path>. After/if the installation completes
840 successfully, you should set it back to share, or whatever it was set to
841 before.
842 </li>
843 </ul>
844
845 <p>
846 This should install the correct driver directory structure under
847 <path>/etc/samba/printer</path>. That would be
848 <path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3
849 driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the
850 name which you gave the printer when installing it (see above).
851 </p>
852
853 <p>
854 Pending no errors or other complications, your drivers are now installed.
855 </p>
856
857 </body>
858 </section>
859 <section>
860 <title>Finalizing our setup</title>
861 <body>
862
863 <p>
864 Lastly, setup our directories.
865 </p>
866
867 <pre caption="Final changes needed">
868 # <i>mkdir /home/samba</i>
869 # <i>mkdir /home/samba/public</i>
870 # <i>chmod 755 /home/samba</i>
871 # <i>chmod 755 /home/samba/public</i>
872 </pre>
873
874 </body>
875 </section>
876 <section>
877 <title>Testing our Samba configuration</title>
878 <body>
879
880 <p>
881 We will want to test our configuration file to ensure that it is formatted
882 properly and all of our options have at least the correct syntax. To do this we
883 run <c>testparm</c>.
884 </p>
885
886 <pre caption="Running the testparm">
887 <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
888 # <i>/usr/bin/testparm</i>
889 Load smb config files from /etc/samba/smb.conf
890 Processing section &quot;[printers]&quot;
891 Global parameter guest account found in service section!
892 Processing section &quot;[public]&quot;
893 Global parameter guest account found in service section!
894 Loaded services file OK.
895 Server role: ROLE_STANDALONE
896 Press enter to see a dump of your service definitions
897 ...
898 ...
899 </pre>
900
901 </body>
902 </section>
903 <section>
904 <title>Starting the Samba service</title>
905 <body>
906
907 <p>
908 Now configure Samba to start at bootup; then go ahead and start it.
909 </p>
910
911 <pre caption="Setting up the Samba service">
912 # <i>rc-update add samba default</i>
913 # <i>/etc/init.d/samba start</i>
914 </pre>
915
916 </body>
917 </section>
918 <section>
919 <title>Checking our services</title>
920 <body>
921
922 <p>
923 It would probably be prudent to check our logs at this time also. We will also
924 want to take a peak at our Samba shares using <c>smbclient</c>.
925 </p>
926
927 <pre caption="Checking the shares with smbclient">
928 # <i>smbclient -L localhost</i>
929 Password:
930 <comment>(You should see a BIG list of services here.)</comment>
931 </pre>
932
933 </body>
934 </section>
935 </chapter>
936
937 <chapter>
938 <title>Configuration of the Clients</title>
939 <section>
940 <title>Printer configuration of *nix based clients</title>
941 <body>
942
943 <p>
944 Despite the variation or distribution, the only thing needed is CUPS. Do the
945 equivalent on any other UNIX/Linux/BSD client.
946 </p>
947
948 <pre caption="Configuring a Gentoo system">
949 # <i>emerge cups</i>
950 # <i>nano -w /etc/cups/client.conf</i>
951 ServerName <i>PrintServer</i> <comment># your printserver name</comment>
952 </pre>
953
954 <p>
955 That should be it. Nothing else will be needed.
956 </p>
957
958 <p>
959 If you use only one printer, it will be your default printer. If your print
960 server manages several printers, your administrator will have defined a default
961 printer on the server. If you want to define a different default printer for
962 yourself, use the <c>lpoptions</c> command.
963 </p>
964
965 <pre caption="Setting your default printer">
966 <comment>(List available printers)</comment>
967 # <i>lpstat -a</i>
968 <comment>(Sample output, yours will differ)</comment>
969 HPDeskJet930C accepting requests since Jan 01 00:00
970 laser accepting requests since Jan 01 00:00
971 <comment>(Define HPDeskJet930C as your default printer)</comment>
972 # <i>lpoptions -d HPDeskJet930C</i>
973 </pre>
974
975 <pre caption="Printing in *nix">
976 <comment>(Specify the printer to be used)</comment>
977 # <i>lp -d HPDeskJet930C anything.txt</i>
978 <comment>(Use your default printer)</comment>
979 # <i>lp foobar.whatever.ps</i>
980 </pre>
981
982 <p>
983 Just point your web browser to <c>http://printserver:631</c> on the client if
984 you want to manage your printers and their jobs with a nice web interface.
985 Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your
986 print server, not the name you gave to the cups print server if you used
987 different names.
988 </p>
989
990 </body>
991 </section>
992 <section>
993 <title>Mounting a Windows or Samba share in GNU/Linux</title>
994 <body>
995
996 <note>
997 Don't forget to first <c>emerge samba</c> on the client(s) that will be
998 accessing the shares.
999 </note>
1000
1001 <p>
1002 Now is time to configure our kernel to support cifs. Since I'm assuming
1003 we've all compiled at least one kernel, we'll need to make sure we have all the
1004 right options selected in our kernel. For simplicity's sake, make it a module
1005 for ease of use. It is the author's opinion that kernel modules are a good thing
1006 and should be used whenever possible.
1007 </p>
1008
1009 <pre caption="Kernel support" >
1010 CONFIG_CIFS=m
1011 </pre>
1012
1013 <p>
1014 Then make the module/install it; insert it with:
1015 </p>
1016
1017 <pre caption="Loading the kernel module">
1018 # <i>modprobe cifs</i>
1019 </pre>
1020
1021 <p>
1022 Once the module is loaded, mounting a Windows or Samba share is possible. Use
1023 <c>mount</c> to accomplish this, as detailed below:
1024 </p>
1025
1026 <pre caption="Mounting a Windows/Samba share">
1027 <comment>(The syntax for mounting a Windows/Samba share is:
1028 mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point
1029 If we are not using passwords or a password is not needed)</comment>
1030
1031 # <i>mount -t cifs //PrintServer/public /mnt/public</i>
1032
1033 <comment>(If a password is needed)</comment>
1034 # <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1035 </pre>
1036
1037 <p>
1038 After you mount the share, you would access it as if it were a local drive.
1039 </p>
1040
1041 </body>
1042 </section>
1043 <section>
1044 <title>Printer Configuration for Windows NT/2000/XP clients</title>
1045 <body>
1046
1047 <p>
1048 That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and
1049 right click on the printer (HPDeskJet930C) and click connect. This will download
1050 the drivers to the Windows client and now every application (such as Word or
1051 Acrobat) will offer HPDeskJet930C as an available printer to print to. :-)
1052 </p>
1053
1054 </body>
1055 </section>
1056 </chapter>
1057
1058 <chapter>
1059 <title>Final Notes</title>
1060 <section>
1061 <title>A Fond Farewell</title>
1062 <body>
1063
1064 <p>
1065 That should be it. You should now have a successful printing enviroment that is
1066 friendly to both Windows and *nix as well as a fully virus-free working share!
1067 </p>
1068
1069 </body>
1070 </section>
1071 </chapter>
1072
1073 <chapter>
1074 <title>Links and Resources</title>
1075 <section>
1076 <title>Links</title>
1077 <body>
1078
1079 <p>
1080 These are some links that may help you in setting up, configuration and
1081 troubleshooting your installation:
1082 </p>
1083
1084 <ul>
1085 <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1086 <li>
1087 <uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri
1088 link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter
1089 on Samba/CUPS configuration</uri>
1090 </li>
1091 <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1092 <li>
1093 <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1094 Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e>
1095 and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and
1096 Samba, and generally printing support on networks. A really interesting
1097 read, with lots and lots of details.)
1098 </li>
1099 <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1100 </ul>
1101
1102 </body>
1103 </section>
1104 <section>
1105 <title>Troubleshooting</title>
1106 <body>
1107
1108 <p>
1109 See <uri
1110 link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1111 page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of
1112 useful tips there! Be sure to look this one up first, before posting questions
1113 and problems! Maybe the solution you're looking for is right there.
1114 </p>
1115
1116 </body>
1117 </section>
1118 </chapter>
1119 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20