1 |
<?xml version='1.0' encoding='UTF-8'?> |
2 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.34 2007/09/15 16:47:56 swift Exp $ --> |
3 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
4 |
<guide link="/doc/en/quick-samba-howto.xml"> |
5 |
<title>Gentoo Samba3/CUPS/ClamAV HOWTO</title> |
6 |
<author title="Author"> |
7 |
<mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail> |
8 |
</author> |
9 |
<author title="Author"> |
10 |
<mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> |
11 |
</author> |
12 |
<author title="Editor"> |
13 |
<mail link="nightmorph@gentoo.org">Joshua Saddler</mail> |
14 |
</author> |
15 |
|
16 |
<abstract> |
17 |
Setup, install and configure a Samba Server under Gentoo that shares files, |
18 |
printers without the need to install drivers and provides automatic virus |
19 |
scanning. |
20 |
</abstract> |
21 |
|
22 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
23 |
<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> |
24 |
<license/> |
25 |
|
26 |
<version>1.22</version> |
27 |
<date>2007-10-14</date> |
28 |
|
29 |
<chapter> |
30 |
<title>Introduction to this HOWTO</title> |
31 |
<section> |
32 |
<title>Purpose</title> |
33 |
<body> |
34 |
|
35 |
<p> |
36 |
This HOWTO is designed to help you move a network from many different clients |
37 |
speaking different languages, to many different machines that speak a common |
38 |
language. The ultimate goal is to help differing architectures and technologies, |
39 |
come together in a productive, happily coexisting environment. |
40 |
</p> |
41 |
|
42 |
<p> |
43 |
Following the directions outlined in this HOWTO should give you an excellent |
44 |
step towards a peaceful cohabitation between Windows, and virtually all known |
45 |
variations of *nix. |
46 |
</p> |
47 |
|
48 |
<p> |
49 |
This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to |
50 |
explore the functionality and power of the Gentoo system, portage and the |
51 |
flexibility of USE flags. Like so many other projects, it was quickly discovered |
52 |
what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered |
53 |
for Gentoo users. These users are more demanding than most; they require |
54 |
performance, flexibility and customization. This does not however imply that |
55 |
this HOWTO was not intended for other distributions; rather that it was designed |
56 |
to work with a highly customized version of Samba. |
57 |
</p> |
58 |
|
59 |
<p> |
60 |
This HOWTO will describe how to share files and printers between Windows PCs and |
61 |
*nix PCs. It will also demonstrate the use of the VFS (Virtual File System) |
62 |
feature of Samba to incorporate automatic virus protection. As a finale, it will |
63 |
show you how to mount and manipulate shares. |
64 |
</p> |
65 |
|
66 |
<p> |
67 |
There are a few topics that will be mentioned, but are out of the scope of this |
68 |
HOWTO. These will be noted as they are presented. |
69 |
</p> |
70 |
|
71 |
<p> |
72 |
This HOWTO is based on a compilation and merge of an excellent HOWTO provided in |
73 |
the <uri link="http://forums.gentoo.org">Gentoo forums</uri> by Andreas "daff" |
74 |
Ntaflos and the collected knowledge of Joshua Preston. The link to this |
75 |
discussion is provided below for your reference: |
76 |
</p> |
77 |
|
78 |
<ul> |
79 |
<li> |
80 |
<uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO |
81 |
CUPS+Samba: printing from Windows & Linux</uri> |
82 |
</li> |
83 |
</ul> |
84 |
|
85 |
</body> |
86 |
</section> |
87 |
<section> |
88 |
<title>Before you use this guide</title> |
89 |
<body> |
90 |
|
91 |
<p> |
92 |
There are a several other guides for setting up CUPS and/or Samba, please read |
93 |
them as well, as they may tell you things left out of this HOWTO (intentional or |
94 |
otherwise). One such document is the very useful and well written <uri |
95 |
link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration |
96 |
issues and specific printer setup is not discussed here. |
97 |
</p> |
98 |
|
99 |
</body> |
100 |
</section> |
101 |
<section> |
102 |
<title>Brief Overview</title> |
103 |
<body> |
104 |
|
105 |
<p> |
106 |
After presenting the various USE flags, the following list will outline all of |
107 |
the topics covered as they are presented: |
108 |
</p> |
109 |
|
110 |
<ul> |
111 |
<li>On the Samba server: |
112 |
<ul> |
113 |
<li>Install and configure ClamAV</li> |
114 |
<li>Install and configure Samba</li> |
115 |
<li>Install and configure CUPS</li> |
116 |
<li>Adding the printer to CUPS</li> |
117 |
<li>Adding the PS drivers for the Windows clients</li> |
118 |
</ul> |
119 |
</li> |
120 |
<li>On the Unix clients: |
121 |
<ul> |
122 |
<li>Install and configure CUPS</li> |
123 |
<li>Configuring a default printer</li> |
124 |
<li>Mounting a Windows or Samba share</li> |
125 |
</ul> |
126 |
</li> |
127 |
<li>On the Windows Clients: |
128 |
<ul> |
129 |
<li>Configuring the printer</li> |
130 |
<li>Accessing Samba shares</li> |
131 |
</ul> |
132 |
</li> |
133 |
</ul> |
134 |
|
135 |
</body> |
136 |
</section> |
137 |
<section> |
138 |
<title>Requirements</title> |
139 |
<body> |
140 |
|
141 |
<p> |
142 |
We will need the following: |
143 |
</p> |
144 |
|
145 |
<ul> |
146 |
<li>net-fs/samba</li> |
147 |
<li>app-antivirus/clamav</li> |
148 |
<li>net-print/cups</li> |
149 |
<li>net-print/foomatic</li> |
150 |
<li>net-print/hplip (if you have an HP printer)</li> |
151 |
<li>A kernel of sorts (2.6)</li> |
152 |
<li>A printer (PS or non-PS, maybe not TOO new or fancy)</li> |
153 |
<li> |
154 |
A working network (home/office/etc) consisting of more than one machine) |
155 |
</li> |
156 |
</ul> |
157 |
|
158 |
<p> |
159 |
The main package we use here is net-fs/samba, however, you will need a kernel |
160 |
with cifs support enabled in order to mount a samba or windows share from |
161 |
another computer. CUPS will be emerged if it is not already. |
162 |
app-antivirus/clamav will be used also, but others should be easily adapted to |
163 |
work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning |
164 |
technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ... |
165 |
</p> |
166 |
|
167 |
</body> |
168 |
</section> |
169 |
</chapter> |
170 |
|
171 |
<chapter> |
172 |
<title>Getting acquainted with Samba</title> |
173 |
<section> |
174 |
<title>The USE Flags</title> |
175 |
<body> |
176 |
|
177 |
<p> |
178 |
Before emerging anything, take a look at some of the various USE flags available |
179 |
to Samba. |
180 |
</p> |
181 |
|
182 |
<pre caption="Samba uses the following USE Variables:"> |
183 |
kerberos acl cups ldap pam readline python oav |
184 |
</pre> |
185 |
|
186 |
<p> |
187 |
Depending on the network topology and the specific requirements of the server, |
188 |
the USE flags outlined below will define what to include or exclude from the |
189 |
emerging of Samba. |
190 |
</p> |
191 |
|
192 |
<table> |
193 |
<tr> |
194 |
<th><b>USE flag</b></th> |
195 |
<th>Description</th> |
196 |
</tr> |
197 |
<tr> |
198 |
<th><b>kerberos</b></th> |
199 |
<ti> |
200 |
Include support for Kerberos. The server will need this if it is |
201 |
intended to join an existing domain or Active Directory. See the note |
202 |
below for more information. |
203 |
</ti> |
204 |
</tr> |
205 |
<tr> |
206 |
<th><b>acl</b></th> |
207 |
<ti> |
208 |
Enables Access Control Lists. The ACL support in Samba uses a patched |
209 |
ext2/ext3, or SGI's XFS in order to function properly as it extends more |
210 |
detailed access to files or directories; much more so than typical *nix |
211 |
GID/UID schemas. |
212 |
</ti> |
213 |
</tr> |
214 |
<tr> |
215 |
<th><b>cups</b></th> |
216 |
<ti> |
217 |
This enables support for the Common Unix Printing System. This provides an |
218 |
interface allowing local CUPS printers to be shared to other systems in the |
219 |
network. |
220 |
</ti> |
221 |
</tr> |
222 |
<tr> |
223 |
<th><b>ldap</b></th> |
224 |
<ti> |
225 |
Enables the Lightweight Directory Access Protocol (LDAP). If Samba is |
226 |
expected to use Active Directory, this option must be used. This would be |
227 |
used in the event Samba needs to login to or provide login to a |
228 |
Domain/Active Directory Server. The kerberos USE flag is needed for proper |
229 |
functioning of this option. |
230 |
</ti> |
231 |
</tr> |
232 |
<tr> |
233 |
<th><b>pam</b></th> |
234 |
<ti> |
235 |
Include support for pluggable authentication modules (PAM). This provides |
236 |
the ability to authenticate users on the Samba Server, which is required if |
237 |
users have to login to your server. The kerberos USE flag is recommended |
238 |
along with this option. |
239 |
</ti> |
240 |
</tr> |
241 |
<tr> |
242 |
<th><b>readline</b></th> |
243 |
<ti> |
244 |
Link Samba against libreadline. This is highly recommended and should |
245 |
probably not be disabled. |
246 |
</ti> |
247 |
</tr> |
248 |
<tr> |
249 |
<th><b>python</b></th> |
250 |
<ti> |
251 |
Python bindings API. Provides an API that will allow Python to interface |
252 |
with Samba. |
253 |
</ti> |
254 |
</tr> |
255 |
<tr> |
256 |
<th><b>oav</b></th> |
257 |
<ti> |
258 |
Provides on-access scanning of Samba shares with FRISK F-Prot Daemon, |
259 |
Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep (SAVI), |
260 |
Symantec CarrierScan, and Trend Micro (VSAPI). |
261 |
</ti> |
262 |
</tr> |
263 |
</table> |
264 |
|
265 |
<p> |
266 |
A couple of things worth mentioning about the USE flags and different |
267 |
Samba functions include: |
268 |
</p> |
269 |
|
270 |
<ul> |
271 |
<li> |
272 |
ACLs on ext2/3 are implemented through extended attributes (EAs). EA and |
273 |
ACL kernel options for ext2 and/or ext3 will need to be enabled |
274 |
(depending on which file system is being used - both can be enabled). |
275 |
</li> |
276 |
<li> |
277 |
While Active Directory, ACL, and PDC functions are out of the intended |
278 |
scope of this HOWTO, you may find these links as helpful to your cause: |
279 |
<ul> |
280 |
<li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li> |
281 |
<li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li> |
282 |
</ul> |
283 |
</li> |
284 |
</ul> |
285 |
|
286 |
</body> |
287 |
</section> |
288 |
</chapter> |
289 |
|
290 |
<chapter> |
291 |
<title>Server Software Installation</title> |
292 |
<section> |
293 |
<title>Emerging Samba</title> |
294 |
<body> |
295 |
|
296 |
<p> |
297 |
First of all: be sure that all your hostnames resolve correctly. Either have a |
298 |
working domain name system running on your network or appropriate entries in |
299 |
your <path>/etc/hosts</path> file. <c>cupsaddsmb</c> often borks if hostnames |
300 |
don't point to the correct machines. |
301 |
</p> |
302 |
|
303 |
<p> |
304 |
Hopefully now you can make an assessment of what you'll actually need in order |
305 |
to use Samba with your particular setup. The setup used for this HOWTO is: |
306 |
</p> |
307 |
|
308 |
<ul> |
309 |
<li>oav</li> |
310 |
<li>cups</li> |
311 |
<li>readline</li> |
312 |
<li>pam</li> |
313 |
</ul> |
314 |
|
315 |
<p> |
316 |
To optimize performance, size and the time of the build, the USE flags are |
317 |
specifically included or excluded. |
318 |
</p> |
319 |
|
320 |
<pre caption="Emerge Samba"> |
321 |
# <i>echo "net-fs/samba oav readline cups pam" >> /etc/portage/package.use</i> |
322 |
# <i>emerge net-fs/samba</i> |
323 |
</pre> |
324 |
|
325 |
<note> |
326 |
The following arches will need to add <e>~</e> to their <e>KEYWORDS</e>: x86, |
327 |
ppc, sparc, hppa, ia64 and alpha |
328 |
</note> |
329 |
|
330 |
<p> |
331 |
This will emerge Samba and CUPS (if CUPS is not already emerged). |
332 |
</p> |
333 |
|
334 |
</body> |
335 |
</section> |
336 |
<section> |
337 |
<title>Emerging ClamAV</title> |
338 |
<body> |
339 |
|
340 |
<p> |
341 |
Because the <e>oav</e> USE flag only provides an interface to allow on access |
342 |
virus scanning, the actual virus scanner must be emerged. The scanner used in |
343 |
this HOWTO is ClamAV. |
344 |
</p> |
345 |
|
346 |
<pre caption="Emerge Clamav"> |
347 |
# <i>emerge app-antivirus/clamav</i> |
348 |
</pre> |
349 |
|
350 |
</body> |
351 |
</section> |
352 |
<section> |
353 |
<title>Emerging foomatic</title> |
354 |
<body> |
355 |
|
356 |
<pre caption="Emerge foomatic"> |
357 |
# <i>emerge net-print/foomatic</i> |
358 |
</pre> |
359 |
|
360 |
</body> |
361 |
</section> |
362 |
<section> |
363 |
<title>Emerging net-print/hplip</title> |
364 |
<body> |
365 |
|
366 |
<p> |
367 |
You only need to emerge this if you use an HP printer. |
368 |
</p> |
369 |
|
370 |
<pre caption="Emerge hplip"> |
371 |
# <i>emerge net-print/hplip</i> |
372 |
</pre> |
373 |
|
374 |
</body> |
375 |
</section> |
376 |
</chapter> |
377 |
|
378 |
<chapter> |
379 |
<title>Server Configuration</title> |
380 |
<section> |
381 |
<title>Configuring Samba</title> |
382 |
<body> |
383 |
|
384 |
<p> |
385 |
The main Samba configuration file is <path>/etc/samba/smb.conf</path>. It is |
386 |
divided in sections indicated by [sectionname]. Comments are either |
387 |
# or ;. A sample <path>smb.conf</path> is included below with comments and |
388 |
suggestions for modifications. If more details are required, see the man page |
389 |
for <path>smb.conf</path>, the installed <path>smb.conf.example</path>, the |
390 |
Samba Web site or any of the numerous Samba books available. |
391 |
</p> |
392 |
|
393 |
<pre caption="A Sample /etc/samba/smb.conf"> |
394 |
[global] |
395 |
<comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment> |
396 |
workgroup = <comment>MYWORKGROUPNAME</comment> |
397 |
<comment># Of course this has no REAL purpose other than letting |
398 |
# everyone knows it's not Windows! |
399 |
# %v prints the version of Samba we are using.</comment> |
400 |
server string = Samba Server %v |
401 |
<comment># We are going to use cups, so we are going to put it in here ;-)</comment> |
402 |
printcap name = cups |
403 |
printing = cups |
404 |
load printers = yes |
405 |
<comment># We want a log file and we do not want it to get bigger than 50kb.</comment> |
406 |
log file = /var/log/samba/log.%m |
407 |
max log size = 50 |
408 |
<comment># We are going to set some options for our interfaces...</comment> |
409 |
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
410 |
<comment># This is a good idea, what we are doing is binding the |
411 |
# samba server to our local network. |
412 |
# For example, if eth0 is our local network device</comment> |
413 |
interfaces = lo <i>eth0</i> |
414 |
bind interfaces only = yes |
415 |
<comment># Now we are going to specify who we allow, we are afterall |
416 |
# very security conscience, since this configuration does |
417 |
# not use passwords!</comment> |
418 |
hosts allow = 127.0.0.1 <i>192.168.1.0/24</i> |
419 |
hosts deny = 0.0.0.0/0 |
420 |
<comment># Other options for this are USER, DOMAIN, ADS, and SERVER |
421 |
# The default is user</comment> |
422 |
security = share |
423 |
<comment># No passwords, so we're going to use a guest account!</comment> |
424 |
guest ok = yes |
425 |
<comment># We now will implement the on access virus scanner. |
426 |
# NOTE: By putting this in our [Global] section, we enable |
427 |
# scanning of ALL shares, you could optionally move |
428 |
# these to a specific share and only scan it.</comment> |
429 |
|
430 |
<comment># For Samba 3.x. This enables ClamAV on access scanning.</comment> |
431 |
vfs object = vscan-clamav |
432 |
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf |
433 |
|
434 |
<comment># Now we setup our print drivers information!</comment> |
435 |
[print$] |
436 |
comment = Printer Drivers |
437 |
path = /etc/samba/printer <comment># this path holds the driver structure</comment> |
438 |
guest ok = yes |
439 |
browseable = yes |
440 |
read only = yes |
441 |
<comment># Modify this to "username,root" if you don't want root to |
442 |
# be the only printer admin)</comment> |
443 |
write list = <i>root</i> |
444 |
|
445 |
<comment># Now we'll setup a printer to share, while the name is arbitrary |
446 |
# it should be consistent throughout Samba and CUPS!</comment> |
447 |
[HPDeskJet930C] |
448 |
comment = HP DeskJet 930C Network Printer |
449 |
printable = yes |
450 |
path = /var/spool/samba |
451 |
public = yes |
452 |
guest ok = yes |
453 |
<comment># Modify this to "username,root" if you don't want root to |
454 |
# be the only printer admin)</comment> |
455 |
printer admin = <i>root</i> |
456 |
|
457 |
<comment># Now we setup our printers share. This should be |
458 |
# browseable, printable, public.</comment> |
459 |
[printers] |
460 |
comment = All Printers |
461 |
browseable = no |
462 |
printable = yes |
463 |
writable = no |
464 |
public = yes |
465 |
guest ok = yes |
466 |
path = /var/spool/samba |
467 |
<comment># Modify this to "username,root" if you don't want root to |
468 |
# be the only printer admin)</comment> |
469 |
printer admin = <i>root</i> |
470 |
|
471 |
<comment># We create a new share that we can read/write to from anywhere |
472 |
# This is kind of like a public temp share, anyone can do what |
473 |
# they want here.</comment> |
474 |
[public] |
475 |
comment = Public Files |
476 |
browseable = yes |
477 |
public = yes |
478 |
create mode = 0766 |
479 |
guest ok = yes |
480 |
path = /home/samba/public |
481 |
</pre> |
482 |
|
483 |
<warn> |
484 |
If you like to use Samba's guest account to do anything concerning printing from |
485 |
Windows clients: don't set <c>guest only = yes</c> in the <c>[global]</c> |
486 |
section. The guest account seems to cause problems when running |
487 |
<c>cupsaddsmb</c> sometimes when trying to connect from Windows machines. See |
488 |
below, too, when we talk about <c>cupsaddsmb</c> and the problems that can |
489 |
arise. Use a dedicated printer user, like <c>printeruser</c> or <c>printer</c> |
490 |
or <c>printme</c> or whatever. It doesn't hurt and it will certainly protect you |
491 |
from a lot of problems. |
492 |
</warn> |
493 |
|
494 |
<warn> |
495 |
Turning on ClamAV on access scanning in the <c>[global]</c> section will slow |
496 |
down the performance of your Samba server dramatically. |
497 |
</warn> |
498 |
|
499 |
<p> |
500 |
Now create the directories required for the minimum configuration of Samba to |
501 |
share the installed printer throughout the network. |
502 |
</p> |
503 |
|
504 |
<pre caption="Create the directories"> |
505 |
# <i>mkdir /etc/samba/printer</i> |
506 |
# <i>mkdir /var/spool/samba</i> |
507 |
# <i>mkdir /home/samba/public</i> |
508 |
</pre> |
509 |
|
510 |
<p> |
511 |
At least one Samba user is required in order to install the printer drivers and |
512 |
to allow users to connect to the printer. Users must exist in the system's |
513 |
<path>/etc/passwd</path> file. |
514 |
</p> |
515 |
|
516 |
<pre caption="Creating the users"> |
517 |
# <i>smbpasswd -a root</i> |
518 |
|
519 |
<comment>(If another user is to be a printer admin)</comment> |
520 |
# <i>smbpasswd -a username</i> |
521 |
</pre> |
522 |
|
523 |
<p> |
524 |
The Samba passwords need not be the same as the system passwords |
525 |
in <path>/etc/passwd</path>. |
526 |
</p> |
527 |
|
528 |
<p> |
529 |
You will also need to update <path>/etc/nsswitch.conf</path> so that Windows |
530 |
systems can be found easily using NetBIOS: |
531 |
</p> |
532 |
|
533 |
<pre caption="Editing /etc/nsswitch.conf"> |
534 |
# <i>nano -w /etc/nsswitch.conf</i> |
535 |
<comment>(Edit the hosts: line)</comment> |
536 |
hosts: files dns <i>wins</i> |
537 |
</pre> |
538 |
|
539 |
</body> |
540 |
</section> |
541 |
<section> |
542 |
<title>Configuring ClamAV</title> |
543 |
<body> |
544 |
|
545 |
<p> |
546 |
The configuration file specified to be used in <path>smb.conf</path> is |
547 |
<path>/etc/samba/vscan-clamav.conf</path>. While these options are set to the |
548 |
defaults, the infected file action may need to be changed. |
549 |
</p> |
550 |
|
551 |
<pre caption="/etc/samba/vscan-clamav.conf"> |
552 |
[samba-vscan] |
553 |
<comment>; run-time configuration for vscan-samba using |
554 |
; clamd |
555 |
; all options are set to default values</comment> |
556 |
|
557 |
<comment>; do not scan files larger than X bytes. If set to 0 (default), |
558 |
; this feature is disable (i.e. all files are scanned)</comment> |
559 |
max file size = 0 |
560 |
|
561 |
<comment>; log all file access (yes/no). If set to yes, every access will |
562 |
; be logged. If set to no (default), only access to infected files |
563 |
; will be logged</comment> |
564 |
verbose file logging = no |
565 |
|
566 |
<comment>; if set to yes (default), a file will be scanned while opening</comment> |
567 |
scan on open = yes |
568 |
<comment>; if set to yes, a file will be scanned while closing (default is yes)</comment> |
569 |
scan on close = yes |
570 |
|
571 |
<comment>; if communication to clamd fails, should access to file denied? |
572 |
; (default: yes)</comment> |
573 |
deny access on error = yes |
574 |
|
575 |
<comment>; if daemon fails with a minor error (corruption, etc.), |
576 |
; should access to file denied? |
577 |
; (default: yes)</comment> |
578 |
deny access on minor error = yes |
579 |
|
580 |
<comment>; send a warning message via Windows Messenger service |
581 |
; when virus is found? |
582 |
; (default: yes)</comment> |
583 |
send warning message = yes |
584 |
|
585 |
<comment>; what to do with an infected file |
586 |
; quarantine: try to move to quantine directory; delete it if moving fails |
587 |
; delete: delete infected file |
588 |
; nothing: do nothing</comment> |
589 |
infected file action = <comment>delete</comment> |
590 |
|
591 |
<comment>; where to put infected files - you really want to change this! |
592 |
; it has to be on the same physical device as the share!</comment> |
593 |
quarantine directory = /tmp |
594 |
<comment>; prefix for files in quarantine</comment> |
595 |
quarantine prefix = vir- |
596 |
|
597 |
<comment>; as Windows tries to open a file multiple time in a (very) short time |
598 |
; of period, samba-vscan use a last recently used file mechanism to avoid |
599 |
; multiple scans of a file. This setting specified the maximum number of |
600 |
; elements of the last recently used file list. (default: 100)</comment> |
601 |
max lru files entries = 100 |
602 |
|
603 |
<comment>; an entry is invalidated after lru file entry lifetime (in seconds). |
604 |
; (Default: 5)</comment> |
605 |
lru file entry lifetime = 5 |
606 |
|
607 |
<comment>; socket name of clamd (default: /var/run/clamd)</comment> |
608 |
clamd socket name = /tmp/clamd |
609 |
|
610 |
<comment>; port number the ScannerDaemon listens on</comment> |
611 |
oav port = 8127 |
612 |
</pre> |
613 |
|
614 |
<p> |
615 |
It is generally a good idea to start the virus scanner immediately. Add it to |
616 |
the <e>default</e> runlevel and then start the <c>clamd</c> service immediately. |
617 |
The service has two processes: freshclam keeps the virus definition database up |
618 |
to date while clamd is the actual anti-virus daemon. First you may want to set |
619 |
the paths of the logfiles so that it fits your needs. |
620 |
</p> |
621 |
|
622 |
<pre caption="Checking the location of the logfiles"> |
623 |
# <i>vim /etc/clamd.conf</i> |
624 |
<comment>(Check the line "LogFile /var/log/clamd.log")</comment> |
625 |
# <i>vim /etc/freshclam.conf</i> |
626 |
<comment>(Check the line "UpdateLogFile /var/log/freshclam.log")</comment> |
627 |
# <i>vim /etc/conf.d/clamd</i> |
628 |
<comment>(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")</comment> |
629 |
</pre> |
630 |
|
631 |
<p> |
632 |
Now fire up the virus scanner. |
633 |
</p> |
634 |
|
635 |
<pre caption="Add clamd to bootup and start it"> |
636 |
# <i>rc-update add clamd default</i> |
637 |
# <i>/etc/init.d/clamd start</i> |
638 |
</pre> |
639 |
|
640 |
</body> |
641 |
</section> |
642 |
<section> |
643 |
<title>Configuring CUPS</title> |
644 |
<body> |
645 |
|
646 |
<p> |
647 |
This is a little more complicated. CUPS' main config file is |
648 |
<path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's |
649 |
<path>httpd.conf</path> file, so many you may find it familiar. Outlined in the |
650 |
example are the directives that need to be changed: |
651 |
</p> |
652 |
|
653 |
<pre caption="/etc/cups/cupsd.conf"> |
654 |
ServerName <i>PrintServer</i> <comment># your printserver name</comment> |
655 |
ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, e.g. you</comment> |
656 |
|
657 |
AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment> |
658 |
ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment> |
659 |
|
660 |
LogLevel debug <comment># only while isntalling and testing, should later be |
661 |
# changed to 'info'</comment> |
662 |
|
663 |
MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back, |
664 |
# there seemed to be a bug in CUPS' controlling of the web interface, |
665 |
# making CUPS think a denial of service attack was in progress when |
666 |
# I tried to configure a printer with the web interface. weird.</comment> |
667 |
|
668 |
BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment> |
669 |
|
670 |
<Location /> |
671 |
Order Deny,Allow |
672 |
Deny From All |
673 |
Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network |
674 |
# e.g. 192.168.1.* will allow connections from any host on |
675 |
# the 192.168.1.0 network. change to whatever suits you</comment> |
676 |
</Location> |
677 |
|
678 |
<Location /admin> |
679 |
AuthType Basic |
680 |
AuthClass System |
681 |
Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the |
682 |
# 192.168.1.0 network to connect and do |
683 |
# administrative tasks after authenticating</comment> |
684 |
Order Deny,Allow |
685 |
Deny From All |
686 |
</Location> |
687 |
</pre> |
688 |
|
689 |
<p> |
690 |
Edit <path>/etc/cups/mime.convs</path> to uncomment some lines. |
691 |
The changes to <path>mime.convs</path> and <path>mime.types</path> are |
692 |
needed to make CUPS print Microsoft Office document files. |
693 |
</p> |
694 |
|
695 |
<pre caption="/etc/cups/mime.convs"> |
696 |
<comment>(The following line is found near the end of the file. Uncomment it)</comment> |
697 |
application/octet-stream application/vnd.cups-raw 0 |
698 |
</pre> |
699 |
|
700 |
<p> |
701 |
Edit <path>/etc/cups/mime.types</path> to uncomment some lines. |
702 |
</p> |
703 |
|
704 |
<pre caption="/etc/cups/mime.types"> |
705 |
<comment>(The following line is found near the end of the file. Uncomment it)</comment> |
706 |
application/octet-stream |
707 |
</pre> |
708 |
|
709 |
<p> |
710 |
CUPS needs to be started on boot, and started immediately. |
711 |
</p> |
712 |
|
713 |
<pre caption="Setting up the CUPS service" > |
714 |
<comment>(To start CUPS on boot)</comment> |
715 |
# <i>rc-update add cupsd default</i> |
716 |
<comment>(To start or restart CUPS now)</comment> |
717 |
# <i>/etc/init.d/cupsd restart</i> |
718 |
</pre> |
719 |
|
720 |
</body> |
721 |
</section> |
722 |
<section> |
723 |
<title>Installing a printer for and with CUPS</title> |
724 |
<body> |
725 |
|
726 |
<p> |
727 |
First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to |
728 |
find and download the correct PPD file for your printer and CUPS. To do so, |
729 |
click the link Printer Listings to the left. Select your printers manufacturer |
730 |
and the model in the pulldown menu, e.g. HP and DeskJet 930C. Click "Show". On |
731 |
the page coming up click the "recommended driver" link after reading the various |
732 |
notes and information. Then fetch the PPD file from the next page, again after |
733 |
reading the notes and introductions there. You may have to select your printers |
734 |
manufacturer and model again. Reading the <uri |
735 |
link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri> is |
736 |
also very helpful when working with CUPS. |
737 |
</p> |
738 |
|
739 |
<p> |
740 |
Now you have a PPD file for your printer to work with CUPS. Place it in |
741 |
<path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was named |
742 |
<path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer. |
743 |
This can be done via the CUPS web interface or via command line. The web |
744 |
interface is found at <path>http://PrintServer:631</path> once CUPS is running. |
745 |
</p> |
746 |
|
747 |
<pre caption="Install the printer via command line"> |
748 |
# <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i> |
749 |
# <i>/etc/init.d/cupsd restart</i> |
750 |
</pre> |
751 |
|
752 |
<p> |
753 |
Remember to adjust to what you have. Be sure to have the name (<c>-p</c> |
754 |
argument) right (the name you set above during the Samba configuration!) and to |
755 |
put in the correct <c>usb:/dev/usb/blah</c>, <c>parallel:/dev/blah</c> or |
756 |
whatever device you are using for your printer. |
757 |
</p> |
758 |
|
759 |
<p> |
760 |
You should now be able to access the printer from the web interface and be able |
761 |
to print a test page. |
762 |
</p> |
763 |
|
764 |
</body> |
765 |
</section> |
766 |
<section> |
767 |
<title>Installing the Windows printer drivers</title> |
768 |
<body> |
769 |
|
770 |
<p> |
771 |
Now that the printer should be working it is time to install the drivers for the |
772 |
Windows clients to work. Samba 2.2 introduced this functionality. Browsing to |
773 |
the print server in the Network Neighbourhood, right-clicking on the |
774 |
printershare and selecting "connect" downloads the appropriate drivers |
775 |
automagically to the connecting client, avoiding the hassle of manually |
776 |
installing printer drivers locally. |
777 |
</p> |
778 |
|
779 |
<p> |
780 |
There are two sets of printer drivers for this. First, the Adobe PS drivers |
781 |
which can be obtained from <uri |
782 |
link="http://www.adobe.com/support/downloads/main.html">Adobe</uri> (PostScript |
783 |
printer drivers). Second, there are the CUPS PS drivers, to be obtained by |
784 |
emerging <c>net-print/cups-windows</c>. Note that it may still be marked ~arch, |
785 |
so you may need to add it to <path>/etc/portage/package.keywords</path>. There |
786 |
doesn't seem to be a difference between the functionality of the two, but the |
787 |
Adobe PS drivers need to be extracted on a Windows System since it's a Windows |
788 |
binary. Also the whole procedure of finding and copying the correct files is a |
789 |
bit more hassle. The CUPS drivers support some options the Adobe drivers |
790 |
don't. |
791 |
</p> |
792 |
|
793 |
<p> |
794 |
This HOWTO uses the CUPS drivers for Windows. Install them as shown: |
795 |
</p> |
796 |
|
797 |
<pre caption="Install the drivers"> |
798 |
# <i>emerge -av cups-windows</i> |
799 |
</pre> |
800 |
|
801 |
<p> |
802 |
Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS distribution. |
803 |
Be sure to read its manpage (<c>man cupsaddsmb</c>), as it will tell you which |
804 |
Windows drivers you'll need to copy to the proper CUPS directory. Once you've |
805 |
copied the drivers, restart CUPS by running <c>/etc/init.d/cupsd restart</c>. |
806 |
Next, run <c>cupsaddsmb</c> as shown: |
807 |
</p> |
808 |
|
809 |
<pre caption="Run cupsaddsmb"> |
810 |
# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i> |
811 |
<comment>(Instead of HPDeskJet930C you could also specify "-a", which will |
812 |
"export all known printers".)</comment> |
813 |
# <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i> |
814 |
</pre> |
815 |
|
816 |
<warn> |
817 |
The execution of this command often causes the most trouble. Read through the |
818 |
<uri link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this |
819 |
thread</uri> for some troubleshooting tips. |
820 |
</warn> |
821 |
|
822 |
<p> |
823 |
Here are common errors that may happen: |
824 |
</p> |
825 |
|
826 |
<ul> |
827 |
<li> |
828 |
The hostname given as a parameter for <c>-h</c> and <c>-H</c> |
829 |
(<c>PrintServer</c>) often does not resolve correctly and doesn't identify |
830 |
the print server for CUPS/Samba interaction. If an error like: <b>Warning: |
831 |
No PPD file for printer "CUPS_PRINTER_NAME" - skipping!</b> occurs, the |
832 |
first thing you should do is substitute <c>PrintServer</c> with |
833 |
<c>localhost</c> and try it again. |
834 |
</li> |
835 |
<li> |
836 |
The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message |
837 |
is quite common, but can be triggered by many problems. It's unfortunately |
838 |
not very helpful. One thing to try is to temporarily set <c>security = |
839 |
user</c> in your <path>smb.conf</path>. After/if the installation completes |
840 |
successfully, you should set it back to share, or whatever it was set to |
841 |
before. |
842 |
</li> |
843 |
</ul> |
844 |
|
845 |
<p> |
846 |
This should install the correct driver directory structure under |
847 |
<path>/etc/samba/printer</path>. That would be |
848 |
<path>/etc/samba/printer/W32X86/2/</path>. The files contained should be the 3 |
849 |
driver files and the PPD file, renamed to <path>YourPrinterName.ppd</path> (the |
850 |
name which you gave the printer when installing it (see above). |
851 |
</p> |
852 |
|
853 |
<p> |
854 |
Pending no errors or other complications, your drivers are now installed. |
855 |
</p> |
856 |
|
857 |
</body> |
858 |
</section> |
859 |
<section> |
860 |
<title>Finalizing our setup</title> |
861 |
<body> |
862 |
|
863 |
<p> |
864 |
Lastly, setup our directories. |
865 |
</p> |
866 |
|
867 |
<pre caption="Final changes needed"> |
868 |
# <i>mkdir /home/samba</i> |
869 |
# <i>mkdir /home/samba/public</i> |
870 |
# <i>chmod 755 /home/samba</i> |
871 |
# <i>chmod 755 /home/samba/public</i> |
872 |
</pre> |
873 |
|
874 |
</body> |
875 |
</section> |
876 |
<section> |
877 |
<title>Testing our Samba configuration</title> |
878 |
<body> |
879 |
|
880 |
<p> |
881 |
We will want to test our configuration file to ensure that it is formatted |
882 |
properly and all of our options have at least the correct syntax. To do this we |
883 |
run <c>testparm</c>. |
884 |
</p> |
885 |
|
886 |
<pre caption="Running the testparm"> |
887 |
<comment>(By default, testparm checks /etc/samba/smb.conf)</comment> |
888 |
# <i>/usr/bin/testparm</i> |
889 |
Load smb config files from /etc/samba/smb.conf |
890 |
Processing section "[printers]" |
891 |
Global parameter guest account found in service section! |
892 |
Processing section "[public]" |
893 |
Global parameter guest account found in service section! |
894 |
Loaded services file OK. |
895 |
Server role: ROLE_STANDALONE |
896 |
Press enter to see a dump of your service definitions |
897 |
... |
898 |
... |
899 |
</pre> |
900 |
|
901 |
</body> |
902 |
</section> |
903 |
<section> |
904 |
<title>Starting the Samba service</title> |
905 |
<body> |
906 |
|
907 |
<p> |
908 |
Now configure Samba to start at bootup; then go ahead and start it. |
909 |
</p> |
910 |
|
911 |
<pre caption="Setting up the Samba service"> |
912 |
# <i>rc-update add samba default</i> |
913 |
# <i>/etc/init.d/samba start</i> |
914 |
</pre> |
915 |
|
916 |
</body> |
917 |
</section> |
918 |
<section> |
919 |
<title>Checking our services</title> |
920 |
<body> |
921 |
|
922 |
<p> |
923 |
It would probably be prudent to check our logs at this time also. We will also |
924 |
want to take a peak at our Samba shares using <c>smbclient</c>. |
925 |
</p> |
926 |
|
927 |
<pre caption="Checking the shares with smbclient"> |
928 |
# <i>smbclient -L localhost</i> |
929 |
Password: |
930 |
<comment>(You should see a BIG list of services here.)</comment> |
931 |
</pre> |
932 |
|
933 |
</body> |
934 |
</section> |
935 |
</chapter> |
936 |
|
937 |
<chapter> |
938 |
<title>Configuration of the Clients</title> |
939 |
<section> |
940 |
<title>Printer configuration of *nix based clients</title> |
941 |
<body> |
942 |
|
943 |
<p> |
944 |
Despite the variation or distribution, the only thing needed is CUPS. Do the |
945 |
equivalent on any other UNIX/Linux/BSD client. |
946 |
</p> |
947 |
|
948 |
<pre caption="Configuring a Gentoo system"> |
949 |
# <i>emerge cups</i> |
950 |
# <i>nano -w /etc/cups/client.conf</i> |
951 |
ServerName <i>PrintServer</i> <comment># your printserver name</comment> |
952 |
</pre> |
953 |
|
954 |
<p> |
955 |
That should be it. Nothing else will be needed. |
956 |
</p> |
957 |
|
958 |
<p> |
959 |
If you use only one printer, it will be your default printer. If your print |
960 |
server manages several printers, your administrator will have defined a default |
961 |
printer on the server. If you want to define a different default printer for |
962 |
yourself, use the <c>lpoptions</c> command. |
963 |
</p> |
964 |
|
965 |
<pre caption="Setting your default printer"> |
966 |
<comment>(List available printers)</comment> |
967 |
# <i>lpstat -a</i> |
968 |
<comment>(Sample output, yours will differ)</comment> |
969 |
HPDeskJet930C accepting requests since Jan 01 00:00 |
970 |
laser accepting requests since Jan 01 00:00 |
971 |
<comment>(Define HPDeskJet930C as your default printer)</comment> |
972 |
# <i>lpoptions -d HPDeskJet930C</i> |
973 |
</pre> |
974 |
|
975 |
<pre caption="Printing in *nix"> |
976 |
<comment>(Specify the printer to be used)</comment> |
977 |
# <i>lp -d HPDeskJet930C anything.txt</i> |
978 |
<comment>(Use your default printer)</comment> |
979 |
# <i>lp foobar.whatever.ps</i> |
980 |
</pre> |
981 |
|
982 |
<p> |
983 |
Just point your web browser to <c>http://printserver:631</c> on the client if |
984 |
you want to manage your printers and their jobs with a nice web interface. |
985 |
Replace <c>printserver</c> with the name of the <e>machine</e> that acts as your |
986 |
print server, not the name you gave to the cups print server if you used |
987 |
different names. |
988 |
</p> |
989 |
|
990 |
</body> |
991 |
</section> |
992 |
<section> |
993 |
<title>Mounting a Windows or Samba share in GNU/Linux</title> |
994 |
<body> |
995 |
|
996 |
<note> |
997 |
Don't forget to first <c>emerge samba</c> on the client(s) that will be |
998 |
accessing the shares. |
999 |
</note> |
1000 |
|
1001 |
<p> |
1002 |
Now is time to configure our kernel to support cifs. Since I'm assuming |
1003 |
we've all compiled at least one kernel, we'll need to make sure we have all the |
1004 |
right options selected in our kernel. For simplicity's sake, make it a module |
1005 |
for ease of use. It is the author's opinion that kernel modules are a good thing |
1006 |
and should be used whenever possible. |
1007 |
</p> |
1008 |
|
1009 |
<pre caption="Kernel support" > |
1010 |
CONFIG_CIFS=m |
1011 |
</pre> |
1012 |
|
1013 |
<p> |
1014 |
Then make the module/install it; insert it with: |
1015 |
</p> |
1016 |
|
1017 |
<pre caption="Loading the kernel module"> |
1018 |
# <i>modprobe cifs</i> |
1019 |
</pre> |
1020 |
|
1021 |
<p> |
1022 |
Once the module is loaded, mounting a Windows or Samba share is possible. Use |
1023 |
<c>mount</c> to accomplish this, as detailed below: |
1024 |
</p> |
1025 |
|
1026 |
<pre caption="Mounting a Windows/Samba share"> |
1027 |
<comment>(The syntax for mounting a Windows/Samba share is: |
1028 |
mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point |
1029 |
If we are not using passwords or a password is not needed)</comment> |
1030 |
|
1031 |
# <i>mount -t cifs //PrintServer/public /mnt/public</i> |
1032 |
|
1033 |
<comment>(If a password is needed)</comment> |
1034 |
# <i>mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i> |
1035 |
</pre> |
1036 |
|
1037 |
<p> |
1038 |
After you mount the share, you would access it as if it were a local drive. |
1039 |
</p> |
1040 |
|
1041 |
</body> |
1042 |
</section> |
1043 |
<section> |
1044 |
<title>Printer Configuration for Windows NT/2000/XP clients</title> |
1045 |
<body> |
1046 |
|
1047 |
<p> |
1048 |
That's just a bit of point-and-click. Browse to <path>\\PrintServer</path> and |
1049 |
right click on the printer (HPDeskJet930C) and click connect. This will download |
1050 |
the drivers to the Windows client and now every application (such as Word or |
1051 |
Acrobat) will offer HPDeskJet930C as an available printer to print to. :-) |
1052 |
</p> |
1053 |
|
1054 |
</body> |
1055 |
</section> |
1056 |
</chapter> |
1057 |
|
1058 |
<chapter> |
1059 |
<title>Final Notes</title> |
1060 |
<section> |
1061 |
<title>A Fond Farewell</title> |
1062 |
<body> |
1063 |
|
1064 |
<p> |
1065 |
That should be it. You should now have a successful printing enviroment that is |
1066 |
friendly to both Windows and *nix as well as a fully virus-free working share! |
1067 |
</p> |
1068 |
|
1069 |
</body> |
1070 |
</section> |
1071 |
</chapter> |
1072 |
|
1073 |
<chapter> |
1074 |
<title>Links and Resources</title> |
1075 |
<section> |
1076 |
<title>Links</title> |
1077 |
<body> |
1078 |
|
1079 |
<p> |
1080 |
These are some links that may help you in setting up, configuration and |
1081 |
troubleshooting your installation: |
1082 |
</p> |
1083 |
|
1084 |
<ul> |
1085 |
<li><uri link="http://www.cups.org/">CUPS Homepage</uri></li> |
1086 |
<li> |
1087 |
<uri link="http://www.samba.org/">Samba Homepage</uri>, especially the <uri |
1088 |
link="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html">chapter |
1089 |
on Samba/CUPS configuration</uri> |
1090 |
</li> |
1091 |
<li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li> |
1092 |
<li> |
1093 |
<uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt |
1094 |
Pfeifle's Samba Print HOWTO</uri> ( This HOWTO really covers <e>ANYTHING</e> |
1095 |
and <e>EVERYTHING</e> I've written here, plus a LOT more concerning CUPS and |
1096 |
Samba, and generally printing support on networks. A really interesting |
1097 |
read, with lots and lots of details.) |
1098 |
</li> |
1099 |
<li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li> |
1100 |
</ul> |
1101 |
|
1102 |
</body> |
1103 |
</section> |
1104 |
<section> |
1105 |
<title>Troubleshooting</title> |
1106 |
<body> |
1107 |
|
1108 |
<p> |
1109 |
See <uri |
1110 |
link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this |
1111 |
page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0" manual. Lots of |
1112 |
useful tips there! Be sure to look this one up first, before posting questions |
1113 |
and problems! Maybe the solution you're looking for is right there. |
1114 |
</p> |
1115 |
|
1116 |
</body> |
1117 |
</section> |
1118 |
</chapter> |
1119 |
</guide> |