This HOWTO is designed to help you move a network from many different clients speaking different languages, to many different machines that speak a common language. The ultimate goal is to help differing architectures and technologies, come together in a productive, happily coexisting environment.
Following the directions outlined in this HOWTO should give you an excellent step towards a peaceful cohabitation between Windows, and virtually all known variations of *nix.
This HOWTO originally started not as a HOWTO, but as a FAQ. It was intended to explore the functionality and power of the Gentoo system, portage and the flexibility of USE flags. Like so many other projects, it was quickly discovered what was missing in the Gentoo realm: there weren't any Samba HOWTO's catered for Gentoo users. These users are more demanding than most; they require performance, flexibility and customization. This does not however imply that this HOWTO was not intended for other distributions; rather that it was designed to work with a highly customized version of Samba.
This HOWTO will describe how to share files and printers between Windows PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual File System) feature of Samba to incorporate automatic virus protection. As a finale, it will show you how to mount and manipulate shares.
There are a few topics that will be mentioned, but are out of the scope of this HOWTO. These will be noted as they are presented.
This HOWTO is based on a compilation and merge of an excellent HOWTO provided
in the
There are a several other guides for setting up CUPS and/or Samba, please read
them as well, as they may tell you things left out of this HOWTO (intentional or
otherwise). One such document is the very useful and well written
After presenting the various USE flags, the following list will outline all of the topics covered as they are presented:
We will need the following:
The main package we use here is net-fs/samba, however, you will need a kernel with cifs support enabled in order to mount a samba or windows share from another computer. CUPS will be emerged if it is not already. app-antivirus/clamav will be used also, but others should be easily adapted to work with Samba. Gentoo's samba ebuild supports all kinds of virus scanning technologies, such as Sophos, FProt, Fsav, Trend, Icap, Nai, ...
Before emerging anything, take a look at some of the various USE flags available to Samba.
kerberos acl cups ldap pam readline python oav
Depending on the network topology and the specific requirements of the server, the USE flags outlined below will define what to include or exclude from the emerging of Samba.
USE flag | Description |
---|---|
kerberos | |
acl | |
cups | |
ldap | |
pam | |
readline | |
python | |
oav |
A couple of things worth mentioning about the USE flags and different Samba functions include:
First of all: be sure that all your hostnames resolve correctly. Either have a
working domain name system running on your network or appropriate entries in
your
Hopefully now you can make an assessment of what you'll actually need in order to use Samba with your particular setup. The setup used for this HOWTO is:
To optimize performance, size and the time of the build, the USE flags are specifically included or excluded.
# echo "net-fs/samba oav readline cups pam" >> /etc/portage/package.use # emerge net-fs/samba
This will emerge Samba and CUPS (if CUPS is not already emerged).
Because the
# emerge app-antivirus/clamav
# emerge net-print/foomatic
You only need to emerge this if you use an HP printer.
# emerge net-print/hplip
The main Samba configuration file is
[global]# Replace MYWORKGROUPNAME with your workgroup/domain workgroup =MYWORKGROUPNAME # Of course this has no REAL purpose other than letting # everyone knows it's not Windows! # %v prints the version of Samba we are using. server string = Samba Server %v# We are going to use cups, so we are going to put it in here ;-) printcap name = cups printing = cups load printers = yes# We want a log file and we do not want it to get bigger than 50kb. log file = /var/log/samba/log.%m max log size = 50# We are going to set some options for our interfaces... socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192# This is a good idea, what we are doing is binding the # samba server to our local network. # For example, if eth0 is our local network device interfaces = lo eth0 bind interfaces only = yes# Now we are going to specify who we allow, we are afterall # very security conscience, since this configuration does # not use passwords! hosts allow = 127.0.0.1 192.168.1.0/24 hosts deny = 0.0.0.0/0# Other options for this are USER, DOMAIN, ADS, and SERVER # The default is user security = share# No passwords, so we're going to use a guest account! guest ok = yes# We now will implement the on access virus scanner. # NOTE: By putting this in our [Global] section, we enable # scanning of ALL shares, you could optionally move # these to a specific share and only scan it. # For Samba 3.x. This enables ClamAV on access scanning. vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf# Now we setup our print drivers information! [print$] comment = Printer Drivers path = /etc/samba/printer# this path holds the driver structure guest ok = yes browseable = yes read only = yes# Modify this to "username,root" if you don't want root to # be the only printer admin) write list = root# Now we'll setup a printer to share, while the name is arbitrary # it should be consistent throughout Samba and CUPS! [HPDeskJet930C] comment = HP DeskJet 930C Network Printer printable = yes path = /var/spool/samba public = yes guest ok = yes# Modify this to "username,root" if you don't want root to # be the only printer admin) printer admin = root# Now we setup our printers share. This should be # browseable, printable, public. [printers] comment = All Printers browseable = no printable = yes writable = no public = yes guest ok = yes path = /var/spool/samba# Modify this to "username,root" if you don't want root to # be the only printer admin) printer admin = root# We create a new share that we can read/write to from anywhere # This is kind of like a public temp share, anyone can do what # they want here. [public] comment = Public Files browseable = yes public = yes create mode = 0766 guest ok = yes path = /home/samba/public
Now create the directories required for the minimum configuration of Samba to share the installed printer throughout the network.
# mkdir /etc/samba/printer # mkdir /var/spool/samba # mkdir /home/samba/public
At least one Samba user is required in order to install the printer drivers and
to allow users to connect to the printer. Users must exist in the system's
# smbpasswd -a root(If another user is to be a printer admin) # smbpasswd -a username
The Samba passwords need not be the same as the system passwords
in
You will also need to update
# nano -w /etc/nsswitch.conf(Edit the hosts: line) hosts: files dns wins
The configuration file specified to be used in
[samba-vscan]; run-time configuration for vscan-samba using ; clamd ; all options are set to default values ; do not scan files larger than X bytes. If set to 0 (default), ; this feature is disable (i.e. all files are scanned) max file size = 0; log all file access (yes/no). If set to yes, every access will ; be logged. If set to no (default), only access to infected files ; will be logged verbose file logging = no; if set to yes (default), a file will be scanned while opening scan on open = yes; if set to yes, a file will be scanned while closing (default is yes) scan on close = yes; if communication to clamd fails, should access to file denied? ; (default: yes) deny access on error = yes; if daemon fails with a minor error (corruption, etc.), ; should access to file denied? ; (default: yes) deny access on minor error = yes; send a warning message via Windows Messenger service ; when virus is found? ; (default: yes) send warning message = yes; what to do with an infected file ; quarantine: try to move to quantine directory; delete it if moving fails ; delete: delete infected file ; nothing: do nothing infected file action =delete ; where to put infected files - you really want to change this! ; it has to be on the same physical device as the share! quarantine directory = /tmp; prefix for files in quarantine quarantine prefix = vir-; as Windows tries to open a file multiple time in a (very) short time ; of period, samba-vscan use a last recently used file mechanism to avoid ; multiple scans of a file. This setting specified the maximum number of ; elements of the last recently used file list. (default: 100) max lru files entries = 100; an entry is invalidated after lru file entry lifetime (in seconds). ; (Default: 5) lru file entry lifetime = 5; socket name of clamd (default: /var/run/clamd) clamd socket name = /tmp/clamd; port number the ScannerDaemon listens on oav port = 8127
It is generally a good idea to start the virus scanner immediately. Add it to
the
# vim /etc/clamd.conf(Check the line "LogFile /var/log/clamd.log") # vim /etc/freshclam.conf(Check the line "UpdateLogFile /var/log/freshclam.log") # vim /etc/conf.d/clamd(Set "START_CLAMD=yes" and "START_FRESHCLAM=yes")
Now fire up the virus scanner.
# rc-update add clamd default # /etc/init.d/clamd start
This is a little more complicated. CUPS' main config file is
ServerName PrintServer# your printserver name ServerAdmin root@PrintServer# the person for printer-related hate-mail, e.g. you AccessLog /var/log/cups/access_log# probably doesn't need changing ErrorLog /var/log/cups/error_log# doesn't really need changing either LogLevel debug# only while installing and testing, should later be # changed to 'info' MaxClients 100# I've had to set this to 1000000000 or so because some time back, # there seemed to be a bug in CUPS' controlling of the web interface, # making CUPS think a denial of service attack was in progress when # I tried to configure a printer with the web interface. weird. BrowseAddress @IF(eth0)# Change this to your internal net interface <Location /> Order Deny,Allow Deny From All Allow From 192.168.1.*# the addresses of your internel network # e.g. 192.168.1.* will allow connections from any host on # the 192.168.1.0 network. change to whatever suits you </Location> <Location /admin> AuthType Basic AuthClass System Allow From 192.168.1.*# same as above, allow any host on the # 192.168.1.0 network to connect and do # administrative tasks after authenticating Order Deny,Allow Deny From All </Location>
Edit
(The following line is found near the end of the file. Uncomment it) application/octet-stream application/vnd.cups-raw 0
Edit
(The following line is found near the end of the file. Uncomment it) application/octet-stream
CUPS needs to be started on boot, and started immediately.
(To start CUPS on boot) # rc-update add cupsd default(To start or restart CUPS now) # /etc/init.d/cupsd restart
First, go to
Now you have a PPD file for your printer to work with CUPS. Place it in
# lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd # /etc/init.d/cupsd restart
Remember to adjust to what you have. Be sure to have the name (
You should now be able to access the printer from the web interface and be able to print a test page.
Now that the printer should be working it is time to install the drivers for the Windows clients to work. Samba 2.2 introduced this functionality. Browsing to the print server in the Network Neighbourhood, right-clicking on the printershare and selecting "connect" downloads the appropriate drivers automagically to the connecting client, avoiding the hassle of manually installing printer drivers locally.
There are two sets of printer drivers for this. First, the Adobe PS drivers
which can be obtained from
This HOWTO uses the CUPS drivers for Windows. Install them as shown:
# emerge -av cups-windows
Now we'll use the script
# cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C(Instead of HPDeskJet930C you could also specify "-a", which will "export all known printers".) # cupsaddsmb -H PrintServer -U root -h PrintServer -a
Here are common errors that may happen:
This should install the correct driver directory structure under
Pending no errors or other complications, your drivers are now installed.
Lastly, setup our directories.
# mkdir /home/samba # mkdir /home/samba/public # chmod 755 /home/samba # chmod 755 /home/samba/public
We will want to test our configuration file to ensure that it is formatted
properly and all of our options have at least the correct syntax. To do this we
run
(By default, testparm checks /etc/samba/smb.conf) # /usr/bin/testparm Load smb config files from /etc/samba/smb.conf Processing section "[printers]" Global parameter guest account found in service section! Processing section "[public]" Global parameter guest account found in service section! Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions ... ...
Now configure Samba to start at bootup; then go ahead and start it.
# rc-update add samba default # /etc/init.d/samba start
It would probably be prudent to check our logs at this time also. We will also
want to take a peak at our Samba shares using
# smbclient -L localhost Password:(You should see a BIG list of services here.)
Despite the variation or distribution, the only thing needed is CUPS. Do the equivalent on any other UNIX/Linux/BSD client.
# emerge cups # nano -w /etc/cups/client.conf ServerName PrintServer# your printserver name
That should be it. Nothing else will be needed.
If you use only one printer, it will be your default printer. If your print
server manages several printers, your administrator will have defined a default
printer on the server. If you want to define a different default printer for
yourself, use the
(List available printers) # lpstat -a(Sample output, yours will differ) HPDeskJet930C accepting requests since Jan 01 00:00 laser accepting requests since Jan 01 00:00(Define HPDeskJet930C as your default printer) # lpoptions -d HPDeskJet930C
(Specify the printer to be used) # lp -d HPDeskJet930C anything.txt(Use your default printer) # lp foobar.whatever.ps
Just point your web browser to
Now is time to configure our kernel to support cifs. Since I'm assuming we've all compiled at least one kernel, we'll need to make sure we have all the right options selected in our kernel. For simplicity's sake, make it a module for ease of use. It is the author's opinion that kernel modules are a good thing and should be used whenever possible.
CONFIG_CIFS=m
Then make the module/install it; insert it with:
# modprobe cifs
Once the module is loaded, mounting a Windows or Samba share is possible. Use
(The syntax for mounting a Windows/Samba share is: mount -t cifs [-o username=xxx,password=xxx] //server/share /mnt/point If we are not using passwords or a password is not needed) # mount -t cifs //PrintServer/public /mnt/public(If a password is needed) # mount -t cifs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public
After you mount the share, you would access it as if it were a local drive.
That's just a bit of point-and-click. Browse to
That should be it. You should now have a successful printing enviroment that is friendly to both Windows and *nix as well as a fully virus-free working share!
These are some links that may help you in setting up, configuration and troubleshooting your installation:
See