Revision $Revision: 1.5 $ ($Date: 2004-03-03 15:03:36 $)
This objective has a weight of 8 points and contains the following objectives:
- Objective 2.209.1; Configuring a Samba Server (4 points)
Candidates should be able to set up a SAMBA server for various clients. This objective includes setting up Samba for login clients and setting up the workgroup in which a server participates and defining shared directories and printers. Also covered is a configuring a Linux client to use a Samba server. Troubleshooting installations is also tested.
- Objective 2.209.2; Configuring an NFS Server (4 points)
Candidates should be able to export filesystems using NFS. This objective includes access restrictions, mounting an NFS filesystem on a client and securing NFS.
Author:
Revision: $Revision: 1.9 $ ($Date: 2004-05-11 11:51:30 $)
Resources: Sharpe01; the man pages for the various commands.
Samba implements the Server Message Block (or SMB for short) protocol. This is the protocol used by Microsoft to implement file and printer sharing. By installing Samba on a Linux machine, machines running the Windows Operating System and other platforms for which an SMB client is available can connect to the Linux machine and thus use files and printers available by the Linux machine.
Samba is available for many platforms including Linux, AIX, HP-UX, SunOS, FreeBSD, OS/2, AmigaOS. Consult Samba, Opening Windows To A Wider World, for further information on platforms supporting Samba and for downloading a binary or source distribution for your platform.
Depending on your distribution, you can
get the sources and compile them yourself
install the package using rpm (Red Hat, SuSE etc.)
install the package using apt-get or aptitude (Debian)
Samba can be run either from inetd or as daemons. When run via inetd you save some memory and you can use tcpwrappers for extra security. When run as daemons, the server is always ready and sessions are faster.
If you want to use encrypted passwords, you will need to have a separate
/etc/samba/smbpasswd file because the layout
differs from /etc/passwd. During the installation,
you can choose to have /etc/samba/smbpasswd
generated from your /etc/passwd file. If you choose
not to do this, you must use smbpasswd to set
individual passwords for users.
Samba consists of two daemons: nmbd and smbd.
nmbd, the NetBIOS Name Service Daemon, handles NetBIOS name lookups and WINS requests. If you've told Samba to function as a WINS Server, an extra copy of nmbd will be running. Additionally, if DNS is used to translate NetBIOS names, another extra copy of nmbd will be running.
smbd, the Server Message Block Daemon, handles file and print access. For each client connected to the server, an extra copy of smbd runs.
Samba uses both the UDP and TCP protocols.
TCP is used for file and print sharing on port 139.
UDP is used for the registration and translation of NetBIOS names and for browsing the network. Port 137 is used for name service requests and responses. Port 138 is used for datagram services to transmit small amounts of data, such as server announcements.
We've got three machines connected via a network. The machines “Yoda” and “windoosje” contain files the other machines must be able to manipulate. Also, the machines must be able to use each other's printers. “Yoda” is running Linux and has Samba installed. “windoosje” is running Microsoft Windows 2000 and “pug” is running Linux and has smbclient installed to be able to function as a Samba client.
We want to share just parts of the filesystems on “Yoda” and “windoosje”.
The public share on “Yoda” should be available to
everyone.
The img0 share on “Yoda” should be available to the
user “willem” only.
The img1 share on “Yoda” should be available to both
the users “willem” and “rc564”.
The home directories on “Yoda” should be available to their respective users.
On the Windows 2000 machine we've got some generic files in the
directories f:\winshare1 and
f:\winshare2 we wish to make available to the Linux
machine running Samba.
Since I am using the Windows 2000 machine as a workstation, I didn't feel the need for domains, primary or otherwise. Instead, I have told the Windows 2000 machine that it is part of the workgroup “falcon”.
I have included the /etc/samba/smb.conf file that
contains the settings to make directories accessible from Windows 2000.
Note that case doesn't matter to Microsoft Windows but does matter
to Linux when writing workgroup names and machine names.
Please read the comments before continuing:
#------------------------------------------------------------
# This is: /etc/samba/smb.conf
#
#------------------------------------------------------------
[global]
#------------------------------------------------------------
# This section contains the global server settings and the
# defaults that will be used for the parameters of the other
# sections if they are not specifically assigned other values
# in those other sections.
#
# Samba joins the FALCON workgroup
#------------------------------------------------------------
workgroup = FALCON
# Describe the server to the clients
#------------------------------------------------------------
server string = Linux Samba Server %L
# Only allow connections from machines on our LAN
#------------------------------------------------------------
hosts allow = 192.168.2.0/255.255.255.0
# Windows 2000 uses encrypted passwords, so do we
#------------------------------------------------------------
encrypt passwords = yes
# Tell Samba to use smbpasswd file for user validation
#------------------------------------------------------------
security = user
smb passwd file = /etc/samba/smbpasswd
# Make the server also available as Yoda1 to enable connection
# from Windows as another user
#------------------------------------------------------------
netbios name = Yoda
netbios aliases = Yoda1
# Access from clients will be logged in log.<NetBIOS name>
#------------------------------------------------------------
log file = /var/log/samba/log.%m
[homes]
#------------------------------------------------------------
# This section enables the users that have an account and a
# homedirectory on the Linux Samba Server to access and modify
# the contents of that directory from a Samba client.
#
# Describe the share to the user
#------------------------------------------------------------
comment = %U's homedirectory on %L from %m
# Do not show the homes share itself when browsing
#------------------------------------------------------------
browsable = no
# Allow the user to write in his home directory
#------------------------------------------------------------
writeable = yes
[public]
#------------------------------------------------------------
# This section defines a public share available for reading
# and writing for anyone on our LAN
#------------------------------------------------------------
comment = Public Storage on %L
path = /home/samba
# Show the public share when browsing
#------------------------------------------------------------
browsable = yes
# Allow everyone to write in this directory
#------------------------------------------------------------
writeable = yes
[img0]
#------------------------------------------------------------
# This section defines imaging share #0
#
# Describe the share to the user
#------------------------------------------------------------
path = /img0
comment = %U's Imaging Share #0 on %L from %m
# Show the img0 share itself when browsing
#------------------------------------------------------------
browsable = yes
# Allow the user to write in his home directory
#------------------------------------------------------------
writeable = yes
# Restrict access to valid users
#------------------------------------------------------------
valid users = willem
[img1]
#------------------------------------------------------------
# This section defines imaging share #1
#
# Describe the share to the user
#------------------------------------------------------------
path = /img1
comment = %U's Imaging Share #1 on %L from %m
# Show the img1 share itself when browsing
#------------------------------------------------------------
browsable = yes
# Allow the user to write in his home directory
#------------------------------------------------------------
writeable = yes
# Restrict access to valid users
#------------------------------------------------------------
valid users = willem,rc564
The sections [global], [homes] and [printers] are so called special sections.
The [global] section contains the parameters that are applicable for the whole server and the defaults that will be used for the parameters that are not mentioned in other sections.
The [homes] section makes it possible for users to connect to their
home directories. The share name “homes” is changed by the server to
the username. If you want to use some other directory instead of the
user's home directory, you can do this by specifying the path. If you
want to use the directory /home/sambahomes/<user>
as the home directory, for instance, you can do this by setting the
path parameter as follows:
path=/home/sambahomes/%S
The %S macro will be substituted by the user's name. Please consult the man page of smb.conf (man smb.conf) for information on the other macros that are available.
The [printers] section is used for giving access to the printers and will be described later in this chapter.
After creating the /etc/samba/smb.conf file, Samba
must be restarted if it's already running or started if it's not:
# /etc/init.d/samba restart or
# /etc/init.d/samba start
Now the samba passwords, which do not have to be identical to the Linux passwords, must be set. If a user already exists in the samba password file, you can use the command without the “-a” flag.
# smbpasswd [-a] user
Let's say you are the user “willem” on the Windows 2000 machine, and you enter “\\yoda” in the browser. You will be presented with a dialog - (illustrated below, but which you won't be able to read because it's in Dutch) - asking you to enter your username and accompanying password.
After entering the correct username and password, you will have access to your shares as shown below:
After opening the img0 share, another
smbd process will be started by the already running
smbd process:
# ps x -o pid,ppid,command
PID PPID COMMAND
1 0 init [2]
...
26750 1 /usr/sbin/smbd -D
26753 26750 /usr/sbin/smbd -D
...
As you can see by looking at the process id (PID), the last /usr/sbin/smbd started is 26753 which has a process parent id (PPID) of 26750. This parent also is /usr/sbin/smbd and has a PPID of 1, which is the init process.
You can also use the smbstatus command to ask the system who is using which shares and which files are locked at the moment:
# smbstatus
Samba version 2.0.8
Service uid gid pid machine
----------------------------------------------
img0 willem willem 26753 windoosje (192.168.2.11) Sat Feb 16
12:17:05 2002
No locked files
Share mode memory usage (bytes):
1048464(99%) free + 56(0%) used + 56(0%) overhead = 1048576(100%) total
As you can see, the user “willem” is accessing the
img0 share and has no files locked. You will
probably almost never see file locks because their lifespan is so short.
The file is only locked during saving. If you don't believe me, try this
out with a file that takes several seconds to transport over the
network, or “drag and drop” a complete directory, as I've done in the
example that follows, to the img0 share while
running the command smbstatus -L. The “-L” option
will tell smbstatus to only show the locks:
# while true; do smbstatus -L; sleep 1; done
No locked files
No locked files
No locked files
Locked files:
Pid DenyMode R/W Oplock Name
--------------------------------------------------
26753 DENY_ALL WRONLY EXCLUSIVE+BATCH /img0/Biljarten/2001-2002/
JoSterkRoosters.exe Sat Feb 16 13:12:51 2002
Locked files:
Pid DenyMode R/W Oplock Name
--------------------------------------------------
26753 DENY_ALL WRONLY EXCLUSIVE+BATCH /img0/Biljarten/2000-2001/
Arbiters.PX Sat Feb 16 13:12:52 2002
Locked files:
Pid DenyMode R/W Oplock Name
--------------------------------------------------
26753 DENY_ALL WRONLY EXCLUSIVE+BATCH /img0/Biljarten/2000-2001/
BasisForm112.~dfm Sat Feb 16 13:12:53 2002
...
No locked files
Now let's see if the same works for the user rc564 by logging in to Windows 2000 as that user and entering “\\Yoda” in the browser:
After entering the correct user and password combination, you will have access to your shares as shown below:
If everything is as it should be, the user “rc564” should not be able to
write to the img0 share and should be able to write
to the img1 share.
If you try to access the img0 share, a window will
appear saying the password is wrong or that the username is unknown
for the share. You will then have the opportunity to enter a username
and password:
As expected, this doesn't work because the user “rc564” is not authorized to do this. But there is more to this than meets the eye. What if we were to connect as the user “willem” with the correct password? That should work, shouldn't it? Well, let's see:
After hitting the “OK” button, we get the following response:
Which, translated, says that the share
\\yoda\img0 is not accessible because the submitted
set of references (username and password) is in conflict with an existing
set of references.
The cause of this seems to be that there already is a connection as “rc564” to Yoda. To prove it, let's connect to the server as the user “willem” by using the alias “\\Yoda1”, which is a NetBios alias for “\\Yoda”, while keeping the connection as the user “rc564” alive:
After hitting the “OK” button the next window appears showing that we've got a connection:
To prove that we also have write access, we create a text file:
Finally we use the command smbstatus to show that we really have two simultaneous connections:
Samba version 2.0.8
Service uid gid pid machine
----------------------------------------------
public rc564 rc564 28305 windoosje (192.168.2.11) Sat Feb 16
13:48:35 2002
img0 willem willem 28357 windoosje (192.168.2.11) Sat Feb 16
14:19:02 2002
Whether this is a Windows quirk or not will be demonstrated in the next section, where we'll try the same sequence from a Linux Samba client.
The command smbclient implements an ftp like interface to the Samba shares.
You can use smbclient to find out which shares are available on the Windows machine (\\windoosje) by issuing the following command:
pug:~# smbclient -L windoosje -W falcon -U rc564
Password: ******
Domain=[FALCON] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
IPC$ IPC Externe IPC
F$ Disk Standardshare
ADMIN$ Disk Remote Management
C$ Disk Standardshare
WinShare#1 Disk Word Documents
WinShare#2 Disk Excel Sheets
And on the Linux Samba Server \\Yoda as well:
pug:~# smbclient -L \\yoda -W falcon -U rc564
Password: ******
Domain=[FALCON] OS=[Unix] Server=[Samba 2.0.8]
Sharename Type Comment
--------- ---- -------
public Disk Public Storage on yoda
img0 Disk rc564's Imaging Share #0 on yoda from pug
img1 Disk rc564's Imaging Share #1 on yoda from pug
IPC$ IPC IPC Service (Linux Samba Server yoda)
rc564 Disk rc564's homedirectory on yoda from pug
Server Comment
--------- -------
YODA Linux Samba Server yoda
YODA1 Linux Samba Server yoda
Let's connect to \\windoosje\WinShare#1 to get a file:
pug:~# smbclient //windoosje/WinShare#1 -W falcon -U rc564
Password: ******
Domain=[FALCON] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
smb: \>
We've now got a connection. As with the ftp client, you can type “help” to find out which commands are available:
smb: \> help
? altname archive blocksize cancel
cd chmod chown del dir
du exit get help history
lcd link lowercase ls mask
md mget mkdir more mput
newer open print printmode prompt
put pwd q queue quit
rd recurse rename rm rmdir
setmode symlink tar tarmode translate
!
Finding out which files are available is done by issuing either the ls or the dir command:
smb: \> ls
. D 0 Tue Feb 19 10:54:12 2002
.. D 0 Tue Feb 19 10:54:12 2002
Jo Sterk - Sponsoring.doc A 107008 Sat Jul 7 11:05:34 2001
Contributie_2001.doc A 27648 Thu Jan 11 16:50:52 2001
38461 blocks of size 262144. 37673 blocks available
smb: \>
As with an ftp client, you can download a file with the get or mget command:
smb: \> mget contr*
Get file Contributie_2001.doc? y
getting file Contributie_2001.doc of size 27648 as Contributie_2001.doc (52.9 kb/s) (average 52.9 kb/s)
smb: \>
As you can see, the command is case insensitive and wildcards can be used.
You can also mount the share as you would any other filesystem. This is done with the smbmount command. To be able to use the command smbmount, support for the SMB filesystem must be compiled into the kernel. You'll find the smbfs option in the filesystems section.
In the previous section, I promised to make connections from a Linux Samba client to the Linux Samba server as two different users to see if this can be done without using aliases. We'll try to make a connection as the user “willem” to his home directory on “\\Yoda” and as the user “rc564” to the public share. Here we go:
# mkdir /mnt/sh1 mountpoint for the first share
# mkdir /mnt/sh2 mountpoint for the second share
# smbmount //yoda/willem /mnt/sh1 -o username=willem
Password: *******
# smbmount //yoda/public /mnt/sh2 -o username=rc564
Password: ******
# mount
...
//yoda/willem on /mnt/sh1 type smbfs (0)
//yoda/public on /mnt/sh2 type smbfs (0)
So, this worked nicely. Let's ask the Samba Server which shares are in use at the moment:
# smbstatus
Samba version 2.0.8
Service uid gid pid machine
----------------------------------------------
willem willem willem 31345 pug (192.168.2.8) Sun Feb 17
20:43:39 2002
public rc564 rc564 31346 pug (192.168.2.8) Sun Feb 17
20:44:30 2002
No locked files
As you can see, there are two connections being served by two
separate processes. But, there is also a difference in how file-locking
is handled. Remember that, when opening a file from Windows, there was
no lock visible while the file was open - the lock was only present
during the saving of the file. This is not the case when the Samba
share is mounted by a Linux client. Opening the file
hallo.txt in vi gives the
following smbstatus result:
Samba version 2.0.8
Service uid gid pid machine
----------------------------------------------
willem willem willem 31345 pug (192.168.2.8) Sun Feb 17
20:43:39 2002
public rc564 rc564 31346 pug (192.168.2.8) Sun Feb 17
20:44:30 2002
Locked files:
Pid DenyMode R/W Oplock Name
--------------------------------------------------
31346 DENY_NONE RDONLY NONE /home/samba/hallo.txt Sun Feb
17 20:58:18 2002
As you can see, the file is immediately locked when opened.
Any machine running WinPopup can receive a message sent via the Winpopup protocol.
Assume, for a moment, that we've got to do maintenance on \\Yoda, and
we wish to tell the user on \\windoosje that his shares will not be
available during a certain period of time. Make a text file containing
the message — I used vi to create a file called
msg.txt — and use smbclient
to send it as follows:
# cat msg.txt | smbclient -M windoosje -U IT-ops
The user on \\windoosje is presented with the following message:
To instruct Samba to share all printers defined in
/etc/printcap, you may add a [printers]
section to /etc/samba/smb.conf:
[printers]
comment = Printer %p on Yoda
path = /var/spool/samba
printable = yes
After restarting Samba by issuing the command /etc/init.d/samba restart we connect from Windows 2000 using the user “rc564” - which also exists on the Samba Server and must have the same password - to “\\Yoda” and get the following result:
Oops! That gave us four printers, and we've only got one. This
happened because of the aliases in /etc/printcap.
Our purpose was to get just one printer. This can be achieved by
removing the [printers] section and replacing it with a
printer-specific section:
[HP LaserJet 5]
printer name = lp
comment = HP LaserJet 5 on Yoda
path = /var/spool/lpd/samba
printable = yes
writeable = no
After restarting Samba we reconnect to \\Yoda and get the following result:
Now double-click on “HP LaserJet 5” and Windows will tell you that the printer has to be installed before you can use it and offers to go ahead with this. Allow Windows to install the printer.
Windows then says that there is a wrong printer driver installed on the machine to which the printer is connected and asks if the driver should be installed on the local computer. Allow Windows to do so.
Windows shows a dialog with manufacturers and printers, we choose HP and HP LaserJet 5, after which Windows installs the driver, and we are done.
Now let's see if it works. Open a document, for instance in MS Word, activate the print dialog to select the printer:
After hitting the “OK” button, the output will be sent to the printer.
If this doesn't work, chances are that the user has no write permissions
in the /var/spool/lpd/samba directory. I
experienced this problem myself and had the choice to either add all
users able to print to the “lp” group or give all users
write-access in the directory /var/spool/lpd/samba.
I chose the latter, which is fine because the parameter setting
“writeable = no” in the [printers] section of the Samba
configuration file /etc/samba/smb.conf makes sure
that no non-printing process can write in that directory.
What actually takes place is that the output is spooled to the
directory set by the “path =” parameter which in this case is the
directory /var/spool/lpd/samba. From there the
output is spooled to the “real” spool directory of the printer as set
by /etc/printcap. In this case,
/var/spool/lpd. Check this out by
“capturing” the spooled file as follows:
# while true; do ls -l samba >> t; ls -l lp >> t; echo "---" >> t ; done
The /var/spool/lpd/samba directory:
-rwxr--r-- 1 rc564 lp 7480 Feb 19 17:35 RC564.aCKx75
The /var/spool/lpd/lp directory:
-rw-rw---- 1 lp lp 78 Feb 19 17:35 cfA002yoda
-rw-rw---- 1 rc564 lp 7480 Feb 19 17:35 dfA002yoda
Issuing the smbstatus command shows the access to the share:
yoda:/var/spool/lpd# smbstatus
Samba version 2.0.8
Service uid gid pid machine
----------------------------------------------
HP LaserJe rc564 rc564 31391 windoosje (192.168.2.11) Tue Feb 19 17:46:03 2002
Although this is not part of the exam, I feel that to be complete it is necessary to show you that a Linux printer can also be used from Windows 2000 without the need for Samba.
On the Windows machine the first thing to do is install an extra network component called “Print Services For Unix”. This adds the ability to print to an lpr port.
The next thing to do is add a local printer — yes, you read it right: not a network printer.
When Windows asks you to select the port, select the option that enables you to create a new port and select the type “LPR Port”. You will then be presented with the next dialog which asks you to give the address of the lpd server and the name of the printer. Enter the Fully Qualified Domain Name of the printer.
Since I've called my local domain “falcon” and the machine to which my HP LaserJet 5 is connected is called “Yoda”, this becomes yoda.falcon. The queue is called lp so that's what we enter for the printer name.
Then select the appropriate printer driver and give the printer a name. Let's call the printer “REMOTE HP LaserJet 5”.
We are then presented with the possibility of sharing the printer under Windows. If you choose to do so and there are other Windows machines in the same workgroup such as Windows 98 for instance, they will see this printer as a Windows shared printer and can print to it. Windows 2000 will then send the output to the lp queue on Yoda. We don't need this functionality.
After printing a test page, we're done. Now have a look at the printers Windows 2000 knows:
The choice is yours: Samba printing or lpr printing. If printing is all you want to do, and you don't need the other functionality of Samba, and Print Services For Unix comes with your Windows OS, lpr printing may be the best choice for you.
Although it is not in the topics I felt the need to describe this. Imagine a situation, for instance, where there are lots of Windows users and just a few Linux users. Wouldn't it be nice to be able to use the Windows printer from Linux without having to move the printer to a Samba server ?
Be careful with the sharename you define for the printer under Windows 2000. If Windows 2000 tells you that the printer might not be available to MS-DOS clients, shorten the name of the share until Windows 2000 does not complain anymore.
smbclient did not report the printer when it was called “HP DeskJet 890 C”, but it did report the printer as soon as I called it “DeskJet_890C”.
I have tried several utilities to accomplish this, amongst which are: smbclient, smbprint, smbspool and apsfilter.
And the winner is .... apsfilter for its ease of installation. The author, Andreas Klemm, only asks that you send him a postcard because he's interested in who is using apsfilter. I'll walk you through the installation:
# apsfilterconfig
_/_/ _/_/ _/ _/ _/
_/ _/ _/_/_/ _/_/_/ _/ _/ _/_/_/_/ _/_/ _/ _/_/
_/_/_/_/ _/ _/ _/_/ _/_/_/_/ _/ _/ _/ _/_/_/_/ _/_/
_/ _/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/_/ _/_/_/ _/
_/
_/
...
Accept license [Y|y|J|j|N|n] ?
Type “Y”, hit “enter” and read the informational screens that follow.
Now we are checking file permissions in spooldir
Your line printer scheduler's spooldir seems to be: /var/spool/lpd
drwxrwsr-x 9 lp lp 4096 Feb 20 13:53 /var/spool/lpd
The Owner of your spooldir seems to be: lp
The Group of your spooldir seems to be: lp
Is this correct? [y/n]
Type “y” and hit “enter”.
creating a working copy of printcap -> /etc/printcap.old
It seems you have configured a printer with this script before.
Do you want to (a)dd another printer entry or
to (o)verwrite the existing entries?
a/o?
If you've already defined other printers, as I have, type “a” and hit “enter”.
==================================================================
A P S F I L T E R S E T U P -- MAIN MENUE --
==================================================================
currently selected
------------------------------------------------------------------
(D) Available Device Drivers in your gs binary
(R) Read Ghostscript driver documentation (devices.txt)
(1) Printer Driver Selection []
(2) Interface Setup []
For printing the test page:
(3) Paper Format (mandatory) [a4]
(4) Print Resolution in "dots per inch" [default]
(5) Toggle Monochrome/Color (1bpp=b&w) [default]
(T) Print Test Page, on local or Windows remote prt.(after 1-5)
(V) View perf.log (times of print attempts)
(A) Abort installation (don't do anything)
(I) ==> Install printer with values shown above - repeat this
step for installing multiple printers
(Q) ==> Finish installation
Your choice?
First, we have to select a driver for the HP DeskJet 890C. Type “1” and hit “enter”.
================================================================
PRINTER DRIVER SELECTION
================================================================
Please select the type of printer you want to install:
1) PostScript printer
2) printer driver natively supported by ghostscript
3) gimp-print / stp
4) hpdj
5) pcl3 (successor to hpdj, experimental)
6) IBM Omni
7) cdj880, cdj970
8) PPA printer, needs ghostscript "ppmraw" device and pnm2ppa
0) return to main menu
Your choice:
Choose “4” and hit “enter”. You can then browse through a list of printer drivers. Remember the number of the correct driver (in my case, 131, comes closest to my printer). Hit “q” to close the list, type the number you remembered and hit “return” which takes us back to the main menu.
The next thing to do is to set up the interface — choose “2” and hit “return”
----------------------------------------------------------------
A P S F I L T E R S E T U P -- Interface Setup --
----------------------------------------------------------------
The easiest way to connect a printer to your computer is by
using the parallel interface, because it's usually *faster*,
more standardized and therefore much easier to configure.
When configuring a serial printer, the installation dialogue
asks you many questions about how to configure the serial
interface of your computer, so that it works well with your
printers current settings.
When using the serial interface, then you have to choose special
cables, depending on the communication protocol between computer
and printer (hardware/software handshaking). Many pitfalls here !
currently selected: Interface: [samba]
Device: [windoosje]
configure local / remote printer
1) local parallel/USB 2) local serial
3) Unix/network printer (lpd) 4) Windows / NT (samba)
5) AppleTalk
Your choice?
As you can see, there is a separate option for Samba. Choose “4” and hit “return”. You will then be asked several questions as shown below:
----------------------------------------------------------------
A P S F I L T E R Samba Printer SETUP
----------------------------------------------------------------
Take care that smbclient is in apsfilters search path.
You can fine tune paths in /etc/apsfilter/apsfilterrc.
See smbclient manual page for more options if needed.
currently selected:
NetBIOS name of Windows Server : [ ]
Windows Server IP : [ ]
Printer Share Name : [ ]
Workgroup : [ ]
Windows Username : [ ]
Windows Password : [ ]
(you can fine tune some more values in the smbclient.conf
file in the printers spool directory later)
NetBIOS name of Windows Server: windoosje
Windows Server IP Address : 192.168.2.11
Printer Share Name : DeskJet_890C
Workgroup Name : falcon
Print as Windows GUEST user (no: use real account)? [y/n] n
Windows Username : rc564
Windows Password : thepassword
Now, the default papertype must be set. Choose “3”, hit “return”, and you'll be presented with a list from which you can choose:
----------------------------------------------------------------
A P S F I L T E R S E T U P -- Paper Format --
----------------------------------------------------------------
What paper format do you want to use for printing?
1) DIN A4
2) DIN A3
3) US letter
4) US legal
5) US ledger
Your choice?
I chose “1”, DIN A4. Now we are ready to print a test page. Choose “T”, and hit “return”, read the information and choose “T” again. You will then be asked if it is ok to print the testpage:
Printing Test page using: cat setup/test.ps | gs -q -sDEVICE=cdj890 \
-sPAPERSIZE=a4 -dNOPAUSE -dSAFER -sOutputFile='/tmp/aps_testout.iESShW' -
Ok to print testpage? [y/n]
Type “y” and hit “return”. The testpage will be created — which may take some time — and sent to the printer. If the output looks ok, choose “I”, followed by “return”, to install the printer with the values shown in the menu:
======================================================================
Filter installation -- final steps
======================================================================
It's recommended to have one 'raw' entry for each physical printer.
If you're not sure, say 'y' -- it won't hurt.
Do you want me to create one for printer at windoosje? (y/n)
A Ok, let say “y” here.
Please enter a printer queue name for printer 'cdj890'.
The default name is 'auto3'.
Your choice:
Let's call the printer “dj890c”.
** creating printcap entry for printer dj890c...
creating spooldir ...
creating samba config file ...
read protect password information...
remember SETUP settings in printers apsfilterrc file...
Please enter a printer queue name for printer 'cdj890'.
The default name is 'raw3'.
Your choice:
And “rawdj890c”.
** creating printcap entry for printer rawdj890c...
creating spooldir ...
creating samba config file ...
read protect password information...
remember SETUP settings in printers apsfilterrc file...
** done.
[ press <RETURN> to continue ]
We're done, choose “Q” and hit “return”. Read through the informational
screens that follow. apsfilter has created the
directories that are necessary and has modified the file
/etc/printcap by adding the following information:
# APS3_BEGIN:printer3
# - don't delete start label for apsfilter printer3
# - no other printer defines between BEGIN and END LABEL
dj890c|Printer3 auto:\
:lp=/dev/null:\
:if=/etc/apsfilter/basedir/bin/apsfilter:\
:sd=/var/spool/lpd/dj890c:\
:lf=/var/spool/lpd/dj890c/log:\
:af=/var/spool/lpd/dj890c/acct:\
:mx#0:\
:sh:
rawdj890c|Printer3 raw:\
:lp=/dev/null:\
:if=/etc/apsfilter/basedir/bin/apsfilter:\
:sd=/var/spool/lpd/rawdj890c:\
:lf=/var/spool/lpd/rawdj890c/log:\
:af=/var/spool/lpd/rawdj890c/acct:\
:mx#0:\
:sf:\
:sh:
# APS3_END - don't delete this
Let's try it out with lpr by sending a postscript file to the printer. There is a very nice picture of a tiger's head that comes with ghostcript:
# lpr -Pdeskjet /usr/share/doc/gs/examples/tiger.ps.gz
Even a compressed postscript file gets printed nicely.
WINS stands for Windows Internet Name Service. This is a name service used to translate NetBIOS names to ip addresses by using NetBIOS over TCP/IP queries. It is done using UDP packets.
To tell Samba that it should also play the role of WINS Server, add
the following line to the [global] section of the Samba configuration
file /etc/samba/smb.conf:
[global]
wins support = yes
Be careful, there should not be more than one WINS Server on a network and you should not set any of the other WINS parameters, such as “wins server”, when enabling “wins support”.
nmblookup is a Linux client that facilitates the lookup of NetBIOS names over TCP/IP.
Let's see if it works by asking nmblookup to find us the ip address for Yoda1:
pug:~# nmblookup Yoda1
querying Yoda1 on 192.168.2.255
192.168.2.21 Yoda1<00>
And let's prove that this is the same machine as Yoda:
pug:~# nmblookup Yoda
querying Yoda on 192.168.2.255
192.168.2.21 Yoda<00>
Another way to do this is with the host command:
pug:~# host 192.168.2.21
Name: yoda.falcon
Address: 192.168.2.21
To prove that yoda1 does not have a DNS entry:
pug:~# host yoda1
yoda1.falcon does not exist (Authoritative answer)
Another example: let's use nmblookup to find out which machine is the master browser for the falcon workgroup:
pug:~# nmblookup -M falcon
192.168.2.21 falcon<1d>
This proves that Yoda is the master browser for the falcon workgroup.
Logon scripts can be very handy. So for example, if every user needs his home directory mapped to drive H: automatically, a logon script can take care of that. The user is then presented with an extra hard-drive which gives you, as an administrator, the freedom to move home directories to another server should the need arise. To the user it remains drive H:, and all you have to do is change one line in the logon script.
The same goes for printers and processes that should be accessible or run when a specific user logs on or when a certain machine logs on.
The batch file must be a Windows-style batch file and should thus have both a carriage return and a line feed at the end of each line.
The first thing to do is enable logon support. This is done by adding
the following line to the [global] section of the Samba configuration
file /etc/samba/smb.conf:
[global]
logon server = yes
The second thing to do is create a share called [netlogon] where the logon scripts will reside and which is readable to all users:
[netlogon]
Comment = Netlogon for Windows clients
path = /home/netlogon
browseable = no
guest ok = no
writeable = no
The definition of the logon script depends on whether you want a script per user or per client.
Add the following line to the [netlogon] section:
logon script = %U.bat
and, assuming the user is “rc564”, create a file called
/home/netlogon/rc564.bat.