Lexmark Color Laser Installation And Administration Manual page 33

•
Domain—The card domain that should be mapped to the specified Realm. This is the principal name used
on the card, and should be listed by itself, followed by a comma, a period, and then the principal name again.
This value is case-sensitive, and usually appears in lowercase. Multiple values can be entered, separated by
commas.
Example: If a U.S. DoD Common Access Card uses "123456789@mil" to identify a user, "mil" is the principal
name. In this case, you would enter the Domain as "mil,.mil".
•
Timeout—The amount of time the MFP should wait for a response from the domain controller before moving
to the next one in the list.
12
If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to
choose from when logging in. Multiple domains can be entered, separated by commas.
13
Select a DC Validation Mode for validating the domain controller certificate when users login to the MFP:
• Device Certificate Validation—The most common method. The certificate of the CA that issued the domain
controller certificate must also be installed on the MFP.
• MFP Chain Validation—The entire certificate chain, from the domain controller to the root CA, must be
installed on the MFP.
• OCSP Validation—The entire certificate chain, from the domain controller to the root CA, must be installed
on the MFP, and Online Certificate Status Protocol (OCSP) settings must be configured.
14
If you selected OCSP Validation, configure the following:
•
Responder URL—The IP address or hostname of an OCSP responder/repeater, along with the port being
used (usually 80). The correct format is "http://ip_address:port_number" (http://255.255.255.0:80). Multiple
values can be entered, separated by commas; they will be tried in the order listed.
• Responder Certificate—Browse to locate the X.509 certificate for the responder.
• Responder Timeout—The amount of time the MFP should wait for a response from the OCSP Responder
before moving to the next one in the list.
•
Unknown Status is Valid—Select this check box to allow a user to login even if the OCSP response indicates
the certificate status is unknown.
15
Under User Session and Access Control, verify that Share Session with LDD is not selected.
16
Under Advanced Settings, select Disable Reverse DNS Lookups if reverse lookups are not supported on your
network.
17
To use only the information provided by the specified domain controller, select Disable LDAP Referrals.
Note: Leaving LDAP referrals enabled can increase LDAP search times.
18
If DNS is not enabled on the network, or if some servers are multi-homed, click Browse to locate a Hosts File with
hostname-IP address mappings.
19
Select Wait for Active Network, to display Waiting for network... on the touch screen after the MFP is
powered on. This message disappears when the network becomes available.
20
Click Apply.
Note: You must install at least one Certificate Authority (CA) certificate in order for PKI Authentication to work. For
more information on uploading a CA certificate, see "Creating and modifying digital certificates" on page 16.
33