Table of Contents
Advertisement
Windows Authentication
Specify this authentication when using the Windows domain controller to authenticate users who have
their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in
the directory server. Under Windows authentication, you can specify the access limit for each group
registered in the directory server. The Address Book stored in the directory server can be registered to
the machine, enabling user authentication without first using the machine to register individual settings in
the Address Book. Obtaining user information can prevent the use of false identities because the sender's
address (From:) is determined by the authentication system when scanned data is sent or a received fax
message is transferred via e-mail.
The first time you access the machine, you can use the functions available to your group. If you are not
registered in a group, you can use the functions available under "*Default Group". To limit which
functions are available to which users, first make settings in advance in the Address Book.
To automatically register user information such as fax numbers and e-mail addresses under Windows
authentication, it is recommended that communication between the machine and domain controller be
encrypted using SSL. To do this, you must create a server certificate for the domain controller. For details
about creating a server certificate, see page 51 "Creating the Server Certificate".
Windows authentication can be performed using one of two authentication methods: NTLM or Kerberos
authentication. The operational requirements for both methods are listed below.
Operational requirements for NTLM authentication
To specify NTLM authentication, the following requirements must be met:
• This machine supports NTLMv1 authentication and NTLMv2 authentication.
• A domain controller has been set up in a designated domain.
• This function is supported by the operating systems listed below. To obtain user information
when running Active Directory, use LDAP. If you are using LDAP, we recommend you use SSL
to encrypt communication between the machine and the LDAP server. Encryption by SSL is
possible only if the LDAP server supports TLSv1 or SSLv3.
• Windows Server 2003/2003 R2
• Windows Server 2008/2008 R2
• Windows Server 2012
Operational requirements for Kerberos authentication
To specify Kerberos authentication, the following requirements must be met:
• A domain controller must be set up in a designated domain.
• The operating system must support KDC (Key Distribution Center). To obtain user information
when running Active Directory, use LDAP. If you are using LDAP, we recommend you use SSL
to encrypt communication between the machine and the LDAP server. Encryption by SSL is
possible only if the LDAP server supports TLSv1 or SSLv3. Compatible operating systems are
listed below.
Windows Authentication
43
Advertisement
Chapters
Table of Contents
Troubleshooting
