Windows Authentication - Ricoh MP 6002 User Manual

2. Configuring User Authentication

Windows Authentication

Specify this authentication when using the Windows domain controller to authenticate users who have
their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in
the directory server. Under Windows authentication, you can specify the access limit for each group
registered in the directory server. The Address Book stored in the directory server can be registered to
the machine, enabling user authentication without first using the machine to register individual settings in
the Address Book. Obtaining user information can prevent the use of false identities because the sender's
address (From:) is determined by the authentication system when scanned data is sent or a received fax
message is transferred via e-mail.
Windows authentication can be performed using one of two authentication methods: NTLM or Kerberos
authentication. The operational requirements for both methods are listed below.
Operational requirements for NTLM authentication
To specify NTLM authentication, the following requirements must be met:
• This machine supports NTLMv1 authentication and NTLMv2 authentication.
• A domain controller has been set up in a designated domain.
• This function is supported by the operating systems listed below. To obtain user information
when running Active Directory, use LDAP. If you are using LDAP, we recommend you use SSL
to encrypt communication between the machine and the LDAP server. Encryption by SSL is
possible only if the LDAP server supports TLSv1, SSLv2, or SSLv3.
• Windows Server 2003/2003 R2
• Windows Server 2008/2008 R2
Operational requirements for Kerberos authentication
To specify Kerberos authentication, the following requirements must be met:
• A domain controller must be set up in a designated domain.
• The operating system must support KDC (Key Distribution Center). To obtain user information
when running Active Directory, use LDAP. If you are using LDAP, we recommend you use SSL
to encrypt communication between the machine and the LDAP server. Encryption by SSL is
possible only if the LDAP server supports TLSv1, SSLv2, or SSLv3. Compatible operating
systems are listed below.
• Windows Server 2003/2003 R2
• Windows Server 2008/2008 R2
To use Kerberos authentication under Windows Server 2008, Service Pack 2 or later must be
installed.
• Transmission between the machine and the KDC server is encrypted if Kerberos authentication
is enabled. For details about specifying encrypted transmission, see p.183 "Kerberos
Authentication Encryption Setting".
42