Local Device Authentication; Server Authentication (Active Directory Authentication - Canon imageRUNNER ADVANCE C350 series Service Manual

2
Technical Explanation > MEAP > Enhanced System Application Management > Server authentication (Active Directory authentication)

■ Local device authentication

It is one of the user authentication methods using SSO-H, and is used for an device on a
stand-alone basis.
Local user
Remote user
Register the user to be authenticated on the database in the device.
User management can be performed from the User Management screen (http://device's IP
address:8000/sso/) or imageWARE Enterprise Management Console. The login destination is
[This device].
User Management screen
2 Technical Explanation > MEAP > Enhanced System Application Management > Server authentication (Active Directory authentication)

■ Server authentication (Active Directory authentication)

● Outline
Device
F-2-239
F-2-240
It is one of the user authentication methods using SSO-H. User authentication is performed
with the device linked with a domain controller on the network in an Active Directory
environment. It is a user authentication where the user is authenticated by the domain on
the network when the user logs into the device. In addition to users belonging to the domain
that includes the device, users belonging to domains that have a reliable relationship with the
domain (multi-domain) can also be authenticated. The domain name of the login destination
can be selected by the users themselves upon login.
Using one of the options (Net Spot Accountant, imageWARE Accounting Manager, or
imageWARE EMC Accounting Management Plug-in) makes it possible to analyze/manage
the device usage.
Dmain A
Domain controller
（Active Directory）
Domain A user
Device
The protocol used is as follows.
• Kerberos:LLS/RLS/ILS
• NTLMV2:WLS(Web Service Login Service)
User information acquisition is done by LDAP, so the Active Directory LDAP port needs to be
made accessible. If LDAP connection fails, the authentication will end in error.
No. of supported domains: 200 (unchanged from SSO) Site access supported.
CAUTION:
In the case of using Server Authentication (Active Directory authentication), it is
necessary to synchronize the time settings of the Active Directory server and the
machine (and the PC for login). If the difference in time setting is 5 minutes or longer,
an error will occur at the time of login. (The setting of the allowable difference in time
can be changed.)
2-157
Domain B
Domain controller
（Active Directory）
Trusting Trusting
relationship relationship
Available
Domain B user
F-2-241
2-157