Canon imagePRESS 1135 Series Service Manual page 219

2
Technology > MEAP > Login Service > Differences among Login services
1) SSO-Tokyo acquires site lists from Active Directories.
Note, however, that the Active Directories accessed in order to acquire site lists are in the
order in which they were returned by DNS, so there is no guarantee that the same Active
Directory will be accessed as in the initial settings (upon device settings or changes to NW
settings, etc.).
[Site subnet list]
Site: Tokyo: = 172.24.12.0/24, 172.24.35.0/24
Site: Osaka: = 192.168.1.0/24
Site: Hakata: = 211.111.1.0/24
As a result, since SSO-Tokyo is 172.24.12.80, the subnet is 172.24.12.0/24, and is judged
as belonging to site Tokyo.
2) The DNS server obtains its Active Directory list from the primary or secondary DNS, as set
in the device.
[Active Directory]
172.24.12.2, 172.24.35.2, 192.168.1.2, 211.111.1.30
3) Of the Active Directories in 2), above, the ones that belong to the same site (Tokyo) are
172.24.12.2 and 172.24.35.2.
Of these, the Active Directory that is the same subnet as SS-Tokyo is 172.24.12.2.
Therefore, this one will be accessed.
4) If access fails at step 3), above, the other Active Directory of the same site, 172.24.35.2,
will be accessed.
5) If access fails at step 4), above, also, SSO-Osaka and SSO-Hakata will be accessed (the
order will depend on the order of the Active Directories in DNS). Note, however, that this is
an optional operation.
Logging into other domains at multi-domain
At multi-domain, if another domain is logged into, based on the site/ subnet information
retrieved in the home domain, the Active Directories of the login destination domain/ KDC
address list are computed. In the event that the domain controller IP addresses of other
domains are outside of the site access range, and only the domain controller within the site
is programmed for access, an error message will be displayed to the effect that the site
information is incorrect.
2 Technology > MEAP > Login Service > Differences among Login services
■ Environment confirmation
Refer to Checking the Operating Environment in this manual for details on the system
requirements when using login services.
■ Differences among Login services
Login service SSO-H
Local device users upper limit
No. of domains
Operating devices Up till latest model
IpV6 Available, but
authentication not
performed in IPv6
Memory (KB)/ threads
Supported AD Windows 2000
Server/ Windows
Server 2003
Authentication method NTLM Kerberos
Local Device
Authentication
Server AD/KDC
Key DES
Department ID management Local authentication only available
linkage
Site access Available
SSO Ver3.x
Excluded from pre-installation, but included in Administrator's CD (SA also included).
SSO included in the Administrator's CD from iR3245 onward has AMS functionality
deleted and is provided as a non AMS enabled login application.
SSO-K*1 SSOV3
5000 1000
200 10
Till before iR Up till latest model
3245series
N/A Available
3584/33 2800/33
Windows 2000 Windows 2000 Server/
Server/ Windows Windows Server 2003
Server 2003
Kerberos NTLM Local
(included in AD) SA/AD
-
However, domain
requires NSA.
Available
2-171
1000
200
2800/33
2-171