Canon imageRUNNER ADVANCE C3330 Series Service Manual page 158

Dmain A
The protocol used is as follows.
• Kerberos:LLS/RLS/ILS
• NTLMV2:WLS(Web Service Login Service)
User information acquisition is done by LDAP, so the Active Directory LDAP port needs to be made accessible. If LDAP connection
fails, the authentication will end in error.
No. of supported domains: 200 (unchanged from SSO) Site access supported.
CAUTION:
In the case of using Server Authentication (Active Directory authentication), it is necessary to synchronize the time settings
of the Active Directory server and the machine (and the PC for login). If the difference in time setting is 5 minutes or longer,
an error will occur at the time of login. (The setting of the allowable difference in time can be changed.)
● Server Authentication (LDAP Authentication)
It is one of the user authentication methods using UA is performed with the device linked with the LDAP Server on the network
in an LDAP environment.
LDAP server authentication can be used for devices that support MEAP User Preference Service (MEAP Specification Ver.56)
and MEAP Application Setting Information Management (MEAP Specification Ver.57).
As for models that do not support MEAP User Preference Service and MEAP Application Setting Information Management ,
[LDAP Server] cannot be selected as the type of the authentication server on the SSO-H Configuration page. Moreover, it is not
possible to access the LDAP Server Management screen and the Add Server screen.
Simple bind (a method where the password is not encrypted) is used as the bind (authentication) between UA and LDAP server.
It is therefore strongly recommended to always use SSL connection from a security standpoint.
As for the version of LDAP, only Ver.3 is supported.
ON/OFF of SSL connection can be changed on the LDAP Server Management page.
The time-out value of connection is 60 seconds.
In the case of using LDAP server authentication, the characters entered as the user name are not case-sensitive, but the
characters entered as the password are case-sensitive.
In the case of UA, authentication is not allowed when the user name includes "* (asterisk)".
If authentication is performed with "* (asterisk)" used in the user name, an authentication error occurs.
● User Management with Server Authentication
The environment required for using a server to authenticate users with User Authentication is indicated below.
The system requirements differ according to the authentication server.
The system requirements for using each authentication server are indicated below.
Active Directory authentication
With Active Directory authentication, the following servers are required, and servers constructed in the following system
environment are supported.
<Required servers>
• KDC server (as the authentication server)
Domain controller
Active Directory
Device
Domain A user n A user
Device
Local user
Trusting Trusting
Domain controller
relationship relationship
Active Directory
Available
Domain B user
LDAP Server
Remote user
146
2. Technology
Domain B