Windows Authentication - Ricoh Pro C9100 Operating Instructions Manual

2. Configuring User Authentication

Windows Authentication

Specify this authentication when using the Windows domain controller to authenticate users who have
their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in
the directory server. Under Windows authentication, you can specify the access limit for each group
registered in the directory server. The Address Book stored in the directory server can be registered to
the machine, enabling user authentication without first using the machine to register individual settings in
the Address Book.
The first time you access the machine, you can use the functions available to your group. If you are not
registered in a group, you can use the functions available under "*Default Group". To limit functions that
are available only to certain users, first make settings in advance in the Address Book.
To automatically register user information under Windows authentication, it is recommended to encrypt
communication between the machine and domain controller by using SSL. To do this, you must create a
server certificate for the domain controller. For details about creating a server certificate, see page 38
"Creating the Server Certificate".
• If you use Windows authentication, user information registered in the directory server is
automatically registered in the machine's address book. Even if the user information automatically
registered in the machine's address book is edited on the machine, it is overwritten by the
information from the directory server when authentication is performed.
• Users managed in other domains are subject to user authentication, but they cannot obtain items
such as user names.
• If you created a new user in the domain controller and selected "User must change password at
next logon" at password configuration, first log on to the computer and change the password.
• If the authenticating server only supports NTLM when Kerberos authentication is selected on the
machine, the authenticating method will automatically switch to NTLM.
• When Windows authentication is used, the login user name is case-sensitive. A wrongly entered
login user name will be added to the Address Book. If this is the case, delete the added user.
• If the "Guest" account on the Windows server is enabled, users not registered in the domain
controller can be authenticated. When this account is enabled, users are registered in the Address
Book and can use the functions available under "*Default Group".
Windows authentication can be performed using one of two authentication methods: NTLM or Kerberos
authentication. The operational requirements for both methods are listed below:
Operational requirements for NTLM authentication
To specify NTLM authentication, the following requirements must be met:
• This machine supports NTLMv1 authentication and NTLMv2 authentication.
• Set up a domain controller in the domain you want to use.
32