Lexmark 6500e Installation And Configuration Manual
Pki-enabled device installation and configuration guide
Hide thumbs
Also See for 6500e:
- User manual (337 pages) ,
- Service manual (194 pages) ,
- Technical reference manual (170 pages)
Table of Contents
Advertisement
Quick Links
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
Advertisement
Table of Contents
Related Manuals for Lexmark 6500e
Summary of Contents for Lexmark 6500e
- Page 1 Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © 2010 Lexmark International, Inc.
- Page 2 This software and any accompanying documentation provided under this agreement are commercial computer software and documentation developed exclusively at private expense. Trademarks Lexmark, Lexmark with diamond design, and MarkVision are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners.
-
Page 3: Table Of Contents
Contents Configuring PKI-enabled devices............5 Overview....................................5 Supported devices ....................................5 Before configuring the printer ..............................5 Installing the firmware and applications........................6 Verifying and updating the firmware............................6 Installing the authentication token application........................7 Installing PKI applications................................7 Configuring printer settings for use with PKI applications..................8 TCP/IP settings ....................................8 Date and time......................................9 Panel login timeout...................................9 Certificate management ................................ - Page 4 Notices....................33 Index....................37 Contents...
-
Page 5: Configuring Pki-Enabled Devices
Configuring PKI-enabled devices Overview This guide describes how to install Lexmark PKI applications, and configure supported Lexmark devices to take advantage of the enhanced security features of the Public Key Infrastructure (PKI) capabilities of your network. The applications include: PKI Authentication—Provides the mechanism for authenticating and authorizing printer users. -
Page 6: Installing The Firmware And Applications
The printer firmware • The authentication token • The Lexmark PKI applications All three must be installed and configured before you install a SmartCard reader on your printer. Verifying the firmware From the Embedded Web Server, click Reports > Device Information. -
Page 7: Installing The Authentication Token Application
Note: If your printer does not have the minimum firmware version or a later version installed, you will need to install a firmware update before proceeding to other configuration tasks. Contact the Lexmark Solutions Help Desk for help in obtaining the correct firmware. -
Page 8: Configuring Printer Settings For Use With Pki Applications
The file names shown are not version-specific. Use the latest version available for each file. For information about available versions, contact the Lexmark Solutions Help Desk. PKI Authentication must be installed first. For each application you want to install: From the Embedded Web Server, click Settings >... -
Page 9: Date And Time
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock—typically the same one used by the domain controller. -
Page 10: Certificate Management
Certificate management Certificates are needed for domain controller verification, and for SSL support in LDAP. In order to use PKI Authentication, you must install the certificate of the Certificate Authority (CA) that issued the certificate used by the domain controller. Additional certificates may be installed if needed. Each certificate must be in a separate PEM (.cer) file. -
Page 11: E-Mail Settings
For Device-Initiated E-mail, select None or Use Device SMTP Credentials. Note: If the printer must provide credentials in order to send E-mail, enter the appropriate information under Device Credentials. For User-Initiated E-mail, select Use Session User ID and Password if using Kerberos, or None if not using Kerberos. -
Page 12: Configuring Pki Authentication
Type the Server Port that will be used for address book lookups. The most commonly-used values are: Non-SSL connections—Port 389 (the default setting on the printer) SSL connections—Port 636 Non-SSL Global Catalog—Port 3268 SSL Global Catalog—Port 3269 Select whether or not LDAP Certificate Validation will be required. Select Use GSSAPI. -
Page 13: Active Directory Configuration
Active Directory Configuration Note: As with any form of authentication that relies on an external server, users will not be able to access protected device functions in the event a network issue prevents the printer from communicating with the authenticating server. -
Page 14: User Session And Access Control
Select Use SSL for User Info if you want to use an SSL connection when performing an LDAP lookup to retrieve additional user information from the domain controller. Select Share Session with LDD if you want to allow user information to be shared with Lexmark Document Distributor (LDD). -
Page 15: Configuring Pki S/Mime Email
Configuring PKI S/MIME Email PKI S/MIME settings This application is only used if Scan to Email is enabled. If you are not using Scan to Email, you can skip this section. From the Embedded Web Server, click Settings > Embedded Solutions > PKI S/MIME Email > Configure. For From Address, select either Card Email Address (SmartCard) or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. -
Page 16: Configuring Pki Scan To Network
Sign Email Setting Encrypt Email Setting Result Always Sign Always Encrypt E-mail messages are always signed and encrypted. • Select Require Email to be Signed or Encrypted if you want to require users to choose at least one of the two options when sending E-mail. -
Page 17: Default Scan Settings
From Scan to Network Authorization, select which Access Control should be used to authorize user groups. If groups are not being used, select the same setting used for Device Access Control in PKI Authentication (usually Solution-specific access control 1). Note: Authorization can be further restricted when configuring specific Scan to Network file shares. Continue to Default Scan Settings, or click Apply at the bottom of the screen to save changes. - Page 18 • UNC Path—The path that corresponds to the network location of this share. The format will depend on whether it is a static or dynamic path. Possible options include: – Static—Use the fully-qualified UNC Path. Example: \\fileserver\CACNetworkShare – Dynamic—Use %u in the path to represent the data that will be used to create the path. Example: \\fileserver\shares\%u •...
-
Page 19: Editing Or Deleting A File Share
Under Default Scan Settings, select Use Global Default Scan Settings if you want to use the previously-defined default scan settings for this share, or adjust the individual settings as needed. For information about the settings, see “Default Scan Settings” on page 17. Click Apply. - Page 20 Select from the following Release Options to determine how users will be able to release print jobs: • Release Method—Select User Selects job(s) to print, to allow users to choose which jobs they want to print, or All jobs print automatically to have all jobs pending for a user print automatically when they select the Held Jobs icon.
-
Page 21: Troubleshooting
If the authentication token is installed but not running, select the check box next to the application name, and then click Start. • If the authentication token does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI A UTHENTICATION IS NOT INSTALLED OR RUNNING From the Embedded Web Server, click Settings >... -
Page 22: Login Screen Does Not Appear When A Smartcard Is Inserted
Login screen does not appear when a SmartCard is inserted MART ARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. “The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time” error message This error indicates the printer clock is more than five minutes out of sync with the domain controller clock. -
Page 23: Error Message
“The Domain Controller Issuing Certificate has not been installed” error message This error indicates that no certificate, or an incorrect certificate, has been installed on the printer. If a certificate has been installed but it is not the correct certificate, the error message displayed will be “The Domain Controller Issuing Certificate [NAME OF CERTIFICATE] has not been installed. -
Page 24: Ldap Issues
“Realm on the card was not found in the Kerberos Configuration File” error message This error occurs during SmartCard login. The PKI Authentication solution settings do not support multiple Kerberos Realm entries. If multiple realms are needed, you must create and upload a krbf5.conf file, containing the needed realms. If you are already using a Kerberos configuration file, verify that the missing realm has been correctly added to the file. -
Page 25: Ldap Lookups Fail Almost Immediately
EVERSE LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. Select Disable Reverse DNS Lookups. -
Page 26: Scan To Email Issues
Scan to Email issues “Email cannot be sent because an error occurred trying to get your email address” error message HERE IS A CONFLICT BETWEEN THE LOGIN TYPE AND HOW THE DDRESS IS BEING RETRIEVED This error occurs when a user is logged in manually, but PKI S/MIME Email is configured to retrieve the From Address from a SmartCard. - Page 27 This problem occurs in earlier versions of the firmware, so verify that you have the correct firmware version installed. For information about finding the correct version for your printer, see “Verifying and updating the firmware” on page 6. If you have verified or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk.
-
Page 28: Scan To Network Issues
If using a secondary or backup SMTP server, type the hostname for that server. Click Submit to save any needed changes. SMTP S SMTP ERVER UTHENTICATION IS SET TO ERBEROS BUT THE SERVER REPORTS GSSAPI IS NOT SUPPORTED From the Embedded Web Server, click Settings > E-mail/FTP Settings > SMTP Setup. For SMTP Server Authentication, select No Authentication Required. - Page 29 LDAP LOOKUP SUCCEEDED BUT THE REPLACEMENT VALUE ATTRIBUTE DOES NOT EXIST OR HAS NO VALUE From the Embedded Web Server, click Settings > Embedded Solutions > PKI Scan to Network > Configure. Under File Shares, highlight the name of the share you want to modify, and then click Edit. The configuration page for that share will be displayed.
- Page 30 “Invalid filename specified” error message The user included an invalid character as part of the filename. The following characters cannot be used for filenames: | < > \ / * ? ; : ^ “An error occurred connecting or writing to the File Share” error message UNC P ATH USED THE...
-
Page 31: Held Jobs/Print Release Lite Issues
“$” HE SHARE NAME IS CORRECT BUT ENDS IN From the Embedded Web Server, click Settings > Embedded Solutions > PKI Scan to Network > Configure. Under File Shares, highlight the name of the share you want to modify, and then click Edit. The configuration page for that share will be displayed. -
Page 32: Jobs Are Printing Out Immediately
HE USERID DISPLAYED IS CORRECT BUT NO JOBS ARE LISTED The user may have sent the job (or jobs) to a different printer, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. -
Page 33: Gnu Lesser General Public License
Lexmark that cannot be excluded or modified. If any such provisions apply, then to the extent Lexmark is able, Lexmark hereby limits its liability for breach of those provisions to one of the following: replacement of the Software Program or reimbursement of the price paid for the Software Program. - Page 34 UPGRADES. To Use a Software Program identified as an upgrade, you must first be licensed to the original Software Program identified by Lexmark as eligible for the upgrade. After upgrading, you may no longer use the original Software Program that formed the basis for your upgrade eligibility.
- Page 35 Software Program and requested by you. Lexmark agrees not to use this information in a form that personally identifies you except to the extent necessary to provide such services.
- Page 36 Copyright (c) 2002 Olaf Kirch Copyright (c) 2003 Kevin Stefanik Redistribution and use in source an binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
- Page 37 Index timeout automatic 9 Active Directory multi-homed servers troubleshooting configuring 13 hosts file for 14 501 5.5.4 Invalid Address error 27 Address Book Setup 11 authentication failure 22 authentication token 7 authorization to use Held Jobs 31 automatic logout 9 network settings authorization to use Print Release finding 5...
- Page 38 not authorized to use Held Jobs 31 not authorized to use Print Release Lite 31 not authorized to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support...