Lexmark X782 Installation And Configuration Manual
Lexmark X782 Installation And Configuration Manual

Lexmark X782 Installation And Configuration Manual

Pki-enabled mfp installation and configuration guide
Hide thumbs Also See for X782:

Advertisement

PKI-Enabled MFP
Installation and Configuration Guide
Version 2.0.0
www.lexmark.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the X782 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Lexmark X782

  • Page 1 PKI-Enabled MFP Installation and Configuration Guide Version 2.0.0 www.lexmark.com...
  • Page 2 Lexmark International Ltd., Marketing and Services Department, Westhorpe House, Westhorpe, Marlow Bucks SL7 3RQ. Lexmark may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Kingdom and Eire, call +44 (0)8704 440 044. In other countries, contact your point of purchase.
  • Page 3: Lexmark Software License Agreement

    Lexmark that cannot be excluded or modified. If any such provisions apply, then to the extent Lexmark is able, Lexmark hereby limits its liability for breach of those provisions to one of the following: replacement of the Software Program or reimbursement of the price paid for the Software Program.
  • Page 4: Other Notices

    PKI Installation and Configuration Guide correction, and security testing. If you have such statutory rights, you will notify Lexmark in writing of any intended reverse engineering, reverse assembly, or reverse compilation. You may not decrypt the Software Program unless necessary for the legitimate Use of the Software Program.
  • Page 5: Table Of Contents

    PKI Installation and Configuration Guide Table of Contents Lexmark Software License Agreement ..................ii Other Notices ..........................iii Background Information......................1 Installing the Firmware and Applications................2 Firmware Update ......................2 Smartcard Driver......................3 PKI Applications......................6 Configuring the Basic MFP Settings ..................9 Date and Time.........................
  • Page 6 PKI Installation and Configuration Guide Version 2.0.0 Page v...
  • Page 7: Background Information

    1 Background Information This document assumes you have read and completed the Pre-Installation Guide for the Lexmark PKI-Enabled MFP. If not, please consult that guide before continuing with the installation. Numerous mentions will be made throughout this document to the information that was gathered using that document.
  • Page 8: Installing The Firmware And Applications

    2 Installing the Firmware and Applications The PKI application support comes in three parts: • PKI/AD Firmware • Smartcard Driver • PKI Applications All three need to be installed in order to activate PKI support. The SmartCard Reader cannot be installed on the MFP prior to completing all the steps in this section. 2.1 Firmware Update NOTE: Installing the PKI/AD Firmware will remove any previously installed embedded solutions.
  • Page 9: Smartcard Driver

    MFP model. MFP Model Firmware File X644 and X646 LC2_MC_P254PAh1_full.fls X85x LC2_BE_P248PAh1_full.fls X782 LC2_TO_P077PAh1_full.fls X94x LC_BR_P065PAh1_full.fls T64x + X4600 LC2_TI_P249PAh1_full.fls 3. The file will take a few minutes to upload and for the MFP to be updated. Wait for the update to complete and then refresh the web page.
  • Page 10 2. One Embedded Solution (PKI/Active Directory Application) is automatically installed when the PKI/AD firmware is installed. Click the Install button. Version 2.0.0 Page 4...
  • Page 11 3. Browse to the Smartcard Driver solution file and click Start Install. See the table below for filename that corresponds to supported card types. Card Type Solution File CAC / DOD scif-cac-2_0_0.fls 4. Wait for the install to complete and then click Return. Version 2.0.0 Page 5...
  • Page 12: Pki Applications

    5. There should now be two embedded solutions installed on the MFP. Note: The Name and Version of the Smartcard Driver Application displayed here may differ from what is displayed on your MFP. 2.3 PKI Applications Once the firmware and Smartcard Driver have been installed, the application files can then be installed.
  • Page 13 2. Browse to the PKI Authentication Application solution file, pkiad-2_0_0.fls, and click Start Install. 3. Wait for the install to complete and then click Return. Version 2.0.0 Page 7...
  • Page 14 4. Repeat steps 1 – 3 to install each of the following PKI applications. If a particular function will not be used, it does not need to be installed. PKI Function Solution File User Authorization for Copy, Fax, and/or FTP pkistdapps-2_0_0.fls Scan to Email pkiemail-2_0_0.fls...
  • Page 15: Configuring The Basic Mfp Settings

    3 Configuring the Basic MFP Settings This section describes the process for using the information obtained in the Pre-Installation Guide to configure the basic MFP Settings. Even if this device has been previously setup, follow through these steps to make sure all settings necessary for the PKI capability to function correctly have been configured.
  • Page 16: Tcp/Ip Settings

    Pre-Installation 2. The Date and Time screen is displayed. Section 2.3 If setting the time manually: If using a Time Server: • Set the Time Zone • Set the Time Zone • Set the Date & Time in the format shown •...
  • Page 17 1. Click Configuration and then click Network/Ports. 2. Click TCP/IP. Pre-Installation 3. Check the value in the Domain Name field. Set it to the value listed in Pre-Installation Section 2.4 Section 2.4, Item 1. If there are any other values given in Items 2 to 4, add them to the Domain Search Order;...
  • Page 18: Email Server Setup

    Pre-Installation 4. If using a Static IP Address, also check the WINS and DNS Server Address and make Section 2.2 sure there is a valid value specified for each. If a backup DNS Server is available, set that value as well. 5.
  • Page 19 1. Click Configuration and then click Network/Ports. 2. Click Email Server Setup. Version 2.0.0 Page 13...
  • Page 20: Address Book Setup

    Pre-Installation 3. The Email Server Setup screen is displayed. Section 5.2 Fill in the Primary SMTP Gateway and Port. If available, fill in the Secondary SMTP Gateway and Port. Provide a default email subject and message. The Reply Address is not necessary since it will be set to the logged in user’s email address.
  • Page 21 1. Click Configuration and then click Network/Ports. 2. Click Address Book Setup. Version 2.0.0 Page 15...
  • Page 22 Pre-Installation 3. The Address Book Setup page is displayed. Section 2.5, items 1 – 7 The following fields need to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS...
  • Page 23 Pre-Installation 5. If using the user’s credentials to connect to the LDAP server, no other changes are Section 2.5, necessary. If connecting anonymously or using a service account, then return to the item 8 Address Book Setup Screen and click MFP Credentials. Version 2.0.0 Page 17...
  • Page 24: Auto-Logout

    Pre-Installation 6. The MFP Credentials page is displayed. Section 2.5, item 8 If connecting anonymously, check the Anonymous LDAP Bind. If connecting using a service account, uncheck the Anonymous LDAP Bind option and provide the MFP’s Distinguished Name and Password. The Kerberos settings are not used. Click Submit. 3.5 Auto-Logout 1.
  • Page 25: Certificate Management

    Pre-Installation 2. Set the Auto “Log out” delay value. Section 3.4.1 3. Click Submit. 3.6 Certificate Management Pre-Installation Sections 2.5 Certificates are needed for SSL support in LDAP lookups and for Domain Controller item 3, 3.2.2.1.1, 8.1, verification. All certificates needed by the device must be in PEM (Base64) format and 8.2, &...
  • Page 26 1. Click Configuration and then click Security. 2. Click Certificate Management. Version 2.0.0 Page 20...
  • Page 27 3. Click Install a New Certificate Authority Certificate. 4. Browse to the file containing the certificates and then click Submit. Version 2.0.0 Page 21...
  • Page 28: Configuring Pki/Ad Authentication

    4 Configuring PKI/AD Authentication This application is required for the PKI-enabled MFP. This section details the configuration steps. 1. Click Configuration and then click Embedded Solutions. Version 2.0.0 Page 22...
  • Page 29: General Settings

    2. Select the PKI/AD Authentication solution by clicking its name. 4.1 General Settings After selecting PKI/AD Authentication from the Embedded Solutions list, click the Configure tab. Version 2.0.0 Page 23...
  • Page 30 The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Corresponding Pre-Installation Guide Section/Item User Validation Mode Section 3.2 DC Validation Mode Section 3.2.2.1.1 OCSP Responder URL Section 3.2.2.1.1 Item 1 The format should be http://<ipaddress>:<port>.
  • Page 31 here. Disable Reverse DNS Lookups Section 3.2.2 Item 3 Use KDC for LDAP Server Section 3.2.2 Item 4 Login Screen Text Section 3.1.3 Item 1 Login Screen Image Section 3.1.3 Item 2 Logout Behavior Section 3.4.2 Allow Copy Without Card Section 3.1.1 Allow Fax Without Card Section 3.1.2...
  • Page 32: Custom Ldap Settings

    4.2 Custom LDAP Settings If you have defined a custom LDAP configuration that differs from the MFP’s Default LDAP Configuration, continue with this section; otherwise, it can be skipped. After selecting PKI/AD Authentication from the Embedded Solutions list, click the LDAP Configuration tab. Version 2.0.0 Page 26...
  • Page 33: Adding A New Configuration

    4.2.1 Adding a New Configuration 1. Click New to create a new LDAP Configuration. Version 2.0.0 Page 27...
  • Page 34 2. The LDAP Configuration page is displayed. Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1; Configuration 2 uses Section 8.2; Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address...
  • Page 35: Editing An Existing Configuration

    Search Base Item 8 Authentication Item 9 MFP Distinquished Name Item 9 Only Used if Authentication is set to MFP User ID. MFP Password Item 9 Only Used if Authentication is set to MFP User ID. 4. Click Apply. 5. Repeat for each custom configuration that needs to be created. A maximum of three configurations can be created;...
  • Page 36: Removing An Existing Configuration

    4.2.3 Removing an Existing Configuration 1. Check the box next to the configuration to be removed. 2. Click the Remove button. Version 2.0.0 Page 30...
  • Page 37: Configuring Pki/Ad Standard Applications

    5 Configuring PKI/AD Standard Applications This application is only used if User Authorization is enabled for Copy, Fax, or FTP. You can skip this section if this application has not been installed. 1. Click Configuration and then click Embedded Solutions. Version 2.0.0 Page 31...
  • Page 38 2. Select the PKI/AD Standard Apps solution by clicking its name. Version 2.0.0 Page 32...
  • Page 39 3. Click the Configure Tab. 4. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Corresponding Pre-Installation Guide Section/Item Copy Authorization Section 4.1 Item 1 Copy Authorization List Section 4.1 Item 2 Fax Authorization Section 4.2 Item 1 Fax Authorization List...
  • Page 40: Configuring Pki/Ad Email

    6 Configuring PKI/AD Email This application is only used if Scan to Email is enabled. You can skip this section if this application has not been installed. 1. Click Configuration and then click Embedded Solutions. Version 2.0.0 Page 34...
  • Page 41 2. Select the PKI/AD Email solution by clicking its name. Version 2.0.0 Page 35...
  • Page 42 3. Click the Configure Tab. 4. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Corresponding Pre-Installation Guide Section/Item Email Authorization Section 5.1 Item 1 Email Authorization List Section 5.1 Item 2 SMTP Server Authentication Section 5.2 Item 2 Device Userid...
  • Page 43 Sign Email Section 5.6.1 Item 1 Encrypt Email Section 5.6.2 Item 1 Require Email to be Signed or Section 5.6.3 (after table) Encrypted Signing Method Section 5.6.1 Item 2 Signing Algorithm SHA1 – only algorithm currently supported Non-Repudiation Required for Section 5.6.1 Item 3 Signing Sign and Encrypt Method...
  • Page 44: Configuring Pki/Ad Scan To Network

    7 Configuring PKI/AD Scan to Network This application is only used if Scan to Network is enabled. You can skip this section if this application has not been installed. 1. Click Configuration and then click Embedded Solutions. Version 2.0.0 Page 38...
  • Page 45: General Settings

    2. Select the PKI/AD Scan To Network solution by clicking its name. 7.1 General Settings After selecting PKI/AD Scan To Network from the Embedded Solutions list, click the Configure tab. Version 2.0.0 Page 39...
  • Page 46 Corresponding Pre-Installation Guide Section/Item Button Text Section 6.1 Item 1 Up Icon To use a different icon, contact Lexmark to get a “blank” button to be used as the base. Down Icon To use a different icon, contact Lexmark to get a “blank”...
  • Page 47: Fileshare Settings

    7.2 Fileshare Settings After selecting PKI/AD Scan To Network from the Embedded Solutions list, click the File Shares tab to define one or more fileshares that users can access. At least one fileshare must be defined or the user will see an error that this feature has not yet been configured. Version 2.0.0 Page 41...
  • Page 48: Adding A New Fileshare

    7.2.1 Adding a New Fileshare 1. Click New to create a new Fileshare. Version 2.0.0 Page 42...
  • Page 49 2. The Fileshare Configuration page is displayed. 3. Use the following table to configure the settings. Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 Section 6.2 Item 4 UNC Path Replacement Value...
  • Page 50: Editing An Existing Fileshare

    Remove “$” from Fileshare Section 6.2 Item 9 Name Create Directory Section 6.2 Item 10 4. Click Apply. 5. Repeat for each fileshare that needs to be created. There is no limit to the number of fileshares that can be created. 7.2.2 Editing an Existing Fileshare 1.
  • Page 51: Removing An Existing Fileshare

    7.2.3 Removing an Existing Fileshare 1. Check the box next to the fileshare to be removed. 2. Click the Remove button. Version 2.0.0 Page 45...
  • Page 52: Troubleshooting

    8 Troubleshooting This section details some of the common issues that occur when setting up the PKI-enabled MFP. Please review these and possible causes/resolutions prior to contacting the Lexmark Solutions HelpDesk. 8.1 Login Issues Error Message/Symptom Possible Cause/Resolution Unsupported USB Device...
  • Page 53 beyond an acceptable range; check the minutes of each other. MFP's date and time. Resolution: Verify the date and time on the MFP; see section 3.1. Be sure the time zone and daylight savings time settings are correct. Kerberos configuration file has not Cause: The PKI/AD Authentication solution is been uploaded.
  • Page 54: Ldap Issues

    Windows domain in lower case to the Kerberos Domain setting. For example, if the user’s domain is “x.y.z”, set the Kerberos Domain to “mil,.mil.x.y.z”. Resolution: If using a Kerberos Configuration File, add a mapping to the “domain_realm” section, the maps from the lower case windows domain to the uppercase realm –...
  • Page 55 blocked by a firewall. Resolution: These ports are used by the MFP to communicate with the LDAP Server and must be open in order for LDAP lookups to work. Cause: Reverse DNS lookup are disabled on the network. Resolution: The MFP uses reverse DNS lookups to verify IP addresses.
  • Page 56: Scan To Email Issues

    8.3 Scan To Email Issues Error Message/Symptom Possible Cause/Resolution Email cannot be sent because an error Cause: Using manual login and the From Email occurred trying to get your email Address is configured to come from the card. address. Resolution: If manual login is allowed, the From Email Address must come from LDAP since a card may not (or can not) be used.
  • Page 57: Scan To Network Issues

    Resolution: Change the SMTP Server Authentication option in the PKI/AD Email solution settings to User Credentials. Resolution: Add the IP Address of the MFP as an SMTP Relay. Cause: SMTP Server Authentication is set to User Credentials but the SMTP Server was specified used an IP Address.
  • Page 58 access to any of the defined fileshares, the authorization list for the fileshare needs to be expanded to include an Active Directory group that includes this user. An LDAP error occurred trying to Cause: The LDAP lookup failed. retrieve the selected file share Resolution: See section 8.2 above.
  • Page 59 Resolution: If the hostname was not a fully qualified domain name, then MFP has to use its domain search order to determine the appropriate domain name to append to the hostname. See section 3.2 item 3. Cause: Port 445 is blocked by a firewall. Resolution: The MFP uses port 445 to communicate with the file server and transfer the file.
  • Page 60 Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. © 2007 – 2008 Lexmark International, Inc. 740 West New Circle Road Lexington, KY 40550 www.lexmark.com Version 2.0.0 Page 54...

This manual is also suitable for:

X782e

Table of Contents