Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Lexmark X782e
Summary of Contents for Lexmark X782e
- Page 1 PKI-Enabled MFP Pre-Installation Guide Version 2.0.0 www.lexmark.com...
- Page 2 Lexmark International Ltd., Marketing and Services Department, Westhorpe House, Westhorpe, Marlow Bucks SL7 3RQ. Lexmark may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Kingdom and Eire, call +44 (0)8704 440 044. In other countries, contact your point of purchase.
-
Page 3: Table Of Contents
PKI Pre-Installation Guide Table of Contents Background Information......................1 Document Overview ....................... 1 PKI/AD Solution......................1 SmartCard Contents ......................2 Network Port Access....................... 3 Key Contacts........................3 Basic Network Configuration ....................4 IP Address........................4 DNS and WINS Servers....................4 Time Server........................ - Page 4 PKI Pre-Installation Guide 5.6.1 Email Signing......................23 5.6.2 Email Encryption ....................24 5.6.3 Results........................24 PKI/AD Scan to Network Configuration................26 General Settings ......................26 Fileshare Settings ......................26 Fileshare Examples ....................... 28 Finding Configuration Information..................30 Kerberos Realm ......................30 Domain Controller ......................
-
Page 5: Background Information
This document should be used as a checklist or questionnaire and completed prior to the installation of a Lexmark PKI-Enabled MFP. The intent is to gather all the information necessary to configure the PKI applications on the Multi-Function Printer (MFP) once it has been installed. -
Page 6: Smartcard Contents
PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is not used by this application. The Email certificate is used by this application. The certificate contains several important pieces of information: •... -
Page 7: Network Port Access
PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to access the network via several ports. The following table lists the default ports needed based on the features that are used. Port Protocol Required by which Feature SMTP Scan to Email DNS Lookups Web Configuration / OCSP Validation... -
Page 8: Basic Network Configuration
PKI Pre-Installation Guide 2 Basic Network Configuration This section is used to help get the device setup on the network. Even if the device has already been added to the network, please complete this section so that this information can be used as needed. -
Page 9: Time Server
PKI Pre-Installation Guide 2.3 Time Server In order for the device to authenticate, its time must be within five minutes of the domain controller. The time can be set manually on the device or it can get the time from a network time server. -
Page 10: Default Ldap Configuration
PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of the PKI Applications utilize LDAP to perform queries that are used for getting other information about the authenticated user (such as home directory or email address) or for searching the address book when sending emails. The MFP supports a default LDAP configuration which is specified here. - Page 11 PKI Pre-Installation Guide 5. Base name for search. This defines the section of the LDAP directory in which to start the search. The value is typically something like “dc=branch,dc=mil”. Search Base: _______________________________________________ 6. Search Timeout. The timeout in seconds after which the search is cancelled. Valid values are 5 to 300 seconds.
-
Page 12: Pki/Ad Authentication Configuration
PKI Pre-Installation Guide 3 PKI/AD Authentication Configuration This section describes the PKI-related login and logout decisions to make prior to installing the application on the device. 3.1 Login Screen There are several options available for configuring what is displayed on the Login Screen. These options control which MFP functions are available without authenticating the user and the text and graphic displayed to the user. -
Page 13: Login Type
PKI Pre-Installation Guide 2. The following graphic is also displayed by default. If a different graphic is desired, it must be in GIF format and should be 640 pixels wide by 320 pixels high and no more than 40KB in size. Alternate Graphic: Please have file ready at install time. -
Page 14: Display Printer Status
PKI Pre-Installation Guide 3.1.6 Display Printer Status When there is an error or warning on the MFP, a “Status/Supplies” button is displayed on the welcome screen in the lower right corner. The PKI Authentication application can be configured to display the error or warning on the login screen. The user would still need to login to see the graphic or more detailed information, but this allows the basic warnings (Tray 1 Low) or errors (Load Paper Tray 1) to be seen or resolved without needing to login. -
Page 15: Smartcard Configuration
PKI Pre-Installation Guide IP Address or Name: ______________________________________________ IP Address or Name: ______________________________________________ IP Address or Name: ______________________________________________ 2. Kerberos Realm (which is typically the Windows Domain Name). There is usually only one, but if more than one realm is used, a Kerberos Configuration File will need to be uploaded to the MFP. - Page 16 PKI Pre-Installation Guide The PKI Authentication Application gets the certificate contained in MFP Chain the Domain Controller’s response to build the complete certificate Validation chain to a trusted Root CA. All certificates in this chain must have been previously installed on the MFP. If the chain can be successfully built, the response is considered trusted and the logon proceeds.
-
Page 17: User Lookup
PKI Pre-Installation Guide 1. IP address or name of an OCSP Responder/Repeater along with the port being used. The default port is usually 80. Multiple responder/repeaters may be listed; they will be tried in order until a response is received. IP Address or Name: __________________________________ Port: _______ IP Address or Name: __________________________________ Port: _______ IP Address or Name: __________________________________ Port: _______... -
Page 18: Manual Login Configuration
PKI Pre-Installation Guide LDAP Attribute: ___________________________________________ 3.2.2.2 Manual Login Configuration If manual login is allowed, a button appears in the lower right corner of the login screen that says “Login”. The user will press the Login button and be prompted for their username and password. -
Page 19: Logout Behavior
PKI Pre-Installation Guide 1. User authorization can be enabled or disabled for the device. If you want to use User Authorization for the whole device or for individual device functions, this must be enabled. Do you want to enable this feature? □... -
Page 20: Card Removal
PKI Pre-Installation Guide inserted in the reader, the PKI Authentication application will automatically logout and return to the enter pin screen (if using a SmartCard) or the login screen (if using manual login). This prevents another person from using the device in the event someone walks away without removing their SmartCard or logging out. -
Page 21: Pki/Ad Standard Applications Configuration
PKI Pre-Installation Guide 4 PKI/AD Standard Applications Configuration This application is used if User Authorization is needed for the standard copy, fax, and/or ftp device functions; otherwise, this application does not need to be installed. To use this application, the PKI/AD Authentication application must be installed and the User Authorization setting in that application must be enabled and configured. -
Page 22: Ftp
PKI Pre-Installation Guide 1. If User Authorization is enabled, it can be used to restrict access to the Fax function. For fax access, select the appropriate authorization setting. □ All Users Can Send Faxes – no restrictions □ Only Users in the Groups specified in item 2 can use send faxes □... -
Page 23: Pki/Ad Email Configuration
PKI Pre-Installation Guide 5 PKI/AD Email Configuration This application is used to enhance the standard email functionality available on the device. The enhanced features available include: • User Authorization to restrict access to certain Active Directory Groups • Greater control of the Email User Interface •... -
Page 24: User Options
PKI Pre-Installation Guide IP Address or Name: __________________________________ Port: _______ 2. SMTP servers may require some type of authentication before allowing an email to be sent. Select the authentication required by the SMTP Server. □ Anonymous □ User’s Credentials □ Service Account Distinguished Name:_______________________________________ Password:______________... -
Page 25: From Address
PKI Pre-Installation Guide 3. Default scan options (such as format, paper size, duplex, etc) are configured on the device for all emails sent from the device. The user can also be given the option to change the options. Is the user allowed to change the scan options? □... -
Page 26: To Address
PKI Pre-Installation Guide □ LDAP – Default Configuration (as specified in section 2.5) □ LDAP – Configuration 1 (as specified in section 8.1) □ LDAP – Configuration 2 (as specified in section 8.2) □ LDAP – Configuration 3 (as specified in section 8.3) 2. -
Page 27: Email Signing And Encryption
PKI Pre-Installation Guide 4. The application can be configured to allow the user to search the global address list or book (also known as the GAL). Specify which LDAP Configuration should be used for this capability. □ LDAP – Default Configuration (as specified in section 2.5) □... -
Page 28: Email Encryption
PKI Pre-Installation Guide 5.6.2 Email Encryption Emails can only be encrypted when the encryption certificate can be found for each of the recipients – this limits encrypted emails to those users in the global address book. The encryption certificate on the card (if available) is used for the authenticated user if he/she sends email to his/herself. - Page 29 PKI Pre-Installation Guide Email Signing Email Encryption Result Disabled Disabled Email is sent without signing or encryption. Always Sign Disabled Email is sent with digital signature but no encryption. Prompt User Disabled User is prompted with: Do Not Sign the Email Sign the Email Email is sent not encrypted;...
-
Page 30: Pki/Ad Scan To Network Configuration
PKI Pre-Installation Guide 6 PKI/AD Scan to Network Configuration The PKI Scan To Network application provides the ability to scan pages and store the resulting image onto a network fileshare. This application cannot be used in Pin Only mode. 6.1 General Settings 1. - Page 31 PKI Pre-Installation Guide 1. Fileshare Authorization. Each fileshare can have its own user authorization. This is only available if User Authorization is enabled in PKI/AD Authentication application. If the user is not authorized, this fileshare is not displayed for the user to select. Select the user authorization for this fileshare.
-
Page 32: Fileshare Examples
PKI Pre-Installation Guide 6. Default Filename. The default filename for the scanned file can be specified. The default value is scanned-image. Default Filename: _______________________________________________ 7. Rename File. The default filename can optionally be renamed by the user at scan time. The default value is to allow the user to rename the file. - Page 33 PKI Pre-Installation Guide 2. Department Fileshare Display Name: Dept A Files UNC Path: \\fileserver\deptshares\depta Replacement Value: Not Used Replacement Lookup: Not Used Replacement Attribute: Not Used 3. Fileshare based on User’s Windows ID Display Name: S: Drive UNC Path: \\fileserver\%u$ Replacement Value: LDAP Lookup Replacement Lookup:...
-
Page 34: Finding Configuration Information
Files\Windows Resource Kits\Tools” directory to execute the program. The program should list information similar to the following: Cached TGT: ServiceName: krbtgt TargetName: krbtgt FullServiceName: steve DomainName: SMARTCARD.BP.LEXMARK.COM TargetDomainName: SMARTCARD.BP.LEXMARK.COM AltTargetDomainName: SMARTCARD.BP.LEXMARK.COM TicketFlags: 0x40e00000 KeyExpirationTime: 0/38/4 0:00:10776 StartTime: 1/31/2007 8:41:47 EndTime: 1/31/2007 18:41:47... -
Page 35: Kerberos Configuration File
PKI Pre-Installation Guide primary domain controller; use that value as the first domain controller listed in section 3.2.2, item 1. If that program is not available, you can try the following 1. Select Start | Run. 2. Type “dsa.msc”. This will launch the Active Directory Users and Computers Management Console. - Page 36 PKI Pre-Installation Guide The IP address or fully qualified domain name for the Windows Domain Controller described in section 3.2.2, item 1 should be used for the kdc and default_domain fields in the [realms] section of the example below. [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log...
-
Page 37: Ldap Directory Information
PKI Pre-Installation Guide mil = #####_DOMAIN.NAME.MIL_##### If this configuration file is needed, use the above template to create the file and have it ready at install time. 7.4 LDAP Directory Information Possible LDAP directories to use can be supplied by the Window Administrator. The Administrator will also have to determine the access rights: Anonymous, User’s Credentials, or Service Account. -
Page 38: Custom Ldap Configurations
PKI Pre-Installation Guide 8 Custom LDAP Configurations Up to three custom LDAP Configurations in addition to the default LDAP configuration provided for Address Book Lookups can be specified on the device. If the default LDAP configuration can be used for all lookups, this section can skipped. However, if a custom LDAP configuration was specified as being needed for the user’s email address lookup or the user’s home directory lookup, then complete the following LDAP configuration information. -
Page 39: Ldap Configuration 1
PKI Pre-Installation Guide 8.1 LDAP Configuration 1 □ 1. Use KDC used for User Authentication as LDAP Server: (If yes, skip item 2.) 2. LDAP Server IP Address/Name: _______________________________________________ 3. LDAP Server Port: _______ (Typically: 389 for non-SSL, 636 for SSL) □... -
Page 40: Ldap Configuration 2
PKI Pre-Installation Guide 8.2 LDAP Configuration 2 □ 1. Use KDC used for User Authentication as LDAP Server: (If yes, skip item 2.) 2. LDAP Server IP Address/Name: _______________________________________________ 3. LDAP Server Port: _______ (Typically: 389 for non-SSL, 636 for SSL) □... -
Page 41: Ldap Configuration 3
PKI Pre-Installation Guide 8.3 LDAP Configuration 3 □ 1. Use KDC used for User Authentication as LDAP Server: (If yes, skip item 2.) 2. LDAP Server IP Address/Name: _______________________________________________ 3. LDAP Server Port: _______ (Typically: 389 for non-SSL, 636 for SSL) □... - Page 42 Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. © 2007 Lexmark International, Inc. 740 West New Circle Road Lexington, KY 40550 www.lexmark.com...
Need help?
Do you have a question about the X782e and is the answer not in the manual?
Questions and answers