PKI-Enabled MFP Installation and Configuration Guide
Page 7
... and completed the Pre-Installation Guide for each MFP that will be made throughout this has been verified for the Lexmark PKI-Enabled MFP. 1 Background Information This document assumes you are ready to proceed. If not, please consult that document. Before proceeding with the installation. The MFP has been...as according to the LAN. 3. This can use the web browser to navigate to the information that was gathered using that guide before continuing with the install, make sure the following has taken place: 1. The MFP has been assigned an IP Address and is connected to the...
... and completed the Pre-Installation Guide for each MFP that will be made throughout this has been verified for the Lexmark PKI-Enabled MFP. 1 Background Information This document assumes you are ready to proceed. If not, please consult that document. Before proceeding with the installation. The MFP has been...as according to the LAN. 3. This can use the web browser to navigate to the information that was gathered using that guide before continuing with the install, make sure the following has taken place: 1. The MFP has been assigned an IP Address and is connected to the...
PKI-Enabled MFP Installation and Configuration Guide
Page 15
... This section describes the process for the PKI capability to function correctly have been configured. 3.1 Date and Time In order to login in the Pre-Installation Guide to perform a Kerberos login, the date and time must be acquired from a time server. 1. Version 2.0.0 Page 9 The time can be set manually on the device...
... This section describes the process for the PKI capability to function correctly have been configured. 3.1 Date and Time In order to login in the Pre-Installation Guide to perform a Kerberos login, the date and time must be acquired from a time server. 1. Version 2.0.0 Page 9 The time can be set manually on the device...
PKI-Enabled MFP Installation and Configuration Guide
Page 22
Mail Attribute Item 6 Fax Number Attribute Not used to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS Item 3 LDAP Certificate Validation Item 4 Use ... all answers have been provided. Max Search Results Item 8 4. Section 2.5, items 1 - 7 The following fields need to display the "friendly" name for the email address. Pre-Installation 3. The Address Book Setup page is usually ok.
Mail Attribute Item 6 Fax Number Attribute Not used to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS Item 3 LDAP Certificate Validation Item 4 Use ... all answers have been provided. Max Search Results Item 8 4. Section 2.5, items 1 - 7 The following fields need to display the "friendly" name for the email address. Pre-Installation 3. The Address Book Setup page is usually ok.
PKI-Enabled MFP Installation and Configuration Guide
Page 30
...2 If "One Kerberos Realm" is selected, uncheck this box and the following table lists each setting and the corresponding Pre-Installation Section/Item that field. the next three settings should be filled in. Setting User Validation Mode DC Validation Mode OCSP Responder URL... OCSP Proxy URL OCSP Responder Certificate OCSP Responder Timeout Use MFP Kerberos Setup Kerberos Realm Kerbeos KDC Kerberos Domain Corresponding Pre-Installation Guide Section/Item Section 3.2 Section 3.2.2.1.1 Section 3.2.2.1.1 Item 1 The format should be http://:. Section 3.2.2.1.1 Item 2 The format should...
...2 If "One Kerberos Realm" is selected, uncheck this box and the following table lists each setting and the corresponding Pre-Installation Section/Item that field. the next three settings should be filled in. Setting User Validation Mode DC Validation Mode OCSP Responder URL... OCSP Proxy URL OCSP Responder Certificate OCSP Responder Timeout Use MFP Kerberos Setup Kerberos Realm Kerbeos KDC Kerberos Domain Corresponding Pre-Installation Guide Section/Item Section 3.2 Section 3.2.2.1.1 Section 3.2.2.1.1 Item 1 The format should be http://:. Section 3.2.2.1.1 Item 2 The format should...
PKI-Enabled MFP Installation and Configuration Guide
Page 34
Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. 3. Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1; Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address Item 2 Server Port Item 3 Use SSL/TLS Item 4 LDAP Certificate Validation Item 5 Card Lookup Field Item 6 Search Attribute Item 7 Version 2.0.0 Page 28 Configuration 2 uses Section 8.2; 2. The LDAP Configuration page is displayed.
Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. 3. Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1; Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address Item 2 Server Port Item 3 Use SSL/TLS Item 4 LDAP Certificate Validation Item 5 Card Lookup Field Item 6 Search Attribute Item 7 Version 2.0.0 Page 28 Configuration 2 uses Section 8.2; 2. The LDAP Configuration page is displayed.
PKI-Enabled MFP Installation and Configuration Guide
Page 39
The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Copy Authorization Copy Authorization List Fax Authorization Fax Authorization List FTP Authorization FTP Authorization List Corresponding Pre-Installation Guide Section/Item Section 4.1 Item 1 Section 4.1 Item 2 Section 4.2 Item 1 Section 4.2 Item 2 Section 4.3 Item 1 Section 4.3 Item 2 Version 2.0.0 Page 33 Click the Configure Tab. 4. 3.
The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Copy Authorization Copy Authorization List Fax Authorization Fax Authorization List FTP Authorization FTP Authorization List Corresponding Pre-Installation Guide Section/Item Section 4.1 Item 1 Section 4.1 Item 2 Section 4.2 Item 1 Section 4.2 Item 2 Section 4.3 Item 1 Section 4.3 Item 2 Version 2.0.0 Page 33 Click the Configure Tab. 4. 3.
PKI-Enabled MFP Installation and Configuration Guide
Page 42
3. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Email Authorization Email Authorization List SMTP Server Authentication Device Userid Device ... Options User Can Send Multiple Emails From Address LDAP-From Email Address To Address Limit Destinations Send Email To User Address Book Lookup Corresponding Pre-Installation Guide Section/Item Section 5.1 Item 1 Section 5.1 Item 2 Section 5.2 Item 2 Section 5.2 Item 2 Only used if Authentication set to Device Section 5.2 Item 2 Only used if ...
3. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Email Authorization Email Authorization List SMTP Server Authentication Device Userid Device ... Options User Can Send Multiple Emails From Address LDAP-From Email Address To Address Limit Destinations Send Email To User Address Book Lookup Corresponding Pre-Installation Guide Section/Item Section 5.1 Item 1 Section 5.1 Item 2 Section 5.2 Item 2 Section 5.2 Item 2 Only used if Authentication set to Device Section 5.2 Item 2 Only used if ...
PKI-Enabled MFP Installation and Configuration Guide
Page 46
Setting Button Text Up Icon Down Icon Scan To Network Authorization Authorization List Corresponding Pre-Installation Guide Section/Item Section 6.1 Item 1 To use a different icon, contact Lexmark to get a "blank" button to be used as the base. To use a different icon, contact Lexmark to get a "blank" button to be used as the base. Section 6.1 Item 2 Section 6.1 Item 3 Version 2.0.0 Page 40 The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
Setting Button Text Up Icon Down Icon Scan To Network Authorization Authorization List Corresponding Pre-Installation Guide Section/Item Section 6.1 Item 1 To use a different icon, contact Lexmark to get a "blank" button to be used as the base. To use a different icon, contact Lexmark to get a "blank" button to be used as the base. Section 6.1 Item 2 Section 6.1 Item 3 Version 2.0.0 Page 40 The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
PKI-Enabled MFP Installation and Configuration Guide
Page 49
Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 UNC Path Section 6.2 Item 4 Replacement Value If the UNC Path ...
Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 UNC Path Section 6.2 Item 4 Replacement Value If the UNC Path ...
PKI-Enabled MFP Installation and Configuration Guide
Page 53
... and is not specified in the PKI/AD Authentication solution or Kerberos file. The Domain Controller Issuing Certificate has not been installed. Cause: No certificate has been installed on the MFP; Cause: This error occurs during a manual login and indicates the Windows domain is used , click "...on the device will be opened between the MFP and KDC in the PKI/AD Authentication are correct. Resolution: See the PKI Pre-Installation Guide for authentication to validate the domain controller. see section 3.1. A reboot will provide the name of the KDC is not currently available....
... and is not specified in the PKI/AD Authentication solution or Kerberos file. The Domain Controller Issuing Certificate has not been installed. Cause: No certificate has been installed on the MFP; Cause: This error occurs during a manual login and indicates the Windows domain is used , click "...on the device will be opened between the MFP and KDC in the PKI/AD Authentication are correct. Resolution: See the PKI Pre-Installation Guide for authentication to validate the domain controller. see section 3.1. A reboot will provide the name of the KDC is not currently available....
PKI-Enabled Pre-Installation Guide
Page 2
..., Inc., Department F95/032-2, 740 West New Circle Road, Lexington, Kentucky 40550, U.S.A. Evaluation and verification of purchase. Other trademarks are the property of Lexmark International, Inc. PKI Pre-Installation Guide Edition: April 2008 The following paragraph does not apply to any country where such provisions are inconsistent with other products, programs, or services...
..., Inc., Department F95/032-2, 740 West New Circle Road, Lexington, Kentucky 40550, U.S.A. Evaluation and verification of purchase. Other trademarks are the property of Lexmark International, Inc. PKI Pre-Installation Guide Edition: April 2008 The following paragraph does not apply to any country where such provisions are inconsistent with other products, programs, or services...
PKI-Enabled Pre-Installation Guide
Page 3
PKI Pre-Installation Guide Table of Contents 1 Background Information...1 1.1 Document Overview ...1 1.2 PKI/AD Solution...1 1.3 SmartCard Contents ...2 1.4 Network Port Access...3 1.5 Key Contacts...3 2 Basic Network Configuration 4 2.1 IP Address...4 2.2 DNS and WINS ...
PKI Pre-Installation Guide Table of Contents 1 Background Information...1 1.1 Document Overview ...1 1.2 PKI/AD Solution...1 1.3 SmartCard Contents ...2 1.4 Network Port Access...3 1.5 Key Contacts...3 2 Basic Network Configuration 4 2.1 IP Address...4 2.2 DNS and WINS ...
PKI-Enabled Pre-Installation Guide
Page 4
PKI Pre-Installation Guide 5.6.1 Email Signing...23 5.6.2 Email Encryption 24 5.6.3 Results...24 6 PKI/AD Scan to Network Configuration 26 6.1 General Settings ...26 6.2 Fileshare Settings ...26 6.3 Fileshare Examples ...28 7 Finding Configuration Information 30 7.1 Kerberos Realm ...30 7.2 Domain Controller ...30 7.3 Kerberos Configuration File 31 7.4 LDAP Directory Information 33 7.5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8.1 LDAP Configuration 1 35 8.2 LDAP Configuration 2 36 8.3 LDAP Configuration 3 37 Version 2.0.0 Page iii
PKI Pre-Installation Guide 5.6.1 Email Signing...23 5.6.2 Email Encryption 24 5.6.3 Results...24 6 PKI/AD Scan to Network Configuration 26 6.1 General Settings ...26 6.2 Fileshare Settings ...26 6.3 Fileshare Examples ...28 7 Finding Configuration Information 30 7.1 Kerberos Realm ...30 7.2 Domain Controller ...30 7.3 Kerberos Configuration File 31 7.4 LDAP Directory Information 33 7.5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8.1 LDAP Configuration 1 35 8.2 LDAP Configuration 2 36 8.3 LDAP Configuration 3 37 Version 2.0.0 Page iii
PKI-Enabled Pre-Installation Guide
Page 5
... password both using the Public Key Infrastructure. The fileshare names can be built dynamically using information about the information requested in the Lexmark PKI-Enabled MFP Installation and Configuration Guide. PKI Pre-Installation Guide 1 Background Information 1.1 Document Overview This document should be used to limit access to this includes greater control over the standard email...
... password both using the Public Key Infrastructure. The fileshare names can be built dynamically using information about the information requested in the Lexmark PKI-Enabled MFP Installation and Configuration Guide. PKI Pre-Installation Guide 1 Background Information 1.1 Document Overview This document should be used to limit access to this includes greater control over the standard email...
PKI-Enabled Pre-Installation Guide
Page 6
..., O=U.S. The certificate contains several important pieces of information: • Smart Card Logon Enhanced Key Usage - The Email certificate is used by this application. PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is not used by this application. The EDI-PI...
..., O=U.S. The certificate contains several important pieces of information: • Smart Card Logon Enhanced Key Usage - The Email certificate is used by this application. PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is not used by this application. The EDI-PI...
PKI-Enabled Pre-Installation Guide
Page 7
... that can be contacted for assistance in filling this document out and/or assisting during the initial install. Administrator Active Directory Network Tumbleweed/OCSP Email Information Assurance Officer Name Phone Version 2.0.0 Page 3 PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to identify the appropriate people that are used. Port Protocol...
... that can be contacted for assistance in filling this document out and/or assisting during the initial install. Administrator Active Directory Network Tumbleweed/OCSP Email Information Assurance Officer Name Phone Version 2.0.0 Page 3 PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to identify the appropriate people that are used. Port Protocol...
PKI-Enabled Pre-Installation Guide
Page 8
... IP Address of the Gateway 3. The Netmask: If the device has not or will not be connected to the network prior to the PKI installation, please make sure the appropriate people are available to assist in getting the device active on the network. 2.2 DNS and WINS Servers In order... to resolve DNS names. The IP Address for the following information is used as needed : 1. Which method should be able to it. PKI Pre-Installation Guide 2 Basic Network Configuration This section is needed . 2.1 IP Address The device can be configured to acquire an IP Address via DHCP or a static ...
... IP Address of the Gateway 3. The Netmask: If the device has not or will not be connected to the network prior to the PKI installation, please make sure the appropriate people are available to assist in getting the device active on the network. 2.2 DNS and WINS Servers In order... to resolve DNS names. The IP Address for the following information is used as needed : 1. Which method should be able to it. PKI Pre-Installation Guide 2 Basic Network Configuration This section is needed . 2.1 IP Address The device can be configured to acquire an IP Address via DHCP or a static ...
PKI-Enabled Pre-Installation Guide
Page 9
... as Printer Domain Name □ Same as Domain Controller Domain Name □ Same as LDAP Server Domain Name □ Different Domain Version 2.0.0 Page 5 PKI Pre-Installation Guide 2.3 Time Server In order for the following: 1. What domain should be within five minutes of the file servers? □ Scan to authenticate, its time must...
... as Printer Domain Name □ Same as Domain Controller Domain Name □ Same as LDAP Server Domain Name □ Different Domain Version 2.0.0 Page 5 PKI Pre-Installation Guide 2.3 Time Server In order for the following: 1. What domain should be within five minutes of the file servers? □ Scan to authenticate, its time must...
PKI-Enabled Pre-Installation Guide
Page 10
...certificate is not provided, or is specified here. Typically this step. If using SSL, you can be ignored. A certificate will be specified at install time. Port used , then the fully qualified domain name (instead of a LDAP directory IP Address or Name 2. If SSL is used to ...this is required Certificate: Please have file ready at a later time. 1. If some pieces of data need to be requested. PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of the PKI Applications utilize LDAP to perform queries that are : Never Allow Try Demand Never - The MFP supports...
...certificate is not provided, or is specified here. Typically this step. If using SSL, you can be ignored. A certificate will be specified at install time. Port used , then the fully qualified domain name (instead of a LDAP directory IP Address or Name 2. If SSL is used to ...this is required Certificate: Please have file ready at a later time. 1. If some pieces of data need to be requested. PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of the PKI Applications utilize LDAP to perform queries that are : Never Allow Try Demand Never - The MFP supports...
PKI-Enabled Pre-Installation Guide
Page 11
... Version 2.0.0 Page 7 Maximum Search Results. The maximum number of 100 is typically something like "dc=branch,dc=mil". PKI Pre-Installation Guide 5. Valid values are 5 to the user. The value is recommended. The device supports anonymous binding, the authenticated user's credentials, or a service account using a Distinguished Name ...
... Version 2.0.0 Page 7 Maximum Search Results. The maximum number of 100 is typically something like "dc=branch,dc=mil". PKI Pre-Installation Guide 5. Valid values are 5 to the user. The value is recommended. The device supports anonymous binding, the authenticated user's credentials, or a service account using a Distinguished Name ...