PKI-Enabled MFP Installation and Configuration Guide
Page 7
... mentions will be PKI-enabled, you have read and completed the Pre-Installation Guide for each MFP that guide before continuing with the install, make sure the following has taken place: 1. You can be made throughout this has been verified for the Lexmark PKI-Enabled MFP. If not, please consult that will be done by...
... mentions will be PKI-enabled, you have read and completed the Pre-Installation Guide for each MFP that guide before continuing with the install, make sure the following has taken place: 1. You can be made throughout this has been verified for the Lexmark PKI-Enabled MFP. If not, please consult that will be done by...
PKI-Enabled MFP Installation and Configuration Guide
Page 15
... This section describes the process for the PKI capability to function correctly have been configured. 3.1 Date and Time In order to login in the Pre-Installation Guide to perform a Kerberos login, the date and time must be acquired from a time server. 1. Even if this device has been previously setup, follow through these...
... This section describes the process for the PKI capability to function correctly have been configured. 3.1 Date and Time In order to login in the Pre-Installation Guide to perform a Kerberos login, the date and time must be acquired from a time server. 1. Even if this device has been previously setup, follow through these...
PKI-Enabled MFP Installation and Configuration Guide
Page 22
... is the combination of longest cn or (givenName + sn) is displayed. The default value of LDAP attributes used to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS Item 3 LDAP Certificate Validation Item 4 Use...
... is the combination of longest cn or (givenName + sn) is displayed. The default value of LDAP attributes used to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS Item 3 LDAP Certificate Validation Item 4 Use...
PKI-Enabled MFP Installation and Configuration Guide
Page 30
...OCSP Proxy URL OCSP Responder Certificate OCSP Responder Timeout Use MFP Kerberos Setup Kerberos Realm Kerbeos KDC Kerberos Domain Corresponding Pre-Installation Guide Section/Item Section 3.2 Section 3.2.2.1.1 Section 3.2.2.1.1 Item 1 The format should be http://:. Section 3.2.2.1.1 Item 2 The format... Item 2 If "One Kerberos Realm" is selected, uncheck this box and the following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed Version 2.0.0 Page 24 If Manual Login is allowed. Section 3.2.2 Item 2 Section 3.2.2 Item 1...
...OCSP Proxy URL OCSP Responder Certificate OCSP Responder Timeout Use MFP Kerberos Setup Kerberos Realm Kerbeos KDC Kerberos Domain Corresponding Pre-Installation Guide Section/Item Section 3.2 Section 3.2.2.1.1 Section 3.2.2.1.1 Item 1 The format should be http://:. Section 3.2.2.1.1 Item 2 The format... Item 2 If "One Kerberos Realm" is selected, uncheck this box and the following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed Version 2.0.0 Page 24 If Manual Login is allowed. Section 3.2.2 Item 2 Section 3.2.2 Item 1...
PKI-Enabled MFP Installation and Configuration Guide
Page 34
The LDAP Configuration page is displayed. Configuration 2 uses Section 8.2; 2. Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address Item 2 Server Port Item 3 Use SSL/TLS Item 4 LDAP Certificate Validation Item 5 Card Lookup Field Item 6 Search Attribute Item 7 Version 2.0.0 Page 28 Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. 3. Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1;
The LDAP Configuration page is displayed. Configuration 2 uses Section 8.2; 2. Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address Item 2 Server Port Item 3 Use SSL/TLS Item 4 LDAP Certificate Validation Item 5 Card Lookup Field Item 6 Search Attribute Item 7 Version 2.0.0 Page 28 Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. 3. Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1;
PKI-Enabled MFP Installation and Configuration Guide
Page 39
The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. 3. Click the Configure Tab. 4. Setting Copy Authorization Copy Authorization List Fax Authorization Fax Authorization List FTP Authorization FTP Authorization List Corresponding Pre-Installation Guide Section/Item Section 4.1 Item 1 Section 4.1 Item 2 Section 4.2 Item 1 Section 4.2 Item 2 Section 4.3 Item 1 Section 4.3 Item 2 Version 2.0.0 Page 33
The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. 3. Click the Configure Tab. 4. Setting Copy Authorization Copy Authorization List Fax Authorization Fax Authorization List FTP Authorization FTP Authorization List Corresponding Pre-Installation Guide Section/Item Section 4.1 Item 1 Section 4.1 Item 2 Section 4.2 Item 1 Section 4.2 Item 2 Section 4.3 Item 1 Section 4.3 Item 2 Version 2.0.0 Page 33
PKI-Enabled MFP Installation and Configuration Guide
Page 42
... Options User Can Send Multiple Emails From Address LDAP-From Email Address To Address Limit Destinations Send Email To User Address Book Lookup Corresponding Pre-Installation Guide Section/Item Section 5.1 Item 1 Section 5.1 Item 2 Section 5.2 Item 2 Section 5.2 Item 2 Only used if Authentication set to Device Section 5.2 Item 2 Only used if Authentication set ... If Card Email Address is chosen, this option is not used; Click the Configure Tab. 4. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
... Options User Can Send Multiple Emails From Address LDAP-From Email Address To Address Limit Destinations Send Email To User Address Book Lookup Corresponding Pre-Installation Guide Section/Item Section 5.1 Item 1 Section 5.1 Item 2 Section 5.2 Item 2 Section 5.2 Item 2 Only used if Authentication set to Device Section 5.2 Item 2 Only used if Authentication set ... If Card Email Address is chosen, this option is not used; Click the Configure Tab. 4. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
PKI-Enabled MFP Installation and Configuration Guide
Page 46
To use a different icon, contact Lexmark to get a "blank" button to be used as the base. Section 6.1 Item 2 Section 6.1 Item 3 Version 2.0.0 Page 40 The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Button Text Up Icon Down Icon Scan To Network Authorization Authorization List Corresponding Pre-Installation Guide Section/Item Section 6.1 Item 1 To use a different icon, contact Lexmark to get a "blank" button to be used as the base.
To use a different icon, contact Lexmark to get a "blank" button to be used as the base. Section 6.1 Item 2 Section 6.1 Item 3 Version 2.0.0 Page 40 The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Button Text Up Icon Down Icon Scan To Network Authorization Authorization List Corresponding Pre-Installation Guide Section/Item Section 6.1 Item 1 To use a different icon, contact Lexmark to get a "blank" button to be used as the base.
PKI-Enabled MFP Installation and Configuration Guide
Page 49
Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 UNC Path Section 6.2 Item 4 Replacement Value If the UNC Path ...
Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 UNC Path Section 6.2 Item 4 Replacement Value If the UNC Path ...
PKI-Enabled MFP Installation and Configuration Guide
Page 53
... or Kerberos file; The port must be used by a firewall. Resolution: If using the PKI/AD Authentication solution for information on installing the certificate. The Domain Controller Issuing Certificate ("name of each other. see section 3.1. Resolution: See section 4.1 If the Kerberos settings...KDC is configured to validate the domain controller. The KDC did not respond within the required time. Resolution: See the PKI Pre-Installation Guide for authentication to the Kerberos file and click submit. check the MFP's date and time. this issue. Cause: This error occurs...
... or Kerberos file; The port must be used by a firewall. Resolution: If using the PKI/AD Authentication solution for information on installing the certificate. The Domain Controller Issuing Certificate ("name of each other. see section 3.1. Resolution: See section 4.1 If the Kerberos settings...KDC is configured to validate the domain controller. The KDC did not respond within the required time. Resolution: See the PKI Pre-Installation Guide for authentication to the Kerberos file and click submit. check the MFP's date and time. this issue. Cause: This error occurs...
PKI-Enabled Pre-Installation Guide
Page 2
...the information herein; PKI Pre-Installation Guide Edition: April 2008 The following paragraph does not apply to any country where such provisions are inconsistent with diamond design are trademarks of Lexmark International, Inc. Lexmark may be addressed to Lexmark International, Inc., Department F95/032...program, or service that product, program, or service may use or distribute any way it operates. ImageQuick, Optra, Lexmark, and Lexmark with local law: LEXMARK INTERNATIONAL, INC., PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, ...
...the information herein; PKI Pre-Installation Guide Edition: April 2008 The following paragraph does not apply to any country where such provisions are inconsistent with diamond design are trademarks of Lexmark International, Inc. Lexmark may be addressed to Lexmark International, Inc., Department F95/032...program, or service that product, program, or service may use or distribute any way it operates. ImageQuick, Optra, Lexmark, and Lexmark with local law: LEXMARK INTERNATIONAL, INC., PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, ...
PKI-Enabled Pre-Installation Guide
Page 3
PKI Pre-Installation Guide Table of Contents 1 Background Information...1 1.1 Document Overview ...1 1.2 PKI/AD Solution...1 1.3 SmartCard Contents ...2 1.4 Network Port Access...3 1.5 Key Contacts...3 2 Basic Network Configuration 4 2.1 IP Address...4 2.2 DNS and WINS ...
PKI Pre-Installation Guide Table of Contents 1 Background Information...1 1.1 Document Overview ...1 1.2 PKI/AD Solution...1 1.3 SmartCard Contents ...2 1.4 Network Port Access...3 1.5 Key Contacts...3 2 Basic Network Configuration 4 2.1 IP Address...4 2.2 DNS and WINS ...
PKI-Enabled Pre-Installation Guide
Page 4
PKI Pre-Installation Guide 5.6.1 Email Signing...23 5.6.2 Email Encryption 24 5.6.3 Results...24 6 PKI/AD Scan to Network Configuration 26 6.1 General Settings ...26 6.2 Fileshare Settings ...26 6.3 Fileshare Examples ...28 7 Finding Configuration Information 30 7.1 Kerberos Realm ...30 7.2 Domain Controller ...30 7.3 Kerberos Configuration File 31 7.4 LDAP Directory Information 33 7.5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8.1 LDAP Configuration 1 35 8.2 LDAP Configuration 2 36 8.3 LDAP Configuration 3 37 Version 2.0.0 Page iii
PKI Pre-Installation Guide 5.6.1 Email Signing...23 5.6.2 Email Encryption 24 5.6.3 Results...24 6 PKI/AD Scan to Network Configuration 26 6.1 General Settings ...26 6.2 Fileshare Settings ...26 6.3 Fileshare Examples ...28 7 Finding Configuration Information 30 7.1 Kerberos Realm ...30 7.2 Domain Controller ...30 7.3 Kerberos Configuration File 31 7.4 LDAP Directory Information 33 7.5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8.1 LDAP Configuration 1 35 8.2 LDAP Configuration 2 36 8.3 LDAP Configuration 3 37 Version 2.0.0 Page iii
PKI-Enabled Pre-Installation Guide
Page 5
... users to print to other PKI applications to complete the installation instructions in this pre-installation guide, you have questions about the authencticated user from " address to authenticate against Active Directory using information about the information requested in the Lexmark PKI-Enabled MFP Installation and Configuration Guide. If you may: • Call 1-888-LXK-SOLV and...
... users to print to other PKI applications to complete the installation instructions in this pre-installation guide, you have questions about the authencticated user from " address to authenticate against Active Directory using information about the information requested in the Lexmark PKI-Enabled MFP Installation and Configuration Guide. If you may: • Call 1-888-LXK-SOLV and...
PKI-Enabled Pre-Installation Guide
Page 6
PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is also referred to as an identifier independently when ...
PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is also referred to as an identifier independently when ...
PKI-Enabled Pre-Installation Guide
Page 7
... be helpful to access the network via several ports. Administrator Active Directory Network Tumbleweed/OCSP Email Information Assurance Officer Name Phone Version 2.0.0 Page 3 PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to identify the appropriate people that are used. The following table lists the default ports needed based on...
... be helpful to access the network via several ports. Administrator Active Directory Network Tumbleweed/OCSP Email Information Assurance Officer Name Phone Version 2.0.0 Page 3 PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to identify the appropriate people that are used. The following table lists the default ports needed based on...
PKI-Enabled Pre-Installation Guide
Page 8
...needs to be assigned to resolve DNS names. Which method should be used to be connected to the network prior to the PKI installation, please make sure the appropriate people are available to assist in getting the device active on the network. 2.2 DNS and WINS ...Address If using a static IP Address, the following servers: WINS Server: Primary DNS Server: Backup DNS Server (optional Version 2.0.0 Page 4 PKI Pre-Installation Guide 2 Basic Network Configuration This section is needed . 2.1 IP Address The device can be configured to acquire an IP Address via DHCP or a static ...
...needs to be assigned to resolve DNS names. Which method should be used to be connected to the network prior to the PKI installation, please make sure the appropriate people are available to assist in getting the device active on the network. 2.2 DNS and WINS ...Address If using a static IP Address, the following servers: WINS Server: Primary DNS Server: Backup DNS Server (optional Version 2.0.0 Page 4 PKI Pre-Installation Guide 2 Basic Network Configuration This section is needed . 2.1 IP Address The device can be configured to acquire an IP Address via DHCP or a static ...
PKI-Enabled Pre-Installation Guide
Page 9
... qualified DNS names, it needs to know the default domain and other domains that should it be assigned to ? What domain should be "y.z". PKI Pre-Installation Guide 2.3 Time Server In order for the device to Home Directory Will Not Be Enabled □ Same as Printer Domain Name □ Same as Domain Controller...
... qualified DNS names, it needs to know the default domain and other domains that should it be assigned to ? What domain should be "y.z". PKI Pre-Installation Guide 2.3 Time Server In order for the device to Home Directory Will Not Be Enabled □ Same as Printer Domain Name □ Same as Domain Controller...
PKI-Enabled Pre-Installation Guide
Page 10
PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of data need to be installed on the device. □ SSL is not required □ SSL is required Certificate: Please have file ready at a later time. 1. The MFP supports a default LDAP ... of the PKI Applications utilize LDAP to communicate with the LDAP server. If not using SSL, the LDAP Certification Validation method must be specified at install time. If a certificate is invalid, the LDAP connection will be terminated. A certificate will be requested. If the certificate is not provided, or is not provided...
PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of data need to be installed on the device. □ SSL is not required □ SSL is required Certificate: Please have file ready at a later time. 1. The MFP supports a default LDAP ... of the PKI Applications utilize LDAP to communicate with the LDAP server. If not using SSL, the LDAP Certification Validation method must be specified at install time. If a certificate is invalid, the LDAP connection will be terminated. A certificate will be requested. If the certificate is not provided, or is not provided...
PKI-Enabled Pre-Installation Guide
Page 11
... rights needed to 500 results. Search Timeout. Valid values are 5 to access the LDAP directory. The default value of search results to be provided at installation _________ Version 2.0.0 Page 7 The maximum number of 100 is recommended. Maximum Search Results 8. PKI Pre-Installation Guide 5. Maximum Search Results.
... rights needed to 500 results. Search Timeout. Valid values are 5 to access the LDAP directory. The default value of search results to be provided at installation _________ Version 2.0.0 Page 7 The maximum number of 100 is recommended. Maximum Search Results 8. PKI Pre-Installation Guide 5. Maximum Search Results.