PKI-Enabled Device Installation and Configuration Guide
Page 3
... the firmware and applications...6 Verifying and updating the firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring printer settings for use with PKI applications 8 TCP/IP settings ...8 Date and time...9 Panel login timeout...9 Certificate management ...10 Configuring Scan to Email...10 SMTP settings......
... the firmware and applications...6 Verifying and updating the firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring printer settings for use with PKI applications 8 TCP/IP settings ...8 Date and time...9 Panel login timeout...9 Certificate management ...10 Configuring Scan to Email...10 SMTP settings......
PKI-Enabled Device Installation and Configuration Guide
Page 5
... connect your network. Supported devices This guide covers the following models: Single-function devices • Lexmark C736 • Lexmark T654 • Lexmark T656 • Lexmark W85x Multi-function devices • Lexmark X46x • Lexmark X65x • Lexmark X73x • Lexmark X86x Before configuring the printer After initial setup tasks have been completed according to the User's Guide, connect the...
... connect your network. Supported devices This guide covers the following models: Single-function devices • Lexmark C736 • Lexmark T654 • Lexmark T656 • Lexmark W85x Multi-function devices • Lexmark X46x • Lexmark X65x • Lexmark X73x • Lexmark X86x Before configuring the printer After initial setup tasks have been completed according to the User's Guide, connect the...
PKI-Enabled Device Installation and Configuration Guide
Page 6
... many application settings using the mouseover help found in the address field of your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI applications All three must be performed through the printer Embedded Web Server, so make sure you see Base =. Note: You can print a network...
... many application settings using the mouseover help found in the address field of your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI applications All three must be performed through the printer Embedded Web Server, so make sure you see Base =. Note: You can print a network...
PKI-Enabled Device Installation and Configuration Guide
Page 7
Contact the Lexmark Solutions Help Desk for your printer does not have obtained a newer version of the firmware: 1 From the ...click Start Install. 4 After the installation has finished, click Return. Note: Do not power off the printer while the update is required, but all other configuration tasks. You must install the correct application file for... help in progress. The authentication application is in obtaining the correct firmware. Printer model X73x X86x Minimum firmware version LR.FL.P224cLDc LR.SP.P108LDc Note: If your card type:...
Contact the Lexmark Solutions Help Desk for your printer does not have obtained a newer version of the firmware: 1 From the ...click Start Install. 4 After the installation has finished, click Return. Note: Do not power off the printer while the update is required, but all other configuration tasks. You must install the correct application file for... help in progress. The authentication application is in obtaining the correct firmware. Printer model X73x X86x Minimum firmware version LR.FL.P224cLDc LR.SP.P108LDc Note: If your card type:...
PKI-Enabled Device Installation and Configuration Guide
Page 8
...fls PKI Held Jobs (Print Release Lite) pkiadheldjobs.x.x.x.fls The file names shown are not version-specific. For information about available versions, contact the Lexmark Solutions Help Desk. Normally, the domain will be the same one assigned to user workstations. • If using a static IP address, verify... the WINS Server Address, and the DNS Server Address. • If the printer is located in a different domain than the domain controller, the E-mail server, or any file share users may need to scan to function correctly ...
...fls PKI Held Jobs (Print Release Lite) pkiadheldjobs.x.x.x.fls The file names shown are not version-specific. For information about available versions, contact the Lexmark Solutions Help Desk. Normally, the domain will be the same one assigned to user workstations. • If using a static IP address, verify... the WINS Server Address, and the DNS Server Address. • If the printer is located in a different domain than the domain controller, the E-mail server, or any file share users may need to scan to function correctly ...
PKI-Enabled Device Installation and Configuration Guide
Page 9
... Settings > Security > Set Date and Time. 2 To manage the settings manually, type the correct date and time in seconds). Configuring PKI-enabled devices 9 Printer clock settings can be set to within the specified time-even if a SmartCard is still inserted-the session ends and the...DST calendar, adjust the Custom Time Zone Setup settings as needed. 5 Click Submit. Date and time In order for users to login to the printer, the printer clock must be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a SmartCard inserted or without logging out, ...
... Settings > Security > Set Date and Time. 2 To manage the settings manually, type the correct date and time in seconds). Configuring PKI-enabled devices 9 Printer clock settings can be set to within the specified time-even if a SmartCard is still inserted-the session ends and the...DST calendar, adjust the Custom Time Zone Setup settings as needed. 5 Click Submit. Date and time In order for users to login to the printer, the printer clock must be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a SmartCard inserted or without logging out, ...
PKI-Enabled Device Installation and Configuration Guide
Page 10
... can skip this section. Configuring PKI-enabled devices 10 Note: The Certificate Authority Source file must configure E-mail and address book settings on the printer. SMTP settings 1 From the Embedded Web Server, click Settings > E-mail/FTP Settings > SMTP Setup. 2 Under SMTP Setup, type the IP... > Security > Certificate Management > Certificate Authority Management. 2 Click New. 3 Browse to the SMTP server as a relay. The contents of the printer must be allowed to access Scan to Email, you must be in LDAP. Configuring Scan to Email If users will use the hostname. 3 Type the...
... can skip this section. Configuring PKI-enabled devices 10 Note: The Certificate Authority Source file must configure E-mail and address book settings on the printer. SMTP settings 1 From the Embedded Web Server, click Settings > E-mail/FTP Settings > SMTP Setup. 2 Under SMTP Setup, type the IP... > Security > Certificate Management > Certificate Authority Management. 2 Click New. 3 Browse to the SMTP server as a relay. The contents of the printer must be allowed to access Scan to Email, you must be in LDAP. Configuring Scan to Email If users will use the hostname. 3 Type the...
PKI-Enabled Device Installation and Configuration Guide
Page 11
... by users. • Off by default-The option is on -Users will also increase the file size of E-mail messages they send from the printer. Suggestion: "Scanned Document". 3 Type a default Message to be chosen to send E-mail, enter the appropriate information under Device Credentials. 10 For ... resolution is Print only for error. • E-mail Bit Depth-Set to search your network Global Address Book for E-mail messages sent from the printer: • Never appears-The "Send me a copy, select whether users can choose to send themselves a copy of scanned documents. • Transmission...
... by users. • Off by default-The option is on -Users will also increase the file size of E-mail messages they send from the printer. Suggestion: "Scanned Document". 3 Type a default Message to be chosen to send E-mail, enter the appropriate information under Device Credentials. 10 For ... resolution is Print only for error. • E-mail Bit Depth-Set to search your network Global Address Book for E-mail messages sent from the printer: • Never appears-The "Send me a copy, select whether users can choose to send themselves a copy of scanned documents. • Transmission...
PKI-Enabled Device Installation and Configuration Guide
Page 12
...Fax. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 For Logon Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card Pin must be Numeric Only, or can ...the Fax Number Attribute at the bottom of LDAP attributes used to find the Displayed Name for an E-mail address (also referred to access the printer. Example: "ou=installation,dc=branch,dc=mil". 9 Set the Search Timeout, to specify the maximum time allowed for each LDAP query. ...
...Fax. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 For Logon Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card Pin must be Numeric Only, or can ...the Fax Number Attribute at the bottom of LDAP attributes used to find the Displayed Name for an E-mail address (also referred to access the printer. Example: "ou=installation,dc=branch,dc=mil". 9 Set the Search Timeout, to specify the maximum time allowed for each LDAP query. ...
PKI-Enabled Device Installation and Configuration Guide
Page 13
...they will not be available to the root CA, must be entered, separated by commas. Multiple values can be installed on the printer, or clear the check box to the specified Realm. The correct format is the principle name. typically the Windows Domain Name. Multiple... values can be mapped to use the Kerberos settings already configured on the printer, and Online Certificate Status Protocol (OCSP) settings must be configured. 7 If you must be entered in lowercase. Example: If a U.S....
...they will not be available to the root CA, must be entered, separated by commas. Multiple values can be installed on the printer, or clear the check box to the specified Realm. The correct format is the principle name. typically the Windows Domain Name. Multiple... values can be mapped to use the Kerberos settings already configured on the printer, and Online Certificate Status Protocol (OCSP) settings must be configured. 7 If you must be entered in lowercase. Example: If a U.S....
PKI-Enabled Device Installation and Configuration Guide
Page 14
... Share Session with LDD if you want to use only the information provided by commas. 6 Use the Group Authorization List to allow the printer to communicate on your network. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable... Reverse DNS Lookups if they are multi-homed, click Browse to locate a Hosts File with Lexmark Document Distributor (LDD). This information would normally be shared with hostname-IP address mappings. 5 Click Apply. Note: This may be required for...
... Share Session with LDD if you want to use only the information provided by commas. 6 Use the Group Authorization List to allow the printer to communicate on your network. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable... Reverse DNS Lookups if they are multi-homed, click Browse to locate a Hosts File with Lexmark Document Distributor (LDD). This information would normally be shared with hostname-IP address mappings. 5 Click Apply. Note: This may be required for...
PKI-Enabled Device Installation and Configuration Guide
Page 15
... will be signed using Scan to Email, you are sent without being signed or encrypted. Note: If manual login is prompted to specify how the printer should retrieve the user's address when sending E-mail.
... will be signed using Scan to Email, you are sent without being signed or encrypted. Note: If manual login is prompted to specify how the printer should retrieve the user's address when sending E-mail.
PKI-Enabled Device Installation and Configuration Guide
Page 16
... want to use . General Settings General Settings control how text and icons are displayed on the printer home screen for Scan to Network, as well as which options will be available to users from the printer touch screen: • User Can Only Send to Self (no other recipients can specify custom Button... Text to be displayed above the Scan to Network icon on the printer home screen. 3 To select an alternate image for the Down Icon (the image that displays when the Scan to Network icon has not been pressed...
... want to use . General Settings General Settings control how text and icons are displayed on the printer home screen for Scan to Network, as well as which options will be available to users from the printer touch screen: • User Can Only Send to Self (no other recipients can specify custom Button... Text to be displayed above the Scan to Network icon on the printer home screen. 3 To select an alternate image for the Down Icon (the image that displays when the Scan to Network icon has not been pressed...
PKI-Enabled Device Installation and Configuration Guide
Page 19
For information about the settings, see "Default Scan Settings" on the printer home screen. 3 To select an alternate image for the selected share as needed , and then click Apply to save your changes. A confirmation page will be ...
For information about the settings, see "Default Scan Settings" on the printer home screen. 3 To select an alternate image for the selected share as needed , and then click Apply to save your changes. A confirmation page will be ...
PKI-Enabled Device Installation and Configuration Guide
Page 20
...or one of four intervals ranging from one hour to one week. • Repeat Job Expiration-Can be set to expire. 6 Select from the printer. • Select Allow Users to Print All if you want to allow users to change the number of copies for each job from the following... automatically when they expire. • Select Clear Print Data to clear the memory associated with each print job once the job is controlled by the printer Confidential Print Setup (Settings > Security > Confidential Print Setup). Using Job Expiration, Verify and Repeat Print jobs can be able to release print jobs: ...
...or one of four intervals ranging from one hour to one week. • Repeat Job Expiration-Can be set to expire. 6 Select from the printer. • Select Allow Users to Print All if you want to allow users to change the number of copies for each job from the following... automatically when they expire. • Select Clear Print Data to clear the memory associated with each print job once the job is controlled by the printer Confidential Print Setup (Settings > Security > Confidential Print Setup). Using Job Expiration, Verify and Repeat Print jobs can be able to release print jobs: ...
PKI-Enabled Device Installation and Configuration Guide
Page 21
... token does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. Troubleshooting 21 The printer home screen does not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use...next to the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI AUTHENTICATION IS NOT INSTALLED OR RUNNING. 1 From the Embedded Web Server, click Settings > Embedded Solutions. 2 ...
... token does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. Troubleshooting 21 The printer home screen does not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use...next to the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI AUTHENTICATION IS NOT INSTALLED OR RUNNING. 1 From the Embedded Web Server, click Settings > Embedded Solutions. 2 ...
PKI-Enabled Device Installation and Configuration Guide
Page 22
... the Simple Kerberos Setup has been used, verify that the Realm is inserted THE SMARTCARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. Note: If your network uses DHCP, verify that NTP settings are not automatically provided by the DHCP server... before manually configuring NTP settings. 3 If you have configured the printer to locate the appropriate krb5.conf file, and then click Submit. Troubleshooting 22 Login screen does not appear when a SmartCard is correct,...
... the Simple Kerberos Setup has been used, verify that the Realm is inserted THE SMARTCARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. Note: If your network uses DHCP, verify that NTP settings are not automatically provided by the DHCP server... before manually configuring NTP settings. 3 If you have configured the printer to locate the appropriate krb5.conf file, and then click Submit. Troubleshooting 22 Login screen does not appear when a SmartCard is correct,...
PKI-Enabled Device Installation and Configuration Guide
Page 23
... or hostname specified for the Domain Controller is correct. For information on installing, viewing, or modifying certificates, see "Certificate management" on the printer. THE KDC IS NOT CURRENTLY AVAILABLE You can specify multiple KDCs in the PKI Authentication settings, or in order for authentication to work. PORT... the Windows Domain in PKI Authentication, verify the IP address or hostname specified for the "mil" domain). This will be opened between the printer and the KDC in the krb5.conf file. Example: If the Domain setting is "mil,.mil" and the Windows Domain is not the ...
... or hostname specified for the Domain Controller is correct. For information on installing, viewing, or modifying certificates, see "Certificate management" on the printer. THE KDC IS NOT CURRENTLY AVAILABLE You can specify multiple KDCs in the PKI Authentication settings, or in order for authentication to work. PORT... the Windows Domain in PKI Authentication, verify the IP address or hostname specified for the "mil" domain). This will be opened between the printer and the KDC in the krb5.conf file. Example: If the Domain setting is "mil,.mil" and the Windows Domain is not the ...
PKI-Enabled Device Installation and Configuration Guide
Page 24
... work This normally occurs either during login (at "Getting User Info..." "Client [NAME] unknown" error message This error indicates the KDC being used by the printer to communicate with the LDAP server, and must create and upload a krbf5.conf file, containing the needed realms. If you are using a Kerberos configuration file...
... work This normally occurs either during login (at "Getting User Info..." "Client [NAME] unknown" error message This error indicates the KDC being used by the printer to communicate with the LDAP server, and must create and upload a krbf5.conf file, containing the needed realms. If you are using a Kerberos configuration file...
PKI-Enabled Device Installation and Configuration Guide
Page 25
REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to the lowest possible scope that will include all necessary users. THE ADDRESS BOOK SETUP CONTAINS AN IP ADDRESS FOR THE ...
REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to the lowest possible scope that will include all necessary users. THE ADDRESS BOOK SETUP CONTAINS AN IP ADDRESS FOR THE ...