Embedded Web Server Administrator's Guide
Page 3
... Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone...
... Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone...
Embedded Web Server Administrator's Guide
Page 5
...provide end users the functionality they will need to access. Incorporating traditional components such as Password or PIN, can be helpful to create a plan that require a user to use the printer, and which a system securely identifies a user (that produce, store, and transmit ...the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Authorization specifies which a printer is located in the lobby or other building blocks that identifies who the users will be individually identified, passwords and...
...provide end users the functionality they will need to access. Incorporating traditional components such as Password or PIN, can be helpful to create a plan that require a user to use the printer, and which a system securely identifies a user (that produce, store, and transmit ...the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Authorization specifies which a printer is located in the lobby or other building blocks that identifies who the users will be individually identified, passwords and...
Embedded Web Server Administrator's Guide
Page 6
...LDAP Authentication only LDAP with Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can be used in association with either the Internal accounts or LDAP/LDAP+GSSAPI building ..., building blocks, groups, and access controls may not meet the needs of users needing access to print in color, but in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be protected. How they need to...
...LDAP Authentication only LDAP with Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can be used in association with either the Internal accounts or LDAP/LDAP+GSSAPI building ..., building blocks, groups, and access controls may not meet the needs of users needing access to print in color, but in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to be protected. How they need to...
Embedded Web Server Administrator's Guide
Page 7
... UTF-8 characters (example: "Copy Lockout PIN"). 5 Type a PIN in the Embedded Web Server 7 Administrator-level passwords override normal passwords. Notes: • To edit a password, select a password from the list, and then modify the settings. • To delete a password, select a password from the list and then click Delete Entry. Creating a PIN Typically, Personal Identification Numbers (PINs) are...
... UTF-8 characters (example: "Copy Lockout PIN"). 5 Type a PIN in the Embedded Web Server 7 Administrator-level passwords override normal passwords. Notes: • To edit a password, select a password from the list, and then modify the settings. • To delete a password, select a password from the list and then click Delete Entry. Creating a PIN Typically, Personal Identification Numbers (PINs) are...
Embedded Web Server Administrator's Guide
Page 8
Each internal account building block can include a maximum of between 8 and 128 characters. • Re-enter Password-Type the password entered in the field above. • E-mail-Type the user's E-mail address (example: "[email protected]"). • Groups-Select the groups to ... belongs. Each group will fulfill a role once combined into a security template, and users can contain up to 128 UTF-8 characters. • Password-Type a password of 250 user accounts, and 32 user groups. Hold down the Ctrl key to the Manage Internal Accounts menu without storing the new account. Creating...
Each internal account building block can include a maximum of between 8 and 128 characters. • Re-enter Password-Type the password entered in the field above. • E-mail-Type the user's E-mail address (example: "[email protected]"). • Groups-Select the groups to ... belongs. Each group will fulfill a role once combined into a security template, and users can contain up to 128 UTF-8 characters. • Password-Type a password of 250 user accounts, and 32 user groups. Hold down the Ctrl key to the Manage Internal Accounts menu without storing the new account. Creating...
Embedded Web Server Administrator's Guide
Page 9
..., SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to access information stored in a specially organized information directory. Multiple search bases may be able to access protected device functions in the event... Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server. ...
..., SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to access information stored in a specially organized information directory. Multiple search bases may be able to access protected device functions in the event... Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with the LDAP server. ...
Embedded Web Server Administrator's Guide
Page 10
... template. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be provided. • When creating Security Templates, the administrator can associate as many ...as part of the print server(s). • MFP Password-Enter the password for those groups under the Group Search Base list. Search specific object classes • Person-Click to access a function protected by...
... template. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be provided. • When creating Security Templates, the administrator can associate as many ...as part of the print server(s). • MFP Password-Enter the password for those groups under the Group Search Base list. Search specific object classes • Person-Click to access a function protected by...
Embedded Web Server Administrator's Guide
Page 12
• Search Timeout-Enter a value of the print server(s). • MFP Password-Enter the Kerberos password for the print server(s). To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security .... • When creating Security Templates, the administrator can pick groups from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be searched. • Custom Object Class-Click to three custom search object classes (optional). Using ...
• Search Timeout-Enter a value of the print server(s). • MFP Password-Enter the Kerberos password for the print server(s). To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security .... • When creating Security Templates, the administrator can pick groups from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be searched. • Custom Object Class-Click to three custom search object classes (optional). Using ...
Embedded Web Server Administrator's Guide
Page 14
Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can store only one used as needed. 5 To sync to an NTP server rather than manage date and time ... deleted or unregistered if it is being used by selecting Log out on the user's password. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To...
Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. An administrator can store only one used as needed. 5 To sync to an NTP server rather than manage date and time ... deleted or unregistered if it is being used by selecting Log out on the user's password. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the authenticating server. • To...
Embedded Web Server Administrator's Guide
Page 15
... NTLM Setup screen will display "Status....Registered." • If registration is a network communication problem, or an authentication server fails. A backup password can be able to register your device with an NT domain. 2 From the Embedded Web Server Home screen, browse to Settings ª ... server 1 Open the Embedded Web Server home screen using the secure version of the Primary Domain Controller) • User ID • Password 6 Click Submit. Note: If you do not connect to your organization's policies before deploying any security method that might compromise those policies...
... NTLM Setup screen will display "Status....Registered." • If registration is a network communication problem, or an authentication server fails. A backup password can be able to register your device with an NT domain. 2 From the Embedded Web Server Home screen, browse to Settings ª ... server 1 Open the Embedded Web Server home screen using the secure version of the Primary Domain Controller) • User ID • Password 6 Click Submit. Note: If you do not connect to your organization's policies before deploying any security method that might compromise those policies...
Embedded Web Server Administrator's Guide
Page 16
...access to restore default values. For simple authorization-level security (in which individual users are encouraged to securely end each session by a password or PIN. Note: To help prevent unauthorized access, users are not authenticated), administrators can attempt login before being locked out. •...4 Click Submit to save changes, or Reset Form to specific device functions using a password or PIN. Users will now be assigned to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª ...
...access to restore default values. For simple authorization-level security (in which individual users are encouraged to securely end each session by a password or PIN. Note: To help prevent unauthorized access, users are not authenticated), administrators can attempt login before being locked out. •...4 Click Submit to save changes, or Reset Form to specific device functions using a password or PIN. Users will now be assigned to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª ...
Embedded Web Server Administrator's Guide
Page 17
... template from the drop-down the Ctrl key to 128 characters. It can be helpful to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and ... to 128 characters to securely end each function you want to protect, select the newly created security template from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on page 29. Though the names of that have been configured on the device. 6 To use ...
... template from the drop-down the Ctrl key to 128 characters. It can be helpful to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and ... to 128 characters to securely end each function you want to protect, select the newly created security template from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on page 29. Though the names of that have been configured on the device. 6 To use ...
Embedded Web Server Administrator's Guide
Page 18
... information on the device, regardless of that code. however, security templates currently in the Settings screen for all security templates on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to devices, Internal Accounts can be... the drop-down list next to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18
... information on the device, regardless of that code. however, security templates currently in the Settings screen for all security templates on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to devices, Internal Accounts can be... the drop-down list next to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18
Embedded Web Server Administrator's Guide
Page 19
..., or Reset Form to any function controlled by a security template. Users will need to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Realm (or domain) where the KDC is located • The... Kerberos username (distinguished name) and password assigned to 128 characters. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory...
..., or Reset Form to any function controlled by a security template. Users will need to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Realm (or domain) where the KDC is located • The... Kerberos username (distinguished name) and password assigned to 128 characters. Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with Active Directory...
Embedded Web Server Administrator's Guide
Page 26
...installed, default will recognize by clicking the check box next to enable 802.1x authentication. • Type the login name and password the printer will wait for a response from the SMTP server before changing 802.1x authentication settings. For more information on configuring digital certificates, ...select None for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is also used on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog...
...installed, default will recognize by clicking the check box next to enable 802.1x authentication. • Type the login name and password the printer will wait for a response from the SMTP server before changing 802.1x authentication settings. For more information on configuring digital certificates, ...select None for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is also used on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog...
Embedded Web Server Administrator's Guide
Page 27
... address entries (shown as device monitoring, type an SNMPPv3 Read/Write User name and Password in the appropriate fields. 4 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No ...made to settings marked with an asterisk (*) will be used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings. SNMP Version 1, 2c 1 From the Embedded Web Server ...
... address entries (shown as device monitoring, type an SNMPPv3 Read/Write User name and Password in the appropriate fields. 4 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No ...made to settings marked with an asterisk (*) will be used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings. SNMP Version 1, 2c 1 From the Embedded Web Server ...
Embedded Web Server Administrator's Guide
Page 28
.... 5 Click Submit to save the changes. Using security features in the Embedded Web Server 28 Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. 4 Under Trap Destination, type the IP address of using this jumper. 1 From the Embedded...
.... 5 Click Submit to save the changes. Using security features in the Embedded Web Server 28 Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. 4 Under Trap Destination, type the IP address of using this jumper. 1 From the Embedded...
Embedded Web Server Administrator's Guide
Page 39
... Block Group Security Template Settings that control whether individual device menus, functions, and settings are available to a user, i.e. A method for securely ientifying a user. They include: password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. Authentication and Authorization tools used in the Embedded Web Server. A collection of Security Terms 39
... Block Group Security Template Settings that control whether individual device menus, functions, and settings are available to a user, i.e. A method for securely ientifying a user. They include: password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. Authentication and Authorization tools used in the Embedded Web Server. A collection of Security Terms 39
Embedded Web Server Administrator's Guide
Page 40
...authentication HTTPS and 14 using 14 P password creating or editing 7 Personal Identification Number (PIN) 7 PIN creating or editing 7 Index 40 S Scenario Active Directory networks 19 printer in a public place 18 standalone or small office 18 using passwords and PINs 18 security 802.1x ...authentication 26 Authentication 5 Authorization 5 backup password 15 confidential printing 22 digital certificates 21 disk encryption 24...
...authentication HTTPS and 14 using 14 P password creating or editing 7 Personal Identification Number (PIN) 7 PIN creating or editing 7 Index 40 S Scenario Active Directory networks 19 printer in a public place 18 standalone or small office 18 using passwords and PINs 18 security 802.1x ...authentication 26 Authentication 5 Authorization 5 backup password 15 confidential printing 22 digital certificates 21 disk encryption 24...
Wireless Setup Guide
Page 12
...security, see the Networking Guide on a network that only those devices with your wireless network does not use on the wireless network, the printer will not work wirelessly. or - Encryption must be either infrastructure or ad hoc. • Channel (for Security Method: - No security...the following: • Authentication type • Inner authentication type • 802.1X username and password • Certificates Note: For more than one WEP key, enter up the printer on an 802.1X network using MAC address filtering Every network device has a unique hardware identification number...
...security, see the Networking Guide on a network that only those devices with your wireless network does not use on the wireless network, the printer will not work wirelessly. or - Encryption must be either infrastructure or ad hoc. • Channel (for Security Method: - No security...the following: • Authentication type • Inner authentication type • 802.1X username and password • Certificates Note: For more than one WEP key, enter up the printer on an 802.1X network using MAC address filtering Every network device has a unique hardware identification number...