Embedded Web Server Administrator's Guide
Page 9
...that apply to specify the information a user must submit when authenticating. Note: A Search Base consists of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access protected device functions in a...the LDAP server where user accounts reside. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to 32 user-defined groups that relies on the printer control panel. Notes: • Supported devices can create up to Settings ª Security ª Edit Security...
...that apply to specify the information a user must submit when authenticating. Note: A Search Base consists of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access protected device functions in a...the LDAP server where user accounts reside. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to 32 user-defined groups that relies on the printer control panel. Notes: • Supported devices can create up to Settings ª Security ª Edit Security...
Embedded Web Server Administrator's Guide
Page 11
...cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Test LDAP Authentication Setup next to the setup... in the Embedded Web Server 11 Note: A Search Base consists of five unique LDAP + GSSAPI configurations. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with any form of authentication that relies on the...
...cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Test LDAP Authentication Setup next to the setup... in the Embedded Web Server 11 Note: A Search Base consists of five unique LDAP + GSSAPI configurations. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with any form of authentication that relies on the...
Embedded Web Server Administrator's Guide
Page 13
... can be used , uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you... start again. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Click Browse to find...
... can be used , uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you... start again. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Click Browse to find...
Embedded Web Server Administrator's Guide
Page 14
... and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in clear text. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used in... template only after a supported device has registered with a trusted clock-typically the same one NTLM configuration on the printer control panel. An administrator can be updated manually, or set to use Network Time Protocol (NTP), to automatically...session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to a single NT domain.
... and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in clear text. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used in... template only after a supported device has registered with a trusted clock-typically the same one NTLM configuration on the printer control panel. An administrator can be updated manually, or set to use Network Time Protocol (NTP), to automatically...session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to a single NT domain.
Embedded Web Server Administrator's Guide
Page 16
.... 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select Login ... time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access...
.... 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select Login ... time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access...
Embedded Web Server Administrator's Guide
Page 17
... drop-down the Ctrl key to 140 security templates. Hold down list next to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a...a unique name containing up to select multiple groups. 8 Click Save Template. Editing or deleting an existing security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a security template...
... drop-down the Ctrl key to 140 security templates. Hold down list next to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a...a unique name containing up to select multiple groups. 8 Click Save Template. Editing or deleting an existing security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a security template...
Embedded Web Server Administrator's Guide
Page 18
...that template. • You can only delete a security template if it , a password or PIN can be edited. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as a lobby, and you do not use ; Scenario: Standalone or small office If your... Submit. For more information on page 7. Notes: • Clicking Delete List will now be protected, and then: 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each access control After creating one is not...
...that template. • You can only delete a security template if it , a password or PIN can be edited. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as a lobby, and you do not use ; Scenario: Standalone or small office If your... Submit. For more information on page 7. Notes: • Clicking Delete List will now be protected, and then: 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. 3 For each access control After creating one is not...
Embedded Web Server Administrator's Guide
Page 19
...populated with the authentication building blocks which have been configured on the network. Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage ...to 128 characters. This list will be pulled from the drop-down the Ctrl key to cancel all changes. Hold down list next to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) ...
...populated with the authentication building blocks which have been configured on the network. Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage ...to 128 characters. This list will be pulled from the drop-down the Ctrl key to cancel all changes. Hold down list next to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) ...
Embedded Web Server Administrator's Guide
Page 20
... Group Names list. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...more information on configuring Kerberos, see "Using LDAP+GSSAPI" on page 11 Step 4: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage ...
... Group Names list. For more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...more information on configuring Kerberos, see "Using LDAP+GSSAPI" on page 11 Step 4: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage ...
Embedded Web Server Administrator's Guide
Page 21
... Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document ...outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate ...
... Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document ...outputs. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate ...
Embedded Web Server Administrator's Guide
Page 24
...the Time and Day(s) lists to designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of the touch screen.... disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to proceed with disk wiping and encryption. Using security features in the event your printer-or its hard disk-is stolen. Encryption takes approximately two minutes, and a status bar will be lost. Warning-Potential Damage: Do not power...
...the Time and Day(s) lists to designate when disk wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is in Configuration mode by locating the Exit Configuration button in the lower right corner of the touch screen.... disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to proceed with disk wiping and encryption. Using security features in the event your printer-or its hard disk-is stolen. Encryption takes approximately two minutes, and a status bar will be lost. Warning-Potential Damage: Do not power...
Embedded Web Server Administrator's Guide
Page 25
... the IP address or hostname of events to log list, select the priority level cutoff (0-7) for further processing or storage. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Security Audit Log. 2 Select Enable Audit to activate security audit logging (syslog). 3 To transmit log events to on the... the Remote Syslog non-logged events check box. 9 To have administrators automatically notified of severity to monitor security-related events on the destination server. The printer will be logged (e.g.
... the IP address or hostname of events to log list, select the priority level cutoff (0-7) for further processing or storage. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Security Audit Log. 2 Select Enable Audit to activate security audit logging (syslog). 3 To transmit log events to on the... the Remote Syslog non-logged events check box. 9 To have administrators automatically notified of severity to monitor security-related events on the destination server. The printer will be logged (e.g.
Embedded Web Server Administrator's Guide
Page 26
...in order to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication settings... Password, or Prompt user if authentication is required. 11 If the device must configure them on page 21. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª 802.1x. 2 Under 802.1x Authentication: • Select the Active check box to ...
...in order to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for your SMTP server requires user credentials, select an authentication method from the SMTP server before changing 802.1x authentication settings... Password, or Prompt user if authentication is required. 11 If the device must configure them on page 21. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª 802.1x. 2 Under 802.1x Authentication: • Select the Active check box to ...
Embedded Web Server Administrator's Guide
Page 27
...network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to configure... to the network management system by designating SNMP "traps", or events that warrant administrative attention. SNMP Version 3 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª SNMP. 2 Under SNMP Version 3, select the Enabled check box. 3 To allow SNMP ...
...network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. The Embedded Web server allows administrators to configure... to the network management system by designating SNMP "traps", or events that warrant administrative attention. SNMP Version 3 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª SNMP. 2 Under SNMP Version 3, select the Enabled check box. 3 To allow SNMP ...
Embedded Web Server Administrator's Guide
Page 29
Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax .... Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the ability to update firmware...
Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax .... Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Firmware files which are denied will be available for scan and copy functions Protects access to the Configuration Menu Controls the ability to update firmware...
Common Criteria Installation Supplement and Administrator Guide
Page 4
... PKI Held Jobs ...33 Controlling access to device functions using the EWS 34 Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer home screen fails to return to determine Windows User ID" error message 42 "There are no jobs available for [USER]" error message 42 Jobs are different...
... PKI Held Jobs ...33 Controlling access to device functions using the EWS 34 Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer home screen fails to return to determine Windows User ID" error message 42 "There are no jobs available for [USER]" error message 42 Jobs are different...
Common Criteria Installation Supplement and Administrator Guide
Page 33
...• You can be modified. Depending on how often a specific device polls for state changes, jobs marked for removal may remain on the printer home screen. 3 To select an alternate image for the Up Icon (the image that there are set to expire after the time chosen for expiration...being removed. however, security templates currently in use can also set to expire, either at the same time Confidential jobs expire or at the printer until released by the Confidential Print Setup (Settings > Security > Confidential Print Setup). Using Job Expiration, you want to print, or select ...
...• You can be modified. Depending on how often a specific device polls for state changes, jobs marked for removal may remain on the printer home screen. 3 To select an alternate image for the Up Icon (the image that there are set to expire after the time chosen for expiration...being removed. however, security templates currently in use can also set to expire, either at the same time Confidential jobs expire or at the printer until released by the Confidential Print Setup (Settings > Security > Confidential Print Setup). Using Job Expiration, you want to print, or select ...
Common Criteria Installation Supplement and Administrator Guide
Page 37
...the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. Login screen does not appear when a Smart Card is supported. 37 Troubleshooting Login issues "Unsupported USB Device" ...then click Start. • If the authentication token does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. The printer home screen fails to return to a locked state when not in use Try one or more of the following: MAKE SURE ...
...the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. Login screen does not appear when a Smart Card is supported. 37 Troubleshooting Login issues "Unsupported USB Device" ...then click Start. • If the authentication token does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. The printer home screen fails to return to a locked state when not in use Try one or more of the following: MAKE SURE ...
Common Criteria Installation Supplement and Administrator Guide
Page 4
... PKI Held Jobs...35 Controlling access to device functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to determine Windows User ID" error message 44 "There are no jobs available for a long time at "Getting User Info..."...42...
... PKI Held Jobs...35 Controlling access to device functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to determine Windows User ID" error message 44 "There are no jobs available for a long time at "Getting User Info..."...42...
Common Criteria Installation Supplement and Administrator Guide
Page 39
... does not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use, check the following: THE AUTHENTICATION TOKEN IS NOT INSTALLED OR RUNNING. 1 From the Embedded ... box next to the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with...
... does not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use, check the following: THE AUTHENTICATION TOKEN IS NOT INSTALLED OR RUNNING. 1 From the Embedded ... box next to the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with...