Embedded Web Server Administrator's Guide
Page 9
...the LDAP server where the authentication will be able to access protected device functions in the event of an outage that runs directly on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is the node in the Embedded Web Server 9 Each configuration must submit when ...of the TCP/IP layer, and is that it more flexible than other authentication methods. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. ...
...the LDAP server where the authentication will be able to access protected device functions in the event of an outage that runs directly on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is the node in the Embedded Web Server 9 Each configuration must submit when ...of the TCP/IP layer, and is that it more flexible than other authentication methods. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Add an LDAP Setup. ...
Embedded Web Server Administrator's Guide
Page 11
... server using the GSSAPI protocol for networks running Active Directory. Instead of authentication that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...Log out on an external server, users will not be able to test. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+...
... server using the GSSAPI protocol for networks running Active Directory. Instead of authentication that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...Log out on an external server, users will not be able to test. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+...
Embedded Web Server Administrator's Guide
Page 13
... realm specified will not be used by itself for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • ... again. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Type the KDC (Key...
... realm specified will not be used by itself for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • ... again. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Type the KDC (Key...
Embedded Web Server Administrator's Guide
Page 14
...8226; To help prevent unauthorized access, users are located in sync or closely aligned with any form of authentication that relies on the printer control panel. An administrator can only be registered to restore default values. Using NTLM authentication NTLM (Windows NT LAN Manager) is Microsoft...generate and compare three encrypted strings based on a supported device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to access protected device functions in the Embedded Web Server 14 Notes: • The NTLM building block can be used ...
...8226; To help prevent unauthorized access, users are located in sync or closely aligned with any form of authentication that relies on the printer control panel. An administrator can only be registered to restore default values. Using NTLM authentication NTLM (Windows NT LAN Manager) is Microsoft...generate and compare three encrypted strings based on a supported device because each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to access protected device functions in the Embedded Web Server 14 Notes: • The NTLM building block can be used ...
Embedded Web Server Administrator's Guide
Page 16
...on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls...you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select Login ...
...on configuring a specific type of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls...you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings. 2 Select Login ...
Embedded Web Server Administrator's Guide
Page 17
...two building blocks can be combined with a unique name of up to 128 characters to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a ... 128 characters. It can be helpful to retain previously configured values. Editing or deleting an existing security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a...
...two building blocks can be combined with a unique name of up to 128 characters to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use a ... 128 characters. It can be helpful to retain previously configured values. Editing or deleting an existing security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a...
Embedded Web Server Administrator's Guide
Page 18
...functions protected by that code. For more information on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . ...determine which one is not in use; Using security features in the Embedded Web Server 18 Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can be created and stored within the Embedded Web Server for that function, and...
...functions protected by that code. For more information on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . ...determine which one is not in use; Using security features in the Embedded Web Server 18 Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can be created and stored within the Embedded Web Server for that function, and...
Embedded Web Server Administrator's Guide
Page 19
... importing a krb5.conf file) • If creating a Simple Kerberos Setup: - Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates,...Security Templates Name field, type a unique name containing up to include in the security template. Hold down list next to the printer Using security features in order to gain access to integrate with the authentication building blocks which have been configured on the device....
... importing a krb5.conf file) • If creating a Simple Kerberos Setup: - Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage Security Templates,...Security Templates Name field, type a unique name containing up to include in the security template. Hold down list next to the printer Using security features in order to gain access to integrate with the authentication building blocks which have been configured on the device....
Embedded Web Server Administrator's Guide
Page 20
...more information on configuring Kerberos, see "Using LDAP+GSSAPI" on page 11 Step 4: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage ...and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
...more information on configuring Kerberos, see "Using LDAP+GSSAPI" on page 11 Step 4: Create a security template 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Under Manage ...and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, ...
Embedded Web Server Administrator's Guide
Page 21
... access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to cancel all changes. Viewing, downloading..., and deleting a certificate 1 From the Embedded Web Server Home screen, browse to any function controlled by the security template. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 ...
... access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to cancel all changes. Viewing, downloading..., and deleting a certificate 1 From the Embedded Web Server Home screen, browse to any function controlled by the security template. Creating a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 ...
Embedded Web Server Administrator's Guide
Page 24
... Start value (the scheduled time and day will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then ...Enabling or disabling disk encryption will erase the contents of the hard disk. 7 A message will indicate the progress of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From ...
... Start value (the scheduled time and day will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then ...Enabling or disabling disk encryption will erase the contents of the hard disk. 7 A message will indicate the progress of standard home screen icons such as Copy or Fax. 3 Verify that the printer is stolen. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From ...
Embedded Web Server Administrator's Guide
Page 25
The printer will power-on the destination server. Note: The Enable Remote Syslog check box will be before an alert is triggered E-mail log exported alert-When ... settings are stored on the device, but may also be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Security Audit Log. 2 Select Enable Audit to activate security audit logging (syslog). 3 To transmit log events to the remote...
The printer will power-on the destination server. Note: The Enable Remote Syslog check box will be before an alert is triggered E-mail log exported alert-When ... settings are stored on the device, but may also be transmitted to a network syslog server for further processing or storage. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Security Audit Log. 2 Select Enable Audit to activate security audit logging (syslog). 3 To transmit log events to the remote...
Embedded Web Server Administrator's Guide
Page 26
...and Password, or Prompt user if authentication is required. 11 If the device must configure them on page 21. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª 802.1x. 2 Under 802.1x Authentication: • Select the Active check box to enable...features in case of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Note: If using an encrypted link. 8 If your network under Device Credentials. 3 Type the Primary SMTP Gateway Port number of...
...and Password, or Prompt user if authentication is required. 11 If the device must configure them on page 21. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª 802.1x. 2 Under 802.1x Authentication: • Select the Active check box to enable...features in case of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . Note: If using an encrypted link. 8 If your network under Device Credentials. 3 Type the Primary SMTP Gateway Port number of...
Embedded Web Server Administrator's Guide
Page 27
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose ...select the Enabled check box. 3 To allow remote installation and configuration changes as well as 0.0.0.0). SNMP Version 1, 2c 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª SNMP. 2 Under SNMP Version 1, 2c, select the Enabled check box. 3 To allow device ...
...in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose ...select the Enabled check box. 3 To allow remote installation and configuration changes as well as 0.0.0.0). SNMP Version 1, 2c 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª SNMP. 2 Under SNMP Version 1, 2c, select the Enabled check box. 3 To allow device ...
Embedded Web Server Administrator's Guide
Page 29
...access to the Configuration Menu Controls the ability to print color from a flash drive. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function ...who are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to ...
...access to the Configuration Menu Controls the ability to print color from a flash drive. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function ...who are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to ...
Common Criteria Installation Supplement and Administrator Guide
Page 4
... PKI Held Jobs ...33 Controlling access to device functions using the EWS 34 Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer home screen fails to return to a locked state when not in 40 LDAP issues...41 LDAP lookups take a long time and then fail ...41 LDAP lookups...
... PKI Held Jobs ...33 Controlling access to device functions using the EWS 34 Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer home screen fails to return to a locked state when not in 40 LDAP issues...41 LDAP lookups take a long time and then fail ...41 LDAP lookups...
Common Criteria Installation Supplement and Administrator Guide
Page 33
...pressed), click Browse to locate the image you can be set to expire, either at the same time Confidential jobs expire or at the printer until released by the Confidential Print Setup (Settings > Security > Confidential Print Setup). To view the default icon image, click View Current Value...displays when the Held Jobs icon is selected. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on the printer home screen. 3 To select an alternate image for expiration. To delete an individual security template, select it is controlled by an authorized user. ...
...pressed), click Browse to locate the image you can be set to expire, either at the same time Confidential jobs expire or at the printer until released by the Confidential Print Setup (Settings > Security > Confidential Print Setup). To view the default icon image, click View Current Value...displays when the Held Jobs icon is selected. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on the printer home screen. 3 To select an alternate image for expiration. To delete an individual security template, select it is controlled by an authorized user. ...
Common Criteria Installation Supplement and Administrator Guide
Page 37
... name, and then click Start. • If the authentication token does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. Remove the unsupported reader and attach the OmniKey reader. 37 Troubleshooting Login issues "Unsupported USB Device" error message...and then click Start. • If PKI Authentication does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. The printer home screen fails to return to a locked state when not in use Try one or more of the following: MAKE SURE ...
... name, and then click Start. • If the authentication token does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. Remove the unsupported reader and attach the OmniKey reader. 37 Troubleshooting Login issues "Unsupported USB Device" error message...and then click Start. • If PKI Authentication does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. The printer home screen fails to return to a locked state when not in use Try one or more of the following: MAKE SURE ...
Common Criteria Installation Supplement and Administrator Guide
Page 4
... PKI Held Jobs...35 Controlling access to device functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to a locked state when not in 42 LDAP Issues...42 LDAP lookups take a long time, and then may or may not...
... PKI Held Jobs...35 Controlling access to device functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to a locked state when not in 42 LDAP Issues...42 LDAP lookups take a long time, and then may or may not...
Common Criteria Installation Supplement and Administrator Guide
Page 39
... not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use,.... • If the authentication token is inserted THE SMARTCARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. 39 Login screen does not appear when a SmartCard is installed but not running...click Start. • If the authentication token does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI AUTHENTICATION IS NOT INSTALLED OR RUNNING. 1 From the Embedded Web Server, click...
... not return to a locked state when not in use If the printer home screen does not return to a locked state when not in use,.... • If the authentication token is inserted THE SMARTCARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. 39 Login screen does not appear when a SmartCard is installed but not running...click Start. • If the authentication token does not appear in the list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI AUTHENTICATION IS NOT INSTALLED OR RUNNING. 1 From the Embedded Web Server, click...