Embedded Web Server Administrator's Guide
Page 3
... Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11...password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21 Setting certificate defaults...
... Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11...password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21 Setting certificate defaults...
Embedded Web Server Administrator's Guide
Page 6
Access Controls By default, all users the functions they need to print in...LDAP+GSSAPI building blocks. Access controls can be protected. A Security Template is a profile constructed using a password, PIN, or security template. Groups Administrators can designate up to 32 groups to be used in some ...with Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 140 security templates, allowing administrators to ...
Access Controls By default, all users the functions they need to print in...LDAP+GSSAPI building blocks. Access controls can be protected. A Security Template is a profile constructed using a password, PIN, or security template. Groups Administrators can designate up to 32 groups to be used in some ...with Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 140 security templates, allowing administrators to ...
Embedded Web Server Administrator's Guide
Page 7
... the PIN to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Password. 3 Under Manage Passwords, select Add a Password. 4 Type a name for the password in the Setup Name box. The Embedded Web Server can store a combined total of 250 user-level and...are used to control access to a device itself. Configuring building blocks Creating a password The Embedded Web Server can store a combined total of 250 user-level and administrator-level PINs. Note: The default PIN length is protected by requiring a user to type a correct PIN to retrieve...
... the PIN to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Password. 3 Under Manage Passwords, select Add a Password. 4 Type a name for the password in the Setup Name box. The Embedded Web Server can store a combined total of 250 user-level and...are used to control access to a device itself. Configuring building blocks Creating a password The Embedded Web Server can store a combined total of 250 user-level and administrator-level PINs. Note: The default PIN length is protected by requiring a user to type a correct PIN to retrieve...
Embedded Web Server Administrator's Guide
Page 9
... out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to specify the information a user must submit...
... out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to specify the information a user must submit...
Embedded Web Server Administrator's Guide
Page 14
...box, and then use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the user's password. An administrator can be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication... credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date and time settings...
...box, and then use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the user's password. An administrator can be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication... credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date and time settings...
Embedded Web Server Administrator's Guide
Page 15
... the Embedded Web Server Home screen, browse to access security menus regardless of the type of "back door" measures such as a backup password. Specifying the default user domain for example, if there is not successful, the Manage NTLM Setup screen will not be helpful if other security measures become unavailable, for ...
... the Embedded Web Server Home screen, browse to access security menus regardless of the type of "back door" measures such as a backup password. Specifying the default user domain for example, if there is not successful, the Manage NTLM Setup screen will not be helpful if other security measures become unavailable, for ...
Embedded Web Server Administrator's Guide
Page 16
... features in the drop-down list next to cancel all changes. Using a password or PIN to control function access Each Access Control (or Function Access Control), can be set to require No Security (the default), or to Settings ª Security ª Edit Security Setups. 2 Under...Click Submit to save changes, or Reset Form to specific device functions using a password or PIN. For more information on configuring a specific type of times a user can control access to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with...
... features in the drop-down list next to cancel all changes. Using a password or PIN to control function access Each Access Control (or Function Access Control), can be set to require No Security (the default), or to Settings ª Security ª Edit Security Setups. 2 Under...Click Submit to save changes, or Reset Form to specific device functions using a password or PIN. For more information on configuring a specific type of times a user can control access to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with...
Embedded Web Server Administrator's Guide
Page 26
...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to log in the Embedded Web Server 26 3 Type the Primary ...Password, or Prompt user if authentication is also used on the printer before timing out. Note: If using an encrypted link. 8 If your network under Device Credentials. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. If only one certificate has been installed, default...
...802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will recognize by clicking the check box next to log in the Embedded Web Server 26 3 Type the Primary ...Password, or Prompt user if authentication is also used on the printer before timing out. Note: If using an encrypted link. 8 If your network under Device Credentials. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server. If only one certificate has been installed, default...
Embedded Web Server Administrator's Guide
Page 27
..., select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No Authentication, No Privacy, Authentication,...Under SNMP Version 1, 2c, select the Enabled check box. 3 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the Embedded Web Server 27 Setting SNMP Traps After configuring SNMP Version 1, 2c or SNMP Version 3, you can further customize which authentication ...
..., select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No Authentication, No Privacy, Authentication,...Under SNMP Version 1, 2c, select the Enabled check box. 3 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the Embedded Web Server 27 Setting SNMP Traps After configuring SNMP Version 1, 2c or SNMP Version 3, you can further customize which authentication ...
Embedded Web Server Administrator's Guide
Page 28
Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. Enabling the security reset jumper The Security Reset Jumper is lost, you will be ... remove access to all security menus-use with caution), Access controls = "No security" (to remove security only from function access controls), or Reset factory security defaults (to return all fields. Administrators can use the Embedded Web Server to specify the effect of the network management server or monitoring station, and then...
Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. Enabling the security reset jumper The Security Reset Jumper is lost, you will be ... remove access to all security menus-use with caution), Access controls = "No security" (to remove security only from function access controls), or Reset factory security defaults (to return all fields. Administrators can use the Embedded Web Server to specify the effect of the network management server or monitoring station, and then...
Embedded Web Server Administrator's Guide
Page 40
... authenticating using Kerberos 13 using LDAP 9 using LDAP+GSSAPI 11 using NTLM authentication 14 Authentication understanding 5 Authorization understanding 5 B backup password creating 15 using 15 building blocks adding to security templates 16 internal accounts 8 Kerberos 5 13 LDAP 9 LDAP+GSSAPI 11 NTLM ...authentication 14 C certificates creating 21 deleting 21 setting defaults 22 viewing 21 confidential printing configuring 22 D disk encryption 24 disk wiping modifying 23 scheduling 23 E encrypting the hard disk 24...
... authenticating using Kerberos 13 using LDAP 9 using LDAP+GSSAPI 11 using NTLM authentication 14 Authentication understanding 5 Authorization understanding 5 B backup password creating 15 using 15 building blocks adding to security templates 16 internal accounts 8 Kerberos 5 13 LDAP 9 LDAP+GSSAPI 11 NTLM ...authentication 14 C certificates creating 21 deleting 21 setting defaults 22 viewing 21 confidential printing configuring 22 D disk encryption 24 disk wiping modifying 23 scheduling 23 E encrypting the hard disk 24...